From 222e2ff421609a7ff5e0565156028771d284f7ad Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 11:37:15 +0200 Subject: [PATCH 001/493] Allow alternate core implementation of CCM --- include/mbedtls/ccm.h | 16 ++++++++++++++++ include/mbedtls/config.h | 1 + library/ccm.c | 3 +++ 3 files changed, 20 insertions(+) diff --git a/include/mbedtls/ccm.h b/include/mbedtls/ccm.h index ef75839ba..579402fd4 100644 --- a/include/mbedtls/ccm.h +++ b/include/mbedtls/ccm.h @@ -28,6 +28,10 @@ #define MBEDTLS_ERR_CCM_BAD_INPUT -0x000D /**< Bad input parameters to function. */ #define MBEDTLS_ERR_CCM_AUTH_FAILED -0x000F /**< Authenticated decryption failed. */ +#if !defined(MBEDTLS_CCM_ALT) +// Regular implementation +// + #ifdef __cplusplus extern "C" { #endif @@ -125,6 +129,18 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, const unsigned char *input, unsigned char *output, const unsigned char *tag, size_t tag_len ); +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_CCM_ALT */ +#include "ccm_alt.h" +#endif /* !MBEDTLS_CCM_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /** * \brief Checkup routine diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0f7e29bcf..941769fd0 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -237,6 +237,7 @@ //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CCM_ALT //#define MBEDTLS_DES_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT diff --git a/library/ccm.c b/library/ccm.c index 13a8fd1a2..9101e5f7c 100644 --- a/library/ccm.c +++ b/library/ccm.c @@ -49,6 +49,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#if !defined(MBEDTLS_CCM_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -348,6 +350,7 @@ int mbedtls_ccm_auth_decrypt( mbedtls_ccm_context *ctx, size_t length, return( 0 ); } +#endif /* !MBEDTLS_CCM_ALT */ #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* From 633427732047dd1e0a3f76cd7d066362698c6692 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 11:47:16 +0200 Subject: [PATCH 002/493] Allow alternate core implementation of CMAC --- include/mbedtls/cmac.h | 14 ++++++++++++++ include/mbedtls/config.h | 1 + library/cmac.c | 4 ++++ 3 files changed, 19 insertions(+) diff --git a/include/mbedtls/cmac.h b/include/mbedtls/cmac.h index 9a2b96bc9..4d3f2d2f4 100644 --- a/include/mbedtls/cmac.h +++ b/include/mbedtls/cmac.h @@ -39,6 +39,8 @@ extern "C" { #define MBEDTLS_CIPHER_BLKSIZE_MAX 8 /* longest used by CMAC is 3DES */ #endif +#if !defined(MBEDTLS_CMAC_ALT) + /** * CMAC context structure - Contains internal state information only */ @@ -154,6 +156,18 @@ int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len, unsigned char output[16] ); #endif /* MBEDTLS_AES_C */ +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_CMAC_ALT */ +#include "cmac_alt.h" +#endif /* !MBEDTLS_CMAC_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + #if defined(MBEDTLS_SELF_TEST) && ( defined(MBEDTLS_AES_C) || defined(MBEDTLS_DES_C) ) /** * \brief Checkup routine diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 0f7e29bcf..2ef052b1e 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -237,6 +237,7 @@ //#define MBEDTLS_ARC4_ALT //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT +//#define MBEDTLS_CMAC_ALT //#define MBEDTLS_DES_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT diff --git a/library/cmac.c b/library/cmac.c index b2fe713a0..5575d5c8d 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -65,6 +65,8 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ +#if !defined(MBEDTLS_CMAC_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; @@ -468,6 +470,8 @@ exit: } #endif /* MBEDTLS_AES_C */ +#endif /* !MBEDTLS_CMAC_ALT */ + #if defined(MBEDTLS_SELF_TEST) /* * CMAC test data for SP800-38B From 12d9f3c84d14cf1f01d8e8c1f18a430b9d764765 Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 12:01:42 +0200 Subject: [PATCH 003/493] Forgot version-features update for new config flag --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index e866e67a2..6d2e53f77 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_CAMELLIA_ALT) "MBEDTLS_CAMELLIA_ALT", #endif /* MBEDTLS_CAMELLIA_ALT */ +#if defined(MBEDTLS_CMAC_ALT) + "MBEDTLS_CMAC_ALT", +#endif /* MBEDTLS_CMAC_ALT */ #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ From 3a93387cea490ea05db35b85cdbea1306345505d Mon Sep 17 00:00:00 2001 From: Steven Cooreman Date: Tue, 4 Apr 2017 12:02:37 +0200 Subject: [PATCH 004/493] Forgot version-features update for new config flag --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index e866e67a2..9bd40c423 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -90,6 +90,9 @@ static const char *features[] = { #if defined(MBEDTLS_CAMELLIA_ALT) "MBEDTLS_CAMELLIA_ALT", #endif /* MBEDTLS_CAMELLIA_ALT */ +#if defined(MBEDTLS_CCM_ALT) + "MBEDTLS_CCM_ALT", +#endif /* MBEDTLS_CCM_ALT */ #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ From a6ed9c54299102e2d20fca70998f05e72916e1c4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 13:39:22 +0100 Subject: [PATCH 005/493] Backup errno in net_would_block Safe and restore the value of errno in net_would_block to be sure it's not affected by the guarding call to fcntl. Fixes #845. --- ChangeLog | 6 ++++++ library/net_sockets.c | 7 ++++++- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13de8672c..202262b53 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix net_would_block to avoid modification by errno through fcntl call. + Found by nkolban. Fixes #845. + = mbed TLS 2.4.2 branch released 2017-03-08 Security diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a..a403bdf57 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -270,13 +270,18 @@ static int net_would_block( const mbedtls_net_context *ctx ) */ static int net_would_block( const mbedtls_net_context *ctx ) { + int err = errno; + /* * Never return 'WOULD BLOCK' on a non-blocking socket */ if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK ) + { + errno = err; return( 0 ); + } - switch( errno ) + switch( errno = err ) { #if defined EAGAIN case EAGAIN: From 46cf773f2f50b7f7279f285e418ed5def7d91dfd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 14 May 2017 15:55:06 +0300 Subject: [PATCH 006/493] Fix wrong output in the benchmark application The benchmark application prints the performance in Kb/s, While it actually calculates KB/s. Resolves issue #850 --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index eb578e730..d88bc57ee 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 8589e7bd6..8397f5e4a 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 Kb/s, 32 cycles/byte - SHA-256 : 1957 Kb/s, 59 cycles/byte - SHA-512 : 587 Kb/s, 200 cycles/byte - AES-CBC-128 : 1359 Kb/s, 86 cycles/byte - AES-CBC-192 : 1183 Kb/s, 99 cycles/byte - AES-CBC-256 : 1048 Kb/s, 111 cycles/byte - AES-GCM-128 : 421 Kb/s, 279 cycles/byte - AES-GCM-192 : 403 Kb/s, 292 cycles/byte - AES-GCM-256 : 385 Kb/s, 305 cycles/byte - AES-CCM-128 : 542 Kb/s, 216 cycles/byte - AES-CCM-192 : 484 Kb/s, 242 cycles/byte - AES-CCM-256 : 437 Kb/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 Kb/s, 117 cycles/byte - CTR_DRBG (PR) : 705 Kb/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 Kb/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 Kb/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 Kb/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 Kb/s, 637 cycles/byte + SHA-1 : 3644 KB/s, 32 cycles/byte + SHA-256 : 1957 KB/s, 59 cycles/byte + SHA-512 : 587 KB/s, 200 cycles/byte + AES-CBC-128 : 1359 KB/s, 86 cycles/byte + AES-CBC-192 : 1183 KB/s, 99 cycles/byte + AES-CBC-256 : 1048 KB/s, 111 cycles/byte + AES-GCM-128 : 421 KB/s, 279 cycles/byte + AES-GCM-192 : 403 KB/s, 292 cycles/byte + AES-GCM-256 : 385 KB/s, 305 cycles/byte + AES-CCM-128 : 542 KB/s, 216 cycles/byte + AES-CCM-192 : 484 KB/s, 242 cycles/byte + AES-CCM-256 : 437 KB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 KB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 KB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 KB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 KB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 KB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 KB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index ef38c442b..36cfc0e27 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From 51a7ae1353f623d96bd2a7821dc12c1937baf89b Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 22 Feb 2017 16:23:26 +0000 Subject: [PATCH 007/493] Add missing ret code checks in PEM module Add missing return code checks in the functions pem_des_decrypt(), pem_3des_decrypt() and pem_aes_decrypt() so that the calling function mbedtls_pem_read_buffer() is notified of errors reported by the crypto primitives AES, DES and 3DES. --- ChangeLog | 10 ++++++++ library/pem.c | 63 +++++++++++++++++++++++++++++++++++---------------- 2 files changed, 53 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8797b1af6..daa9622f3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,15 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Fix unchecked return codes from AES, DES and 3DES functions in + pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively. + If a call to one of the functions of the cryptographic primitive modules + failed, the error may not be noticed by the function + mbedtls_pem_read_buffer() causing it to return invalid values. Found by + Guido Vranken. #756 + = mbed TLS 2.5.0 branch released 2017-05-17 Security diff --git a/library/pem.c b/library/pem.c index 8dd86a4ac..87401ba55 100644 --- a/library/pem.c +++ b/library/pem.c @@ -134,45 +134,55 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen, /* * Decrypt with DES-CBC, using PBKDF1 for key derivation */ -static void pem_des_decrypt( unsigned char des_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des_decrypt( unsigned char des_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des_context des_ctx; unsigned char des_key[8]; + int ret; mbedtls_des_init( &des_ctx ); pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen ); - mbedtls_des_setkey_dec( &des_ctx, des_key ); - mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, + if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 ) + goto exit; + ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen, des_iv, buf, buf ); +exit: mbedtls_des_free( &des_ctx ); mbedtls_zeroize( des_key, 8 ); + + return( ret ); } /* * Decrypt with 3DES-CBC, using PBKDF1 for key derivation */ -static void pem_des3_decrypt( unsigned char des3_iv[8], - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_des3_decrypt( unsigned char des3_iv[8], + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_des3_context des3_ctx; unsigned char des3_key[24]; + int ret; mbedtls_des3_init( &des3_ctx ); pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen ); - mbedtls_des3_set3key_dec( &des3_ctx, des3_key ); - mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, + if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 ) + goto exit; + ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen, des3_iv, buf, buf ); +exit: mbedtls_des3_free( &des3_ctx ); mbedtls_zeroize( des3_key, 24 ); + + return( ret ); } #endif /* MBEDTLS_DES_C */ @@ -180,23 +190,28 @@ static void pem_des3_decrypt( unsigned char des3_iv[8], /* * Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation */ -static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, - unsigned char *buf, size_t buflen, - const unsigned char *pwd, size_t pwdlen ) +static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen, + unsigned char *buf, size_t buflen, + const unsigned char *pwd, size_t pwdlen ) { mbedtls_aes_context aes_ctx; unsigned char aes_key[32]; + int ret; mbedtls_aes_init( &aes_ctx ); pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen ); - mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ); - mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, + if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 ) + goto exit; + ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen, aes_iv, buf, buf ); +exit: mbedtls_aes_free( &aes_ctx ); mbedtls_zeroize( aes_key, keylen ); + + return( ret ); } #endif /* MBEDTLS_AES_C */ @@ -345,22 +360,30 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED ); } + ret = 0; + #if defined(MBEDTLS_DES_C) if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC ) - pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_DES_CBC ) - pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); + ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_DES_C */ #if defined(MBEDTLS_AES_C) if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC ) - pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC ) - pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen ); else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC ) - pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); + ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen ); #endif /* MBEDTLS_AES_C */ + if( ret != 0 ) + { + mbedtls_free( buf ); + return( ret ); + } + /* * The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3 * length bytes (allow 4 to be sure) in all known use cases. From a3b9adb6bd9e0d23b4e7797e5fdf2c310d9914e5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Wed, 1 Mar 2017 11:53:29 +0000 Subject: [PATCH 008/493] Add negative testing for mbedtls_pem_read_buffer() --- tests/suites/test_suite_pem.data | 17 ++++++++++++++--- tests/suites/test_suite_pem.function | 13 +++++++++---- 2 files changed, 23 insertions(+), 7 deletions(-) diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data index 065e4a2b5..77546c586 100644 --- a/tests/suites/test_suite_pem.data +++ b/tests/suites/test_suite_pem.data @@ -17,11 +17,22 @@ PEM write (exactly two lines + 1) mbedtls_pem_write_buffer:"-----START TEST-----\n":"-----END TEST-----\n":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"-----START TEST-----\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAAECAwQFBgcICQoLDA0ODwABAgMEBQYHCAkKCwwNDg8AAQIDBAUGBwgJCgsMDQ4P\nAA==\n-----END TEST-----\n" PEM read (DES-EDE3-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (DES-CBC + invalid iv) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":MBEDTLS_ERR_PEM_INVALID_ENC_IV +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV PEM read (unknown encryption algorithm) -mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG +mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG +PEM read (malformed PEM DES-CBC) +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + +PEM read (malformed PEM DES-EDE3-CBC) +depends_on:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-EDE3-CBC,AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_DES_INVALID_INPUT_LENGTH + +PEM read (malformed PEM AES-128-CBC) +depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC +mbedtls_pem_read_buffer:"-----BEGIN EC PRIVATE KEY-----":"-----END EC PRIVATE KEY-----":"-----BEGIN EC PRIVATE KEY-----\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,AA94892A169FA426AA94892A169FA426\n\nMAAA\n-----END EC PRIVATE KEY-----":"pwd":MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH diff --git a/tests/suites/test_suite_pem.function b/tests/suites/test_suite_pem.function index 5e022109c..c24595d47 100644 --- a/tests/suites/test_suite_pem.function +++ b/tests/suites/test_suite_pem.function @@ -1,6 +1,8 @@ /* BEGIN_HEADER */ #include "mbedtls/base64.h" #include "mbedtls/pem.h" +#include "mbedtls/des.h" +#include "mbedtls/aes.h" /* END_HEADER */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */ @@ -35,16 +37,19 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_AES_C:MBEDTLS_DES_C:MBEDTLS_MD5_C:MBEDTLS_CIPHER_MODE_CBC */ -void mbedtls_pem_read_buffer( char *header, char *footer, char *data, int ret ) +void mbedtls_pem_read_buffer( char *header, char *footer, char *data, + char *pwd, int res ) { mbedtls_pem_context ctx; + int ret; size_t use_len = 0; + size_t pwd_len = strlen( pwd ); mbedtls_pem_init( &ctx ); - TEST_ASSERT( mbedtls_pem_read_buffer( &ctx, header, footer, - (const unsigned char *)data, NULL, 0, - &use_len ) == ret ); + ret = mbedtls_pem_read_buffer( &ctx, header, footer, (unsigned char *)data, + (unsigned char *)pwd, pwd_len, &use_len ); + TEST_ASSERT( ret == res ); exit: mbedtls_pem_free( &ctx ); From fd487394615f4139d23ef7dbf4a6b298b3a962b5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 14 Jun 2017 16:19:12 +0100 Subject: [PATCH 009/493] Add AES feature unavailable error code --- include/mbedtls/aes.h | 1 + include/mbedtls/error.h | 2 +- library/error.c | 2 ++ 3 files changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..660ec2add 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -38,6 +38,7 @@ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x006E /**< Feature not available, e.g. unsupported AES key size. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5e549f6b6..8dfeb6221 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,7 +52,7 @@ * GCM 2 0x0012-0x0014 * BLOWFISH 2 0x0016-0x0018 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 + * AES 2 0x0020-0x0022 0x006E-0x006E * CAMELLIA 2 0x0024-0x0026 * XTEA 1 0x0028-0x0028 * BASE64 2 0x002A-0x002C diff --git a/library/error.c b/library/error.c index dd2db0c45..11f7c6025 100644 --- a/library/error.c +++ b/library/error.c @@ -516,6 +516,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "AES - Invalid key length" ); if( use_ret == -(MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH) ) mbedtls_snprintf( buf, buflen, "AES - Invalid data input length" ); + if( use_ret == -(MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE) ) + mbedtls_snprintf( buf, buflen, "AES - Feature not available, e.g. unsupported AES key size" ); #endif /* MBEDTLS_AES_C */ #if defined(MBEDTLS_ASN1_PARSE_C) From 58f98c23d5a37f412edcdce5c9d934161b667a07 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 14 Jun 2017 16:19:42 +0100 Subject: [PATCH 010/493] Run AES-192 selftest if available only This patch modifies the function mbedtls_aes_selftest() function to ensure that AES-192 tests are only run if the key size is supported by the available implementation. This is useful when using MBEDTLS_AES_ALT as some hardware crypto accelerators might not support AES-192. --- library/aes.c | 219 +++++++++++++++++++++++++------------------------- 1 file changed, 111 insertions(+), 108 deletions(-) diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..b5e892450 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1221,9 +1221,11 @@ static const int aes_test_ctr_len[3] = */ int mbedtls_aes_self_test( int verbose ) { - int ret = 0, i, j, u, v; + int ret = 0, i, j, u, mode; + unsigned int keybits; unsigned char key[32]; unsigned char buf[64]; + const unsigned char *aes_tests; #if defined(MBEDTLS_CIPHER_MODE_CBC) || defined(MBEDTLS_CIPHER_MODE_CFB) unsigned char iv[16]; #endif @@ -1249,45 +1251,47 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-ECB-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-ECB-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( buf, 0, 16 ); - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { - mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); - - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_ecb( &ctx, v, buf, buf ); - - if( memcmp( buf, aes_test_ecb_dec[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + aes_tests = aes_test_ecb_dec[u]; } else { - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + aes_tests = aes_test_ecb_enc[u]; + } - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_ecb( &ctx, v, buf, buf ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } - if( memcmp( buf, aes_test_ecb_enc[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; + for( j = 0; j < 10000; j++ ) + { + ret = mbedtls_aes_crypt_ecb( &ctx, mode, buf, buf ); + if( ret != 0 ) goto exit; - } + } + + if( memcmp( buf, aes_tests, 16 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1304,55 +1308,59 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CBC-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-CBC-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memset( iv , 0, 16 ); memset( prv, 0, 16 ); memset( buf, 0, 16 ); - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { - mbedtls_aes_setkey_dec( &ctx, key, 128 + u * 64 ); - - for( j = 0; j < 10000; j++ ) - mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); - - if( memcmp( buf, aes_test_cbc_dec[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + ret = mbedtls_aes_setkey_dec( &ctx, key, keybits ); + aes_tests = aes_test_cbc_dec[u]; } else { - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + aes_tests = aes_test_cbc_enc[u]; + } - for( j = 0; j < 10000; j++ ) + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } + + for( j = 0; j < 10000; j++ ) + { + if( mode == MBEDTLS_AES_ENCRYPT ) { unsigned char tmp[16]; - mbedtls_aes_crypt_cbc( &ctx, v, 16, iv, buf, buf ); - memcpy( tmp, prv, 16 ); memcpy( prv, buf, 16 ); memcpy( buf, tmp, 16 ); } - if( memcmp( prv, aes_test_cbc_enc[u], 16 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; + ret = mbedtls_aes_crypt_cbc( &ctx, mode, 16, iv, buf, buf ); + if( ret != 0 ) goto exit; - } + + } + + if( memcmp( buf, aes_tests, 16 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1370,45 +1378,47 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + keybits = 128 + u * 64; + mode = i & 1; if( verbose != 0 ) - mbedtls_printf( " AES-CFB128-%3d (%s): ", 128 + u * 64, - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + mbedtls_printf( " AES-CFB128-%3d (%s): ", keybits, + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( iv, aes_test_cfb128_iv, 16 ); - memcpy( key, aes_test_cfb128_key[u], 16 + u * 8 ); + memcpy( key, aes_test_cfb128_key[u], keybits / 8 ); offset = 0; - mbedtls_aes_setkey_enc( &ctx, key, 128 + u * 64 ); + ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) + { + mbedtls_printf( "skipped\n" ); + continue; + } + else if( ret != 0 ) + { + goto exit; + } - if( v == MBEDTLS_AES_DECRYPT ) + if( mode == MBEDTLS_AES_DECRYPT ) { memcpy( buf, aes_test_cfb128_ct[u], 64 ); - mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); - - if( memcmp( buf, aes_test_cfb128_pt, 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + aes_tests = aes_test_cfb128_pt; } else { memcpy( buf, aes_test_cfb128_pt, 64 ); - mbedtls_aes_crypt_cfb128( &ctx, v, 64, &offset, iv, buf, buf ); + aes_tests = aes_test_cfb128_ct[u]; + } - if( memcmp( buf, aes_test_cfb128_ct[u], 64 ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); + ret = mbedtls_aes_crypt_cfb128( &ctx, mode, 64, &offset, iv, buf, buf ); + if( ret != 0 ) + goto exit; - ret = 1; - goto exit; - } + if( memcmp( buf, aes_tests, 64 ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1426,51 +1436,41 @@ int mbedtls_aes_self_test( int verbose ) for( i = 0; i < 6; i++ ) { u = i >> 1; - v = i & 1; + mode = i & 1; if( verbose != 0 ) mbedtls_printf( " AES-CTR-128 (%s): ", - ( v == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); + ( mode == MBEDTLS_AES_DECRYPT ) ? "dec" : "enc" ); memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 ); memcpy( key, aes_test_ctr_key[u], 16 ); offset = 0; - mbedtls_aes_setkey_enc( &ctx, key, 128 ); + if( ( ret = mbedtls_aes_setkey_enc( &ctx, key, 128 ) ) != 0 ) + goto exit; - if( v == MBEDTLS_AES_DECRYPT ) + len = aes_test_ctr_len[u]; + + if( mode == MBEDTLS_AES_DECRYPT ) { - len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_ct[u], len ); - - mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); - - if( memcmp( buf, aes_test_ctr_pt[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + aes_tests = aes_test_ctr_pt[u]; } else { - len = aes_test_ctr_len[u]; memcpy( buf, aes_test_ctr_pt[u], len ); + aes_tests = aes_test_ctr_ct[u]; + } - mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, stream_block, - buf, buf ); + ret = mbedtls_aes_crypt_ctr( &ctx, len, &offset, nonce_counter, + stream_block, buf, buf ); + if( ret != 0 ) + goto exit; - if( memcmp( buf, aes_test_ctr_ct[u], len ) != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - ret = 1; - goto exit; - } + if( memcmp( buf, aes_tests, len ) != 0 ) + { + ret = 1; + goto exit; } if( verbose != 0 ) @@ -1484,6 +1484,9 @@ int mbedtls_aes_self_test( int verbose ) ret = 0; exit: + if( ret != 0 && verbose != 0 ) + mbedtls_printf( "failed\n" ); + mbedtls_aes_free( &ctx ); return( ret ); From 2a078da134a10a829d9fd33e6450fc6415d463ae Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 15 Jun 2017 11:30:51 +0100 Subject: [PATCH 011/493] Run AES-GCM-192 selftest if available only This patch modifies the function mbedtls_gcm_self_test() function to ensure that AES-GCM-192 tests are only run if the key size is supported by the available implementation. This is useful when using MBEDTLS_AES_ALT as some hardware crypto accelerators might not support AES-192. --- library/gcm.c | 189 ++++++++++++++++++++++++-------------------------- 1 file changed, 92 insertions(+), 97 deletions(-) diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..7b2760a62 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -46,6 +46,7 @@ #endif #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) +#include "mbedtls/aes.h" #if defined(MBEDTLS_PLATFORM_C) #include "mbedtls/platform.h" #else @@ -742,34 +743,43 @@ int mbedtls_gcm_self_test( int verbose ) int i, j, ret; mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES; - mbedtls_gcm_init( &ctx ); - for( j = 0; j < 3; j++ ) { int key_len = 128 + 64 * j; for( i = 0; i < MAX_TESTS; i++ ) { + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "enc" ); + key_len, i, "enc" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ) + { + mbedtls_printf( "skipped\n" ); + break; + } + else if( ret != 0 ) + { + goto exit; + } ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, - pt_len[i], - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i], - pt[pt_index[i]], buf, 16, tag_buf ); + pt_len[i], + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i], + pt[pt_index[i]], buf, 16, tag_buf ); + if( ret != 0 ) + goto exit; - if( ret != 0 || - memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || - memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) + if ( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || + memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -777,26 +787,31 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d (%s): ", - key_len, i, "dec" ); + key_len, i, "dec" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_DECRYPT, - pt_len[i], - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i], - ct[j * 6 + i], buf, 16, tag_buf ); + pt_len[i], + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i], + ct[j * 6 + i], buf, 16, tag_buf ); - if( ret != 0 || - memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -804,66 +819,51 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "enc" ); + key_len, i, "enc" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_ENCRYPT, - iv[iv_index[i]], iv_len[i], - additional[add_index[i]], add_len[i] ); + iv[iv_index[i]], iv_len[i], + additional[add_index[i]], add_len[i] ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, pt[pt_index[i]], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, pt[pt_index[i]] + 32, buf + 32 ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } else { ret = mbedtls_gcm_update( &ctx, pt_len[i], pt[pt_index[i]], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 || - memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, ct[j * 6 + i], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); @@ -871,80 +871,75 @@ int mbedtls_gcm_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n" ); + mbedtls_gcm_init( &ctx ); + if( verbose != 0 ) mbedtls_printf( " AES-GCM-%3d #%d split (%s): ", - key_len, i, "dec" ); + key_len, i, "dec" ); - mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], + key_len ); + if( ret != 0 ) + goto exit; ret = mbedtls_gcm_starts( &ctx, MBEDTLS_GCM_DECRYPT, iv[iv_index[i]], iv_len[i], additional[add_index[i]], add_len[i] ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; if( pt_len[i] > 32 ) { size_t rest_len = pt_len[i] - 32; ret = mbedtls_gcm_update( &ctx, 32, ct[j * 6 + i], buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; ret = mbedtls_gcm_update( &ctx, rest_len, ct[j * 6 + i] + 32, - buf + 32 ); + buf + 32 ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } else { - ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], buf ); + ret = mbedtls_gcm_update( &ctx, pt_len[i], ct[j * 6 + i], + buf ); if( ret != 0 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + goto exit; } ret = mbedtls_gcm_finish( &ctx, tag_buf, 16 ); - if( ret != 0 || - memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || + if( ret != 0 ) + goto exit; + + if( memcmp( buf, pt[pt_index[i]], pt_len[i] ) != 0 || memcmp( tag_buf, tag[j * 6 + i], 16 ) != 0 ) { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); + ret = 1; + goto exit; } mbedtls_gcm_free( &ctx ); if( verbose != 0 ) mbedtls_printf( "passed\n" ); - } } if( verbose != 0 ) mbedtls_printf( "\n" ); - return( 0 ); + ret = 0; + +exit: + if( ret != 0 ) + { + if( verbose != 0 ) + mbedtls_printf( "failed\n" ); + mbedtls_gcm_free( &ctx ); + } + + return( ret ); } #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ From d3e7e7d83f865591a31e5d1a2da14ca21d7da1fb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 15 Jun 2017 16:17:46 +0100 Subject: [PATCH 012/493] Add comment for skipped AES-192 test condition --- library/aes.c | 15 +++++++++++++++ library/gcm.c | 5 +++++ 2 files changed, 20 insertions(+) diff --git a/library/aes.c b/library/aes.c index b5e892450..906386930 100644 --- a/library/aes.c +++ b/library/aes.c @@ -1271,6 +1271,11 @@ int mbedtls_aes_self_test( int verbose ) aes_tests = aes_test_ecb_enc[u]; } + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); @@ -1330,6 +1335,11 @@ int mbedtls_aes_self_test( int verbose ) aes_tests = aes_test_cbc_enc[u]; } + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); @@ -1390,6 +1400,11 @@ int mbedtls_aes_self_test( int verbose ) offset = 0; ret = mbedtls_aes_setkey_enc( &ctx, key, keybits ); + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && keybits == 192 ) { mbedtls_printf( "skipped\n" ); diff --git a/library/gcm.c b/library/gcm.c index 7b2760a62..97e9d889d 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -757,6 +757,11 @@ int mbedtls_gcm_self_test( int verbose ) ret = mbedtls_gcm_setkey( &ctx, cipher, key[key_index[i]], key_len ); + /* + * AES-192 is an optional feature that may be unavailable when + * there is an alternative underlying implementation i.e. when + * MBEDTLS_AES_ALT is defined. + */ if( ret == MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE && key_len == 192 ) { mbedtls_printf( "skipped\n" ); From 53c77cccc9ddb7e54f1c887cab7fcac57d68c343 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Jun 2017 16:15:06 +0100 Subject: [PATCH 013/493] Initialise pointers to avoid IAR compiler warnings --- library/ssl_cli.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..04ce8f728 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -2258,7 +2258,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl ) int ret; const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info; - unsigned char *p, *end; + unsigned char *p = NULL, *end = NULL; MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) ); From 79ae065117761fb32dd5b04a1f6800f0cb722e38 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 27 Jun 2017 16:17:54 +0100 Subject: [PATCH 014/493] Add ChangeLog entry for IAR compilation warnings --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 84a05d003..46acda75f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix variable used before assignment compilation warnings with IAR + toolchain. Found by gkerrien38. + = mbed TLS 2.5.1 released xxxx-xx-xx Security From fe9483184f9c03094353796afcad9c1d351df49d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 6 Jul 2017 10:34:12 +0100 Subject: [PATCH 015/493] Remove malloc references in mbedtls/scripts --- scripts/find-mem-leak.cocci | 8 ++--- scripts/malloc-init.pl | 70 ------------------------------------ scripts/rm-calloc-cast.cocci | 7 ++++ scripts/rm-malloc-cast.cocci | 7 ---- 4 files changed, 11 insertions(+), 81 deletions(-) delete mode 100755 scripts/malloc-init.pl create mode 100644 scripts/rm-calloc-cast.cocci delete mode 100644 scripts/rm-malloc-cast.cocci diff --git a/scripts/find-mem-leak.cocci b/scripts/find-mem-leak.cocci index 5cfe4522d..8179e2b3e 100644 --- a/scripts/find-mem-leak.cocci +++ b/scripts/find-mem-leak.cocci @@ -2,8 +2,8 @@ expression x, y; statement S; @@ - x = mbedtls_malloc(...); - y = mbedtls_malloc(...); + x = mbedtls_calloc(...); + y = mbedtls_calloc(...); ... * if (x == NULL || y == NULL) S @@ -13,8 +13,8 @@ expression x, y; statement S; @@ if ( -* (x = mbedtls_malloc(...)) == NULL +* (x = mbedtls_calloc(...)) == NULL || -* (y = mbedtls_malloc(...)) == NULL +* (y = mbedtls_calloc(...)) == NULL ) S diff --git a/scripts/malloc-init.pl b/scripts/malloc-init.pl deleted file mode 100755 index b7d6fcfac..000000000 --- a/scripts/malloc-init.pl +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/perl - -# Check for malloc calls not shortly followed by initialisation. -# -# Known limitations: -# - false negative: can't see allocations spanning more than one line -# - possible false negatives, see patterns -# - false positive: malloc-malloc-init-init is not accepted -# - false positives: "non-standard" init functions (eg, the things being -# initialised is not the first arg, or initialise struct members) -# -# Since false positives are expected, the results must be manually reviewed. -# -# Typical usage: scripts/malloc-init.pl library/*.c - -use warnings; -use strict; - -use utf8; -use open qw(:std utf8); - -my $limit = 7; -my $inits = qr/memset|memcpy|_init|fread|base64_..code/; - -# cases to bear in mind: -# -# 0. foo = malloc(...); memset( foo, ... ); -# 1. *foo = malloc(...); memset( *foo, ... ); -# 2. type *foo = malloc(...); memset( foo, ...); -# 3. foo = malloc(...); foo_init( (type *) foo ); -# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); } -# -# The chosen patterns are a bit relaxed, but unlikely to cause false positives -# in real code (initialising *foo or &foo instead of foo will likely be caught -# by functional tests). -# -my $id = qr/([a-zA-Z-0-9_\->\.]*)/; -my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/; - -my $name; -my $line; -my @bad; - -die "Usage: $0 file.c [...]\n" unless @ARGV; - -while (my $file = shift @ARGV) -{ - open my $fh, "<", $file or die "read $file failed: $!\n"; - while (<$fh>) - { - if( /mbedtls_malloc\(/ ) { - if( /$id\s*=.*mbedtls_malloc\(/ ) { - push @bad, "$file:$line:$name" if $name; - $name = $1; - $line = $.; - } else { - push @bad, "$file:$.:???" unless /return mbedtls_malloc/; - } - } elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) { - undef $name; - } elsif( $name && $. - $line > $limit ) { - push @bad, "$file:$line:$name"; - undef $name; - undef $line; - } - } - close $fh or die; -} - -print "$_\n" for @bad; diff --git a/scripts/rm-calloc-cast.cocci b/scripts/rm-calloc-cast.cocci new file mode 100644 index 000000000..89481c01a --- /dev/null +++ b/scripts/rm-calloc-cast.cocci @@ -0,0 +1,7 @@ +@rm_calloc_cast@ +expression x, n, m; +type T; +@@ + x = +- (T *) + mbedtls_calloc(n, m) diff --git a/scripts/rm-malloc-cast.cocci b/scripts/rm-malloc-cast.cocci deleted file mode 100644 index 9337dc501..000000000 --- a/scripts/rm-malloc-cast.cocci +++ /dev/null @@ -1,7 +0,0 @@ -@rm_malloc_cast@ -expression x, n; -type T; -@@ - x = -- (T *) - mbedtls_malloc(n) From 1beb048316d50a0e7ed7d1c0e9a07b9ac7fe8bba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 5 Jun 2017 13:49:44 +0200 Subject: [PATCH 016/493] Add test for limit on intermediate certificates Inspired by test code provided by Nicholas Wilson in PR #351. The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than 18 (default is 8), which is hopefully unlikely and can easily be fixed by running long.sh again with a larger value if it ever happens. Current behaviour is suboptimal as flags are not set, but currently the goal is only to document/test existing behaviour. --- tests/data_files/dir-maxpath/00.crt | 11 + tests/data_files/dir-maxpath/00.key | 8 + tests/data_files/dir-maxpath/01.crt | 13 + tests/data_files/dir-maxpath/01.key | 8 + tests/data_files/dir-maxpath/02.crt | 12 + tests/data_files/dir-maxpath/02.key | 8 + tests/data_files/dir-maxpath/03.crt | 12 + tests/data_files/dir-maxpath/03.key | 8 + tests/data_files/dir-maxpath/04.crt | 12 + tests/data_files/dir-maxpath/04.key | 8 + tests/data_files/dir-maxpath/05.crt | 12 + tests/data_files/dir-maxpath/05.key | 8 + tests/data_files/dir-maxpath/06.crt | 12 + tests/data_files/dir-maxpath/06.key | 8 + tests/data_files/dir-maxpath/07.crt | 12 + tests/data_files/dir-maxpath/07.key | 8 + tests/data_files/dir-maxpath/08.crt | 12 + tests/data_files/dir-maxpath/08.key | 8 + tests/data_files/dir-maxpath/09.crt | 12 + tests/data_files/dir-maxpath/09.key | 8 + tests/data_files/dir-maxpath/10.crt | 12 + tests/data_files/dir-maxpath/10.key | 8 + tests/data_files/dir-maxpath/11.crt | 12 + tests/data_files/dir-maxpath/11.key | 8 + tests/data_files/dir-maxpath/12.crt | 12 + tests/data_files/dir-maxpath/12.key | 8 + tests/data_files/dir-maxpath/13.crt | 12 + tests/data_files/dir-maxpath/13.key | 8 + tests/data_files/dir-maxpath/14.crt | 12 + tests/data_files/dir-maxpath/14.key | 8 + tests/data_files/dir-maxpath/15.crt | 12 + tests/data_files/dir-maxpath/15.key | 8 + tests/data_files/dir-maxpath/16.crt | 12 + tests/data_files/dir-maxpath/16.key | 8 + tests/data_files/dir-maxpath/17.crt | 12 + tests/data_files/dir-maxpath/17.key | 8 + tests/data_files/dir-maxpath/18.crt | 12 + tests/data_files/dir-maxpath/18.key | 8 + tests/data_files/dir-maxpath/19.crt | 12 + tests/data_files/dir-maxpath/19.key | 8 + tests/data_files/dir-maxpath/20.crt | 12 + tests/data_files/dir-maxpath/20.key | 8 + tests/data_files/dir-maxpath/Readme.txt | 10 + tests/data_files/dir-maxpath/c00.pem | 11 + tests/data_files/dir-maxpath/c01.pem | 24 ++ tests/data_files/dir-maxpath/c02.pem | 36 +++ tests/data_files/dir-maxpath/c03.pem | 48 ++++ tests/data_files/dir-maxpath/c04.pem | 60 +++++ tests/data_files/dir-maxpath/c05.pem | 72 ++++++ tests/data_files/dir-maxpath/c06.pem | 84 +++++++ tests/data_files/dir-maxpath/c07.pem | 96 +++++++ tests/data_files/dir-maxpath/c08.pem | 108 ++++++++ tests/data_files/dir-maxpath/c09.pem | 120 +++++++++ tests/data_files/dir-maxpath/c10.pem | 132 ++++++++++ tests/data_files/dir-maxpath/c11.pem | 144 +++++++++++ tests/data_files/dir-maxpath/c12.pem | 156 ++++++++++++ tests/data_files/dir-maxpath/c13.pem | 168 +++++++++++++ tests/data_files/dir-maxpath/c14.pem | 180 +++++++++++++ tests/data_files/dir-maxpath/c15.pem | 192 ++++++++++++++ tests/data_files/dir-maxpath/c16.pem | 204 +++++++++++++++ tests/data_files/dir-maxpath/c17.pem | 216 ++++++++++++++++ tests/data_files/dir-maxpath/c18.pem | 228 +++++++++++++++++ tests/data_files/dir-maxpath/c19.pem | 240 ++++++++++++++++++ tests/data_files/dir-maxpath/c20.pem | 252 +++++++++++++++++++ tests/data_files/dir-maxpath/int.opensslconf | 4 + tests/data_files/dir-maxpath/long.sh | 33 +++ tests/suites/test_suite_x509parse.data | 12 + tests/suites/test_suite_x509parse.function | 39 +++ 68 files changed, 3289 insertions(+) create mode 100644 tests/data_files/dir-maxpath/00.crt create mode 100644 tests/data_files/dir-maxpath/00.key create mode 100644 tests/data_files/dir-maxpath/01.crt create mode 100644 tests/data_files/dir-maxpath/01.key create mode 100644 tests/data_files/dir-maxpath/02.crt create mode 100644 tests/data_files/dir-maxpath/02.key create mode 100644 tests/data_files/dir-maxpath/03.crt create mode 100644 tests/data_files/dir-maxpath/03.key create mode 100644 tests/data_files/dir-maxpath/04.crt create mode 100644 tests/data_files/dir-maxpath/04.key create mode 100644 tests/data_files/dir-maxpath/05.crt create mode 100644 tests/data_files/dir-maxpath/05.key create mode 100644 tests/data_files/dir-maxpath/06.crt create mode 100644 tests/data_files/dir-maxpath/06.key create mode 100644 tests/data_files/dir-maxpath/07.crt create mode 100644 tests/data_files/dir-maxpath/07.key create mode 100644 tests/data_files/dir-maxpath/08.crt create mode 100644 tests/data_files/dir-maxpath/08.key create mode 100644 tests/data_files/dir-maxpath/09.crt create mode 100644 tests/data_files/dir-maxpath/09.key create mode 100644 tests/data_files/dir-maxpath/10.crt create mode 100644 tests/data_files/dir-maxpath/10.key create mode 100644 tests/data_files/dir-maxpath/11.crt create mode 100644 tests/data_files/dir-maxpath/11.key create mode 100644 tests/data_files/dir-maxpath/12.crt create mode 100644 tests/data_files/dir-maxpath/12.key create mode 100644 tests/data_files/dir-maxpath/13.crt create mode 100644 tests/data_files/dir-maxpath/13.key create mode 100644 tests/data_files/dir-maxpath/14.crt create mode 100644 tests/data_files/dir-maxpath/14.key create mode 100644 tests/data_files/dir-maxpath/15.crt create mode 100644 tests/data_files/dir-maxpath/15.key create mode 100644 tests/data_files/dir-maxpath/16.crt create mode 100644 tests/data_files/dir-maxpath/16.key create mode 100644 tests/data_files/dir-maxpath/17.crt create mode 100644 tests/data_files/dir-maxpath/17.key create mode 100644 tests/data_files/dir-maxpath/18.crt create mode 100644 tests/data_files/dir-maxpath/18.key create mode 100644 tests/data_files/dir-maxpath/19.crt create mode 100644 tests/data_files/dir-maxpath/19.key create mode 100644 tests/data_files/dir-maxpath/20.crt create mode 100644 tests/data_files/dir-maxpath/20.key create mode 100644 tests/data_files/dir-maxpath/Readme.txt create mode 100644 tests/data_files/dir-maxpath/c00.pem create mode 100644 tests/data_files/dir-maxpath/c01.pem create mode 100644 tests/data_files/dir-maxpath/c02.pem create mode 100644 tests/data_files/dir-maxpath/c03.pem create mode 100644 tests/data_files/dir-maxpath/c04.pem create mode 100644 tests/data_files/dir-maxpath/c05.pem create mode 100644 tests/data_files/dir-maxpath/c06.pem create mode 100644 tests/data_files/dir-maxpath/c07.pem create mode 100644 tests/data_files/dir-maxpath/c08.pem create mode 100644 tests/data_files/dir-maxpath/c09.pem create mode 100644 tests/data_files/dir-maxpath/c10.pem create mode 100644 tests/data_files/dir-maxpath/c11.pem create mode 100644 tests/data_files/dir-maxpath/c12.pem create mode 100644 tests/data_files/dir-maxpath/c13.pem create mode 100644 tests/data_files/dir-maxpath/c14.pem create mode 100644 tests/data_files/dir-maxpath/c15.pem create mode 100644 tests/data_files/dir-maxpath/c16.pem create mode 100644 tests/data_files/dir-maxpath/c17.pem create mode 100644 tests/data_files/dir-maxpath/c18.pem create mode 100644 tests/data_files/dir-maxpath/c19.pem create mode 100644 tests/data_files/dir-maxpath/c20.pem create mode 100644 tests/data_files/dir-maxpath/int.opensslconf create mode 100755 tests/data_files/dir-maxpath/long.sh diff --git a/tests/data_files/dir-maxpath/00.crt b/tests/data_files/dir-maxpath/00.crt new file mode 100644 index 000000000..c806648ac --- /dev/null +++ b/tests/data_files/dir-maxpath/00.crt @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/00.key b/tests/data_files/dir-maxpath/00.key new file mode 100644 index 000000000..b4d33156a --- /dev/null +++ b/tests/data_files/dir-maxpath/00.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIARPaEIfROHkE9Y0ZgHh7Mc3ZU6LR9lCOIw1ksYTHp5EoAoGCCqGSM49 +AwEHoUQDQgAEVbjX+oDAA+nL5PF1zs8qbNmyr0I+K6MpTi+kXV6RecbHYc/jbRCh +vAFVVaGTNGYvB1ugfaPrl1wIqNDua/93Eg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/01.crt b/tests/data_files/dir-maxpath/01.crt new file mode 100644 index 000000000..0e9107a72 --- /dev/null +++ b/tests/data_files/dir-maxpath/01.crt @@ -0,0 +1,13 @@ +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/01.key b/tests/data_files/dir-maxpath/01.key new file mode 100644 index 000000000..7dd064311 --- /dev/null +++ b/tests/data_files/dir-maxpath/01.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEINSnxPqUNMba8F2KWNxU88heSs7vgas5BOzjRwQsQe6IoAoGCCqGSM49 +AwEHoUQDQgAEM55/cxx8CxjvFUeFvVe7zJcQnaKI8xDol+WOibT7RTs/Ournh2Os +6DdP5ieg56p0l4pSSFFHlunhn6ppGu58ZA== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/02.crt b/tests/data_files/dir-maxpath/02.crt new file mode 100644 index 000000000..387b064da --- /dev/null +++ b/tests/data_files/dir-maxpath/02.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/02.key b/tests/data_files/dir-maxpath/02.key new file mode 100644 index 000000000..b5ac513f2 --- /dev/null +++ b/tests/data_files/dir-maxpath/02.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPW9zE8cjiZ8w17jTAebb4xAmEg6heEEnEaG4lGCd38joAoGCCqGSM49 +AwEHoUQDQgAEFh6b9YupX8LzTzj+ZGuktJ+eRL86GmCuqW01z+sjDlv+F2UjyseW +aKuBTHtHCsxiCBS9a849VdnM2Afqry4cog== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/03.crt b/tests/data_files/dir-maxpath/03.crt new file mode 100644 index 000000000..7d90a5e0f --- /dev/null +++ b/tests/data_files/dir-maxpath/03.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/03.key b/tests/data_files/dir-maxpath/03.key new file mode 100644 index 000000000..2bfa48387 --- /dev/null +++ b/tests/data_files/dir-maxpath/03.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIBx2xwapGbHTy79IbpJkc/w9LJXPKNG7gGRLPOGPQFI6oAoGCCqGSM49 +AwEHoUQDQgAEEQ1wzSItaXq3rnYasGti7JV4LMZwetx7ucuZYPtVj67iGD8w/x6N +AD73lXcxS1Y4tffmxOPrRT2C9UqbDdVn1g== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/04.crt b/tests/data_files/dir-maxpath/04.crt new file mode 100644 index 000000000..1ddcf691a --- /dev/null +++ b/tests/data_files/dir-maxpath/04.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/04.key b/tests/data_files/dir-maxpath/04.key new file mode 100644 index 000000000..e836bbf05 --- /dev/null +++ b/tests/data_files/dir-maxpath/04.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIDQvTm0wfEAKoymv8ePBv7cRxrnM4g6LREnSll5ghQsXoAoGCCqGSM49 +AwEHoUQDQgAEFFw4HFFTU/YaL22RORy+q4zm+wuecBLlik4VfwnGeK1q18e1Vx2H +Q/0d2gwOyUr2KZtrE6JOIrG5Q84WTPxgzQ== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/05.crt b/tests/data_files/dir-maxpath/05.crt new file mode 100644 index 000000000..19de3a394 --- /dev/null +++ b/tests/data_files/dir-maxpath/05.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/05.key b/tests/data_files/dir-maxpath/05.key new file mode 100644 index 000000000..7f3095e8a --- /dev/null +++ b/tests/data_files/dir-maxpath/05.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIP3MTs0m9ssAAXQ94O6GYC3pckfpMUxQiPTG8hQYgA0WoAoGCCqGSM49 +AwEHoUQDQgAEBHU9DhX+RlHK4F9l5ZQsicz/eDWeOuBrIAeqbDS7A3i/o+wFPqCc +u1S71v5R4dzg4JdPGfW4aixQZjY5x25vEA== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/06.crt b/tests/data_files/dir-maxpath/06.crt new file mode 100644 index 000000000..36f99d2c0 --- /dev/null +++ b/tests/data_files/dir-maxpath/06.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/06.key b/tests/data_files/dir-maxpath/06.key new file mode 100644 index 000000000..5b0bce243 --- /dev/null +++ b/tests/data_files/dir-maxpath/06.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIESUhQgXWd8cVQnitNEpOD2JNMqH9ug/wYaY1xW3SaSGoAoGCCqGSM49 +AwEHoUQDQgAEgPalqAFB655/t5Mcja4zyZPNlgy4plttUTedbsaaG2nb/GIBhA0X +T/jpPrkakElLAOmV3xd4hq9ho30N8DAx/A== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/07.crt b/tests/data_files/dir-maxpath/07.crt new file mode 100644 index 000000000..5bb57f84d --- /dev/null +++ b/tests/data_files/dir-maxpath/07.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/07.key b/tests/data_files/dir-maxpath/07.key new file mode 100644 index 000000000..3f20131cc --- /dev/null +++ b/tests/data_files/dir-maxpath/07.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIEi1oKInPLbiINj8OxdActVTgI+YQVSefdQfCu1ihbLRoAoGCCqGSM49 +AwEHoUQDQgAEjTo+HeDBAO6f95ooo6huE6BOKKSjwJvtwUyBqyU2E9ePvk0olCAp +dAEl4/sXlHCzCGl0zdONrC7B8aUoc0Gi9A== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/08.crt b/tests/data_files/dir-maxpath/08.crt new file mode 100644 index 000000000..bf1f33e3f --- /dev/null +++ b/tests/data_files/dir-maxpath/08.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/08.key b/tests/data_files/dir-maxpath/08.key new file mode 100644 index 000000000..d1ee9c544 --- /dev/null +++ b/tests/data_files/dir-maxpath/08.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIC8M2G7XcqeagYgt8SZJbuTh4tYchGvX3yDZJKTuBgFUoAoGCCqGSM49 +AwEHoUQDQgAEaUHkP2BkI55e0s6OlkrSdbu8bp0y+YwZFx/GgFUptKol+AA/+2D8 +WuRJxs2XS059ub0FZ30ABqTMfD9ZWIhmAg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/09.crt b/tests/data_files/dir-maxpath/09.crt new file mode 100644 index 000000000..8f67e5419 --- /dev/null +++ b/tests/data_files/dir-maxpath/09.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/09.key b/tests/data_files/dir-maxpath/09.key new file mode 100644 index 000000000..fe6a06f8c --- /dev/null +++ b/tests/data_files/dir-maxpath/09.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKkdxegP5yN840sBDxIPpiMftZss14uLaH7zoxOqrePDoAoGCCqGSM49 +AwEHoUQDQgAEe2QdevrehLH2oRsilBiVuZns5M43WmL3OJWyWijUcBUX3Nxf35jT +krFBUoPxdDfr1BPnaCojwvMEcC875uLPuQ== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/10.crt b/tests/data_files/dir-maxpath/10.crt new file mode 100644 index 000000000..72e699afb --- /dev/null +++ b/tests/data_files/dir-maxpath/10.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/10.key b/tests/data_files/dir-maxpath/10.key new file mode 100644 index 000000000..c5558f57c --- /dev/null +++ b/tests/data_files/dir-maxpath/10.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIPuPPMxo5e2doI7YfDp60qmEn4YwYs2sb5QlOpFQ3BIJoAoGCCqGSM49 +AwEHoUQDQgAEeo5RimyXeYYg8Te/PYJDnMKchyPcEcAqwAwDsDpDHjwT0ZcBnZu5 +sO2fxAJrtus0Zv4XMq7ODKpNi2mw4zyPVw== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/11.crt b/tests/data_files/dir-maxpath/11.crt new file mode 100644 index 000000000..e09e49ff0 --- /dev/null +++ b/tests/data_files/dir-maxpath/11.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/11.key b/tests/data_files/dir-maxpath/11.key new file mode 100644 index 000000000..b34bf8c9d --- /dev/null +++ b/tests/data_files/dir-maxpath/11.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIHaMieH2/wn6lnsFUGzww43ymhN16Z0nhG5TyvNeY8U2oAoGCCqGSM49 +AwEHoUQDQgAE2cEfliujQRf+64hXTet3PIY2HXWUUeJa81TT8IgUMZ58cKT8qw/Q +Omjz5i3OkqhjiVuGRlQnKCAc3vUSVXogfQ== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/12.crt b/tests/data_files/dir-maxpath/12.crt new file mode 100644 index 000000000..91ef9b03a --- /dev/null +++ b/tests/data_files/dir-maxpath/12.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/12.key b/tests/data_files/dir-maxpath/12.key new file mode 100644 index 000000000..906bdc677 --- /dev/null +++ b/tests/data_files/dir-maxpath/12.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAzhAcc1Yb2u4bsQDaYeRaRW8kJ/HzFTTfINV1k+TxZ/oAoGCCqGSM49 +AwEHoUQDQgAEwxPSz5Sz3IGd29AXIUfwJITRD/RwGr8GGnSSMs6D6OXnQlZ26EB+ +/Oo7GcGTWaAtIBwwIQphnCH0XpyEgKFbjw== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/13.crt b/tests/data_files/dir-maxpath/13.crt new file mode 100644 index 000000000..c23c1659d --- /dev/null +++ b/tests/data_files/dir-maxpath/13.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/13.key b/tests/data_files/dir-maxpath/13.key new file mode 100644 index 000000000..c8a04ef42 --- /dev/null +++ b/tests/data_files/dir-maxpath/13.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKb966FXMh8cFQt3sVpmcrh2/3yaGiLMwz+/XGKGMJ+2oAoGCCqGSM49 +AwEHoUQDQgAE65MwiS854ZYZ7L9UVwfZH3mg/nCK7j0NHCLQQxqXbw/MWwVb0HIu +PkRtkVVAklkYZBWI0rFEjNEBzEJwRZYcNg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/14.crt b/tests/data_files/dir-maxpath/14.crt new file mode 100644 index 000000000..5ca323c40 --- /dev/null +++ b/tests/data_files/dir-maxpath/14.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/14.key b/tests/data_files/dir-maxpath/14.key new file mode 100644 index 000000000..a526a1851 --- /dev/null +++ b/tests/data_files/dir-maxpath/14.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIKEycJNLyYJ5JgECpCuZiFeXZIMC+XsMEKoMhRTx6xD+oAoGCCqGSM49 +AwEHoUQDQgAE0TGTdER8z3aJzZmbqvVz4c70Odk2qJMU9/aqULZRcr1LhBiqy6Db +3XKQEWgNKxqbrekSwEDlVIjVZSdyKY+/PQ== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/15.crt b/tests/data_files/dir-maxpath/15.crt new file mode 100644 index 000000000..bef923a48 --- /dev/null +++ b/tests/data_files/dir-maxpath/15.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/15.key b/tests/data_files/dir-maxpath/15.key new file mode 100644 index 000000000..1d9390837 --- /dev/null +++ b/tests/data_files/dir-maxpath/15.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIL1c0zvh4Fx8aylrlHsOsK5Pcam7BWVHM2lDxGO26QIUoAoGCCqGSM49 +AwEHoUQDQgAEJSlIjKErLP4bE2rHnanQdgQjhiYU7dIYFBnlJ1jWdbLzuMp9BpBR +2dPPvn5djCqo6Y/lV6tCUhRchlDoJoItxw== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/16.crt b/tests/data_files/dir-maxpath/16.crt new file mode 100644 index 000000000..d9d998de2 --- /dev/null +++ b/tests/data_files/dir-maxpath/16.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/16.key b/tests/data_files/dir-maxpath/16.key new file mode 100644 index 000000000..70492de2f --- /dev/null +++ b/tests/data_files/dir-maxpath/16.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIM0YCnGkEG/TjBxrytP9Ztslm1yoQaWptBxegRzzBRDVoAoGCCqGSM49 +AwEHoUQDQgAEO1bKeyZgzZID4f/s5iD5He6NMaLf1jzBZ97gLBrbFN/OTBdH5oXx +S4UW2x/YeCY2B4/MtLKVN27lF4X7bwGVWw== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/17.crt b/tests/data_files/dir-maxpath/17.crt new file mode 100644 index 000000000..1ee78492c --- /dev/null +++ b/tests/data_files/dir-maxpath/17.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m +D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8 +nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX +BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z +ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw== +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/17.key b/tests/data_files/dir-maxpath/17.key new file mode 100644 index 000000000..eee33e8c1 --- /dev/null +++ b/tests/data_files/dir-maxpath/17.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIAiUS1dM3qrcOun8PjKe+rw40L2HG/Y8Dfxl0AfzyIVeoAoGCCqGSM49 +AwEHoUQDQgAEayEqtszvZg9vWAixweehXVP0SDbUYX3i7TPruaNx2gJ6KctEvfEc +7hBhC46c6/GSOpJDDGbI/JxWUBfB37hNIA== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/18.crt b/tests/data_files/dir-maxpath/18.crt new file mode 100644 index 000000000..afd682eb8 --- /dev/null +++ b/tests/data_files/dir-maxpath/18.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTcwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsc/JkNcYf +bMgpOfrL5kKOGxOJaGS6SQIeNO33UeBpToe1bU2acN652xjvcGo0fJEtxg2fcPHR +hTnGMBD1u1N2o4GJMIGGMB0GA1UdDgQWBBSDbIpYntlhJ0GgIsyd75XRhlC18jBX +BgNVHSMEUDBOgBSnjWvpWxZcFnfQ2KGtCg/u6fT/D6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAJo2NXfJU1sK6SVTu4OV21FKITlXntMi +oenYMsBjzO8oAiEAidSELcLjjAHi3mfBARvCgKlRhmbNEMCHQT7Ha7ZQoRw= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/18.key b/tests/data_files/dir-maxpath/18.key new file mode 100644 index 000000000..4591d032a --- /dev/null +++ b/tests/data_files/dir-maxpath/18.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJETLWqIZtnejCGzESDgMnknxqEx5evMGZfzBVPKMwKKoAoGCCqGSM49 +AwEHoUQDQgAErHPyZDXGH2zIKTn6y+ZCjhsTiWhkukkCHjTt91HgaU6HtW1NmnDe +udsY73BqNHyRLcYNn3Dx0YU5xjAQ9btTdg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/19.crt b/tests/data_files/dir-maxpath/19.crt new file mode 100644 index 000000000..a2220e5ca --- /dev/null +++ b/tests/data_files/dir-maxpath/19.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJyRCHND78 +KxZHoHHdOTjPuD6HjHPnEKX8apblUpETDJuLW7YR3V8Q0dTac+JHiR6e2l4DlDbf +5bTiyFoAzw9yo4GJMIGGMB0GA1UdDgQWBBRQMc94kTqW+zQO3lo2WMI/81k3czBX +BgNVHSMEUDBOgBSDbIpYntlhJ0GgIsyd75XRhlC18qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIzGOZqJRmvygzvLm8zxZFyoNpcT7e26H +nZd5xFIzEakCIHGYcUXzt+owSVlLmrlW8gQcB81ErQbxuBTAsvpaaKSS +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/19.key b/tests/data_files/dir-maxpath/19.key new file mode 100644 index 000000000..bb6562b3f --- /dev/null +++ b/tests/data_files/dir-maxpath/19.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIDJyHSKbXEZVfkNftQF4eHeJVuXhGdaboa7w4RejL5uYoAoGCCqGSM49 +AwEHoUQDQgAECckQhzQ+/CsWR6Bx3Tk4z7g+h4xz5xCl/GqW5VKREwybi1u2Ed1f +ENHU2nPiR4kentpeA5Q23+W04shaAM8Pcg== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/20.crt b/tests/data_files/dir-maxpath/20.crt new file mode 100644 index 000000000..c82a5276a --- /dev/null +++ b/tests/data_files/dir-maxpath/20.crt @@ -0,0 +1,12 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGebrN8JxE +heOdCxD+mhnQ4zMUxF1WUkmAAHIUw089BYiH9SAwYS/M5tnl+R8fbjvoGqSpR6Tk +V9EU3CQyIoxwo4GJMIGGMB0GA1UdDgQWBBTZs6oChL1c2CSZXY2YFQkkqg+lzDBX +BgNVHSMEUDBOgBRQMc94kTqW+zQO3lo2WMI/81k3c6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgRVGZReXKvdMHhwLbPvbrTVLeAGDqmqMH +/WqD4u23QBgCID/QtFaiawjviNFEdtU7JK6v4ZY0PQ0a0+HLZIHLi9ah +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/20.key b/tests/data_files/dir-maxpath/20.key new file mode 100644 index 000000000..2ec68ded2 --- /dev/null +++ b/tests/data_files/dir-maxpath/20.key @@ -0,0 +1,8 @@ +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIJHLciDhJcnlE5MhTrOfFlnRbpJQLOf4h72E6VDXxMM0oAoGCCqGSM49 +AwEHoUQDQgAExnm6zfCcRIXjnQsQ/poZ0OMzFMRdVlJJgAByFMNPPQWIh/UgMGEv +zObZ5fkfH2476BqkqUek5FfRFNwkMiKMcA== +-----END EC PRIVATE KEY----- diff --git a/tests/data_files/dir-maxpath/Readme.txt b/tests/data_files/dir-maxpath/Readme.txt new file mode 100644 index 000000000..8ce043353 --- /dev/null +++ b/tests/data_files/dir-maxpath/Readme.txt @@ -0,0 +1,10 @@ +These certificates from a very long chain, used to test the +MBEDTLS_X509_MAX_INT_CA limit. + +NN.key is the private key of certificate NN.crt. + +The root is 00.crt and N+1.crt is a child of N.crt. + +File cNN.pem contains the chain NN.crt to 00.crt. + +Those certificates where generated by long.sh. diff --git a/tests/data_files/dir-maxpath/c00.pem b/tests/data_files/dir-maxpath/c00.pem new file mode 100644 index 000000000..c806648ac --- /dev/null +++ b/tests/data_files/dir-maxpath/c00.pem @@ -0,0 +1,11 @@ +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c01.pem b/tests/data_files/dir-maxpath/c01.pem new file mode 100644 index 000000000..302fcbd02 --- /dev/null +++ b/tests/data_files/dir-maxpath/c01.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c02.pem b/tests/data_files/dir-maxpath/c02.pem new file mode 100644 index 000000000..77c251900 --- /dev/null +++ b/tests/data_files/dir-maxpath/c02.pem @@ -0,0 +1,36 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c03.pem b/tests/data_files/dir-maxpath/c03.pem new file mode 100644 index 000000000..d6c1a21b3 --- /dev/null +++ b/tests/data_files/dir-maxpath/c03.pem @@ -0,0 +1,48 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c04.pem b/tests/data_files/dir-maxpath/c04.pem new file mode 100644 index 000000000..613d7d85a --- /dev/null +++ b/tests/data_files/dir-maxpath/c04.pem @@ -0,0 +1,60 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c05.pem b/tests/data_files/dir-maxpath/c05.pem new file mode 100644 index 000000000..800904977 --- /dev/null +++ b/tests/data_files/dir-maxpath/c05.pem @@ -0,0 +1,72 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c06.pem b/tests/data_files/dir-maxpath/c06.pem new file mode 100644 index 000000000..e0fbf13df --- /dev/null +++ b/tests/data_files/dir-maxpath/c06.pem @@ -0,0 +1,84 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c07.pem b/tests/data_files/dir-maxpath/c07.pem new file mode 100644 index 000000000..c960d19cb --- /dev/null +++ b/tests/data_files/dir-maxpath/c07.pem @@ -0,0 +1,96 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c08.pem b/tests/data_files/dir-maxpath/c08.pem new file mode 100644 index 000000000..78c2c4a6d --- /dev/null +++ b/tests/data_files/dir-maxpath/c08.pem @@ -0,0 +1,108 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c09.pem b/tests/data_files/dir-maxpath/c09.pem new file mode 100644 index 000000000..269f4e3c7 --- /dev/null +++ b/tests/data_files/dir-maxpath/c09.pem @@ -0,0 +1,120 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c10.pem b/tests/data_files/dir-maxpath/c10.pem new file mode 100644 index 000000000..e29330479 --- /dev/null +++ b/tests/data_files/dir-maxpath/c10.pem @@ -0,0 +1,132 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c11.pem b/tests/data_files/dir-maxpath/c11.pem new file mode 100644 index 000000000..56cbcbf1e --- /dev/null +++ b/tests/data_files/dir-maxpath/c11.pem @@ -0,0 +1,144 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c12.pem b/tests/data_files/dir-maxpath/c12.pem new file mode 100644 index 000000000..77c8f3f8a --- /dev/null +++ b/tests/data_files/dir-maxpath/c12.pem @@ -0,0 +1,156 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c13.pem b/tests/data_files/dir-maxpath/c13.pem new file mode 100644 index 000000000..d5039ba45 --- /dev/null +++ b/tests/data_files/dir-maxpath/c13.pem @@ -0,0 +1,168 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c14.pem b/tests/data_files/dir-maxpath/c14.pem new file mode 100644 index 000000000..c6eca72e4 --- /dev/null +++ b/tests/data_files/dir-maxpath/c14.pem @@ -0,0 +1,180 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c15.pem b/tests/data_files/dir-maxpath/c15.pem new file mode 100644 index 000000000..220420d7d --- /dev/null +++ b/tests/data_files/dir-maxpath/c15.pem @@ -0,0 +1,192 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c16.pem b/tests/data_files/dir-maxpath/c16.pem new file mode 100644 index 000000000..041a83b45 --- /dev/null +++ b/tests/data_files/dir-maxpath/c16.pem @@ -0,0 +1,204 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c17.pem b/tests/data_files/dir-maxpath/c17.pem new file mode 100644 index 000000000..5bdbafd28 --- /dev/null +++ b/tests/data_files/dir-maxpath/c17.pem @@ -0,0 +1,216 @@ +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m +D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8 +nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX +BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z +ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c18.pem b/tests/data_files/dir-maxpath/c18.pem new file mode 100644 index 000000000..d86318952 --- /dev/null +++ b/tests/data_files/dir-maxpath/c18.pem @@ -0,0 +1,228 @@ +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTcwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsc/JkNcYf +bMgpOfrL5kKOGxOJaGS6SQIeNO33UeBpToe1bU2acN652xjvcGo0fJEtxg2fcPHR +hTnGMBD1u1N2o4GJMIGGMB0GA1UdDgQWBBSDbIpYntlhJ0GgIsyd75XRhlC18jBX +BgNVHSMEUDBOgBSnjWvpWxZcFnfQ2KGtCg/u6fT/D6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAJo2NXfJU1sK6SVTu4OV21FKITlXntMi +oenYMsBjzO8oAiEAidSELcLjjAHi3mfBARvCgKlRhmbNEMCHQT7Ha7ZQoRw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m +D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8 +nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX +BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z +ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c19.pem b/tests/data_files/dir-maxpath/c19.pem new file mode 100644 index 000000000..b1e24e42f --- /dev/null +++ b/tests/data_files/dir-maxpath/c19.pem @@ -0,0 +1,240 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJyRCHND78 +KxZHoHHdOTjPuD6HjHPnEKX8apblUpETDJuLW7YR3V8Q0dTac+JHiR6e2l4DlDbf +5bTiyFoAzw9yo4GJMIGGMB0GA1UdDgQWBBRQMc94kTqW+zQO3lo2WMI/81k3czBX +BgNVHSMEUDBOgBSDbIpYntlhJ0GgIsyd75XRhlC18qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIzGOZqJRmvygzvLm8zxZFyoNpcT7e26H +nZd5xFIzEakCIHGYcUXzt+owSVlLmrlW8gQcB81ErQbxuBTAsvpaaKSS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTcwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsc/JkNcYf +bMgpOfrL5kKOGxOJaGS6SQIeNO33UeBpToe1bU2acN652xjvcGo0fJEtxg2fcPHR +hTnGMBD1u1N2o4GJMIGGMB0GA1UdDgQWBBSDbIpYntlhJ0GgIsyd75XRhlC18jBX +BgNVHSMEUDBOgBSnjWvpWxZcFnfQ2KGtCg/u6fT/D6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAJo2NXfJU1sK6SVTu4OV21FKITlXntMi +oenYMsBjzO8oAiEAidSELcLjjAHi3mfBARvCgKlRhmbNEMCHQT7Ha7ZQoRw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m +D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8 +nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX +BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z +ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/c20.pem b/tests/data_files/dir-maxpath/c20.pem new file mode 100644 index 000000000..ff9747203 --- /dev/null +++ b/tests/data_files/dir-maxpath/c20.pem @@ -0,0 +1,252 @@ +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGebrN8JxE +heOdCxD+mhnQ4zMUxF1WUkmAAHIUw089BYiH9SAwYS/M5tnl+R8fbjvoGqSpR6Tk +V9EU3CQyIoxwo4GJMIGGMB0GA1UdDgQWBBTZs6oChL1c2CSZXY2YFQkkqg+lzDBX +BgNVHSMEUDBOgBRQMc94kTqW+zQO3lo2WMI/81k3c6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgRVGZReXKvdMHhwLbPvbrTVLeAGDqmqMH +/WqD4u23QBgCID/QtFaiawjviNFEdtU7JK6v4ZY0PQ0a0+HLZIHLi9ah +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJyRCHND78 +KxZHoHHdOTjPuD6HjHPnEKX8apblUpETDJuLW7YR3V8Q0dTac+JHiR6e2l4DlDbf +5bTiyFoAzw9yo4GJMIGGMB0GA1UdDgQWBBRQMc94kTqW+zQO3lo2WMI/81k3czBX +BgNVHSMEUDBOgBSDbIpYntlhJ0GgIsyd75XRhlC18qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIzGOZqJRmvygzvLm8zxZFyoNpcT7e26H +nZd5xFIzEakCIHGYcUXzt+owSVlLmrlW8gQcB81ErQbxuBTAsvpaaKSS +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTcwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsc/JkNcYf +bMgpOfrL5kKOGxOJaGS6SQIeNO33UeBpToe1bU2acN652xjvcGo0fJEtxg2fcPHR +hTnGMBD1u1N2o4GJMIGGMB0GA1UdDgQWBBSDbIpYntlhJ0GgIsyd75XRhlC18jBX +BgNVHSMEUDBOgBSnjWvpWxZcFnfQ2KGtCg/u6fT/D6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAJo2NXfJU1sK6SVTu4OV21FKITlXntMi +oenYMsBjzO8oAiEAidSELcLjjAHi3mfBARvCgKlRhmbNEMCHQT7Ha7ZQoRw= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m +D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8 +nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX +BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z +ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN +kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3 +buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX +BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh +FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss +/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS +FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX +BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS +fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP +donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU +iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX +BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I +71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh +lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM +0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX +BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5 +PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc +gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc +IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX +BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46 +E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2 +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB +F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco +IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX +BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d +NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5 +hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M +qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX +BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs +fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN +MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E +sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC +8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX +BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i +N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj +nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG +pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX +BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw +/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA +7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s +LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX +BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM +oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr +nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG +r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX +BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6 +g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G +UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq +LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX +BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9 +XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT +9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i +sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX +BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC ++Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p +ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF +PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX +BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM +8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf +wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V +2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX +BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF +MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX +oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G +A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN +MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx +DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL +GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW +6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf +BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC +VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw +DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ +1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU +TDA= +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT +AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx +MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht +YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA +BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm +LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/ +fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD +AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt +IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY= +-----END CERTIFICATE----- diff --git a/tests/data_files/dir-maxpath/int.opensslconf b/tests/data_files/dir-maxpath/int.opensslconf new file mode 100644 index 000000000..df28cab5c --- /dev/null +++ b/tests/data_files/dir-maxpath/int.opensslconf @@ -0,0 +1,4 @@ +[int] +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid:always,issuer:always +basicConstraints = CA:true diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh new file mode 100755 index 000000000..2626e723e --- /dev/null +++ b/tests/data_files/dir-maxpath/long.sh @@ -0,0 +1,33 @@ +#!/bin/sh + +set -eu + +: ${OPENSSL:=openssl} +NB=20 + +OPT="-days 3653 -sha256" + +# generate self-signed root +$OPENSSL ecparam -name prime256v1 -genkey -out 00.key +$OPENSSL req -new -x509 -subj "/C=UK/O=mbed TLS/CN=CA00" $OPT \ + -key 00.key -out 00.crt + +# cXX.pem is the chain starting at XX +cp 00.crt c00.pem + +# generate long chain +for i in $(seq 1 $NB); do + UP=$( printf "%02d" $((i-1)) ) + ME=$( printf "%02d" $i ) + + $OPENSSL ecparam -name prime256v1 -genkey -out ${ME}.key + $OPENSSL req -new -subj "/C=UK/O=mbed TLS/CN=CA${ME}" \ + -key ${ME}.key -out ${ME}.csr + $OPENSSL x509 -req -CA ${UP}.crt -CAkey ${UP}.key -set_serial 1 $OPT \ + -extfile int.opensslconf -extensions int \ + -in ${ME}.csr -out ${ME}.crt + + cat ${ME}.crt c${UP}.pem > c${ME}.pem + + rm ${ME}.csr +done diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 08f332441..9d3108aba 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1194,6 +1194,18 @@ X509 CRT parse path #4 (two certs, one non-cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED mbedtls_x509_crt_parse_path:"data_files/dir3":1:2 +X509 CRT verify long chain (max intermediate CA, trusted) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA:0:0 + +X509 CRT verify long chain (max intermediate CA, untrusted) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED +mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA-1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED + +X509 CRT verify long chain (max intermediate CA + 1) +depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED +mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0 + X509 CRT verify chain #1 (zero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_crt_verify_chain:"data_files/dir4/cert14.crt data_files/dir4/cert13.crt data_files/dir4/cert12.crt":"data_files/dir4/cert11.crt":MBEDTLS_X509_BADCERT_NOT_TRUSTED diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a9f7ceed4..a7baec66d 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -500,6 +500,45 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +void mbedtls_x509_crt_verify_max( char *ca_file, char *chain_dir, int nb_int, + int ret_chk, int flags_chk ) +{ + char file_buf[128]; + int ret; + uint32_t flags; + mbedtls_x509_crt trusted, chain; + + /* + * We expect chain_dir to contain certificates 00.crt, 01.crt, etc. + * with NN.crt signed by NN-1.crt + */ + + mbedtls_x509_crt_init( &trusted ); + mbedtls_x509_crt_init( &chain ); + + /* Load trusted root */ + TEST_ASSERT( mbedtls_x509_crt_parse_file( &trusted, ca_file ) == 0 ); + + /* Load a chain with nb_int intermediates (from 01 to nb_int), + * plus one "end-entity" cert (nb_int + 1) */ + ret = mbedtls_snprintf( file_buf, sizeof file_buf, "%s/c%02d.pem", chain_dir, + nb_int + 1 ); + TEST_ASSERT( ret > 0 && (size_t) ret < sizeof file_buf ); + TEST_ASSERT( mbedtls_x509_crt_parse_file( &chain, file_buf ) == 0 ); + + /* Try to verify that chain */ + ret = mbedtls_x509_crt_verify( &chain, &trusted, NULL, NULL, &flags, + NULL, NULL ); + TEST_ASSERT( ret == ret_chk ); + TEST_ASSERT( flags == (uint32_t) flags_chk ); + +exit: + mbedtls_x509_crt_free( &chain ); + mbedtls_x509_crt_free( &trusted ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void mbedtls_x509_crt_verify_chain( char *chain_paths, char *trusted_ca, int flags_result ) { From d15795acd5074e0b44e71f7ede8bdfe1b48591fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 22 Jun 2017 12:19:27 +0200 Subject: [PATCH 017/493] Improve behaviour on fatal errors If we didn't walk the whole chain, then there may be any kind of errors in the part of the chain we didn't check, so setting all flags looks like the safe thing to do. --- ChangeLog | 7 +++++++ library/x509_crt.c | 22 ++++++++++++++++------ tests/suites/test_suite_x509parse.data | 2 +- 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f0116bcf..9bf6a1719 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.y.z released YYYY-MM-DD + +Changes + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/library/x509_crt.c b/library/x509_crt.c index d86857de8..ee5f27e46 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2202,11 +2202,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, mbedtls_x509_sequence *cur = NULL; mbedtls_pk_type_t pk_type; - if( profile == NULL ) - return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); - *flags = 0; + if( profile == NULL ) + { + ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA; + goto exit; + } + if( cn != NULL ) { name = &crt->subject; @@ -2280,7 +2283,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, ret = x509_crt_verify_top( crt, parent, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } else { @@ -2295,17 +2298,24 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } else { ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile, pathlen, selfsigned, flags, f_vrfy, p_vrfy ); if( ret != 0 ) - return( ret ); + goto exit; } } +exit: + if( ret != 0 ) + { + *flags = (uint32_t) -1; + return( ret ); + } + if( *flags != 0 ) return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 9d3108aba..6df529875 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1204,7 +1204,7 @@ mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":M X509 CRT verify long chain (max intermediate CA + 1) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:0 +mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:-1 X509 CRT verify chain #1 (zero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C From 31458a18788b0cf0b722acda9bb2f2fe13a3fb32 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Jun 2017 10:11:49 +0200 Subject: [PATCH 018/493] Only return VERIFY_FAILED from a single point Everything else is a fatal error. Also improve documentation about that for the vrfy callback. --- ChangeLog | 3 +++ include/mbedtls/error.h | 2 +- include/mbedtls/ssl.h | 2 +- include/mbedtls/x509.h | 1 + include/mbedtls/x509_crt.h | 8 +++++++- library/error.c | 2 ++ library/x509_crt.c | 8 ++++++-- tests/suites/test_suite_x509parse.data | 2 +- 8 files changed, 22 insertions(+), 6 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9bf6a1719..d35457b96 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,9 @@ Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. + * With authmode set to optional, handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the vrfy callback. = mbed TLS 2.5.1 released 2017-06-21 diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5e549f6b6..31591e2d6 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -71,7 +71,7 @@ * Name ID Nr of Errors * PEM 1 9 * PKCS#12 1 4 (Started from top) - * X509 2 19 + * X509 2 20 * PKCS5 2 4 (Started from top) * DHM 3 9 * PK 3 14 (Started from top) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 51c1c60d7..cc0007006 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1052,7 +1052,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode ); * * If set, the verify callback is called for each * certificate in the chain. For implementation - * information, please see \c x509parse_verify() + * information, please see \c mbedtls_x509_crt_verify() * * \param conf SSL configuration * \param f_vrfy verification function diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index f219bf128..128eaded6 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -76,6 +76,7 @@ #define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */ #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */ +#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */ /* \} name */ /** diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 383e484f7..fd203360c 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -267,7 +267,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * * All flags left after returning from the callback * are also returned to the application. The function should - * return 0 for anything but a fatal error. + * return 0 for anything (including invalid certificates) + * other than fatal error, as a non-zero return code + * immediately aborts the verification process. For fatal + * errors, a specific error code should be used (different + * from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not + * be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR + * can be used if no better code is available. * * \note In case verification failed, the results can be displayed * using \c mbedtls_x509_crt_verify_info() diff --git a/library/error.c b/library/error.c index dd2db0c45..db42381c4 100644 --- a/library/error.c +++ b/library/error.c @@ -480,6 +480,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" ); if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) ) mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" ); + if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) ) + mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" ); #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */ // END generated code diff --git a/library/x509_crt.c b/library/x509_crt.c index ee5f27e46..ec5f77268 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2057,8 +2057,8 @@ static int x509_crt_verify_child( /* path_cnt is 0 for the first intermediate CA */ if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA ) { - *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; - return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ); + /* return immediately as the goal is to avoid unbounded recursion */ + return( MBEDTLS_ERR_X509_FATAL_ERROR ); } if( mbedtls_x509_time_is_past( &child->valid_to ) ) @@ -2310,6 +2310,10 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, } exit: + /* prevent misuse of the vrfy callback */ + if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) + ret = MBEDTLS_ERR_X509_FATAL_ERROR; + if( ret != 0 ) { *flags = (uint32_t) -1; diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 6df529875..ea56f3fbc 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1204,7 +1204,7 @@ mbedtls_x509_crt_verify_max:"data_files/test-ca2.crt":"data_files/dir-maxpath":M X509 CRT verify long chain (max intermediate CA + 1) depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:-1 +mbedtls_x509_crt_verify_max:"data_files/dir-maxpath/00.crt":"data_files/dir-maxpath":MBEDTLS_X509_MAX_INTERMEDIATE_CA+1:MBEDTLS_ERR_X509_FATAL_ERROR:-1 X509 CRT verify chain #1 (zero pathlen intermediate) depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C From 81bb6b6acf0e56f6bb5421440a6363dd2b281a6b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Jun 2017 10:45:33 +0200 Subject: [PATCH 019/493] Add SSL tests for long cert chains --- tests/ssl-opt.sh | 58 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 761655f67..4f84cda25 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2103,6 +2103,64 @@ run_test "Authentication: client no cert, ssl3" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +run_test "Authentication: server max_int chain, client default" \ + "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ + key_file=data_files/dir-maxpath/09.key" \ + "$P_CLI server_name=CA09 ca_file=data_files/dir-maxpath/00.crt" \ + 0 \ + -C "X509 - A fatal error occured" + +run_test "Authentication: server max_int+1 chain, client default" \ + "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt" \ + 1 \ + -c "X509 - A fatal error occured" + +run_test "Authentication: server max_int+1 chain, client optional" \ + "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ + auth_mode=optional" \ + 1 \ + -c "X509 - A fatal error occured" + +run_test "Authentication: server max_int+1 chain, client none" \ + "$P_SRV crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + "$P_CLI server_name=CA10 ca_file=data_files/dir-maxpath/00.crt \ + auth_mode=none" \ + 0 \ + -C "X509 - A fatal error occured" + +run_test "Authentication: client max_int+1 chain, server default" \ + "$P_SRV ca_file=data_files/dir-maxpath/00.crt" \ + "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + 0 \ + -S "X509 - A fatal error occured" + +run_test "Authentication: client max_int+1 chain, server optional" \ + "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=optional" \ + "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + 1 \ + -s "X509 - A fatal error occured" + +run_test "Authentication: client max_int+1 chain, server required" \ + "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=data_files/dir-maxpath/c10.pem \ + key_file=data_files/dir-maxpath/10.key" \ + 1 \ + -s "X509 - A fatal error occured" + +run_test "Authentication: client max_int chain, server required" \ + "$P_SRV ca_file=data_files/dir-maxpath/00.crt auth_mode=required" \ + "$P_CLI crt_file=data_files/dir-maxpath/c09.pem \ + key_file=data_files/dir-maxpath/09.key" \ + 0 \ + -S "X509 - A fatal error occured" + # Tests for CA list in CertificateRequest messages run_test "Authentication: send CA list in CertificateRequest (default)" \ From ee98109af508b14fc79051b263e641a64864bf43 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Mon, 26 Jun 2017 11:30:01 +0200 Subject: [PATCH 020/493] Add ChangeLog entry for the security issue --- ChangeLog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index d35457b96..038858cef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS 2.y.z released YYYY-MM-DD +Security + * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + trigerred remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) + Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify From 9107b5fdd3d436ef3e6537c35bbb2d200445cb7b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2017 12:16:25 +0200 Subject: [PATCH 021/493] Improve comments --- library/x509_crt.c | 4 +++- tests/ssl-opt.sh | 2 ++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index ec5f77268..3b8614125 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2310,7 +2310,9 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt, } exit: - /* prevent misuse of the vrfy callback */ + /* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by + * the SSL module for authmode optional, but non-zero return from the + * callback means a fatal error so it shouldn't be ignored */ if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) ret = MBEDTLS_ERR_X509_FATAL_ERROR; diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4f84cda25..98d55f51c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2103,6 +2103,8 @@ run_test "Authentication: client no cert, ssl3" \ -C "! mbedtls_ssl_handshake returned" \ -S "X509 - Certificate verification failed" +# The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its +# default value (8) run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ From 5be13d8fd134abc256ca2e1439b6cc0101297f07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2017 14:31:54 +0200 Subject: [PATCH 022/493] Make test script more portable seq isn't POSIX and isn't present by default on BSDs --- tests/data_files/dir-maxpath/long.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/data_files/dir-maxpath/long.sh b/tests/data_files/dir-maxpath/long.sh index 2626e723e..22f3bf548 100755 --- a/tests/data_files/dir-maxpath/long.sh +++ b/tests/data_files/dir-maxpath/long.sh @@ -16,7 +16,8 @@ $OPENSSL req -new -x509 -subj "/C=UK/O=mbed TLS/CN=CA00" $OPT \ cp 00.crt c00.pem # generate long chain -for i in $(seq 1 $NB); do +i=1 +while [ $i -le $NB ]; do UP=$( printf "%02d" $((i-1)) ) ME=$( printf "%02d" $i ) @@ -30,4 +31,5 @@ for i in $(seq 1 $NB); do cat ${ME}.crt c${UP}.pem > c${ME}.pem rm ${ME}.csr + i=$((i+1)) done From 760c9b91d7d2feeabad12583e000d117494b8bc6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 6 Jul 2017 15:00:32 +0200 Subject: [PATCH 023/493] Update doc of return value of verify() --- include/mbedtls/x509_crt.h | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fd203360c..06166d8b1 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -295,12 +295,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, * \param f_vrfy verification function * \param p_vrfy verification parameter * - * \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED - * in which case *flags will have one or more - * MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags - * set, - * or another error in case of a fatal error encountered - * during the verification process. + * \return 0 (and flags set to 0) if the chain was verified and valid, + * MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified + * but found to be invalid, in which case *flags will have one + * or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX + * flags set, or another error (and flags set to 0xffffffff) + * in case of a fatal error encountered during the + * verification process. */ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt, mbedtls_x509_crt *trust_ca, From 248ae6dbb812367ce3d3dd41ee5cfe8d69842e3c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 024/493] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From a9e775efe46b2d9de2e10fecf5f808e3f68d5aba Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 025/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 +++++++ include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 7 insertions(+), 32 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2f0116bcf..29acca935 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.x.x released xxxx-xx-xx + +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 8c1b0be111c81bc354504168b732c978dab16d8b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 026/493] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 6f45598d32d0fc2a322d6f8993097b5d5661cc37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 027/493] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 29acca935..fd5194375 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From ee5a0ca3bba93e6906c8220db227be0215a221b8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 028/493] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From e1b92fee55661a9adc61351784a13c1b01f016bf Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 029/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index fd5194375..491b18bd2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 85bdcf8c16f280d76c4cd9f12f74a223a46e4419 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 030/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 491b18bd2..84ca3684a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index d86857de8..915a7f63e 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From eba5dabc61240aeded9cffd20b840f0d184d2e2c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 031/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 84ca3684a..05892db80 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/x509_crt.c b/library/x509_crt.c index 915a7f63e..a6dce95ba 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7875b2428794a32b0b60a9c04f3bd07a86ad2460 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 032/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 05892db80..c88239dfd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From 544039ac598e0d90f7ad73944bf052978f6a86d2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 033/493] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 0a38f1ac28aaf3de7631d3da0863b94167aad9b6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 034/493] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 649dcab1759588aa8bcccb2a6c40c3d4ce5821d4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 035/493] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From 489b985fae447c89d65e56fe7be79a1968d18813 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 036/493] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From 1a28b01b5e500cf0f53df797a4a23aa0e328bb6b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 037/493] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 75c0c814e4bf9cf753d20c04f5eaebb04c7ab6c6 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 038/493] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index c88239dfd..0209cfe9e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 122d89929617e9735773eb4dbb4cf0bf6e66724c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 039/493] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From ab8b624fd5f0b1d4752a34bb247204a5702ad379 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 040/493] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0209cfe9e..937991afc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 82d7314c434338ff34b8dc43f0981ae1fb6f07e9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 041/493] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 849811c9ccda98bdd135c4f92369462d5e145d7d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 042/493] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 937991afc..ae2d59ac5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 9d80a363363dfff1c90754470528ed1c68a3611f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 043/493] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From 9da69514ecbc69b9e1b4ad2ad85a82e18e8c68b8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 044/493] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From f92e5d5dbc6a52a14342997693f0cc5c9b6dd040 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 045/493] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index ae2d59ac5..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 1d74c41a4913d1e49f11d22474f2a7f723d59138 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 046/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..cf29b0a65 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 49406c89788d582a1445216fe7cfb1c360ee4e40 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 047/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index cf29b0a65..ed0220f85 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8c50e72a0afe745be37e23f03ee98cd3597a3365 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 048/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ed0220f85..9fee9c43e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 45778acf85b7d19506478c777cdb0fe5e74a4669 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 049/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 9fee9c43e..4181281c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e1b2f6bd33af2c5f1a542759a71267bcb46b1087 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 050/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4181281c7..0bb5d88c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8d65f95901b46e02e0284516be6af94b6005320b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 051/493] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0bb5d88c1..d9682a5ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From be4f75c12f9ee37eea8d836909fe04841567210b Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 052/493] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From 745bcf454f9db4e3fa245b8a738f5f93393161c3 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Fri, 21 Jul 2017 14:04:31 +0100 Subject: [PATCH 053/493] Fix typos --- ChangeLog | 2 +- tests/data_files/dir-maxpath/Readme.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 038858cef..ce1c411f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,7 +7,7 @@ Security mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA (default: 8) intermediates, even when it was not trusted. Could be - trigerred remotely on both sides. (With auth_mode set to required + triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) Changes diff --git a/tests/data_files/dir-maxpath/Readme.txt b/tests/data_files/dir-maxpath/Readme.txt index 8ce043353..cb7c5ef26 100644 --- a/tests/data_files/dir-maxpath/Readme.txt +++ b/tests/data_files/dir-maxpath/Readme.txt @@ -1,4 +1,4 @@ -These certificates from a very long chain, used to test the +These certificates form a very long chain, used to test the MBEDTLS_X509_MAX_INT_CA limit. NN.key is the private key of certificate NN.crt. From c0da47dd1ea251c200f1971593a13def3d9e2084 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 054/493] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From 05d9535c9016d0ea709fa396bfc8c1ed6b73913c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 055/493] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index d9682a5ea..6c2f783cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From dd29c2f2c3da25f3d379d07bd68d4056407870ba Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 056/493] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From 6ee7dad8961a089f0c405c5bdc2fc58efc2bff08 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 057/493] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From 9a9adcd6aab77abe97ed77ae200516f2fe1d20ed Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 058/493] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6c2f783cd..c3ec3c3cd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 710f54182f09b419a15de67c9ae10ebb6d48a002 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 059/493] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From bebc5f69f8d21ff6feec49de96fffb2949e215f9 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 060/493] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From 713c6fdd4e7ec2170c474c73d4302d5d9e4eca1f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 061/493] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 33264d7a96c8a66c76b36e81854e9b9da8e1dba3 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 062/493] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 6fb65864a20c0ebb0ad571bd6a755a0c279d3f73 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 063/493] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From de2e70431f01341291be75a778f4c3c43cfbd471 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 064/493] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index c3ec3c3cd..008db7ace 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From c327aa1542315a79cc9451973631c81217be52bd Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 065/493] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From fdd11b253125253b6abb76da3e8f42f3c91a3076 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 066/493] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 3422ddfa4c8e5f21c5339f692eb3318d7163c607 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 067/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 008db7ace..539fff102 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -35,6 +31,8 @@ Bugfix compilation when using ARM Compiler 6. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 537e2e9bb3098377febf51a20b1befdd99d5746b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 068/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 539fff102..292d5f380 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 237ab35b4aa7d2a9b480da5f447647fa07c41c6a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 069/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 292d5f380..240bff40a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 8a26de6d99b3eb7800156a197a66180b82e39f16 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 070/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 240bff40a..127123117 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e6ec1d2d44b0272744106e533cd756e3c0747263 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 071/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 127123117..562fa6a78 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From de1586799d9f2794e28fb94a382bac59d36a15a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 072/493] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 562fa6a78..40b4fae44 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -44,7 +45,7 @@ Bugfix Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 7e8e57c6d1192d7cf867166935a0d66e6e71743f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:19:29 +0100 Subject: [PATCH 073/493] Initialize RSA context in RSA test suite before first potentially failing operation The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context, potentially resulting in a segmentation fault. Fixes one aspect of #1023. --- tests/suites/test_suite_rsa.function | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595..e9ae1bf96 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -667,13 +667,12 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) const char *pers = "test_suite_rsa"; mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init ( &ctx, 0, 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) { From 1b841cc9bf8f4756938946cce312f4dbff8bd87a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:22:45 +0100 Subject: [PATCH 074/493] Correct typo in entropy test suite data --- tests/suites/test_suite_entropy.data | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index e0dfae32a..5cff39984 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -34,10 +34,10 @@ entropy_threshold:16:2:8 Entropy threshold #2 entropy_threshold:32:1:32 -Entropy thershold #3 +Entropy threshold #3 entropy_threshold:16:0:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED -Entropy thershold #4 +Entropy threshold #4 entropy_threshold:1024:1:MBEDTLS_ERR_ENTROPY_SOURCE_FAILED Check NV seed standard IO From 910f662cd7e804b5ecff9abb97d0e216122a675d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:23:24 +0100 Subject: [PATCH 075/493] Increase readability of verbose test suite output --- tests/suites/main_test.function | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de3..fe49bdfd8 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -432,24 +432,24 @@ int main(int argc, const char *argv[]) if( unmet_dep_count > 0 || ret == DISPATCH_UNSUPPORTED_SUITE ) { total_skipped++; - mbedtls_fprintf( stdout, "----\n" ); + mbedtls_fprintf( stdout, "----" ); if( 1 == option_verbose && ret == DISPATCH_UNSUPPORTED_SUITE ) { - mbedtls_fprintf( stdout, " Test Suite not enabled" ); + mbedtls_fprintf( stdout, "\n Test Suite not enabled" ); } if( 1 == option_verbose && unmet_dep_count > 0 ) { - mbedtls_fprintf( stdout, " Unmet dependencies: " ); + mbedtls_fprintf( stdout, "\n Unmet dependencies: " ); for( i = 0; i < unmet_dep_count; i++ ) { mbedtls_fprintf(stdout, "%s ", unmet_dependencies[i]); free(unmet_dependencies[i]); } - mbedtls_fprintf( stdout, "\n" ); } + mbedtls_fprintf( stdout, "\n" ); fflush( stdout ); unmet_dep_count = 0; From 75efa792013d00bc35fab91e28cc0ebd29a86f71 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:23:43 +0100 Subject: [PATCH 076/493] Adapt generic test suite file to coding standard --- tests/suites/main_test.function | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index fe49bdfd8..5d1e9ecf0 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -396,7 +396,7 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { @@ -462,22 +462,22 @@ int main(int argc, const char *argv[]) else if( ret == DISPATCH_INVALID_TEST_DATA ) { mbedtls_fprintf( stderr, "FAILED: FATAL PARSE ERROR\n" ); - fclose(file); + fclose( file ); mbedtls_exit( 2 ); } else total_errors++; - if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) + if( ( ret = get_line( file, buf, sizeof( buf ) ) ) != 0 ) break; - if( strlen(buf) != 0 ) + if( strlen( buf ) != 0 ) { mbedtls_fprintf( stderr, "Should be empty %d\n", - (int) strlen(buf) ); + (int) strlen( buf ) ); return( 1 ); } } - fclose(file); + fclose( file ); /* In case we encounter early end of file */ for( i = 0; i < unmet_dep_count; i++ ) @@ -508,4 +508,3 @@ int main(int argc, const char *argv[]) return( total_errors != 0 ); } - From f058f34b5a892e73c0fe465e3180feab4659080a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 10:24:22 +0100 Subject: [PATCH 077/493] Support negative dependencies in test cases The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of dependency (running a test only if some configuration flag is not defined) is currently not supported and instead results in the respective test case being dropped. This commit adds support for negative dependencies in test cases. --- tests/scripts/generate_code.pl | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfa..f803a803d 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -312,7 +312,7 @@ END # and make check code my $dep_check_code; -my @res = $test_data =~ /^depends_on:([\w:]+)/msg; +my @res = $test_data =~ /^depends_on:([!:\w]+)/msg; my %case_deps; foreach my $deps (@res) { @@ -323,7 +323,23 @@ foreach my $deps (@res) } while( my ($key, $value) = each(%case_deps) ) { - $dep_check_code .= << "END"; + if( substr($key, 0, 1) eq "!" ) + { + my $key = substr($key, 1); + $dep_check_code .= << "END"; + if( strcmp( str, "!$key" ) == 0 ) + { +#if !defined($key) + return( DEPENDENCY_SUPPORTED ); +#else + return( DEPENDENCY_NOT_SUPPORTED ); +#endif + } +END + } + else + { + $dep_check_code .= << "END"; if( strcmp( str, "$key" ) == 0 ) { #if defined($key) @@ -333,6 +349,7 @@ while( my ($key, $value) = each(%case_deps) ) #endif } END + } } # Make mapping code From 51aaa99473aa3e5f62440b1d683f4858ea4e188c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 078/493] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From c6deafc0d495b3e80cd42cf8de451960f6e2190d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sun, 23 Jul 2017 14:06:42 +0100 Subject: [PATCH 079/493] Omit RSA key generation test if no strong entropy is present The RSA key generation test needs strong entropy to succeed. This commit captures the presence of a strong entropy source in a preprocessor flag and only runs the key generation test if that flag is set. --- include/mbedtls/entropy.h | 10 ++++++++++ library/entropy.c | 3 +++ tests/suites/test_suite_entropy.data | 8 ++++++-- tests/suites/test_suite_rsa.function | 2 +- 4 files changed, 20 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index 747aca4df..b374b34ec 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -55,6 +55,16 @@ #define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ #define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ +/* Indicates whether at least one standard strong entropy source is enabled. */ +#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ + ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_HAVEGE_C) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) ) +#define MBEDTLS_ENTROPY_HAVE_STRONG +#endif + /** * \name SECTION: Module settings * diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7..4de168250 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,6 +83,9 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif + /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG when + * adding more strong entropy sources here. */ + #if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, 1, MBEDTLS_ENTROPY_SOURCE_STRONG ); diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index 5cff39984..bf9ce49ed 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -52,10 +52,14 @@ entropy_nv_seed:"000000000000000000000000000000000000000000000000000000000000000 Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" -Entropy self test -depends_on:!MBEDTLS_TEST_NULL_ENTROPY +Entropy self test (with strong entropy) +depends_on:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_ENTROPY_HAVE_STRONG entropy_selftest:0 +Entropy self test (without strong entropy) +depends_on:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_ENTROPY_HAVE_STRONG +entropy_selftest:1 + Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) depends_on:MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:1 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e9ae1bf96..f64e1a73a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -658,7 +658,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_HAVE_STRONG */ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) { mbedtls_rsa_context ctx; From b3136be542b4a5b4aa02ab72e3a40ac5e3b4fb15 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 080/493] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 779d9f6886b94dd6f5366ab29348830e0eea64ec Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 081/493] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 3aa712dff78b10f8fd1b6c4ca58187f80b152560 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 082/493] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From fcb7491a49f3a1617b8e8a42cbf78bb432e2c579 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 083/493] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 84f986c0e0c1258d8a87e3edbdfb945af0b72690 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 084/493] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 9508923e9a949ce52e0c133cb0f2a5c2b185cb19 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 085/493] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From ee16553d8e7054739310da2cb7c1705b0dcef2aa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 086/493] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 47deec488f8da931ee82961d47c5e6eb9ffb94c4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 24 Jul 2017 12:27:09 +0100 Subject: [PATCH 087/493] Move flag indicating presence of strong entropy to test code --- include/mbedtls/entropy.h | 10 ---------- library/entropy.c | 4 ++-- tests/suites/helpers.function | 16 +++++++++++++++- tests/suites/test_suite_entropy.data | 8 ++------ tests/suites/test_suite_entropy.function | 6 +++--- tests/suites/test_suite_rsa.function | 1 + 6 files changed, 23 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/entropy.h b/include/mbedtls/entropy.h index b374b34ec..747aca4df 100644 --- a/include/mbedtls/entropy.h +++ b/include/mbedtls/entropy.h @@ -55,16 +55,6 @@ #define MBEDTLS_ERR_ENTROPY_NO_STRONG_SOURCE -0x003D /**< No strong sources have been added to poll. */ #define MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR -0x003F /**< Read/write error in file. */ -/* Indicates whether at least one standard strong entropy source is enabled. */ -#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ - ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ - ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ - defined(MBEDTLS_HAVEGE_C) || \ - defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ - defined(ENTROPY_NV_SEED) ) ) -#define MBEDTLS_ENTROPY_HAVE_STRONG -#endif - /** * \name SECTION: Module settings * diff --git a/library/entropy.c b/library/entropy.c index 4de168250..10449b8d0 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,8 +83,8 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif - /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG when - * adding more strong entropy sources here. */ + /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG in the test files + * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL, diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df85..39cd3c768 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -102,6 +102,21 @@ typedef UINT32 uint32_t; static int test_errors = 0; +/*----------------------------------------------------------------------------*/ +/* Helper flags for complex dependencies */ + +/* Indicates whether we expect mbedtls_entropy_init + * to initialize some strong entropy source. */ +#if defined(MBEDTLS_TEST_NULL_ENTROPY) || \ + ( !defined(MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES) && \ + ( !defined(MBEDTLS_NO_PLATFORM_ENTROPY) || \ + defined(MBEDTLS_HAVEGE_C) || \ + defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ + defined(ENTROPY_NV_SEED) ) ) +#define MBEDTLS_ENTROPY_HAVE_STRONG +#endif + + /*----------------------------------------------------------------------------*/ /* Helper Functions */ @@ -401,4 +416,3 @@ static void test_fail( const char *test, int line_no, const char* filename ) mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, filename ); } - diff --git a/tests/suites/test_suite_entropy.data b/tests/suites/test_suite_entropy.data index bf9ce49ed..5cff39984 100644 --- a/tests/suites/test_suite_entropy.data +++ b/tests/suites/test_suite_entropy.data @@ -52,14 +52,10 @@ entropy_nv_seed:"000000000000000000000000000000000000000000000000000000000000000 Check NV seed manually #3 entropy_nv_seed:"ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff" -Entropy self test (with strong entropy) -depends_on:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_ENTROPY_HAVE_STRONG +Entropy self test +depends_on:!MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:0 -Entropy self test (without strong entropy) -depends_on:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_ENTROPY_HAVE_STRONG -entropy_selftest:1 - Entropy self test (MBEDTLS_TEST_NULL_ENTROPY) depends_on:MBEDTLS_TEST_NULL_ENTROPY entropy_selftest:1 diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 97a21bc18..7983c767e 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -163,7 +163,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ void entropy_func_len( int len, int ret ) { mbedtls_entropy_context ctx; @@ -224,7 +224,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; @@ -377,7 +377,7 @@ void entropy_nv_seed( char *read_seed_str ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f64e1a73a..f41b14cc3 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -8,6 +8,7 @@ #include "mbedtls/sha512.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" + /* END_HEADER */ /* BEGIN_DEPENDENCIES From 4d90d56dfe3beb2b1da61b8518f609dcba05011a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 088/493] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 01a0e07e9df5c91446ff758c11c7e7576cb3e872 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Jul 2017 11:49:40 +0100 Subject: [PATCH 089/493] Correct indentation and labelling in ChangeLog --- ChangeLog | 31 +++++++++++++++---------------- 1 file changed, 15 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index ce1c411f0..66883d4bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,13 @@ mbed TLS ChangeLog (Sorted per branch, date) Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) -Changes +API changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. @@ -271,7 +271,7 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in + * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. @@ -291,7 +291,7 @@ Bugfix * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer @@ -1547,7 +1547,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -1576,7 +1576,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1874,9 +1874,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1898,7 +1898,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -2041,7 +2041,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -2082,7 +2082,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -2256,4 +2256,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 - From 853c46c8d3f621233e1a2f8d618ae1fbbba6ac60 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 090/493] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 40b4fae44..5c8f377c1 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From ae7b1c4aed5301cf17db0b1f382cccf07f7acddc Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 091/493] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 08f332441..428be111f 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1531,6 +1531,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From 2a9fd0e5c766a93c2a862bc647b219d5230c74c4 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 092/493] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 428be111f..2e84f7858 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From eacc616a9cc6a40a28132bb3e7ae7267654e6656 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 093/493] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 2e84f7858..dfa1f71e7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From a6bca9f19e7dae82e672842987e2c592fe845c7a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Jul 2017 13:35:11 +0100 Subject: [PATCH 094/493] Check value of MBEDTLS_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh Some tests in ssl-opt.sh assumes the value 8 for the maximal number MBEDTLS_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit adds a check before conducting the respective tests. --- tests/ssl-opt.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 98d55f51c..b4d36a94c 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2105,6 +2105,21 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) + +MAX_IM_CA=8 +MAX_IM_CA_REGEX="#define[[:blank:]]\+MBEDTLS_X509_MAX_INTERMEDIATE_CA" +MAX_IM_CA_REGEX="${MAX_IM_CA_REGEX}[[:blank:]]\+${MAX_IM_CA}[[:blank:]]*$" + +if grep "${MAX_IM_CA_REGEX}" ../include/mbedtls/x509.h > /dev/null; +then :; +else + echo "$(echo 'The tests for long intermediate chains assume the value' \ + ${MAX_IM_CA} 'for MBEDTLS_X509_MAX_INTERMEDIATE_CA.' \ + 'To test other values, please manually adapt the max_int' \ + 'tests in ssl-opt.sh.')" + return +fi + run_test "Authentication: server max_int chain, client default" \ "$P_SRV crt_file=data_files/dir-maxpath/c09.pem \ key_file=data_files/dir-maxpath/09.key" \ From e908c3de67b2ca330cdda337e3a8d9d880a14e9b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Jul 2017 13:36:48 +0100 Subject: [PATCH 095/493] Improve Readme for long test certificate chains --- tests/data_files/dir-maxpath/Readme.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/data_files/dir-maxpath/Readme.txt b/tests/data_files/dir-maxpath/Readme.txt index cb7c5ef26..606ec6cc2 100644 --- a/tests/data_files/dir-maxpath/Readme.txt +++ b/tests/data_files/dir-maxpath/Readme.txt @@ -7,4 +7,4 @@ The root is 00.crt and N+1.crt is a child of N.crt. File cNN.pem contains the chain NN.crt to 00.crt. -Those certificates where generated by long.sh. +Those certificates were generated by tests/data_files/dir-maxpath/long.sh. From 3b1422e55ed0ddd3d11f6e2b7573e2930deca91b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Jul 2017 13:38:02 +0100 Subject: [PATCH 096/493] Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the hardcoded threshold 20 used in the long certificate chain generating script tests/data_files/dir-max/long.sh. This commit adds a compile-time check for that. --- tests/suites/test_suite_x509parse.function | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index a7baec66d..34164a83f 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,6 +7,12 @@ #include "mbedtls/oid.h" #include "mbedtls/base64.h" +#if MBEDTLS_X509_MAX_INTERMEDIATE_CA >= 19 +#error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ +than the current threshold 19. To test larger values, please \ +adapt the script tests/data_files/dir-max/long.sh." +#endif + /* Profile for backward compatibility. Allows SHA-1, unlike the default profile. */ const mbedtls_x509_crt_profile compat_profile = From 487b7a9efc0bfad52816d2dd8dddfb3ff5790148 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 097/493] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5c8f377c1..8e9d174e9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -212,6 +212,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index a6dce95ba..2cab63c86 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 642ea1f399ad9b3a2bd0358547ff4e966c66b908 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 098/493] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8e9d174e9..42a74e126 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From ab0a8042f44b2ceb5b515da538334eed488c6518 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 099/493] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index 42a74e126..e8d1da5c9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of @@ -216,9 +207,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From b6479192d835fad7e46605be62ff91673eeeafb0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 100/493] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- include/mbedtls/rsa.h | 36 +++++++++++++++++++++++++++--------- 1 file changed, 27 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 54653dfdc..7d7469d50 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -329,9 +329,15 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -355,9 +361,15 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -383,9 +395,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * - * \note The output buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used) otherwise - * an error is thrown. + * \note The output buffer length \c output_max_len should be + * as large as the size ctx->len of ctx->N (eg. 128 bytes + * if RSA-1024 is used) to be able to hold an arbitrary + * decrypted message. If it is not large enough to hold + * the decryption of the particular ciphertext provided, + * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * + * \note The input buffer must be as large as the size + * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), From bfea4a7c02133df3bb5198373e735c53ced23917 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 101/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 7 ++++++- include/mbedtls/threading.h | 3 --- library/ecp.c | 20 -------------------- library/threading.c | 9 --------- 4 files changed, 6 insertions(+), 33 deletions(-) diff --git a/ChangeLog b/ChangeLog index 66883d4bb..da9ee0b1d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.y.z released YYYY-MM-DD += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -18,6 +18,11 @@ API changes verification of the peer's certificate failed due to an overlong chain or a fatal error in the vrfy callback. +Changes + * Removed mutexes from ECP hardware accelerator code. Now all hardware + accelerator code in the library leaves concurrency handling to the + platform. Reported by Steven Cooreman. #863 + = mbed TLS 2.5.1 released 2017-06-21 Security diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h index a89fd6496..b0c34ecc7 100644 --- a/include/mbedtls/threading.h +++ b/include/mbedtls/threading.h @@ -97,9 +97,6 @@ extern int (*mbedtls_mutex_unlock)( mbedtls_threading_mutex_t *mutex ); */ extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex; extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex; -#endif #endif /* MBEDTLS_THREADING_C */ #ifdef __cplusplus diff --git a/library/ecp.c b/library/ecp.c index 56f22c272..1cfd4b10f 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1690,11 +1690,6 @@ int mbedtls_ecp_mul( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, return( ret ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1719,11 +1714,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ return( ret ); } @@ -1831,11 +1821,6 @@ int mbedtls_ecp_muladd( mbedtls_ecp_group *grp, mbedtls_ecp_point *R, MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) ); #if defined(MBEDTLS_ECP_INTERNAL_ALT) -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) ) { MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) ); @@ -1853,11 +1838,6 @@ cleanup: mbedtls_internal_ecp_free( grp ); } -#if defined(MBEDTLS_THREADING_C) - if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 ) - return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR ); - -#endif #endif /* MBEDTLS_ECP_INTERNAL_ALT */ mbedtls_ecp_point_free( &mP ); diff --git a/library/threading.c b/library/threading.c index 55091e8db..07586756f 100644 --- a/library/threading.c +++ b/library/threading.c @@ -113,9 +113,6 @@ void mbedtls_threading_set_alt( void (*mutex_init)( mbedtls_threading_mutex_t * mbedtls_mutex_init( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_init( &mbedtls_threading_ecp_mutex ); -#endif } /* @@ -125,9 +122,6 @@ void mbedtls_threading_free_alt( void ) { mbedtls_mutex_free( &mbedtls_threading_readdir_mutex ); mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex ); -#if defined(MBEDTLS_ECP_INTERNAL_ALT) - mbedtls_mutex_free( &mbedtls_threading_ecp_mutex ); -#endif } #endif /* MBEDTLS_THREADING_ALT */ @@ -139,8 +133,5 @@ void mbedtls_threading_free_alt( void ) #endif mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT; mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT; -#if defined(MBEDTLS_ECP_INTERNAL_ALT) -mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT; -#endif #endif /* MBEDTLS_THREADING_C */ From 28f320e60ecae5e91d5fece0a8fe89e83b2858ab Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 23 Jun 2017 13:05:44 +0100 Subject: [PATCH 102/493] Enable MBEDTLS_AES_ROM_TABLES in config-no-entropy Enable the MBEDTLS_AES_ROM_TABLES option in the configs/config-no-entropy.h to place AES lookup tables in ROM. This saves considerable RAM space, a resource that is very limited in small devices that use this configuration. --- configs/config-no-entropy.h | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h index 95f17d456..73758602a 100644 --- a/configs/config-no-entropy.h +++ b/configs/config-no-entropy.h @@ -80,6 +80,9 @@ #define MBEDTLS_X509_CRT_PARSE_C #define MBEDTLS_X509_CRL_PARSE_C +/* Miscellaneous options */ +#define MBEDTLS_AES_ROM_TABLES + #include "check_config.h" #endif /* MBEDTLS_CONFIG_H */ From 92fcfe2933960bc367897f43b1dd8cbc54dc96ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 12:57:44 +0100 Subject: [PATCH 103/493] Add ChangeLog entry for config-no-entropy.h change --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index da9ee0b1d..c349a66e8 100644 --- a/ChangeLog +++ b/ChangeLog @@ -22,6 +22,8 @@ Changes * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 + * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file + config-no-entropy.h to reduce the RAM footprint. = mbed TLS 2.5.1 released 2017-06-21 From 2a47be50129fa330442698efc01e285dfb49639c Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 20 Jun 2017 15:23:23 +0300 Subject: [PATCH 104/493] Minor: Fix typos in program comments Fix a couple of typos and writer's mistakes, in some reference program applications --- programs/pkey/ecdh_curve25519.c | 2 +- programs/ssl/ssl_server2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c index aa15c4687..e7ead9a93 100644 --- a/programs/pkey/ecdh_curve25519.c +++ b/programs/pkey/ecdh_curve25519.c @@ -204,7 +204,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); /* - * Verification: are the computed secret equal? + * Verification: are the computed secrets equal? */ mbedtls_printf( " . Checking if both computed secrets are equal..." ); fflush( stdout ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 3e6366cec..a25886824 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -2168,7 +2168,7 @@ handshake: #if defined(MBEDTLS_X509_CRT_PARSE_C) /* - * 5. Verify the server certificate + * 5. Verify the client certificate */ mbedtls_printf( " . Verifying peer X.509 certificate..." ); From 5a21fd62bf2cfc34d2f33071e15212f0b20204bd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 105/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 ++- library/gcm.c | 6 ++- tests/suites/test_suite_gcm.aes128_de.data | 4 ++ tests/suites/test_suite_gcm.aes128_en.data | 4 ++ tests/suites/test_suite_gcm.aes192_de.data | 4 ++ tests/suites/test_suite_gcm.aes192_en.data | 4 ++ tests/suites/test_suite_gcm.aes256_de.data | 4 ++ tests/suites/test_suite_gcm.aes256_en.data | 4 ++ tests/suites/test_suite_gcm.function | 43 ++++++++++++++++++++++ 9 files changed, 76 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index c349a66e8..9034b42c7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/gcm.c b/library/gcm.c index f1210c52c..fccb092bd 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -277,8 +277,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx, size_t use_len, olen = 0; /* IV and AD are limited to 2^64 bits, so 2^61 bytes */ - if( ( (uint64_t) iv_len ) >> 61 != 0 || - ( (uint64_t) add_len ) >> 61 != 0 ) + /* IV is not allowed to be zero length */ + if( iv_len == 0 || + ( (uint64_t) iv_len ) >> 61 != 0 || + ( (uint64_t) add_len ) >> 61 != 0 ) { return( MBEDTLS_ERR_GCM_BAD_INPUT ); } diff --git a/tests/suites/test_suite_gcm.aes128_de.data b/tests/suites/test_suite_gcm.aes128_de.data index 6eaa711b9..2a2e32f0d 100644 --- a/tests/suites/test_suite_gcm.aes128_de.data +++ b/tests/suites/test_suite_gcm.aes128_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"659b9e729d12f68b73fdc2f7260ab114":"fd0732a38224c3f16f58de3a7f333da2ecdb6eec92b469544a891966dd4f8fb64a711a793f1ef6a90e49765eacaccdd8cc438c2b57c51902d27a82ee4f24925a864a9513a74e734ddbf77204a99a3c0060fcfbaccae48fe509bc95c3d6e1b1592889c489801265715e6e4355a45357ce467c1caa2f1c3071bd3a9168a7d223e3":"459df18e2dfbd66d6ad04978432a6d97":"ee0b0b52a729c45b899cc924f46eb1908e55aaaeeaa0c4cdaacf57948a7993a6debd7b6cd7aa426dc3b3b6f56522ba3d5700a820b1697b8170bad9ca7caf1050f13d54fb1ddeb111086cb650e1c5f4a14b6a927205a83bf49f357576fd0f884a83b068154352076a6e36a5369436d2c8351f3e6bfec65b4816e3eb3f144ed7f9":32:"8e5a6a79":"FAIL":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes128_en.data b/tests/suites/test_suite_gcm.aes128_en.data index d8bee9d56..9453ffa70 100644 --- a/tests/suites/test_suite_gcm.aes128_en.data +++ b/tests/suites/test_suite_gcm.aes128_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-128,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"fe481476fce76efcfc78ed144b0756f1":"246e1f2babab8da98b17cc928bd49504d7d87ea2cc174f9ffb7dbafe5969ff824a0bcb52f35441d22f3edcd10fab0ec04c0bde5abd3624ca25cbb4541b5d62a3deb52c00b75d68aaf0504d51f95b8dcbebdd8433f4966c584ac7f8c19407ca927a79fa4ead2688c4a7baafb4c31ef83c05e8848ec2b4f657aab84c109c91c277":"1a2c18c6bf13b3b2785610c71ccd98ca":"b0ab3cb5256575774b8242b89badfbe0dfdfd04f5dd75a8e5f218b28d3f6bc085a013defa5f5b15dfb46132db58ed7a9ddb812d28ee2f962796ad988561a381c02d1cf37dca5fd33e081d61cc7b3ab0b477947524a4ca4cb48c36f48b302c440be6f5777518a60585a8a16cea510dbfc5580b0daac49a2b1242ff55e91a8eae8":"5587620bbb77f70afdf3cdb7ae390edd0473286d86d3f862ad70902d90ff1d315947c959f016257a8fe1f52cc22a54f21de8cb60b74808ac7b22ea7a15945371e18b77c9571aad631aa080c60c1e472019fa85625fc80ed32a51d05e397a8987c8fece197a566689d24d05361b6f3a75616c89db6123bf5902960b21a18bc03a":32:"bd4265a8":0 +AES-GCM Bad IV (AES-128,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"d0194b6ee68f0ed8adc4b22ed15dbf14":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_de.data b/tests/suites/test_suite_gcm.aes192_de.data index 841c6fa36..9e7bad00f 100644 --- a/tests/suites/test_suite_gcm.aes192_de.data +++ b/tests/suites/test_suite_gcm.aes192_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"e3dc64e3c02731fe6e6ec0e899183018da347bf8bd476aa7746d7a7729d83a95f64bb732ba987468d0cede154e28169f7bafa36559200795037ee38279e0e4ca40f9cfa85aa0c8035df9649345c8fdffd1c31528b485dfe443c1923180cc8fae5196d16f822be4ad07e3f1234e1d218e7c8fb37a0e4480dc6717c9c09ff5c45f":"ca362e615024a1fe11286668646cc1de":"237d95d86a5ad46035870f576a1757eded636c7234d5ed0f8039f6f59f1333cc31cb893170d1baa98bd4e79576de920120ead0fdecfb343edbc2fcc556540a91607388a05d43bdb8b55f1327552feed3b620614dfcccb2b342083896cbc81dc9670b761add998913ca813163708a45974e6d7b56dfd0511a72eb879f239d6a6d":32:"28d730ea":"dafde27aa8b3076bfa16ab1d89207d339c4997f8a756cc3eb62c0b023976de808ab640ba4467f2b2ea83d238861229c73387594cd43770386512ea595a70888b4c38863472279e06b923e7cf32438199b3e054ac4bc21baa8df39ddaa207ebb17fa4cad6e83ea58c3a92ec74e6e01b0a8979af145dd31d5df29750bb91b42d45":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes192_en.data b/tests/suites/test_suite_gcm.aes192_en.data index 18e56e79c..5ea110186 100644 --- a/tests/suites/test_suite_gcm.aes192_en.data +++ b/tests/suites/test_suite_gcm.aes192_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-192,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"713358e746dd84ab27b8adb3b17ea59cd75fa6cb0c13d1a8":"35b8b655efdf2d09f5ed0233c9eeb0b6f85e513834848cd594dba3c6e64f78e7af4a7a6d53bba7b43764334d6373360ae3b73b1e765978dffa7dbd805fda7825b8e317e8d3f1314aa97f877be815439c5da845028d1686283735aefac79cdb9e02ec3590091cb507089b9174cd9a6111f446feead91f19b80fd222fc6299fd1c":"26ed909f5851961dd57fa950b437e17c":"c9469ad408764cb7d417f800d3d84f03080cee9bbd53f652763accde5fba13a53a12d990094d587345da2cdc99357b9afd63945ca07b760a2c2d4948dbadb1312670ccde87655a6a68edb5982d2fcf733bb4101d38cdb1a4942a5d410f4c45f5ddf00889bc1fe5ec69b40ae8aaee60ee97bea096eeef0ea71736efdb0d8a5ec9":"cc3f9983e1d673ec2c86ae4c1e1b04e30f9f395f67c36838e15ce825b05d37e9cd40041470224da345aa2da5dfb3e0c561dd05ba7984a1332541d58e8f9160e7e8457e717bab203de3161a72b7aedfa53616b16ca77fd28d566fbf7431be559caa1a129b2f29b9c5bbf3eaba594d6650c62907eb28e176f27c3be7a3aa24cef6":32:"5be7611b":0 +AES-GCM Bad IV (AES-192,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_ENCRYPT:"b10979797fb8f418a126120d45106e1779b4538751a19bf6":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_de.data b/tests/suites/test_suite_gcm.aes256_de.data index 0fe848978..9696a62be 100644 --- a/tests/suites/test_suite_gcm.aes256_de.data +++ b/tests/suites/test_suite_gcm.aes256_de.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_decrypt_and_verify:MBEDTLS_CIPHER_ID_AES:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"8d03cf6fac31182ad3e6f32e4c823e3b421aef786d5651afafbf70ef14c00524ab814bc421b1d4181b4d3d82d6ae4e8032e43a6c4e0691184425b37320798f865c88b9b306466311d79e3e42076837474c37c9f6336ed777f05f70b0c7d72bd4348a4cd754d0f0c3e4587f9a18313ea2d2bace502a24ea417d3041b709a0471f":"4763a4e37b806a5f4510f69fd8c63571":"07daeba37a66ebe15f3d6451d1176f3a7107a302da6966680c425377e621fd71610d1fc9c95122da5bf85f83b24c4b783b1dcd6b508d41e22c09b5c43693d072869601fc7e3f5a51dbd3bc6508e8d095b9130fb6a7f2a043f3a432e7ce68b7de06c1379e6bab5a1a48823b76762051b4e707ddc3201eb36456e3862425cb011a":32:"3105dddb":"FAIL":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.aes256_en.data b/tests/suites/test_suite_gcm.aes256_en.data index 23d1689cc..0ff716d5d 100644 --- a/tests/suites/test_suite_gcm.aes256_en.data +++ b/tests/suites/test_suite_gcm.aes256_en.data @@ -670,6 +670,10 @@ AES-GCM NIST Validation (AES-256,128,1024,1024,32) #2 depends_on:MBEDTLS_AES_C gcm_encrypt_and_tag:MBEDTLS_CIPHER_ID_AES:"1477e189fb3546efac5cc144f25e132ffd0081be76e912e25cbce7ad63f1c2c4":"7bd3ea956f4b938ebe83ef9a75ddbda16717e924dd4e45202560bf5f0cffbffcdd23be3ae08ff30503d698ed08568ff6b3f6b9fdc9ea79c8e53a838cc8566a8b52ce7c21b2b067e778925a066c970a6c37b8a6cfc53145f24bf698c352078a7f0409b53196e00c619237454c190b970842bb6629c0def7f166d19565127cbce0":"c109f35893aff139db8ed51c85fee237":"8f7f9f71a4b2bb0aaf55fced4eb43c57415526162070919b5f8c08904942181820d5847dfd54d9ba707c5e893a888d5a38d0130f7f52c1f638b0119cf7bc5f2b68f51ff5168802e561dff2cf9c5310011c809eba002b2fa348718e8a5cb732056273cc7d01cce5f5837ab0b09b6c4c5321a7f30a3a3cd21f29da79fce3f3728b":"7841e3d78746f07e5614233df7175931e3c257e09ebd7b78545fae484d835ffe3db3825d3aa1e5cc1541fe6cac90769dc5aaeded0c148b5b4f397990eb34b39ee7881804e5a66ccc8d4afe907948780c4e646cc26479e1da874394cb3537a8f303e0aa13bd3cc36f6cc40438bcd41ef8b6a1cdee425175dcd17ee62611d09b02":32:"cb13ce59":0 +AES-GCM Bad IV (AES-256,128,0,0,32) #0 +depends_on:MBEDTLS_AES_C +gcm_bad_parameters:MBEDTLS_CIPHER_ID_AES:MBEDTLS_GCM_DECRYPT:"ca264e7caecad56ee31c8bf8dde9592f753a6299e76c60ac1e93cff3b3de8ce9":"":"":"":32:MBEDTLS_ERR_GCM_BAD_INPUT + AES-GCM Selftest depends_on:MBEDTLS_AES_C gcm_selftest: diff --git a/tests/suites/test_suite_gcm.function b/tests/suites/test_suite_gcm.function index 56c7e1899..308e14bb4 100644 --- a/tests/suites/test_suite_gcm.function +++ b/tests/suites/test_suite_gcm.function @@ -7,6 +7,49 @@ * END_DEPENDENCIES */ +/* BEGIN_CASE */ +void gcm_bad_parameters( int cipher_id, int direction, + char *hex_key_string, char *hex_src_string, + char *hex_iv_string, char *hex_add_string, + int tag_len_bits, int gcm_result ) +{ + unsigned char key_str[128]; + unsigned char src_str[128]; + unsigned char dst_str[257]; + unsigned char iv_str[128]; + unsigned char add_str[128]; + unsigned char tag_str[128]; + unsigned char output[128]; + unsigned char tag_output[16]; + mbedtls_gcm_context ctx; + unsigned int key_len; + size_t pt_len, iv_len, add_len, tag_len = tag_len_bits / 8; + + mbedtls_gcm_init( &ctx ); + + memset( key_str, 0x00, sizeof( key_str ) ); + memset( src_str, 0x00, sizeof( src_str ) ); + memset( dst_str, 0x00, sizeof( dst_str ) ); + memset( iv_str, 0x00, sizeof( iv_str ) ); + memset( add_str, 0x00, sizeof( add_str ) ); + memset( tag_str, 0x00, sizeof( tag_str ) ); + memset( output, 0x00, sizeof( output ) ); + memset( tag_output, 0x00, sizeof( tag_output ) ); + + key_len = unhexify( key_str, hex_key_string ); + pt_len = unhexify( src_str, hex_src_string ); + iv_len = unhexify( iv_str, hex_iv_string ); + add_len = unhexify( add_str, hex_add_string ); + + TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str, key_len * 8 ) == 0 ); + TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, pt_len, iv_str, iv_len, + add_str, add_len, src_str, output, tag_len, tag_output ) == gcm_result ); + +exit: + mbedtls_gcm_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void gcm_encrypt_and_tag( int cipher_id, char *hex_key_string, char *hex_src_string, From 8ab0595538c20096fe3f9102389b6541e3db7862 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 106/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ library/x509_crt.c | 8 ++++---- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 9034b42c7..7a72030fa 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index 3b8614125..d7b857e58 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1171,13 +1171,13 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( dir == NULL ) return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &mbedtls_threading_readdir_mutex ) ) != 0 ) { closedir( dir ); return( ret ); } -#endif +#endif /* MBEDTLS_THREADING_C */ while( ( entry = readdir( dir ) ) != NULL ) { @@ -1210,10 +1210,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) cleanup: closedir( dir ); -#if defined(MBEDTLS_THREADING_PTHREAD) +#if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &mbedtls_threading_readdir_mutex ) != 0 ) ret = MBEDTLS_ERR_THREADING_MUTEX_ERROR; -#endif +#endif /* MBEDTLS_THREADING_C */ #endif /* _WIN32 */ From 3e19df5c95aba62f59816110d479816bd0c4f492 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 107/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 7a72030fa..c81c259e3 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_crt.c b/library/x509_crt.c index d7b857e58..5ec855192 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1146,7 +1146,10 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) p, (int) len - 1, NULL, NULL ); if( w_ret == 0 ) - return( MBEDTLS_ERR_X509_FILE_IO_ERROR ); + { + ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; + goto cleanup; + } w_ret = mbedtls_x509_crt_parse_file( chain, filename ); if( w_ret < 0 ) @@ -1159,6 +1162,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ) if( GetLastError() != ERROR_NO_MORE_FILES ) ret = MBEDTLS_ERR_X509_FILE_IO_ERROR; +cleanup: FindClose( hFind ); #else /* _WIN32 */ int t_ret; From 7269fee0b6403793f62ffa030ceceb49aca79227 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 108/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ library/dhm.c | 6 +++--- library/ecp.c | 4 ++-- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index c81c259e3..96f4b31f0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/dhm.c b/library/dhm.c index a4715d170..bec52a11d 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -165,7 +165,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -251,7 +251,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, */ do { - mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->X, x_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->X, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->X, 1 ) ); @@ -324,7 +324,7 @@ static int dhm_update_blinding( mbedtls_dhm_context *ctx, count = 0; do { - mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &ctx->Vi, mbedtls_mpi_size( &ctx->P ), f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &ctx->Vi, &ctx->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &ctx->Vi, 1 ) ); diff --git a/library/ecp.c b/library/ecp.c index 1cfd4b10f..5ad686398 100644 --- a/library/ecp.c +++ b/library/ecp.c @@ -1128,7 +1128,7 @@ static int ecp_randomize_jac( const mbedtls_ecp_group *grp, mbedtls_ecp_point *p /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); @@ -1527,7 +1527,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P /* Generate l such that 1 < l < p */ do { - mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ); + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &l, p_size, f_rng, p_rng ) ); while( mbedtls_mpi_cmp_mpi( &l, &grp->P ) >= 0 ) MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &l, 1 ) ); From d300a5734afff24be846412bbb9347c19c3db4ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 20 Jun 2017 14:31:29 +0100 Subject: [PATCH 109/493] Undo API change The previous commit b3e6872c9381ed4ce020d631dda1e0126c42b64f changed to public functions from ssl_ciphersuite.h to static inline. This commit reverts this change. --- include/mbedtls/ssl_ciphersuites.h | 36 ++---------------------------- library/ssl_ciphersuites.c | 36 ++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 34 deletions(-) diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h index 931c1b3c3..9101d9cc7 100644 --- a/include/mbedtls/ssl_ciphersuites.h +++ b/include/mbedtls/ssl_ciphersuites.h @@ -359,23 +359,8 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciph mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info ); #endif -#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) -static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: - case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ); +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ); #if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED) static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info ) @@ -429,23 +414,6 @@ static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersui } #endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */ -#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) -static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) -{ - switch( info->key_exchange ) - { - case MBEDTLS_KEY_EXCHANGE_PSK: - case MBEDTLS_KEY_EXCHANGE_RSA_PSK: - case MBEDTLS_KEY_EXCHANGE_DHE_PSK: - case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: - return( 1 ); - - default: - return( 0 ); - } -} -#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ - static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info ) { switch( info->key_exchange ) diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c index c1a92d67d..95e6163cc 100644 --- a/library/ssl_ciphersuites.c +++ b/library/ssl_ciphersuites.c @@ -1834,6 +1834,42 @@ mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphers return( MBEDTLS_PK_NONE ); } } + #endif /* MBEDTLS_PK_C */ +#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) +int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: + case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */ + +#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) +int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info ) +{ + switch( info->key_exchange ) + { + case MBEDTLS_KEY_EXCHANGE_PSK: + case MBEDTLS_KEY_EXCHANGE_RSA_PSK: + case MBEDTLS_KEY_EXCHANGE_DHE_PSK: + case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK: + return( 1 ); + + default: + return( 0 ); + } +} +#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */ + #endif /* MBEDTLS_SSL_TLS_C */ From 639ce56b6a270d9d376430d365b75b29e8f4de50 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 11:25:37 +0100 Subject: [PATCH 110/493] Undo API change from SHA1 deprecation The previous commit bd5ceee484f201b90a384636ba12de86bd330cba removed the definition of the global constants - mbedtls_test_ca_crt_rsa_len, - mbedtls_test_cli_crt_rsa_len, - mbedtls_test_ca_crt_rsa, and - mbedtls_test_cli_crt_rsa. This commit restores these to maintain ABI compatibility. Further, it was noticed that without SHA256_C being enabled the previous code failed to compile because because the SHA1 resp. SHA256 certificates were only defined when the respective SHAXXX_C options were set, but the emission of the global variable mbedtls_test_ca_crt was unconditionally defined through the SHA256 certificate. Previously, the RSA SHA1 certificate was unconditionally defined and used for that. As a remedy, this commit makes sure some RSA certificate is defined and exported through the following rule: 1. If SHA256_C is active, define an RSA SHA256 certificate and export it as mbedtls_test_ca_crt. Also, define SHA1 certificates only if SHA1_C is set. 2. If SHA256_C is not set, always define SHA1 certificate and export it as mbedtls_test_ca_crt. --- library/certs.c | 75 +++++++++++++++++++++++++++++-------------------- 1 file changed, 45 insertions(+), 30 deletions(-) diff --git a/library/certs.c b/library/certs.c index 5c0199891..f1379b8cb 100644 --- a/library/certs.c +++ b/library/certs.c @@ -116,31 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec ); #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) -#if defined(MBEDTLS_SHA1_C) -#define TEST_CA_CRT_RSA_SHA1 \ -"-----BEGIN CERTIFICATE-----\r\n" \ -"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ -"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ -"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ -"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ -"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ -"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ -"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ -"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ -"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ -"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ -"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ -"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ -"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ -"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ -"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ -"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ -"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ -"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ -"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ -"-----END CERTIFICATE-----\r\n" -static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; -#endif #if defined(MBEDTLS_SHA256_C) #define TEST_CA_CRT_RSA_SHA256 \ @@ -165,7 +140,46 @@ static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; "ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \ "n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \ "-----END CERTIFICATE-----\r\n" + +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#define TEST_CA_CRT_RSA_SOME + static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256; + +#endif + +#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C) +#define TEST_CA_CRT_RSA_SHA1 \ +"-----BEGIN CERTIFICATE-----\r\n" \ +"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \ +"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \ +"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \ +"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \ +"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \ +"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \ +"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \ +"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \ +"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \ +"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \ +"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n" \ +"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n" \ +"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n" \ +"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n" \ +"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n" \ +"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n" \ +"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n" \ +"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \ +"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \ +"-----END CERTIFICATE-----\r\n" + +#if !defined (TEST_CA_CRT_RSA_SOME) +const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1; +const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa ); +#endif + +static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1; + #endif const char mbedtls_test_ca_key_rsa[] = @@ -257,7 +271,7 @@ const char mbedtls_test_srv_key_rsa[] = "-----END RSA PRIVATE KEY-----\r\n"; const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa ); -static const char mbedtls_test_cli_crt_rsa_sha256[] = +const char mbedtls_test_cli_crt_rsa[] = "-----BEGIN CERTIFICATE-----\r\n" "MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" "MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" @@ -279,6 +293,7 @@ static const char mbedtls_test_cli_crt_rsa_sha256[] = "ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n" "c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n" "-----END CERTIFICATE-----\r\n"; +const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa ); const char mbedtls_test_cli_key_rsa[] = "-----BEGIN RSA PRIVATE KEY-----\r\n" @@ -354,19 +369,19 @@ const size_t mbedtls_test_cas_len[] = { }; #if defined(MBEDTLS_RSA_C) -const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256; +const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa; /* SHA1 or SHA256 */ const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa; const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa; const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa; const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa; -const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256; +const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa; const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa; -const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 ); +const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa ); const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa ); const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1; const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa ); const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa ); -const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 ); +const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa ); const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa ); #else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */ const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec; From 6d84ae7e5786398b2d88c38b7b1c0d3f9e55c8bd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:19 +0100 Subject: [PATCH 111/493] Clarify documentation for alternative AES implementations The functions mbedtls_aes_decrypt and mbedtls_aes_encrypt have been superseded by mbedtls_aes_internal_decrypt and mbedtls_aes_internal_encrypt, respectively. Alternative implementations should now only replace the latter, and leave the maintenance wrapper definitions of the former untouched. This commit clarifies this in the documentation of the respective configuration options MBEDTLS_AES_DECRYPT_ALT and MBEDTLS_AES_ENCRYPT_ALT. --- include/mbedtls/aes.h | 8 ++------ include/mbedtls/config.h | 12 +++++++++--- 2 files changed, 11 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index b5560cc81..6044a51aa 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,9 +287,7 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Internal AES block encryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_ENCRYPT_ALT) + * \brief Old AES block encryption function without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -306,9 +304,7 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( } /** - * \brief Internal AES block decryption function - * (Only exposed to allow overriding it, - * see MBEDTLS_AES_DECRYPT_ALT) + * \brief Old AES block decryption function without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..2a2209a35 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -273,9 +273,15 @@ * of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible * with this definition. * - * Note: if you use the AES_xxx_ALT macros, then is is recommended to also set - * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES - * tables. + * \note Because of a signature change, the core AES encryption and decryption routines are + * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, + * respectively. When setting up alternative implementations, these functions should + * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt + * have to stay untouched. + * + * \note If you use the AES_xxx_ALT macros, then is is recommended to also set + * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES + * tables. * * Uncomment a macro to enable alternate implementation of the corresponding * function. From bedc2050b64af4915bf53ed9508bbf18781ad4fc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 26 Jun 2017 12:46:56 +0100 Subject: [PATCH 112/493] Export mbedtls_aes_(en/de)crypt to retain for API compatibility The commit f5bf7189d303e602992c750c09e429e23c7b2abf made the AES functions mbedtls_aes_encrypt and mbedtls_aes_decrypt static, changing the library's API. This commit reverts this. --- include/mbedtls/aes.h | 20 ++++++-------------- library/aes.c | 14 ++++++++++++++ 2 files changed, 20 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 6044a51aa..4a546acc9 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -295,13 +295,9 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, * \param input Plaintext block * \param output Output (ciphertext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_encrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); /** * \brief Old AES block decryption function without return value. @@ -312,13 +308,9 @@ MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt( * \param input Ciphertext block * \param output Output (plaintext) block */ -MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt( - mbedtls_aes_context *ctx, - const unsigned char input[16], - unsigned char output[16] ) -{ - mbedtls_internal_aes_decrypt( ctx, input, output ); -} +MBEDTLS_DEPRECATED void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ); #undef MBEDTLS_DEPRECATED #endif /* !MBEDTLS_DEPRECATED_REMOVED */ diff --git a/library/aes.c b/library/aes.c index 5e01c4f2b..58603849c 100644 --- a/library/aes.c +++ b/library/aes.c @@ -765,6 +765,13 @@ int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_ENCRYPT_ALT */ +void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_encrypt( ctx, input, output ); +} + /* * AES-ECB block decryption */ @@ -824,6 +831,13 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, } #endif /* !MBEDTLS_AES_DECRYPT_ALT */ +void mbedtls_aes_decrypt( mbedtls_aes_context *ctx, + const unsigned char input[16], + unsigned char output[16] ) +{ + mbedtls_internal_aes_decrypt( ctx, input, output ); +} + /* * AES-ECB block encryption/decryption */ From ca1cdb2bf3cb89f1ab65bd339ff40bb634601b3e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 20 Jul 2017 09:50:59 +0100 Subject: [PATCH 113/493] Make minor changes to documentation --- include/mbedtls/aes.h | 6 ++++-- include/mbedtls/config.h | 2 +- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 4a546acc9..1829f7240 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -287,7 +287,8 @@ int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx, #define MBEDTLS_DEPRECATED #endif /** - * \brief Old AES block encryption function without return value. + * \brief Deprecated internal AES block encryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0 * @@ -300,7 +301,8 @@ MBEDTLS_DEPRECATED void mbedtls_aes_encrypt( mbedtls_aes_context *ctx, unsigned char output[16] ); /** - * \brief Old AES block decryption function without return value. + * \brief Deprecated internal AES block decryption function + * without return value. * * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0 * diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 2a2209a35..b10d87375 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -277,7 +277,7 @@ * currently named mbedtls_aes_internal_encrypt and mbedtls_aes_internal_decrypt, * respectively. When setting up alternative implementations, these functions should * be overriden, but the wrapper functions mbedtls_aes_decrypt and mbedtls_aes_encrypt - * have to stay untouched. + * must stay untouched. * * \note If you use the AES_xxx_ALT macros, then is is recommended to also set * MBEDTLS_AES_ROM_TABLES in order to help the linker garbage-collect the AES From 51e8c3ed7eaec62cdade23ba4017422463f91345 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 20 Jul 2017 12:33:41 +0200 Subject: [PATCH 114/493] Update Changelog for API/ABI fixes to revert interface --- ChangeLog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ChangeLog b/ChangeLog index 96f4b31f0..e7b596fab 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,12 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +API Changes + * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the + API consistent with mbed TLS 2.5.0. Specifically removed the inline + qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 From 2a6f39cb63486ba174d8d781661e64a7c97f6b25 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:03:23 +0100 Subject: [PATCH 115/493] Add library setup and teardown APIs Add the following two functions to allow platform setup and teardown operations for the full library to be hooked in: * mbedtls_platform_setup() * mbedtls_platform_teardown() An mbedtls_platform_context C structure is also added and two internal functions that are called by the corresponding setup and teardown functions above: * mbedtls_internal_platform_setup() * mbedtls_internal_plartform_teardown() Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT is also added to allow mbedtls_platform_context and internal function to be overriden by the user as needed for a platform. --- include/mbedtls/config.h | 1 + include/mbedtls/platform.h | 45 ++++++++++++++++++++++++++++++++++++++ library/platform.c | 30 +++++++++++++++++++++++++ 3 files changed, 76 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index b10d87375..ffeeb34af 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,6 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT +//#define MBEDTLS_PLATFORM_SETUP_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index b1b019e55..a9ff7e421 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,6 +288,51 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +typedef struct mbedtls_platform_context mbedtls_platform_context; +#else +#include "platform_alt.h" +#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ + +/** + * \brief Perform any platform initialisation operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be called before any other library function + */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Perform any platform teardown operations + * + * \param ctx mbed TLS context + * + * \return 0 if successful + * + * \note This function should be after every other mbed TLS module has been + * correctly freed using the appropriate free function. + */ +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); + +/** + * \brief Internal function to perform any platform initialisation operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + * + * \return 0 if successful + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); +/** + * \brief Internal function to perform any platform teardown operations + * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT + * + * \param ctx mbed TLS context + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); + #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 8b336c38e..2ac67cbe9 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,4 +304,34 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) +{ + return( mbedtls_internal_platform_setup( ctx ) ); +} + +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) +{ + mbedtls_internal_platform_teardown( ctx ); +} + +#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +/* + * Placeholder internal platform setup that does nothing by default + */ +int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +{ + (void)ctx; + + return( 0 ); +} + +/* + * Placeholder internal platform teardown that does nothing by default + */ +void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +{ + (void)ctx; +} +#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ + #endif /* MBEDTLS_PLATFORM_C */ From 63e672b09d4a6275ab21871ddb42615c1e6aa7bc Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 7 Jul 2017 13:19:13 +0100 Subject: [PATCH 116/493] Add ChangeLog entry for platform setup and teardown --- ChangeLog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7b596fab..18273fb82 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,16 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() + to perform platform-specific setup and teardown operations. Furthermore, + the internal functions mbedtls_internal_platform_setup() and + mbedtls_internal_platform_teardown() to allow platform-specific hooks to + be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT + allows the internal functions to be overridden. This new APIs are + specially useful in some embedded environments that have hardware + acceleration support. + API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline From 3c8a39d28a8b40c2de93c68d5af0cd1d01282d39 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:25:17 +0100 Subject: [PATCH 117/493] Remove internal functions from setup API --- include/mbedtls/platform.h | 21 ++++----------------- library/platform.c | 18 ++++-------------- 2 files changed, 8 insertions(+), 31 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index a9ff7e421..29b80cd3e 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,6 +289,10 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +struct mbedtls_platform_context { + char dummy; /**< Placeholder member as empty structs are not portable */ +}; + typedef struct mbedtls_platform_context mbedtls_platform_context; #else #include "platform_alt.h" @@ -316,23 +320,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform initialisation operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - * - * \return 0 if successful - */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ); -/** - * \brief Internal function to perform any platform teardown operations - * Only exposed to allow overriding it, see MBEDTLS_PLATFORM_SETUP_ALT - * - * \param ctx mbed TLS context - */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ); - #ifdef __cplusplus } #endif diff --git a/library/platform.c b/library/platform.c index 2ac67cbe9..f739f2f0f 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,21 +304,11 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -int mbedtls_platform_setup( mbedtls_platform_context *ctx ) -{ - return( mbedtls_internal_platform_setup( ctx ) ); -} - -void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) -{ - mbedtls_internal_platform_teardown( ctx ); -} - #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) /* - * Placeholder internal platform setup that does nothing by default + * Placeholder platform setup that does nothing by default */ -int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) +int mbedtls_platform_setup( mbedtls_platform_context *ctx ) { (void)ctx; @@ -326,9 +316,9 @@ int mbedtls_internal_platform_setup( mbedtls_platform_context *ctx ) } /* - * Placeholder internal platform teardown that does nothing by default + * Placeholder platform teardown that does nothing by default */ -void mbedtls_internal_platform_teardown( mbedtls_platform_context *ctx ) +void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } From 052ac860aea8e94c0c25f711f09bb785def04943 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:27:05 +0100 Subject: [PATCH 118/493] Modify ChangeLog according to API changes --- ChangeLog | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 18273fb82..5b8f5e887 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,13 +4,11 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() - to perform platform-specific setup and teardown operations. Furthermore, - the internal functions mbedtls_internal_platform_setup() and - mbedtls_internal_platform_teardown() to allow platform-specific hooks to - be plugged into the library. Finally, the macro MBEDTLS_PLATFORM_SETUP_ALT - allows the internal functions to be overridden. This new APIs are - specially useful in some embedded environments that have hardware - acceleration support. + and the context struct mbedtls_platform_context to perform + platform-specific setup and teardown operations. The macro + MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the + user in a platform_alt.h file. This new APIs are specially useful in some + embedded environments that have hardware acceleration support. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the From 64b02cd947f68f62e9d9c0b9d844f652fa11a2a7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 11:32:40 +0100 Subject: [PATCH 119/493] Improve documentation for mbedtls_platform_context --- include/mbedtls/platform.h | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 29b80cd3e..88a0bdf33 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -289,11 +289,18 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_ENTROPY_NV_SEED */ #if !defined(MBEDTLS_PLATFORM_SETUP_ALT) -struct mbedtls_platform_context { - char dummy; /**< Placeholder member as empty structs are not portable */ -}; -typedef struct mbedtls_platform_context mbedtls_platform_context; +/** + * \brief Platform context structure + * + * \note This structure may be used to assist platform-specific + * setup/teardown operations. + */ +typedef struct { + char dummy; /**< Placeholder member as empty structs are not portable */ +} +mbedtls_platform_context; + #else #include "platform_alt.h" #endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ From d91f99f868a98657ba04773a75b598c99f861863 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:23:04 +0100 Subject: [PATCH 120/493] Rename macro SETUP_ALT to SETUP_TEARDOWN_ALT Rename the macro MBEDTLS_PLATFORM_SETUP_ALT to MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT to make the name more descriptive as this macro enables/disables both functions. --- include/mbedtls/config.h | 2 +- include/mbedtls/platform.h | 4 ++-- library/platform.c | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ffeeb34af..de9993848 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -163,7 +163,7 @@ //#define MBEDTLS_PLATFORM_PRINTF_ALT //#define MBEDTLS_PLATFORM_SNPRINTF_ALT //#define MBEDTLS_PLATFORM_NV_SEED_ALT -//#define MBEDTLS_PLATFORM_SETUP_ALT +//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT /** * \def MBEDTLS_DEPRECATED_WARNING diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 88a0bdf33..712bbe937 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -288,7 +288,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /** * \brief Platform context structure @@ -303,7 +303,7 @@ mbedtls_platform_context; #else #include "platform_alt.h" -#endif /* !MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* !MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ /** * \brief Perform any platform initialisation operations diff --git a/library/platform.c b/library/platform.c index f739f2f0f..af3b2f15e 100644 --- a/library/platform.c +++ b/library/platform.c @@ -304,7 +304,7 @@ int mbedtls_platform_set_nv_seed( #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ #endif /* MBEDTLS_ENTROPY_NV_SEED */ -#if !defined(MBEDTLS_PLATFORM_SETUP_ALT) +#if !defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) /* * Placeholder platform setup that does nothing by default */ @@ -322,6 +322,6 @@ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ) { (void)ctx; } -#endif /* MBEDTLS_PLATFORM_SETUP_ALT */ +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #endif /* MBEDTLS_PLATFORM_C */ From 586d3773ecdfaf343d4e792a393b76b618f1692f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 18 Jul 2017 10:24:26 +0100 Subject: [PATCH 121/493] Fix typo in ChangeLog and update macro name --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 5b8f5e887..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,8 +6,8 @@ Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro - MBEDTLS_PLATFORM_SETUP_ALT allows the functions to be overridden by the - user in a platform_alt.h file. This new APIs are specially useful in some + MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden + by the user in a platform_alt.h file. This new APIs are required in some embedded environments that have hardware acceleration support. API Changes From 3240c55b306ffb07574ab331b345fc015a0b151a Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 122/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..d8d02c263 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From e56d1ec60a55cb2a3a50935cffcad067be108d9e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 123/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index d8d02c263..75cd44bd7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From d551c24ddb3e84eb546adff1794238611891246d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 124/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 75cd44bd7..4937cbb84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 5274f274f0e09e6ca6eac08514447d4727dc8e9a Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 125/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4937cbb84..963def14c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 528c62127127c4909448489fc1888d0e66b74357 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 126/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 963def14c..f157caf84 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 9a6748cff17fbf6e961a91de6db6f6bc26b79af5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 01:48:17 +0200 Subject: [PATCH 127/493] Correct order of sections in the ChangeLog --- ChangeLog | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/ChangeLog b/ChangeLog index f157caf84..ed00182bc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,18 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From d3be27a92ac201a92bb502847cbdfa8023dfde18 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 02:08:00 +0200 Subject: [PATCH 128/493] Add additional comments to platform setup/teardown functions --- include/mbedtls/platform.h | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 712bbe937..25b5d2129 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -312,7 +312,13 @@ mbedtls_platform_context; * * \return 0 if successful * - * \note This function should be called before any other library function + * \note This function is intended to allow platform specific initialisation, + * and should be called before any other library functions. Its + * implementation is platform specific, and by default, unless platform + * specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); /** @@ -322,8 +328,13 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \return 0 if successful * - * \note This function should be after every other mbed TLS module has been - * correctly freed using the appropriate free function. + * \note This function should be called after every other mbed TLS module has + * been correctly freed using the appropriate free function. + * Its implementation is platform specific, and by default, unless + * platform specific code is provided, it does nothing. + * + * Its use and whether its necessary to be called is dependent on the + * platform. */ void mbedtls_platform_teardown( mbedtls_platform_context *ctx ); From a95d630197bd4356dac33ad6d8f7f170e318a00c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 21 Jul 2017 23:48:55 +0100 Subject: [PATCH 129/493] Fix platform setup/teardown feature and comments Fixed the platform setup/teardown feature, by fixing it for doxygen and adding it as a feature in 'version_features.c'. --- include/mbedtls/platform.h | 2 -- library/version_features.c | 3 +++ 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h index 25b5d2129..35010f885 100644 --- a/include/mbedtls/platform.h +++ b/include/mbedtls/platform.h @@ -326,8 +326,6 @@ int mbedtls_platform_setup( mbedtls_platform_context *ctx ); * * \param ctx mbed TLS context * - * \return 0 if successful - * * \note This function should be called after every other mbed TLS module has * been correctly freed using the appropriate free function. * Its implementation is platform specific, and by default, unless diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..bb172f298 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -69,6 +69,9 @@ static const char *features[] = { #if defined(MBEDTLS_PLATFORM_NV_SEED_ALT) "MBEDTLS_PLATFORM_NV_SEED_ALT", #endif /* MBEDTLS_PLATFORM_NV_SEED_ALT */ +#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT) + "MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT", +#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */ #if defined(MBEDTLS_DEPRECATED_WARNING) "MBEDTLS_DEPRECATED_WARNING", #endif /* MBEDTLS_DEPRECATED_WARNING */ From aa27dfeecca2fbd722aa3b47a7ccab75571155de Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:05:55 +0100 Subject: [PATCH 130/493] Enable 64-bit compilation with ARM Compiler 6 This patch fixes the conditional preprocessor directives in include/mbedtls/bignum.h to enable 64-bit compilation with ARM Compiler 6. --- ChangeLog | 2 ++ include/mbedtls/bignum.h | 68 ++++++++++++++++++++++++---------------- 2 files changed, 43 insertions(+), 27 deletions(-) diff --git a/ChangeLog b/ChangeLog index ed00182bc..6f902fadb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix conditional preprocessor directives in bignum.h to enable 64-bit + compilation when using ARM Compiler 6. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 1a5b4b675..ac89069dc 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -106,33 +106,47 @@ * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM */ -#if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(_MSC_VER) && defined(_M_AMD64) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; -#else - #if ( ! defined(MBEDTLS_HAVE_INT32) && \ - defined(__GNUC__) && ( \ - defined(__amd64__) || defined(__x86_64__) || \ - defined(__ppc64__) || defined(__powerpc64__) || \ - defined(__ia64__) || defined(__alpha__) || \ - (defined(__sparc__) && defined(__arch64__)) || \ - defined(__s390x__) || defined(__mips64) ) ) - #define MBEDTLS_HAVE_INT64 - typedef int64_t mbedtls_mpi_sint; - typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL - #else - #define MBEDTLS_HAVE_INT32 - typedef int32_t mbedtls_mpi_sint; - typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_HAVE_INT32 && __GNUC__ && 64-bit platform */ -#endif /* !MBEDTLS_HAVE_INT32 && _MSC_VER && _M_AMD64 */ +#if !defined(MBEDTLS_HAVE_INT32) + #if defined(_MSC_VER) && defined(_M_AMD64) + /* Always choose 64-bit when using MSC */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #elif defined(__GNUC__) && ( \ + defined(__amd64__) || defined(__x86_64__) || \ + defined(__ppc64__) || defined(__powerpc64__) || \ + defined(__ia64__) || defined(__alpha__) || \ + ( defined(__sparc__) && defined(__arch64__) ) || \ + defined(__s390x__) || defined(__mips64) ) + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #elif defined(__ARMCC_VERSION) && defined(__aarch64__) + /* __ARMCC_VERSION is defined for both armcc and armclang and + * __aarch64__ is only defined by armclang when compiling 64-bit code + */ + #define MBEDTLS_HAVE_INT64 + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif +#endif /* !MBEDTLS_HAVE_INT32 */ + +#if !defined(MBEDTLS_HAVE_INT64) + /* Default to 32-bit compilation */ + #if !defined(MBEDTLS_HAVE_INT32) + #define MBEDTLS_HAVE_INT32 + #endif /* !MBEDTLS_HAVE_INT32 */ + typedef int32_t mbedtls_mpi_sint; + typedef uint32_t mbedtls_mpi_uint; + typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL +#endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus extern "C" { From 5e873fb464b62b697624b46ebba7fab24aa7c306 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 4 May 2017 11:35:51 +0100 Subject: [PATCH 131/493] Add all.sh test to force 32-bit compilation --- tests/scripts/all.sh | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7c33c5c2c..743735e39 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -438,6 +438,17 @@ if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + +msg "build: gcc, force 32-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + +msg "test: gcc, force 32-bit compilation" +make test fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s From d7fce008c5e196bc6f883d24f66a97190df76f23 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 11:49:32 +0100 Subject: [PATCH 132/493] Allow forcing 64-bit integer type Allow forcing 64-bit integer type for bignum operations. Also introduce the macro MBEDTLS_TYPE_UDBL to allow configuration of the double length integer in unknown compilers. --- include/mbedtls/bignum.h | 61 ++++++++++++++++++++++++++-------- include/mbedtls/check_config.h | 10 ++++++ 2 files changed, 57 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index ac89069dc..3b76c1cac 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -103,13 +103,28 @@ /* * Define the base integer type, architecture-wise. * - * 32-bit integers can be forced on 64-bit arches (eg. for testing purposes) - * by defining MBEDTLS_HAVE_INT32 and undefining MBEDTLS_HAVE_ASM + * 32 or 64-bit integer types can be forced regardless of the underlying + * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 + * respectively and undefining MBEDTLS_HAVE_ASM. + * + * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * disabled by defining MBEDTLS_NO_UDBL_DIVISION. + * + * The double length integer types can be configured by defining + * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the + * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL + * must be a complete statement of the form: + * typedef mbedtls_t_udbl + * for example: + * #define MBEDTLS_TYPE_UDBL \ + * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) /* Always choose 64-bit when using MSC */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; #elif defined(__GNUC__) && ( \ @@ -118,22 +133,39 @@ defined(__ia64__) || defined(__alpha__) || \ ( defined(__sparc__) && defined(__arch64__) ) || \ defined(__s390x__) || defined(__mips64) ) - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))); + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #elif defined(__ARMCC_VERSION) && defined(__aarch64__) - /* __ARMCC_VERSION is defined for both armcc and armclang and + /* + * __ARMCC_VERSION is defined for both armcc and armclang and * __aarch64__ is only defined by armclang when compiling 64-bit code */ - #define MBEDTLS_HAVE_INT64 + #if !defined(MBEDTLS_HAVE_INT64) + #define MBEDTLS_HAVE_INT64 + #endif /* !MBEDTLS_HAVE_INT64 */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - /* mbedtls_t_udbl defined as 128-bit unsigned int */ - typedef __uint128_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + /* mbedtls_t_udbl defined as 128-bit unsigned int */ + typedef __uint128_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ + #elif defined(MBEDTLS_HAVE_INT64) + /* Force 64-bit integers with unknown compiler */ + typedef int64_t mbedtls_mpi_sint; + typedef uint64_t mbedtls_mpi_uint; + #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) + MBEDTLS_TYPE_UDBL; + #define MBEDTLS_HAVE_UDBL + #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -144,8 +176,9 @@ #endif /* !MBEDTLS_HAVE_INT32 */ typedef int32_t mbedtls_mpi_sint; typedef uint32_t mbedtls_mpi_uint; - typedef uint64_t mbedtls_t_udbl; - #define MBEDTLS_HAVE_UDBL + #if !defined(MBEDTLS_NO_UDBL_DIVISION) + typedef uint64_t mbedtls_t_udbl; + #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ #ifdef __cplusplus diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index dab1113d8..7261e7da9 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -650,6 +650,16 @@ #error "MBEDTLS_X509_CSR_WRITE_C defined, but not all prerequisites" #endif +#if defined(MBEDTLS_HAVE_INT32) && defined(MBEDTLS_HAVE_INT64) +#error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" +#endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ + +#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ + defined(MBEDTLS_HAVE_ASM +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" + "defined simultaneously" +#endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ + /* * Avoid warning from -pedantic. This is a convenient place for this * workaround since this is included by every single file before the From b1a977f5a7629aba1f4e55581b681f92a660d242 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 8 Jun 2017 15:19:20 +0200 Subject: [PATCH 133/493] MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION Changed the option to disable the use of 64-bit division, to an option to disable the use of double-width division, whether that's 64 or 128-bit. --- ChangeLog | 7 +++++++ include/mbedtls/config.h | 25 +++++++++++++++++++++++++ tests/scripts/all.sh | 7 +++++++ 3 files changed, 39 insertions(+) diff --git a/ChangeLog b/ChangeLog index 6f902fadb..96c83e097 100644 --- a/ChangeLog +++ b/ChangeLog @@ -16,6 +16,13 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. +Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. + * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the + double-width integer type used in the bignum module when the compiler is + unknown. + Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index de9993848..a921f4787 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -55,6 +55,31 @@ */ #define MBEDTLS_HAVE_ASM +/** + * \def MBEDTLS_NO_UDBL_DIVISION + * + * The platform lacks support for double-width integer division (64-bit + * division on a 32-bit platform, 128-bit division on a 64-bit platform). + * + * Used in: + * include/mbedtls/bignum.h + * library/bignum.c + * + * The bignum code uses double-width division to speed up some operations. + * Double-width division is often implemented in software that needs to + * be linked with the program. The presence of a double-width integer + * type is usually detected automatically through preprocessor macros, + * but the automatic detection cannot know whether the code needs to + * and can be linked with an implementation of division for that type. + * By default division is assumed to be usable if the type is present. + * Uncomment this option to prevent the use of double-width division. + * + * Note that division for the native integer type is always required. + * Furthermore, a 64-bit type is always required even on a 32-bit + * platform, but it need not support multiplication or division. + */ +//#define MBEDTLS_NO_UDBL_DIVISION + /** * \def MBEDTLS_HAVE_SSE2 * diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 743735e39..630ddfb36 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -468,6 +468,13 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s +cleanup +scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION +CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +echo "Checking that software 64-bit division is not required" +! grep __aeabi_uldiv library/*.o + msg "build: ARM Compiler 5, make" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 683ac27b0f6e12855b3e0133a3037c65c47abdef Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 15 Jun 2017 18:01:54 +0200 Subject: [PATCH 134/493] Checked names --- library/version_features.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/version_features.c b/library/version_features.c index bb172f298..5cbe8aca3 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -36,6 +36,9 @@ static const char *features[] = { #if defined(MBEDTLS_HAVE_ASM) "MBEDTLS_HAVE_ASM", #endif /* MBEDTLS_HAVE_ASM */ +#if defined(MBEDTLS_NO_UDBL_DIVISION) + "MBEDTLS_NO_UDBL_DIVISION", +#endif /* MBEDTLS_NO_UDBL_DIVISION */ #if defined(MBEDTLS_HAVE_SSE2) "MBEDTLS_HAVE_SSE2", #endif /* MBEDTLS_HAVE_SSE2 */ From 93db11a395062a02099f53aec7ec1945a2046fe8 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 12:11:19 +0100 Subject: [PATCH 135/493] Fix typo in check_config.h --- include/mbedtls/bignum.h | 4 ++-- include/mbedtls/check_config.h | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 3b76c1cac..c8d94c920 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -107,10 +107,10 @@ * architecture by defining MBEDTLS_HAVE_INT32 or MBEDTLS_HAVE_INT64 * respectively and undefining MBEDTLS_HAVE_ASM. * - * Double length integers (e.g. 128-bit in 64-bit architectures) can be + * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. * - * The double length integer types can be configured by defining + * The double-width integer types can be configured by defining * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL * must be a complete statement of the form: diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index 7261e7da9..e846b429a 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -654,8 +654,8 @@ #error "MBEDTLS_HAVE_INT32 and MBEDTLS_HAVE_INT64 cannot be defined simultaneously" #endif /* MBEDTLS_HAVE_INT32 && MBEDTLS_HAVE_INT64 */ -#if (defined(MBEDTLS_HAVE_INT32) || define(MBEDTLS_HAVE_INT64)) && \ - defined(MBEDTLS_HAVE_ASM +#if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ + defined(MBEDTLS_HAVE_ASM) #error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" "defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ From b39467dda7e40a6336eb66bf6a246589c945036b Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:15 +0100 Subject: [PATCH 136/493] Fix check_config.h #error directive --- include/mbedtls/check_config.h | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h index e846b429a..fa72454e5 100644 --- a/include/mbedtls/check_config.h +++ b/include/mbedtls/check_config.h @@ -656,8 +656,7 @@ #if ( defined(MBEDTLS_HAVE_INT32) || defined(MBEDTLS_HAVE_INT64) ) && \ defined(MBEDTLS_HAVE_ASM) -#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_INT64 cannot be" - "defined simultaneously" +#error "MBEDTLS_HAVE_INT32/MBEDTLS_HAVE_INT64 and MBEDTLS_HAVE_ASM cannot be defined simultaneously" #endif /* (MBEDTLS_HAVE_INT32 || MBEDTLS_HAVE_INT64) && MBEDTLS_HAVE_ASM */ /* From 9946783218070a9f9d7aa60735857fe4089800ca Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:21:34 +0100 Subject: [PATCH 137/493] Add tests for 64 and 32-bit int types compilation --- tests/scripts/all.sh | 23 ++++++++++++++++++++++- 1 file changed, 22 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 630ddfb36..7466b5403 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -447,10 +447,31 @@ scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "test: gcc, force 32-bit compilation" +msg "build: gcc, force 64-bit compilation" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + +msg "test: gcc, force 64-bit compilation" make test + +msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_HAVE_ASM +scripts/config.pl unset MBEDTLS_AESNI_C +scripts/config.pl unset MBEDTLS_PADLOCK_C +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make fi # x86_64 +msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make + msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 465db7eba1b8d49726303337600eaf3729f8b074 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 13:27:35 +0100 Subject: [PATCH 138/493] Fix no 64-bit division test in all.sh --- tests/scripts/all.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 7466b5403..1f5bad44b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -491,6 +491,18 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +scripts/config.pl full +scripts/config.pl unset MBEDTLS_NET_C +scripts/config.pl unset MBEDTLS_TIMING_C +scripts/config.pl unset MBEDTLS_FS_IO +scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED +scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY +# following things are not in the default config +scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c +scripts/config.pl unset MBEDTLS_THREADING_PTHREAD +scripts/config.pl unset MBEDTLS_THREADING_C +scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h +scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib echo "Checking that software 64-bit division is not required" From df1486afe4964ec012babfb3a5665124896464f5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 20 Jul 2017 17:33:09 +0100 Subject: [PATCH 139/493] Remove MBEDTLS_TYPE_UDBL option --- ChangeLog | 3 --- include/mbedtls/bignum.h | 14 +------------- 2 files changed, 1 insertion(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 96c83e097..e654c1ff0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -19,9 +19,6 @@ API Changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. - * Added config.h option MBEDTLS_TYPE_UDBL to allow configuring the - double-width integer type used in the bignum module when the compiler is - unknown. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index c8d94c920..456a80420 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -109,15 +109,6 @@ * * Double-width integers (e.g. 128-bit in 64-bit architectures) can be * disabled by defining MBEDTLS_NO_UDBL_DIVISION. - * - * The double-width integer types can be configured by defining - * MBEDTLS_TYPE_UDBL when the type cannot be automatically deduced by the - * library (e.g. the compiler is unknown). The definition of MBEDTLS_TYPE_UDBL - * must be a complete statement of the form: - * typedef mbedtls_t_udbl - * for example: - * #define MBEDTLS_TYPE_UDBL \ - * typedef unsigned int mbedtls_t_udbl __attribute__((mode(TI))) */ #if !defined(MBEDTLS_HAVE_INT32) #if defined(_MSC_VER) && defined(_M_AMD64) @@ -162,10 +153,6 @@ /* Force 64-bit integers with unknown compiler */ typedef int64_t mbedtls_mpi_sint; typedef uint64_t mbedtls_mpi_uint; - #if !defined(MBEDTLS_NO_UDBL_DIVISION) && defined(MBEDTLS_TYPE_UDBL) - MBEDTLS_TYPE_UDBL; - #define MBEDTLS_HAVE_UDBL - #endif /* !MBEDTLS_NO_UDBL_DIVISION && MBEDTLS_TYPE_UDBL */ #endif #endif /* !MBEDTLS_HAVE_INT32 */ @@ -178,6 +165,7 @@ typedef uint32_t mbedtls_mpi_uint; #if !defined(MBEDTLS_NO_UDBL_DIVISION) typedef uint64_t mbedtls_t_udbl; + #define MBEDTLS_HAVE_UDBL #endif /* !MBEDTLS_NO_UDBL_DIVISION */ #endif /* !MBEDTLS_HAVE_INT64 */ From f755bb3adff97bc16b3d0b20ac7eb589bc7bbb12 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:50:25 +0100 Subject: [PATCH 140/493] Remove MBEDTLS_TYPE_UDBL tests from all.sh --- tests/scripts/all.sh | 9 ++------- 1 file changed, 2 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 1f5bad44b..65dc47175 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -458,20 +458,15 @@ CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make msg "test: gcc, force 64-bit compilation" make test -msg "build: gcc, force 64-bit compilation, attempt to set MBEDTLS_TYPE_UDBL" +msg "build: gcc, force 64-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64 -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make +CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 -msg "build: gcc, attempt to set MBEDTLS_TYPE_UDBL for known compiler" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_TYPE_UDBL="typedef XXXXXX"' make - msg "build: arm-none-eabi-gcc, make" # ~ 10s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From c630ce6b4c27d2a37682f52d11053f77ee31fdf5 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 21 Jul 2017 10:56:22 +0100 Subject: [PATCH 141/493] Improve MBEDTLS_NO_UDBL_DIVISION description --- include/mbedtls/config.h | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a921f4787..47c719640 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -76,7 +76,10 @@ * * Note that division for the native integer type is always required. * Furthermore, a 64-bit type is always required even on a 32-bit - * platform, but it need not support multiplication or division. + * platform, but it need not support multiplication or division. In some + * cases it is also desirable to disable some double-width operations. For + * example, if double-width division is implemented in software, disabling + * it can reduce code size in some embedded targets. */ //#define MBEDTLS_NO_UDBL_DIVISION From 325294013f7b4a725394b4922c56f7d23ac40a79 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 142/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index e654c1ff0..741d1f4db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() @@ -16,10 +16,6 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. -Changes - * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. - Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 @@ -51,6 +47,8 @@ API changes a fatal error in the vrfy callback. Changes + * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of + 64-bit division. * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From e13b224d17992f85469a7ee92586864091fd7537 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 143/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 741d1f4db..4f7a00500 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 5843db932d7d0162f341732214edfd84abef84c0 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 144/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4f7a00500..148f4e730 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From b2d6e591f92d7cd9d9668a502d4667e505ab34f9 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 145/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 148f4e730..5a83ec705 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 80697a0c11b361946c563c13d3cc8be14ebd69fe Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 146/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5a83ec705..422d137de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 256da0f0d8f654d2a0629320e0365ad48018373d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 22 Jul 2017 11:49:55 +0200 Subject: [PATCH 147/493] Added missing credit to Changelog and format fixes --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 422d137de..d3d1e0bf2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -26,7 +26,8 @@ API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 + Found by James Cowgill. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -60,7 +61,7 @@ API changes Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. + 64-bit division. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 From 2c4d558873a3ae8d75868b70871331dfb9f92b3d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sun, 23 Jul 2017 13:42:36 +0200 Subject: [PATCH 148/493] Fixes test for MBEDTLS_NO_UDBL_DIVISION The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h for the next test. Also added comments to ARM Compiler 6 tests to better explain them. --- tests/scripts/all.sh | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 65dc47175..d9c5bbfa4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -486,6 +486,7 @@ CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wa msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup +cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C scripts/config.pl unset MBEDTLS_TIMING_C @@ -526,11 +527,20 @@ scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib make clean +# ARM Compiler 6 - Target ARMv7-A armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + +# ARM Compiler 6 - Target ARMv7-M armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + +# ARM Compiler 6 - Target ARMv8-A - AArch32 armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + +# ARM Compiler 6 - Target ARMv8-M armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -armc6_build_test "--target=aarch64-arm-none-eabi" + +# ARM Compiler 6 - Target ARMv8-A - AArch64 +armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" msg "build: allow SHA1 in certificates by default" cleanup From 4b53513db5d818532561546e7ba2d5b76b88cd93 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 21 Jun 2017 14:57:25 +0300 Subject: [PATCH 149/493] github templates Add templates for github, for templates to be used in new issues and new PRs --- .github/issue_template.md | 40 ++++++++++++++++++++++++++++++++ .github/pull_request_template.md | 39 +++++++++++++++++++++++++++++++ 2 files changed, 79 insertions(+) create mode 100644 .github/issue_template.md create mode 100644 .github/pull_request_template.md diff --git a/.github/issue_template.md b/.github/issue_template.md new file mode 100644 index 000000000..3398f49e6 --- /dev/null +++ b/.github/issue_template.md @@ -0,0 +1,40 @@ +Note: This is just a template, so feel free to use/remove the unnecessary things + +### Description +- Type: Bug | Enhancement\Feature Request | Question +- Priority: Blocker | Major | Minor + +--------------------------------------------------------------- +## Bug + +**OS** +linux|windows|?? + +**mbed TLS build:** +Version: x.x.x or git commit id +Configuration: please attach config.h file +Compiler and options (if you used a pre-built binary, please indicate how you obtained it): +Additional environment information: + +**peer device TLS stack and version** +openSSL | GnuTls | other +version: + +**Expected behavior** + +**Actual behavior** + +**Steps to reproduce** + +---------------------------------------------------------------- +## Enhancement\Feature Request + +**Incentive for change** + +**Suggested enhancement** + +----------------------------------------------------------------- + +## Question + +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md new file mode 100644 index 000000000..dac8bde2a --- /dev/null +++ b/.github/pull_request_template.md @@ -0,0 +1,39 @@ +Notes: +* Pull requests will not be accepted until: +- The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) + or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) +- The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) +* This is just a template, so feel free to use/remove the unnecessary things +## Description +A few sentences describing the overall goals of the pull request's commits. + + +## Status +**READY/IN DEVELOPMENT/HOLD** + +## Requires Backporting +When there is a bug fix, it should be backported to legacy supported branches. +legacy supported branches will not be backported if: +- This PR is a new feature\enhancement +- This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch + +Yes | NO +What branch? + +## Migrations +If there is any API change, what's the incentive and logic for it. + +YES | NO + +## Additional comments +Any additional information that could be of interest + +## Todos +- [ ] Tests +- [ ] Documentation +- [ ] Changelog updated +- [ ] Backported + + +## Steps to test or reproduce +Outline the steps to test or reproduce the PR here. \ No newline at end of file From 05b9498d9424c9a8baeaf5902de3e871982f2bbc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 13:28:48 +0300 Subject: [PATCH 150/493] Update after Simon's comment Update the comment with Simon's comments --- .github/issue_template.md | 11 ++++++----- .github/pull_request_template.md | 8 ++++---- 2 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 3398f49e6..772d98b33 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,16 +8,17 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -linux|windows|?? +mbed-OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id -Configuration: please attach config.h file +OS version: x.x.x +Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: **peer device TLS stack and version** -openSSL | GnuTls | other +openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other version: **Expected behavior** @@ -29,7 +30,7 @@ version: ---------------------------------------------------------------- ## Enhancement\Feature Request -**Incentive for change** +**Justification - why does the library need this feature?** **Suggested enhancement** @@ -37,4 +38,4 @@ version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** \ No newline at end of file +**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index dac8bde2a..fa0c7e964 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -1,7 +1,7 @@ Notes: -* Pull requests will not be accepted until: +* Pull requests cannot be accepted until: - The submitter has [accepted the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/) - or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) + or for companies or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/) - The PR follows the [mbed TLS coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards) * This is just a template, so feel free to use/remove the unnecessary things ## Description @@ -18,7 +18,7 @@ legacy supported branches will not be backported if: - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch Yes | NO -What branch? +Which branch? ## Migrations If there is any API change, what's the incentive and logic for it. @@ -36,4 +36,4 @@ Any additional information that could be of interest ## Steps to test or reproduce -Outline the steps to test or reproduce the PR here. \ No newline at end of file +Outline the steps to test or reproduce the PR here. From 6f262c4e3e9281c4bae9d4ee1cfe79a8fe241225 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 24 Jul 2017 14:19:02 +0200 Subject: [PATCH 151/493] Minor typo fixes in the github template files --- .github/issue_template.md | 6 +++--- .github/pull_request_template.md | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 772d98b33..33f68fba1 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -17,9 +17,9 @@ Configuration: please attach config.h file where possible Compiler and options (if you used a pre-built binary, please indicate how you obtained it): Additional environment information: -**peer device TLS stack and version** -openSSL|GnuTls|Chrome|NSS(Firefox)|SEcureChannel (IIS/Internet Explorer/Edge)|Other -version: +**Peer device TLS stack and version** +OpenSSL|GnuTls|Chrome|NSS(Firefox)|SecureChannel (IIS/Internet Explorer/Edge)|Other +Version: **Expected behavior** diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md index fa0c7e964..485b54195 100644 --- a/.github/pull_request_template.md +++ b/.github/pull_request_template.md @@ -12,8 +12,8 @@ A few sentences describing the overall goals of the pull request's commits. **READY/IN DEVELOPMENT/HOLD** ## Requires Backporting -When there is a bug fix, it should be backported to legacy supported branches. -legacy supported branches will not be backported if: +When there is a bug fix, it should be backported to all maintained and supported branches. +Changes do not have to be backported if: - This PR is a new feature\enhancement - This PR contains changes in the API. If this is true, and there is a need for the fix to be backported, the fix should be handled differently in the legacy branch From bf007d297d9dd1e539805830b5888697ed2a38c6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 152/493] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 +++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++ tests/scripts/check-names.sh | 2 +- 3 files changed, 55 insertions(+), 1 deletion(-) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index 191594ce0..4c66440e2 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -12,7 +12,7 @@ set -eu if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep." + echo "This script requires GNU grep.">&2 exit 1 fi From 3f9cc28f020e5cf0c6ecd7794802a53aa235b9e6 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 153/493] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 50bdf74b5c53bd40e64a26597a96044a4663043d Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 154/493] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From d731eb8f55cb372ea1f905750b86a14034a45c28 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 155/493] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From d922c78aa4d3d60643b1aad464fe6a77c3498b2b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 156/493] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- {test => tests}/git-scripts/README.md | 4 ++-- {test => tests}/git-scripts/pre-push.sh | 0 2 files changed, 2 insertions(+), 2 deletions(-) rename {test => tests}/git-scripts/README.md (67%) rename {test => tests}/git-scripts/pre-push.sh (100%) diff --git a/test/git-scripts/README.md b/tests/git-scripts/README.md similarity index 67% rename from test/git-scripts/README.md rename to tests/git-scripts/README.md index 6bd9110c5..29d7501b3 100644 --- a/test/git-scripts/README.md +++ b/tests/git-scripts/README.md @@ -4,12 +4,12 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/tests/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/tesst/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` +`ln -s ../../tests/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** diff --git a/test/git-scripts/pre-push.sh b/tests/git-scripts/pre-push.sh similarity index 100% rename from test/git-scripts/pre-push.sh rename to tests/git-scripts/pre-push.sh From 4f753c1186b52b8b5b06f47d789f632b454175a5 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 157/493] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ library/x509_crl.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3d1e0bf2..58ee285a5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/library/x509_crl.c b/library/x509_crl.c index 76c49f135..55d12acd0 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -352,14 +352,14 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, return( ret ); } - crl->version++; - - if( crl->version > 2 ) + if( crl->version < 0 || crl->version > 1 ) { mbedtls_x509_crl_free( crl ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crl->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crl->sig_oid, &sig_params1, &crl->sig_md, &crl->sig_pk, &crl->sig_opts ) ) != 0 ) From 6fb6d79a370c6959219e83559195c19084f7efcd Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 10:57:34 +0000 Subject: [PATCH 158/493] Add CSR DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 3 +++ 1 file changed, 3 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index ea56f3fbc..daa92e9ee 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1543,6 +1543,9 @@ X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +X509 CSR ASN.1 (invalid version overflow) +mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 File parse (no issues) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C x509parse_crt_file:"data_files/server7_int-ca.crt":0 From c124061681b7968d8cf7f67d4c6912bfc1e8efa0 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Tue, 7 Mar 2017 11:11:12 +0000 Subject: [PATCH 159/493] Add CRL DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index daa92e9ee..3437a2a22 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1182,6 +1182,12 @@ X509 CRL ASN1 (TBSCertList, no entries) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 +X509 CRL ASN1 (invalid version 2) +x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 CRL ASN1 (invalid version overflow) +x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRT parse path #2 (one cert) depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C mbedtls_x509_crt_parse_path:"data_files/dir1":0:1 From 7d6ec7bacc9f03d671af9155f484296f675470f8 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 15:29:07 +0000 Subject: [PATCH 160/493] Add CRT DER tests with incorrect version --- tests/suites/test_suite_x509parse.data | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 3437a2a22..b8c902e23 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1118,6 +1118,12 @@ X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +X509 Certificate ASN1 (invalid version 3) +x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + +X509 Certificate ASN1 (invalid version overflow) +x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION + X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT From 80164741e181a87ae18fa91a07f7201931b4d097 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 161/493] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ library/x509_crt.c | 6 +++--- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 58ee285a5..567e98883 100644 --- a/ChangeLog +++ b/ChangeLog @@ -228,6 +228,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 diff --git a/library/x509_crt.c b/library/x509_crt.c index 5ec855192..c6209fb40 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -748,14 +748,14 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char * return( ret ); } - crt->version++; - - if( crt->version > 3 ) + if( crt->version < 0 || crt->version > 2 ) { mbedtls_x509_crt_free( crt ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + crt->version++; + if( ( ret = mbedtls_x509_get_sig_alg( &crt->sig_oid, &sig_params1, &crt->sig_md, &crt->sig_pk, &crt->sig_opts ) ) != 0 ) From 2e3ddfac5fedaf9f05b086c3e0a8ae69ea432e42 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 17 Feb 2017 13:54:43 +0000 Subject: [PATCH 162/493] Prevent signed integer overflow in CSR parsing Modify the function mbedtls_x509_csr_parse_der() so that it checks the parsed CSR version integer before it increments the value. This prevents a potential signed integer overflow, as these have undefined behaviour in the C standard. --- ChangeLog | 4 ++++ library/x509_csr.c | 6 +++--- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 567e98883..eea691958 100644 --- a/ChangeLog +++ b/ChangeLog @@ -46,6 +46,10 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix potential integer overflow in the version verification for DER + encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, diff --git a/library/x509_csr.c b/library/x509_csr.c index f92b66c58..26a06db4f 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -168,14 +168,14 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, return( ret ); } - csr->version++; - - if( csr->version != 1 ) + if( csr->version != 0 ) { mbedtls_x509_csr_free( csr ); return( MBEDTLS_ERR_X509_UNKNOWN_VERSION ); } + csr->version++; + /* * subject Name */ From 00d3cc61a6f5a7a6451344f48146009f09fadd0f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Wed, 26 Jul 2017 17:25:55 +0100 Subject: [PATCH 163/493] Fix merge errors in ChangeLog --- ChangeLog | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index eea691958..55595640e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -46,10 +30,17 @@ Bugfix Reported and fix suggested by guidovranken in #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER encoded X509 CSRs. The overflow would enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, @@ -232,9 +223,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From 06b786372ccb5e78cc72ac3640e24fc3e9a44c06 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 01:00:17 +0100 Subject: [PATCH 164/493] Change a ssl-opt.sh script sanity checks Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to check config.h instead of the x509 headers. --- tests/ssl-opt.sh | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b4d36a94c..d7e0b8c01 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,18 +2106,24 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -MAX_IM_CA=8 -MAX_IM_CA_REGEX="#define[[:blank:]]\+MBEDTLS_X509_MAX_INTERMEDIATE_CA" -MAX_IM_CA_REGEX="${MAX_IM_CA_REGEX}[[:blank:]]\+${MAX_IM_CA}[[:blank:]]*$" +: ${MAX_IM_CA:='20'} +MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if grep "${MAX_IM_CA_REGEX}" ../include/mbedtls/x509.h > /dev/null; -then :; -else - echo "$(echo 'The tests for long intermediate chains assume the value' \ - ${MAX_IM_CA} 'for MBEDTLS_X509_MAX_INTERMEDIATE_CA.' \ - 'To test other values, please manually adapt the max_int' \ - 'tests in ssl-opt.sh.')" - return +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then + printf "The ${CONFIG_H} file contains a value for the configuration of\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "test value of ${MAX_IM_CA}. \n" + printf "\n" + printf "By default, this value cannot be higher as there are insufficient\n" + printf "test certificate files available to test with.\n" + printf "\n" + printf "To generate additional test certificates use the script:\n" + printf " tests/data_files/dir-maxpath/long.sh\n" + printf "\n" + printf "To test using an alternative value, please set the environment variable\n" + printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" + + exit 1 fi run_test "Authentication: server max_int chain, client default" \ From b060cc21b111c44dbe8d0957d996d69de44cf0bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 01:04:34 +0100 Subject: [PATCH 165/493] Reorder and group sections in the ChangeLog --- ChangeLog | 30 ++++++++++++++---------------- 1 file changed, 14 insertions(+), 16 deletions(-) diff --git a/ChangeLog b/ChangeLog index 55595640e..55cccd5e6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,14 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Security + * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's + X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA + (default: 8) intermediates, even when it was not trusted. Could be + triggered remotely on both sides. (With auth_mode set to required + (default), the handshake was correctly aborted.) + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform @@ -16,6 +24,12 @@ API Changes qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 Found by James Cowgill. + * Certificate verification functions now set flags to -1 in case the full + chain was not verified due to an internal error (including in the verify + callback) or chain length limitations. + * With authmode set to optional, handshake is now aborted if the + verification of the peer's certificate failed due to an overlong chain or + a fatal error in the vrfy callback. Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported @@ -42,22 +56,6 @@ Bugfix encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. -Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, - mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's - X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - -API changes - * Certificate verification functions now set flags to -1 in case the full - chain was not verified due to an internal error (including in the verify - callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the - verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. - Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of 64-bit division. #708 From efdfeeba6a97b0c1f9d28fe5972263d8e0a6c70d Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 12:15:13 +0100 Subject: [PATCH 166/493] Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA --- tests/ssl-opt.sh | 2 +- tests/suites/test_suite_x509parse.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index d7e0b8c01..92acd4e1f 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,7 +2106,7 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='20'} +: ${MAX_IM_CA:='19'} MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 34164a83f..0dfdd61c2 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,7 +7,7 @@ #include "mbedtls/oid.h" #include "mbedtls/base64.h" -#if MBEDTLS_X509_MAX_INTERMEDIATE_CA >= 19 +#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #error "The value of MBEDTLS_X509_MAX_INTERMEDIATE_C is larger \ than the current threshold 19. To test larger values, please \ adapt the script tests/data_files/dir-max/long.sh." From bcfa6f42e3da922d13722fe912dcb772649e501c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 15:59:35 +0100 Subject: [PATCH 167/493] Fix the check for max CA intermediates in ssl-opt.sh The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA so the check has been changed to confirm the default value, and to show an error otherwise. --- tests/ssl-opt.sh | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 92acd4e1f..280fc6348 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -2106,22 +2106,17 @@ run_test "Authentication: client no cert, ssl3" \ # The "max_int chain" tests assume that MAX_INTERMEDIATE_CA is set to its # default value (8) -: ${MAX_IM_CA:='19'} +MAX_IM_CA='8' MAX_IM_CA_CONFIG=$( ../scripts/config.pl get MBEDTLS_X509_MAX_INTERMEDIATE_CA) -if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -gt "$MAX_IM_CA" ]; then +if [ -n "$MAX_IM_CA_CONFIG" ] && [ "$MAX_IM_CA_CONFIG" -ne "$MAX_IM_CA" ]; then printf "The ${CONFIG_H} file contains a value for the configuration of\n" - printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is greater than the script’s\n" + printf "MBEDTLS_X509_MAX_INTERMEDIATE_CA that is different from the script’s\n" printf "test value of ${MAX_IM_CA}. \n" printf "\n" - printf "By default, this value cannot be higher as there are insufficient\n" - printf "test certificate files available to test with.\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" printf "\n" - printf "To generate additional test certificates use the script:\n" - printf " tests/data_files/dir-maxpath/long.sh\n" - printf "\n" - printf "To test using an alternative value, please set the environment variable\n" - printf "MAX_IM_CA or change the default value in the script tests/ssl-opt.sh.\n" exit 1 fi From c6f346b60cc15e392eb9cb3927fbff1169a0d9a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 28 Jul 2017 16:36:51 +0100 Subject: [PATCH 168/493] Fix get option in config.pl script --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 2757f17fe..406413bd5 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) { + if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { $value = $1; $done = 1; } From c08d9ddd55f192dec6537fa10ee303628af59ee0 Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 22 Jun 2017 10:02:07 +0100 Subject: [PATCH 169/493] Remove mutexes from ECP hardware acceleration Protecting the ECP hardware acceleratior with mutexes is inconsistent with the philosophy of the library. Pre-existing hardware accelerator interfaces leave concurrency support to the underlying platform. Fixes #863 --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 55cccd5e6..f3fa22c00 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.x.x released xxxx-xx-xx Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From d5a75f44a16ed54605ee327886c52d90aa0351dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Fri, 16 Dec 2016 16:15:56 +0200 Subject: [PATCH 170/493] fix for issue 1118: check if iv is zero in gcm. 1) found by roberto in mbedtls forum 2) if iv_len is zero, return an error 3) add tests for invalid parameters --- ChangeLog | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index f3fa22c00..ecbbb4c8b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS 2.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Add a check if iv_len is zero, and return an error if it is zero. reported + by roberto. #716 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 368d55c549b27a258949162e1a8fd2cd0f559111 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 19:27:59 +0200 Subject: [PATCH 171/493] Wrong preproccessor condition fix Fix for issue #696 Change #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ecbbb4c8b..e7c42737e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ mbed TLS ChangeLog (Sorted per branch, date) Bugfix * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 + * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will + always be implemented by pthread support. Fix for #696 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 7faf92a2febc1483e678f9ca477346094767dad8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 9 Jan 2017 15:09:16 +0200 Subject: [PATCH 172/493] Resource leak fix on windows platform Fix a resource leak on windows platform, in mbedtls_x509_crt_parse_path, in case a failure. when an error occurs, goto cleanup, and free the resource, instead of returning error code immediately. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index e7c42737e..59bdfaef6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,9 @@ Bugfix * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. Fix for #696 + * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. + In case of failure, when an error occures, goto cleanup. + Found by redplait #590 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From a207e750892e140860480b41f7745b0de22a52b7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Jan 2017 14:50:50 +0200 Subject: [PATCH 173/493] Check return code of mbedtls_mpi_fill_random Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59bdfaef6..8db6551c5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,8 @@ Bugfix * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. Found by redplait #590 + * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. + Reported and fix suggested by guidovranken in #740 Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From f16ce1cfb7bd60e220bd772248da0b207c9a1412 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 15 Dec 2016 14:42:37 +0200 Subject: [PATCH 174/493] Pre push hook script Add git_hook folder, and pre-push script, to be soft linked from .git/hooks/pre-push --- git_hooks/README.md | 16 ++++++++++++++++ git_hooks/pre-push | 38 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 git_hooks/README.md create mode 100755 git_hooks/pre-push diff --git a/git_hooks/README.md b/git_hooks/README.md new file mode 100644 index 000000000..d0ed4a38f --- /dev/null +++ b/git_hooks/README.md @@ -0,0 +1,16 @@ +README for git hooks script +=========================== +git has a way to run scripts, which are invoked by specific git commands. +The git hooks are located in `/.git/hooks`, and as such are not under version control +for more information, see the [git documentation](https://git-scm.com/docs/githooks). + +The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. + +Example: + +Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +`ln -s ../../git_hooks/pre-push pre-push` + +Similarly, on Windows while running as administrator: +`mklink pre-push ..\..\git_hooks\pre-push` + diff --git a/git_hooks/pre-push b/git_hooks/pre-push new file mode 100755 index 000000000..6b2da10ed --- /dev/null +++ b/git_hooks/pre-push @@ -0,0 +1,38 @@ +#!/bin/sh + +# Called by "git push" after it has checked the remote status, but before anything has been +# pushed. If this script exits with a non-zero status nothing will be pushed. +# +# This hook is called with the following parameters: +# +# $1 -- Name of the remote to which the push is being done +# $2 -- URL to which the push is being done +# +# If pushing without using a named remote those arguments will be equal. +# +# Information about the commits which are being pushed is supplied as lines to +# the standard input in the form: +# +# +# +set -eu + +REMOTE="$1" +URL="$2" + +echo "REMOTE is $REMOTE" +echo "URL is $URL" + +run_test() +{ + TEST=$1 + echo "running '$TEST'" + if ! `$TEST > /dev/null 2>&1`; then + echo "test '$TEST' failed" + return 1 + fi +} + +run_test ./tests/scripts/check-doxy-blocks.pl +run_test ./tests/scripts/check-names.sh +run_test ./tests/scripts/check-generated-files.sh From e9b3f7ea3f0288e4d15dde069abbee1776c904ce Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 11:25:14 +0300 Subject: [PATCH 175/493] Add note for the git_hoos README file Add a note to the git_hooks README.md file, to state that currently they only work on GNU platforms --- git_hooks/README.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index d0ed4a38f..f78df991d 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -11,6 +11,4 @@ Example: Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` -Similarly, on Windows while running as administrator: -`mklink pre-push ..\..\git_hooks\pre-push` - +**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From 13067fca9d78ca30d18d0ddbc80b761e76f21aca Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 20 Jul 2017 18:24:43 +0300 Subject: [PATCH 176/493] Fix slash direction for linux path Update direction of the slash, for linux path, after @hanno-arm comments --- git_hooks/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/git_hooks/README.md b/git_hooks/README.md index f78df991d..400d63ee5 100644 --- a/git_hooks/README.md +++ b/git_hooks/README.md @@ -8,7 +8,7 @@ The mbed TLS git hooks are located in `/git_hooks` directory, and Example: -Execute the following command to create a link on linux from the mbed TLS `.git\hooks` directory: +Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: `ln -s ../../git_hooks/pre-push pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** From cf61d7d9921db0b94f0b2da10b34affc09a0a7e5 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 23 Jul 2017 15:25:32 +0300 Subject: [PATCH 177/493] Update after @sbutcher-arm comments 1. Move the scripts to test/git-scripts folder 2. Support the script to run independant, not only with git 3. modify Readme accordingly --- {git_hooks => test/git-scripts}/README.md | 6 ++++-- git_hooks/pre-push => test/git-scripts/pre-push.sh | 13 +++++++++++-- 2 files changed, 15 insertions(+), 4 deletions(-) rename {git_hooks => test/git-scripts}/README.md (62%) rename git_hooks/pre-push => test/git-scripts/pre-push.sh (82%) diff --git a/git_hooks/README.md b/test/git-scripts/README.md similarity index 62% rename from git_hooks/README.md rename to test/git-scripts/README.md index 400d63ee5..6bd9110c5 100644 --- a/git_hooks/README.md +++ b/test/git-scripts/README.md @@ -4,11 +4,13 @@ git has a way to run scripts, which are invoked by specific git commands. The git hooks are located in `/.git/hooks`, and as such are not under version control for more information, see the [git documentation](https://git-scm.com/docs/githooks). -The mbed TLS git hooks are located in `/git_hooks` directory, and one must create a soft link from `/.git/hooks` to `/git_hooks`, in order to make the hook scripts successfully work. +The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. Example: Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../git_hooks/pre-push pre-push` +`ln -s ../../test/git-scripts/pre-push.sh pre-push` **Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** + +These scripts can also be used independently. diff --git a/git_hooks/pre-push b/test/git-scripts/pre-push.sh similarity index 82% rename from git_hooks/pre-push rename to test/git-scripts/pre-push.sh index 6b2da10ed..ee54a6cff 100755 --- a/git_hooks/pre-push +++ b/test/git-scripts/pre-push.sh @@ -1,7 +1,15 @@ #!/bin/sh - +# pre-push.sh +# +# This file is part of mbed TLS (https://tls.mbed.org) +# +# Copyright (c) 2017, ARM Limited, All Rights Reserved +# +# Purpose +# # Called by "git push" after it has checked the remote status, but before anything has been # pushed. If this script exits with a non-zero status nothing will be pushed. +# This script can also be used independently, not using git. # # This hook is called with the following parameters: # @@ -15,7 +23,6 @@ # # # -set -eu REMOTE="$1" URL="$2" @@ -23,6 +30,8 @@ URL="$2" echo "REMOTE is $REMOTE" echo "URL is $URL" +set -eu + run_test() { TEST=$1 From 2dfb02151d0e5de147beeccd0bc88492409171dd Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 24 Jul 2017 15:52:18 +0300 Subject: [PATCH 178/493] Move the git scripts to correct path The git scripts were accidently put in `test` folder instead of `tests`. Moved them to `tests` folder --- test/git-scripts/README.md | 16 ------------ test/git-scripts/pre-push.sh | 47 ------------------------------------ 2 files changed, 63 deletions(-) delete mode 100644 test/git-scripts/README.md delete mode 100755 test/git-scripts/pre-push.sh diff --git a/test/git-scripts/README.md b/test/git-scripts/README.md deleted file mode 100644 index 6bd9110c5..000000000 --- a/test/git-scripts/README.md +++ /dev/null @@ -1,16 +0,0 @@ -README for git hooks script -=========================== -git has a way to run scripts, which are invoked by specific git commands. -The git hooks are located in `/.git/hooks`, and as such are not under version control -for more information, see the [git documentation](https://git-scm.com/docs/githooks). - -The mbed TLS git hooks are located in `/test/git-scripts` directory, and one must create a soft link from `/.git/hooks` to `/test/git-scripts`, in order to make the hook scripts successfully work. - -Example: - -Execute the following command to create a link on linux from the mbed TLS `.git/hooks` directory: -`ln -s ../../test/git-scripts/pre-push.sh pre-push` - -**Note: Currently the mbed TLS git hooks work only on a GNU platform. If using a non-GNU platform, don't enable these hooks!** - -These scripts can also be used independently. diff --git a/test/git-scripts/pre-push.sh b/test/git-scripts/pre-push.sh deleted file mode 100755 index ee54a6cff..000000000 --- a/test/git-scripts/pre-push.sh +++ /dev/null @@ -1,47 +0,0 @@ -#!/bin/sh -# pre-push.sh -# -# This file is part of mbed TLS (https://tls.mbed.org) -# -# Copyright (c) 2017, ARM Limited, All Rights Reserved -# -# Purpose -# -# Called by "git push" after it has checked the remote status, but before anything has been -# pushed. If this script exits with a non-zero status nothing will be pushed. -# This script can also be used independently, not using git. -# -# This hook is called with the following parameters: -# -# $1 -- Name of the remote to which the push is being done -# $2 -- URL to which the push is being done -# -# If pushing without using a named remote those arguments will be equal. -# -# Information about the commits which are being pushed is supplied as lines to -# the standard input in the form: -# -# -# - -REMOTE="$1" -URL="$2" - -echo "REMOTE is $REMOTE" -echo "URL is $URL" - -set -eu - -run_test() -{ - TEST=$1 - echo "running '$TEST'" - if ! `$TEST > /dev/null 2>&1`; then - echo "test '$TEST' failed" - return 1 - fi -} - -run_test ./tests/scripts/check-doxy-blocks.pl -run_test ./tests/scripts/check-names.sh -run_test ./tests/scripts/check-generated-files.sh From ce49a250333ff25ca896108bc3f953cbb21f9638 Mon Sep 17 00:00:00 2001 From: Andres AG Date: Fri, 10 Feb 2017 14:39:58 +0000 Subject: [PATCH 179/493] Fix potential integer overflow parsing DER CRL This patch prevents a potential signed integer overflow during the CRL version verification checks. --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 8db6551c5..59a1c0d63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,10 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix a potential integer overflow in the version verification for DER + encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, + KNOX Security, Samsung Research America Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, From 6b171e4aec10ccde54196cede7496a4295d7f13d Mon Sep 17 00:00:00 2001 From: Andres AG Date: Thu, 9 Mar 2017 16:16:11 +0000 Subject: [PATCH 180/493] Fix potential integer overflow parsing DER CRT This patch prevents a potential signed integer overflow during the certificate version verification checks. --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 59a1c0d63..1b1028bff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -237,6 +237,9 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix a potential integer overflow in the version verification for DER + encoded X509 certificates. The overflow would enable maliciously + constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From f601ec5f34a3795bd32b2f0113d7479812f2928c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:22:17 +0100 Subject: [PATCH 181/493] Reliably zeroize sensitive data in Crypt-and-Hash sample application The AES sample application programs/aes/crypt_and_hash could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears all command line arguments (one of which might be the key) before exit. --- programs/aes/crypt_and_hash.c | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index adb95e03c..a16e91e18 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -224,8 +224,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[6], 0, strlen( argv[6] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -303,8 +301,6 @@ int main( int argc, char *argv[] ) } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_ENCRYPT ) != 0 ) { @@ -444,8 +440,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &md_ctx, digest ); } - memset( key, 0, sizeof( key ) ); - if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen, MBEDTLS_DECRYPT ) != 0 ) { @@ -540,7 +534,16 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[6]. */ + for( i = 0; i < argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); memset( buffer, 0, sizeof( buffer ) ); + memset( output, 0, sizeof( output ) ); memset( digest, 0, sizeof( digest ) ); mbedtls_cipher_free( &cipher_ctx ); From ce37e6269ed709ad08da0924cb5e6635ebf36860 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:24:34 +0100 Subject: [PATCH 182/493] Reliably zeroize sensitive data in AES sample application The AES sample application programs/aes/aescrypt2 could miss zeroizing the stack-based key buffer in case of an error during operation. This commit fixes this and also clears another temporary buffer as well as all command line arguments (one of which might be the key) before exit. --- programs/aes/aescrypt2.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index c77d77f5f..7cd3349fe 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -79,7 +79,9 @@ int main( int argc, char *argv[] ) FILE *fkey, *fin = NULL, *fout = NULL; char *p; + unsigned char IV[16]; + unsigned char tmp[16]; unsigned char key[512]; unsigned char digest[32]; unsigned char buffer[1024]; @@ -123,10 +125,10 @@ int main( int argc, char *argv[] ) } mode = atoi( argv[1] ); - memset(IV, 0, sizeof(IV)); - memset(key, 0, sizeof(key)); - memset(digest, 0, sizeof(digest)); - memset(buffer, 0, sizeof(buffer)); + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( digest, 0, sizeof( digest ) ); + memset( buffer, 0, sizeof( buffer ) ); if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT ) { @@ -185,8 +187,6 @@ int main( int argc, char *argv[] ) } } - memset( argv[4], 0, strlen( argv[4] ) ); - #if defined(_WIN32_WCE) filesize = fseek( fin, 0L, SEEK_END ); #else @@ -272,7 +272,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -319,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - unsigned char tmp[16]; /* * The encrypted file must be structured as follows: @@ -374,7 +372,6 @@ int main( int argc, char *argv[] ) mbedtls_md_finish( &sha_ctx, digest ); } - memset( key, 0, sizeof( key ) ); mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 ); mbedtls_md_hmac_starts( &sha_ctx, digest, 32 ); @@ -441,6 +438,15 @@ exit: if( fout ) fclose( fout ); + /* Zeroize all command line arguments to also cover + the case when the user has missed or reordered some, + in which case the key might not be in argv[4]. */ + for( i = 0; i < (unsigned int) argc; i++ ) + memset( argv[i], 0, strlen( argv[i] ) ); + + memset( IV, 0, sizeof( IV ) ); + memset( key, 0, sizeof( key ) ); + memset( tmp, 0, sizeof( tmp ) ); memset( buffer, 0, sizeof( buffer ) ); memset( digest, 0, sizeof( digest ) ); From 7ec83df47fe478781b6b2e104a1e2c1feb69bfb8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 08:26:53 +0100 Subject: [PATCH 183/493] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 1b1028bff..6bf2a5a6d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -25,6 +25,9 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) + * Realiably zeroize sensitive data after use in AES example applications + programs/aes/aescrypt2 and programs/aes/crypt_and_hash. + Found by Laurent Simon. Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 840bace4176a89553d42468b8f58b5b75118594f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 27 Jun 2017 11:36:21 +0100 Subject: [PATCH 184/493] Correct comment --- programs/aes/aescrypt2.c | 3 +-- programs/aes/crypt_and_hash.c | 2 +- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/programs/aes/aescrypt2.c b/programs/aes/aescrypt2.c index 7cd3349fe..4acf38dd7 100644 --- a/programs/aes/aescrypt2.c +++ b/programs/aes/aescrypt2.c @@ -155,7 +155,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[4], "rb" ) ) != NULL ) { @@ -318,7 +318,6 @@ int main( int argc, char *argv[] ) if( mode == MODE_DECRYPT ) { - /* * The encrypted file must be structured as follows: * diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c index a16e91e18..0e272ebe4 100644 --- a/programs/aes/crypt_and_hash.c +++ b/programs/aes/crypt_and_hash.c @@ -192,7 +192,7 @@ int main( int argc, char *argv[] ) } /* - * Read the secret key and clean the command line. + * Read the secret key from file or command line */ if( ( fkey = fopen( argv[6], "rb" ) ) != NULL ) { From 61937d4a83db6b5d976ca45e3517336809db2539 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 26 Apr 2017 15:01:23 +0100 Subject: [PATCH 185/493] Rename time and index parameter to avoid name conflict. As noted in #557, several functions use 'index' resp. 'time' as parameter names in their declaration and/or definition, causing name conflicts with the functions in the C standard library of the same name some compilers warn about. This commit renames the arguments accordingly. --- ChangeLog | 2 ++ include/mbedtls/ecp.h | 4 ++-- include/mbedtls/x509.h | 10 +++++----- library/cmac.c | 6 +++--- library/entropy.c | 14 ++++++------- library/x509.c | 44 ++++++++++++++++++++--------------------- library/x509write_crt.c | 8 ++++---- 7 files changed, 45 insertions(+), 43 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6bf2a5a6d..fb8d32143 100644 --- a/ChangeLog +++ b/ChangeLog @@ -172,6 +172,8 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h index bf9abeff6..dad9aef00 100644 --- a/include/mbedtls/ecp.h +++ b/include/mbedtls/ecp.h @@ -461,7 +461,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \brief Set a group using well-known domain parameters * * \param grp Destination group - * \param index Index in the list of well-known domain parameters + * \param id Index in the list of well-known domain parameters * * \return 0 if successful, * MBEDTLS_ERR_MPI_XXX if initialization failed @@ -470,7 +470,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp * \note Index should be a value of RFC 4492's enum NamedCurve, * usually in the form of a MBEDTLS_ECP_DP_XXX macro. */ -int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index ); +int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id ); /** * \brief Set a group from a TLS ECParameters record diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 128eaded6..d7e318dfd 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -247,12 +247,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se * \note Intended usage is "if( is_past( valid_to ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param to mbedtls_x509_time to check * * \return 1 if the given time is in the past or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_past( const mbedtls_x509_time *to ); /** * \brief Check a given mbedtls_x509_time against the system time @@ -261,12 +261,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time ); * \note Intended usage is "if( is_future( valid_from ) ) ERROR". * Hence the return value of 1 if on internal errors. * - * \param time mbedtls_x509_time to check + * \param from mbedtls_x509_time to check * * \return 1 if the given time is in the future or an error occured, * 0 otherwise. */ -int mbedtls_x509_time_is_future( const mbedtls_x509_time *time ); +int mbedtls_x509_time_is_future( const mbedtls_x509_time *from ); /** * \brief Checkup routine @@ -295,7 +295,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg, void **sig_opts ); int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ); + mbedtls_x509_time *t ); int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, diff --git a/library/cmac.c b/library/cmac.c index 035ad071d..6df56aa9a 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -169,10 +169,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) { - size_t index; + size_t idx; - for( index = 0; index < block_size; index++ ) - output[ index ] = input1[ index ] ^ input2[ index ]; + for( idx = 0; idx < block_size; idx++ ) + output[ idx ] = input1[ idx ] ^ input2[ idx ]; } /* diff --git a/library/entropy.c b/library/entropy.c index d4d1b27b7..23de4062a 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -132,24 +132,24 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx, mbedtls_entropy_f_source_ptr f_source, void *p_source, size_t threshold, int strong ) { - int index, ret = 0; + int idx, ret = 0; #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) return( ret ); #endif - index = ctx->source_count; - if( index >= MBEDTLS_ENTROPY_MAX_SOURCES ) + idx = ctx->source_count; + if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES ) { ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES; goto exit; } - ctx->source[index].f_source = f_source; - ctx->source[index].p_source = p_source; - ctx->source[index].threshold = threshold; - ctx->source[index].strong = strong; + ctx->source[idx].f_source = f_source; + ctx->source[idx].p_source = p_source; + ctx->source[idx].threshold = threshold; + ctx->source[idx].strong = strong; ctx->source_count++; diff --git a/library/x509.c b/library/x509.c index 88e32b067..e94a8a329 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,25 +496,25 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *time) +static int x509_date_is_valid(const mbedtls_x509_time *t) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; - CHECK_RANGE( 0, 9999, time->year ); - CHECK_RANGE( 0, 23, time->hour ); - CHECK_RANGE( 0, 59, time->min ); - CHECK_RANGE( 0, 59, time->sec ); + CHECK_RANGE( 0, 9999, t->year ); + CHECK_RANGE( 0, 23, t->hour ); + CHECK_RANGE( 0, 59, t->min ); + CHECK_RANGE( 0, 59, t->sec ); - switch( time->mon ) + switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, time->day ); + CHECK_RANGE( 1, 31, t->day ); break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, time->day ); + CHECK_RANGE( 1, 30, t->day ); break; case 2: - CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day ); + CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); break; default: return( ret ); @@ -528,7 +528,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *time) * field. */ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; @@ -542,26 +542,26 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, /* * Parse year, month, day, hour, minute */ - CHECK( x509_parse_int( p, yearlen, &time->year ) ); + CHECK( x509_parse_int( p, yearlen, &tm->year ) ); if ( 2 == yearlen ) { - if ( time->year < 50 ) - time->year += 100; + if ( tm->year < 50 ) + tm->year += 100; - time->year += 1900; + tm->year += 1900; } - CHECK( x509_parse_int( p, 2, &time->mon ) ); - CHECK( x509_parse_int( p, 2, &time->day ) ); - CHECK( x509_parse_int( p, 2, &time->hour ) ); - CHECK( x509_parse_int( p, 2, &time->min ) ); + CHECK( x509_parse_int( p, 2, &tm->mon ) ); + CHECK( x509_parse_int( p, 2, &tm->day ) ); + CHECK( x509_parse_int( p, 2, &tm->hour ) ); + CHECK( x509_parse_int( p, 2, &tm->min ) ); /* * Parse seconds if present */ if ( len >= 2 ) { - CHECK( x509_parse_int( p, 2, &time->sec ) ); + CHECK( x509_parse_int( p, 2, &tm->sec ) ); len -= 2; } else @@ -582,7 +582,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, if ( 0 != len ) return ( MBEDTLS_ERR_X509_INVALID_DATE ); - CHECK( x509_date_is_valid( time ) ); + CHECK( x509_date_is_valid( tm ) ); return ( 0 ); } @@ -593,7 +593,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen, * generalTime GeneralizedTime } */ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, - mbedtls_x509_time *time ) + mbedtls_x509_time *tm ) { int ret; size_t len, year_len; @@ -619,7 +619,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, if( ret != 0 ) return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); - return x509_parse_time( p, len, year_len, time ); + return x509_parse_time( p, len, year_len, tm ); } int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig ) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index d1d9a22a7..4d674abcf 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -264,7 +264,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx, } static int x509_write_time( unsigned char **p, unsigned char *start, - const char *time, size_t size ) + const char *t, size_t size ) { int ret; size_t len = 0; @@ -272,10 +272,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start, /* * write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter) */ - if( time[0] == '2' && time[1] == '0' && time [2] < '5' ) + if( t[0] == '2' && t[1] == '0' && t[2] < '5' ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time + 2, + (const unsigned char *) t + 2, size - 2 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) ); @@ -283,7 +283,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start, else { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start, - (const unsigned char *) time, + (const unsigned char *) t, size ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) ); From 9fae22269b154024d8c5a99c2aba6caa585da1a8 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 22:32:23 +0100 Subject: [PATCH 186/493] Fix ChangeLog for duplication after merge --- ChangeLog | 18 +----------------- 1 file changed, 1 insertion(+), 17 deletions(-) diff --git a/ChangeLog b/ChangeLog index fb8d32143..5ecf181eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,22 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) - to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait #590 - * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 - * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs - to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, - KNOX Security, Samsung Research America - Security * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's @@ -25,7 +9,7 @@ Security (default: 8) intermediates, even when it was not trusted. Could be triggered remotely on both sides. (With auth_mode set to required (default), the handshake was correctly aborted.) - * Realiably zeroize sensitive data after use in AES example applications + * Reliably zeroize sensitive data after use in AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. From a55e084bce6e4d74af0380ec8ae852cfb1ee357e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:46:43 +0100 Subject: [PATCH 187/493] Fix naked call to time() with platform call In ssl_cache.c a call to time() was being made instead of it's platform equivalent. --- library/ssl_cache.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index 9b62de2dc..c771d7fe2 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session ) { int ret = 1; #if defined(MBEDTLS_HAVE_TIME) - mbedtls_time_t t = time( NULL ), oldest = 0; + mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0; mbedtls_ssl_cache_entry *old = NULL; #endif mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data; From a418e82a35abeab3cd24f2ea0cd7162771308b53 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Fri, 28 Jul 2017 23:52:10 +0100 Subject: [PATCH 188/493] Add credit to Changelog to fix for #666 --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index 5ecf181eb..0b92f2a51 100644 --- a/ChangeLog +++ b/ChangeLog @@ -58,6 +58,8 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Fix a call to the libc function time() to call the platform abstraction + function mbedtls_time() instead. Found by wairua. Fix for #666 Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of From 3f2557e6f132a564a92484be2d7d90d26cd8ccf5 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Tue, 1 Aug 2017 18:06:12 +0100 Subject: [PATCH 189/493] Fix style and missing item in ChangeLog --- ChangeLog | 43 ++++++++++++++++++++++--------------------- 1 file changed, 22 insertions(+), 21 deletions(-) diff --git a/ChangeLog b/ChangeLog index 0b92f2a51..7e00019fd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,9 +7,9 @@ Security mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to required - (default), the handshake was correctly aborted.) - * Reliably zeroize sensitive data after use in AES example applications + triggered remotely on both sides. (With auth_mode set to 'required' + (the default), the handshake was correctly aborted). + * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. @@ -18,15 +18,16 @@ Features and the context struct mbedtls_platform_context to perform platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden - by the user in a platform_alt.h file. This new APIs are required in some - embedded environments that have hardware acceleration support. + by the user in a platform_alt.h file. These new functions are required in + some embedded environments to provide a means to initialise underlying + hardware acceleration. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the API consistent with mbed TLS 2.5.0. Specifically removed the inline qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt, - mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978 - Found by James Cowgill. + mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found + by James Cowgill. #978 * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. @@ -35,40 +36,45 @@ API Changes a fatal error in the vrfy callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. reported + * Add a check if iv_len is zero, and return an error if it is zero. Reported by roberto. #716 * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will - always be implemented by pthread support. Fix for #696 + always be implemented by pthread support. #696 * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. In case of failure, when an error occures, goto cleanup. - Found by redplait #590 + Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. - Reported and fix suggested by guidovranken in #740 + Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit compilation when using ARM Compiler 6. * Fix a potential integer overflow in the version verification for DER - encoded X509 CRLs. The overflow would enable maliciously constructed CRLs + encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix potential integer overflow in the version verification for DER - encoded X509 CSRs. The overflow would enable maliciously constructed CSRs + encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin, KNOX Security, Samsung Research America * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously + encoded X.509 certificates. The overflow could enable maliciously constructed certificates to bypass the certificate verification check. * Fix a call to the libc function time() to call the platform abstraction - function mbedtls_time() instead. Found by wairua. Fix for #666 + function mbedtls_time() instead. Found by wairua. #666 + * Avoid shadowing of time and index functions through mbed TLS function + arguments. Found by inestlerode. #557. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of - 64-bit division. #708 + 64-bit division. This is useful on embedded platforms where 64-bit division + created a dependency on external libraries. #708 * Removed mutexes from ECP hardware accelerator code. Now all hardware accelerator code in the library leaves concurrency handling to the platform. Reported by Steven Cooreman. #863 * Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file config-no-entropy.h to reduce the RAM footprint. + * Added a test script that can be hooked into git that verifies commits + before they are pushed. = mbed TLS 2.5.1 released 2017-06-21 @@ -158,8 +164,6 @@ Bugfix The PK and RSA modules use different types for passing hash length and without these checks the type cast could lead to data loss. Found by Guido Vranken. - * Avoid shadowing of time and index functions through mbed TLS function - arguments. Found by inestlerode. Fixes #557. = mbed TLS 2.4.2 branch released 2017-03-08 @@ -228,9 +232,6 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 - * Fix a potential integer overflow in the version verification for DER - encoded X509 certificates. The overflow would enable maliciously - constructed certificates to bypass the certificate verification check. = mbed TLS 2.4.1 branch released 2016-12-13 From 85b602e5d0ba9fb8c5e8dd1b0eccf7268289a3f2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 May 2017 11:27:39 +0100 Subject: [PATCH 190/493] Improve documentation of PKCS1 decryption functions Document the preconditions on the input and output buffers for the PKCS1 decryption functions - mbedtls_rsa_pkcs1_decrypt, - mbedtls_rsa_rsaes_pkcs1_v15_decrypt - mbedtls_rsa_rsaes_oaep_decrypt --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 7e00019fd..a696591b6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -75,6 +75,7 @@ Changes config-no-entropy.h to reduce the RAM footprint. * Added a test script that can be hooked into git that verifies commits before they are pushed. + * Improve documentation of PKCS1 decryption functions. = mbed TLS 2.5.1 released 2017-06-21 From 7c02c503eab4508930736475136bafc4762493cb Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 4 Aug 2017 13:32:15 +0100 Subject: [PATCH 191/493] Change PK module preprocessor check on word size There were preprocessor directives in pk.c and pk_wrap.c that cheked whether the bit length of size_t was greater than that of unsigned int. However, the check relied on the MBEDTLS_HAVE_INT64 macro being defined which is not directly related to size_t. This might result in errors in some platforms. This change modifies the check to use the macros SIZE_MAX and UINT_MAX instead making the code more robust. --- library/pk.c | 7 +++---- library/pk_wrap.c | 14 +++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/library/pk.c b/library/pk.c index 8d13bc5ce..b52c73fbc 100644 --- a/library/pk.c +++ b/library/pk.c @@ -29,8 +29,6 @@ #include "mbedtls/pk.h" #include "mbedtls/pk_internal.h" -#include "mbedtls/bignum.h" - #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" #endif @@ -42,6 +40,7 @@ #endif #include +#include /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -213,10 +212,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options, int ret; const mbedtls_pk_rsassa_pss_options *pss_opts; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ if( options == NULL ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); diff --git a/library/pk_wrap.c b/library/pk_wrap.c index db6274cbf..2c164b7df 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -30,7 +30,6 @@ /* Even if RSA not activated, for the sake of RSA-alt */ #include "mbedtls/rsa.h" -#include "mbedtls/bignum.h" #include @@ -51,6 +50,7 @@ #endif #include +#include #if defined(MBEDTLS_PK_RSA_ALT_SUPPORT) /* Implementation that should never be optimized out by the compiler */ @@ -77,10 +77,10 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, { int ret; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); @@ -101,10 +101,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ *sig_len = ((mbedtls_rsa_context *) ctx)->len; @@ -415,10 +415,10 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, { mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx; -#if defined(MBEDTLS_HAVE_INT64) +#if SIZE_MAX > UINT_MAX if( UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); -#endif /* MBEDTLS_HAVE_INT64 */ +#endif /* SIZE_MAX > UINT_MAX */ *sig_len = rsa_alt->key_len_func( rsa_alt->key ); From b68733bf62f7d443d74ab4c7a206d1f54f044701 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 18 Jun 2017 16:03:14 +0300 Subject: [PATCH 192/493] ECDSA alternative support Support for alternative implementation of ECDSA, at the higher layer --- ChangeLog | 4 ++ include/mbedtls/config.h | 1 + library/ecdsa.c | 103 +++++++++++++++++++------------------ library/version_features.c | 3 ++ 4 files changed, 61 insertions(+), 50 deletions(-) diff --git a/ChangeLog b/ChangeLog index 243bd6bc0..e9be97bd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + * Add support for alternative implementation for ECDSA, controlled by new + configuration flag MBEDTLS_ECDSA_ALT in config.h. + Alternative Ecdsa is supported for implementation of `mbedtls_ecdsa_sign` + and `mbedtls_ecdsa_verify`. = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..54dc2372d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,6 +238,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_ECDSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 4156f3c3c..d95dcae22 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,11 +37,10 @@ #include "mbedtls/asn1write.h" #include - +#include "mbedtls/platform.h" #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif - /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -65,6 +64,8 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_ECDSA_ALT) + /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -154,43 +155,6 @@ cleanup: return( ret ); } -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/* - * Deterministic signature wrapper - */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - int ret; - mbedtls_hmac_drbg_context rng_ctx; - unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; - mbedtls_mpi h; - - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); - - /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); - - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx ); - -cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); - - return( ret ); -} -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) @@ -278,6 +242,56 @@ cleanup: return( ret ); } +/* + * Generate key pair + */ +int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( mbedtls_ecp_group_load( &ctx->grp, gid ) || + mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); +} + +#endif /* MBEDTLS_ECDSA_ALT */ + +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/* + * Deterministic signature wrapper + */ +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ) +{ + int ret; + mbedtls_hmac_drbg_context rng_ctx; + unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; + size_t grp_len = ( grp->nbits + 7 ) / 8; + const mbedtls_md_info_t *md_info; + mbedtls_mpi h; + + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &h ); + mbedtls_hmac_drbg_init( &rng_ctx ); + + /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); + MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); + mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); + + ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, &rng_ctx ); + +cleanup: + mbedtls_hmac_drbg_free( &rng_ctx ); + mbedtls_mpi_free( &h ); + + return( ret ); +} +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + /* * Convert a signature (given by context) to ASN.1 */ @@ -301,7 +315,6 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, return( 0 ); } - /* * Compute and write signature */ @@ -402,16 +415,6 @@ cleanup: return( ret ); } -/* - * Generate key pair - */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); -} - /* * Set context from an mbedtls_ecp_keypair */ diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..df7f957fe 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,6 +93,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_ECDSA_ALT) + "MBEDTLS_ECDSA_ALT", +#endif /* MBEDTLS_ECDSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 433f39c4370b52c51ddc03c958672a9d03dede23 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 18 Jun 2017 17:57:51 +0300 Subject: [PATCH 193/493] ECDH alternative implementation support Add alternative implementation support for ECDH at the higher layer --- ChangeLog | 4 ++++ include/mbedtls/config.h | 1 + library/ecdh.c | 3 ++- library/version_features.c | 3 +++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 243bd6bc0..a2a2a366b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,6 +36,10 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + * Add support for alternative implementation for ECDH, controlled by new + configuration flag MBEDTLS_ECDH_ALT in config.h. + Alternative Ecdh is supported for implementation of `mbedtls_ecdh_gen_public` + and `mbedtls_ecdh_compute_shared`. = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index c4b8995c1..a29312a26 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,6 +238,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_ECDH_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/library/ecdh.c b/library/ecdh.c index c0a814731..b66cb5867 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -38,6 +38,7 @@ #include +#if !defined(MBEDTLS_ECDH_ALT) /* * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair */ @@ -81,7 +82,7 @@ cleanup: return( ret ); } - +#endif /* MBEDTLS_ECDH_ALT */ /* * Initialize context */ diff --git a/library/version_features.c b/library/version_features.c index 9f97c7bc3..7b08f04be 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,6 +93,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_ECDH_ALT) + "MBEDTLS_ECDH_ALT", +#endif /* MBEDTLS_ECDH_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 01971d094e8c49e57a2ca8e90f4d7f3bf9761f2c Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 10:48:01 +0100 Subject: [PATCH 194/493] Fix language in Changelog for clarity --- ChangeLog | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index a696591b6..d3ad3b967 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,11 +3,11 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx Security - * Fix authentication bypass in SSL/TLS: when auth_mode is set to optional, + * Fix authentication bypass in SSL/TLS: when authmode is set to optional, mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA - (default: 8) intermediates, even when it was not trusted. Could be - triggered remotely on both sides. (With auth_mode set to 'required' + (default: 8) intermediates, even when it was not trusted. This could be + triggered remotely from either side. (With authmode set to 'required' (the default), the handshake was correctly aborted). * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. @@ -19,8 +19,8 @@ Features platform-specific setup and teardown operations. The macro MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden by the user in a platform_alt.h file. These new functions are required in - some embedded environments to provide a means to initialise underlying - hardware acceleration. + some embedded environments to provide a means of initialising underlying + cryptographic acceleration hardware. API Changes * Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the @@ -31,19 +31,18 @@ API Changes * Certificate verification functions now set flags to -1 in case the full chain was not verified due to an internal error (including in the verify callback) or chain length limitations. - * With authmode set to optional, handshake is now aborted if the + * With authmode set to optional, the TLS handshake is now aborted if the verification of the peer's certificate failed due to an overlong chain or - a fatal error in the vrfy callback. + a fatal error in the verify callback. Bugfix - * Add a check if iv_len is zero, and return an error if it is zero. Reported - by roberto. #716 - * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) + * Add a check if iv_len is zero in GCM, and return an error if it is zero. + Reported by roberto. #716 + * Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will always be implemented by pthread support. #696 - * Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path. - In case of failure, when an error occures, goto cleanup. - Found by redplait. #590 + * Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(), + in the case of an error. Found by redplait. #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken. #740 * Fix conditional preprocessor directives in bignum.h to enable 64-bit From 72ea31b026e1fc61b01662474aa5125817b968bc Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Thu, 10 Aug 2017 11:51:16 +0100 Subject: [PATCH 195/493] Update version number to 2.6.0 --- ChangeLog | 2 +- doxygen/input/doc_mainpage.h | 2 +- doxygen/mbedtls.doxyfile | 2 +- include/mbedtls/version.h | 10 +++++----- library/CMakeLists.txt | 6 +++--- tests/suites/test_suite_version.data | 4 ++-- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/ChangeLog b/ChangeLog index d3ad3b967..227faed6b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x branch released xxxx-xx-xx += mbed TLS 2.6.0 branch released 2017-08-10 Security * Fix authentication bypass in SSL/TLS: when authmode is set to optional, diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h index 929c1bee5..87b5041bb 100644 --- a/doxygen/input/doc_mainpage.h +++ b/doxygen/input/doc_mainpage.h @@ -21,7 +21,7 @@ */ /** - * @mainpage mbed TLS v2.5.1 source code documentation + * @mainpage mbed TLS v2.6.0 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile index 4bc322df5..5df1c932d 100644 --- a/doxygen/mbedtls.doxyfile +++ b/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.5.1" +PROJECT_NAME = "mbed TLS v2.6.0" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h index 45486a995..3b209a6b0 100644 --- a/include/mbedtls/version.h +++ b/include/mbedtls/version.h @@ -38,17 +38,17 @@ * Major, Minor, Patchlevel */ #define MBEDTLS_VERSION_MAJOR 2 -#define MBEDTLS_VERSION_MINOR 5 -#define MBEDTLS_VERSION_PATCH 1 +#define MBEDTLS_VERSION_MINOR 6 +#define MBEDTLS_VERSION_PATCH 0 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02050100 -#define MBEDTLS_VERSION_STRING "2.5.1" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1" +#define MBEDTLS_VERSION_NUMBER 0x02060000 +#define MBEDTLS_VERSION_STRING "2.6.0" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0" #if defined(MBEDTLS_VERSION_C) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7a9f185e2..c332d4577 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -140,15 +140,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10) + set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 2432b46eb..1442a384c 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.5.1" +check_compiletime_version:"2.6.0" Check runtime library version -check_runtime_version:"2.5.1" +check_runtime_version:"2.6.0" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 From f231eaae28c5272e1ebbc1d56ed6d0b44a9a5bd1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 22 Aug 2017 14:50:14 +0300 Subject: [PATCH 196/493] Add configuration file in md.h include `*config.h*` in md.h as MACROS in the header file get ignored. Fix for #1001. --- ChangeLog | 2 ++ include/mbedtls/md.h | 6 ++++++ 2 files changed, 8 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c9..a58975ee6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,8 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Include configuration file in md.h, to fix compilation warnings. + Reported by aaronmdjones in #1001 Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of diff --git a/include/mbedtls/md.h b/include/mbedtls/md.h index 9b996a951..89be847ce 100644 --- a/include/mbedtls/md.h +++ b/include/mbedtls/md.h @@ -27,6 +27,12 @@ #include +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + #define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */ #define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */ #define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */ From a3ebec242376147b963f2529922580a48ba6d21e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:06:24 +0100 Subject: [PATCH 197/493] Declare RSA helper functions This commit adds convenience functions to the RSA module for computing a complete RSA private key (with fields N, P, Q, D, E, DP, DQ, QP) from a subset of core parameters, e.g. (N, D, E). --- include/mbedtls/rsa.h | 136 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 136 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7d7469d50..7a519d51e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -73,6 +73,142 @@ extern "C" { #endif +/** + * Helper functions for RSA-related operations on MPI's. + */ + +/** + * \brief Compute RSA prime moduli P, Q from public modulus N=PQ +& and a pair of private and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ, with P, Q to be found + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for randomization, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * \param P Pointer to MPI holding first prime factor of N on success + * \param Q Pointer to MPI holding second prime factor of N on success + * + * \return - 0 if successful. In this case, P and Q constitute a + * factorization of N, and it is guaranteed that D and E + * are indeed modular inverses modulo P-1 and modulo Q-1. + * The values of N, D and E are unchanged. It is checked + * that P, Q are prime if a PRNG is provided. + * - A non-zero error code otherwise. In this case, the values + * of N, D, E are undefined. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_mpi *P, mbedtls_mpi *Q ); + +/** + * \brief Compute RSA private exponent from + * prime moduli and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param E RSA public exponent + * \param D Pointer to MPI holding the private exponent on success. + * + * \note This function does not check whether P and Q are primes. + * + * \return - 0 if successful. In this case, D is set to a simultaneous + * modular inverse of E modulo both P-1 and Q-1. + * - A non-zero error code otherwise. In this case, the values + * of P, Q, E are undefined. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *E, + mbedtls_mpi *D ); + + +/** + * \brief Generate RSA-CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param DP Output variable for D modulo P-1 + * \param DQ Output variable for D modulo Q-1 + * \param QP Output variable for the modular inverse of Q modulo P. + * + * \return 0 on success, non-zero error code otherwise. + * + */ +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ); + + +/** + * \brief Check validity of core RSA parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for randomization, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * + * \return - 0 if the following conditions are satisfied: + * - N = PQ if N,P,Q != NULL + * - D and E are modular inverses modulo P-1 and Q-1 + * if D,E,P,Q != NULL + * - P prime if f_rng, P != NULL + * - Q prime if f_rng, Q != NULL + * - A non-zero error code otherwise. In this case, the values + * of N, P, Q, D, E are undefined. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with + * (-,P,-,-,-) and a PRNG amounts to a primality check for P. + * + * \note The input MPI's are deliberately not declared as constant + * and may therefore be used for in-place calculations by + * the implementation. In particular, their values can be + * corrupted when the function fails. If the user cannot + * tolerate this, he has to make copies of the MPI's prior + * to calling this function. See \c mbedtls_mpi_copy for this. + */ +int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * Implementation of RSA interface + */ + /** * \brief RSA context structure */ From e2e8b8da1da30453c14427a8d6a95437147a2f80 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:06:45 +0100 Subject: [PATCH 198/493] Implement RSA helper functions --- library/rsa.c | 401 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 401 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3..7a7f2f148 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -71,6 +71,407 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +/* + * Context-independent RSA helper functions. + * + * The following three functions + * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_check_params + * are helper functions operating on the core RSA parameters + * (represented as MPI's). They do not use the RSA context structure + * and therefore need not be replaced when providing an alternative + * RSA implementation. + * + * Their purpose is to provide common MPI operations in the context + * of RSA that can be easily shared across multiple implementations. + */ + +/* + * mbedtls_rsa_deduce_moduli + * + * Given the modulus N=PQ and a pair of public and private + * exponents E and D, respectively, factor N. + * + * Setting F := lcm(P-1,Q-1), the idea is as follows: + * + * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) + * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the + * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four + * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) + * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime + * factors of N. + * + * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same + * construction still applies since (-)^K is the identity on the set of + * roots of 1 in Z/NZ. + * + * The public and private key primitives (-)^E and (-)^D are mutually inverse + * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. + * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. + * Splitting L = 2^t * K with K odd, we have + * + * DE - 1 = FL = (F/2) * (2^(t+1)) * K, + * + * so (F / 2) * K is among the numbers + * + * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord + * + * where ord is the order of 2 in (DE - 1). + * We can therefore iterate through these numbers apply the construction + * of (a) and (b) above to attempt to factor N. + * + */ +int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + mbedtls_mpi *P, mbedtls_mpi *Q ) +{ + /* Implementation note: + * + * Space-efficiency is given preference over time-efficiency here: + * several calculations are done in place and temporarily change + * the values of D and E. + * + * Specifically, D is replaced the largest odd divisor of DE - 1 + * throughout the calculations. + */ + + int ret = 0; + + uint16_t attempt; /* Number of current attempt */ + uint16_t iter; /* Number of squares computed in the current attempt */ + + uint16_t bitlen_half; /* Half the bitsize of the modulus N */ + uint16_t order; /* Order of 2 in DE - 1 */ + + mbedtls_mpi K; /* Temporary used for two purposes: + * - During factorization attempts, stores a andom integer + * in the range of [0,..,N] + * - During verification, holding intermediate results. + */ + + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + /* + * Initializations and temporary changes + */ + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( P ); + mbedtls_mpi_init( Q ); + + /* Replace D by DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( D, D, 1 ) ); + + if( ( order = mbedtls_mpi_lsb( D ) ) == 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* After this operation, D holds the largest odd divisor + * of DE - 1 for the original values of D and E. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( D, order ) ); + + /* This is used to generate a few numbers around N / 2 + * if no PRNG is provided. */ + if( f_rng == NULL ) + bitlen_half = mbedtls_mpi_bitlen( N ) / 2; + + /* + * Actual work + */ + + for( attempt = 0; attempt < 30; ++attempt ) + { + /* Generate some number in [0,N], either randomly + * if a PRNG is given, or try numbers around N/2 */ + if( f_rng != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &K, + mbedtls_mpi_size( N ), + f_rng, p_rng ) ); + } + else + { + MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &K, 1 ) ) ; + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &K, bitlen_half ) ) ; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, attempt + 1 ) ); + } + + /* Check if gcd(K,N) = 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + continue; + + /* Go through K^X + 1, K^(2X) + 1, K^(4X) + 1, ... + * and check whether they have nontrivial GCD with N. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, D, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */ ) ); + + for( iter = 1; iter < order; ++iter ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + + if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && + mbedtls_mpi_cmp_mpi( P, N ) == -1 ) + { + /* + * Have found a nontrivial divisor P of N. + * Set Q := N / P and verify D, E. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); + + /* + * Verify that DE - 1 is indeed a multiple of + * lcm(P-1, Q-1), i.e. that it's a multiple of both + * P-1 and Q-1. + */ + + /* Restore DE - 1 and temporarily replace P, Q by P-1, Q-1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, Q ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* + * All good, restore P, Q and D and return. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); + + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + } + } + + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + +cleanup: + + mbedtls_mpi_free( &K ); + return( ret ); +} + +/* + * Given P, Q and the public exponent E, deduce D. + * This is essentially a modular inversion. + */ + +int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ) +{ + int ret = 0; + mbedtls_mpi K; + + if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 0 ) == 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + mbedtls_mpi_init( &K ); + + /* Temporarily replace P and Q by P-1 and Q-1, respectively. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + /* Temporarily compute the gcd(P-1, Q-1) in D. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, P, Q ) ); + + /* Compute LCM(P-1, Q-1) in K */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + + /* Compute modular inverse of E in LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + + /* Restore P and Q. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + + /* Double-check result */ + MBEDTLS_MPI_CHK( mbedtls_rsa_check_params( NULL, P, Q, D, E, NULL, NULL ) ); + +cleanup: + + mbedtls_mpi_free( &K ); + + return( ret ); +} + +/* + * Check that core RSA parameters are sane. + * + * Note that the inputs are not declared const and may be + * altered on an unsuccessful run. + */ + +int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret = 0; + mbedtls_mpi K; + + mbedtls_mpi_init( &K ); + + /* + * Step 1: If PRNG provided, check that P and Q are prime + */ + + if( f_rng != NULL && P != NULL && + ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) + { + goto cleanup; + } + + if( f_rng != NULL && Q != NULL && + ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) + { + goto cleanup; + } + + /* + * Step 2: Check that N = PQ + */ + + if( P != NULL && Q != NULL && N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + if( mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + } + + /* + * Step 3: Check that D, E are inverse modulo P-1 and Q-1 + */ + + if( P != NULL && Q != NULL && D != NULL && E != NULL ) + { + /* Temporarily replace P, Q by P-1, Q-1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, Q ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* Restore P, Q. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); + } + +cleanup: + + mbedtls_mpi_free( &K ); + + return( ret ); +} + +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret = 0; + mbedtls_mpi K; + mbedtls_mpi_init( &K ); + + if( DP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + } + + if( DQ != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + } + + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + } + +cleanup: + mbedtls_mpi_free( &K ); + + return( ret ); +} + +{ + int ret = 0; + + + + + +cleanup: + + return( ret ); +} + + /* * Initialize an RSA context */ From cbb59bc2a830301ea645a9e5cf5eee0a1c6288e1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:11:08 +0100 Subject: [PATCH 199/493] Extend RSA interface to allow structure-independent setup This commit extends the RSA interface by import/export calls that can be used to setup an RSA context from a subset of the core RSA parameters (N,P,Q,D,E). The intended workflow is the following: 1. Call mbedtls_rsa_import one or multiple times to import the core parameters. 2. Call mbedtls_rsa_complete to deduce remaining core parameters as well as any implementation-defined internal helper variables. The RSA context is ready for use after this call. The import function comes in two variants mbedtls_rsa_import and mbedtls_rsa_import_raw, the former taking pointers to MPI's as input, the latter pointers buffers holding to big-endian encoded MPI's. The reason for this splitting is the following: When only providing an import function accepting const MPI's, a user trying to import raw binary data into an RSA context has to convert these to MPI's first which before passing them to the import function, introducing an unnecessary copy of the data in memory. The alternative would be to have another MPI-based import-function with move-semantics, but this would be in contrast to the rest of the library's interfaces. Similarly, there are functions mbedtls_rsa_export and mbedtls_rsa_export_raw for exporting the core RSA parameters, either as MPI's or in big-endian binary format. The main import/export functions deliberately do not include the additional helper values DP, DQ and QP present in ASN.1-encoded RSA private keys. To nonetheless be able to check whether given parameters DP, DQ and QP are in accordance with a given RSA private key, the interface is extended by a function mbedtls_rsa_check_opt (in line with mbedtls_rsa_check_privkey, mbedtls_rsa_check_pubkey and mbedtls_rsa_check_pub_priv). Exporting the optional parameters is taken care of by mbedtls_export_opt (currently MPI format only). --- include/mbedtls/rsa.h | 198 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 196 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7a519d51e..6f527c176 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -274,6 +274,190 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id); + +/** + * \brief Import a set of core parameters into an RSA context + * + * \param ctx Initialized RSA context to store parameters + * \param N RSA modulus, or NULL + * \param P First prime factor of N, or NULL + * \param Q Second prime factor of N, or NULL + * \param D Private exponent, or NULL + * \param E Public exponent, or NULL + * + * \note This function can be called multiple times for successive + * imports if the parameters are not simultaneously present. + * Any sequence of calls to this function should be followed + * by a call to \c mbedtls_rsa_complete which will check + * and complete the provided information to a ready-for-use + * public or private RSA key. + * + * \return 0 if successful, non-zero error code on failure. + */ +int mbedtls_rsa_import( mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E ); + +/** + * \brief Import core RSA parameters in raw big-endian + * binary format into an RSA context + * + * \param ctx Initialized RSA context to store parameters + * \param N RSA modulus, or NULL + * \param N_len Byte length of N, ignored if N == NULL + * \param P First prime factor of N, or NULL + * \param P_len Byte length of P, ignored if P == NULL + * \param Q Second prime factor of N, or NULL + * \param Q_len Byte length of Q, ignored if Q == NULL + * \param D Private exponent, or NULL + * \param D_len Byte length of D, ignored if D == NULL + * \param E Public exponent, or NULL + * \param E_len Byte length of E, ignored if E == NULL + * + * \note This function can be called multiple times for successive + * imports if the parameters are not simultaneously present. + * Any sequence of calls to this function should be followed + * by a call to \c mbedtls_rsa_complete which will check + * and complete the provided information to a ready-for-use + * public or private RSA key. + * + * \return 0 if successful, non-zero error code on failure. + */ + +int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ); + +/** + * \brief Attempt to complete an RSA context from + * a set of imported core parameters. + * + * \param ctx Initialized RSA context to store parameters + * \param f_rng RNG function, + * \param p_rng RNG parameter + * + * To setup an RSA public key, precisely N and E + * must have been imported. + * + * To setup an RSA private key, enough information must be + * present for the other parameters to be efficiently derivable. + * + * The default implementation supports the following: + * (a) Derive P, Q from N, D, E + * (b) Derive N, D from P, Q, E. + * + * Alternative implementations need not support these + * and may return MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. + * + * \note The PRNG is used for probabilistic algorithms + * like the derivation of P, Q from N, D, E, as + * well as primality checks. + * + * \return - 0 if successful. In this case, all core parameters + * as well as other internally needed parameters have + * been generated, and it is guaranteed that they are + * sane in the sense of \c mbedtls_rsa_check_params + * (with primality of P, Q checked if a PRNG is given). + * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted + * derivations failed. + */ +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Check if CRT-parameters match core parameters + * + * \param ctx Complete RSA private key context + * \param DP Private exponent modulo P-1, or NULL + * \param DQ Private exponent modulo Q-1, or NULL + * \param QP Modular inverse of Q modulo P, or NULL + * + * \return 0 if successful, testifying that the non-NULL optional + * parameters provided are in accordance with the core + * RSA parameters. Non-zero error code otherwise. + * + * \note This function performs in-place computations on the + * parameters DP, DQ and QP. If modification cannot be + * tolerated, you should make copies with mbedtls_mpi_copy + * before calling this function. + * + */ +int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, + mbedtls_mpi *DQ, + mbedtls_mpi *QP ); + +/** + * \brief Export core parameters of an RSA key + * + * \param ctx Initialized RSA context + * \param N MPI to hold the RSA modulus, or NULL + * \param P MPI to hold the first prime factor of N, or NULL + * \param Q MPI to hold the second prime factor of N, or NULL + * \param D MPI to hold the private exponent, or NULL + * \param E MPI to hold the public exponent, or NULL + * + * \return 0 if successful, non-zero error code otherwise. + * + */ +int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ); + +/** + * \brief Export core parameters of an RSA key + * in raw big-endian binary format + * + * \param ctx Initialized RSA context + * \param N Byte array to store the RSA modulus, or NULL + * \param N_len Size of buffer for modulus + * \param P Byte array to hold the first prime factor of N, or NULL + * \param P_len Size of buffer for first prime factor + * \param Q Byte array to hold the second prime factor of N, or NULL + * \param Q_len Size of buffer for second prime factor + * \param D Byte array to hold the private exponent, or NULL + * \param D_len Size of buffer for private exponent + * \param E Byte array to hold the public exponent, or NULL + * \param E_len Size of buffer for public exponent + * + * \note The length fields are ignored if the corresponding + * buffer pointers are NULL. + * + * \return 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * + */ +int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ); + +/** + * \brief Export CRT parameters of a private RSA key + * + * \param ctx Initialized RSA context + * \param DP MPI to hold D modulo P-1, or NULL + * \param DQ MPI to hold D modulo Q-1, or NULL + * \param QP MPI to hold modular inverse of Q modulo P, or NULL + * + * \return 0 if successful, non-zero error code otherwise. + * + * \note Alternative RSA implementations not using CRT-parameters + * internally can implement this function using based on + * \c mbedtls_rsa_deduce_opt. + * + */ +int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); + /** * \brief Set padding for an already initialized RSA context * See \c mbedtls_rsa_init() for details. @@ -284,6 +468,16 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); +/** + * \brief Get length of RSA modulus in bytes + * + * \param ctx Initialized RSA context + * + * \return Length of RSA modulus, in bytes. + * + */ +size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); + /** * \brief Generate an RSA keypair * @@ -469,7 +663,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -501,7 +695,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size From 617c1aeb1853f305ef01df5795d8cf1985bc5538 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:11:24 +0100 Subject: [PATCH 200/493] Implement new RSA interface functions --- library/rsa.c | 331 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 331 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 7a7f2f148..c807f911c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -459,18 +459,339 @@ cleanup: return( ret ); } + +/* + * Default RSA interface implementation + */ + + +int mbedtls_rsa_import( mbedtls_rsa_context *ctx, + const mbedtls_mpi *N, + const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *E ) +{ + int ret; + + if( ( N != NULL && ( ret = mbedtls_mpi_copy( &ctx->N, N ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( &ctx->Q, Q ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + if( N != NULL ) + ctx->len = mbedtls_mpi_size( &ctx->N ); + + return( 0 ); +} + +int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ) +{ + int ret; + + if( N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->N, N, N_len ) ); + ctx->len = mbedtls_mpi_size( &ctx->N ); + } + + if( P != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->P, P, P_len ) ); + + if( Q != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->Q, Q, Q_len ) ); + + if( D != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->D, D, D_len ) ); + + if( E != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( &ctx->E, E, E_len ) ); + +cleanup: + + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + + return( 0 ); +} + +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; + const int have_N = ( mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 ); + const int have_P = ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 ); + const int have_Q = ( mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 ); + const int have_D = ( mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 ); + const int have_E = ( mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0 ); + /* + * Check whether provided parameters are enough + * to deduce all others. The following incomplete + * parameter sets for private keys are supported: + * + * (1) P, Q missing. + * (2) D and potentially N missing. + * + */ + const int complete = have_N && have_P && have_Q && have_D && have_E; + const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; + const int d_missing = have_P && have_Q && !have_D && have_E; + const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; + const int is_priv = complete || pq_missing || d_missing; + if( !is_priv && !is_pub ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * Step 1: Deduce and verify all core parameters. + */ + + if( pq_missing ) + { + /* This includes sanity checking of core parameters, + * so no further checks necessary. */ + ret = mbedtls_rsa_deduce_moduli( &ctx->N, &ctx->D, &ctx->E, + f_rng, p_rng, + &ctx->P, &ctx->Q ); + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + + } + else if( d_missing ) + { + /* If a PRNG is provided, check if P, Q are prime. */ + if( f_rng != NULL && + ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || + ( ret = mbedtls_mpi_is_prime( &ctx->Q, f_rng, p_rng ) ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* Compute N if missing. */ + if( !have_N && + ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* Deduce private exponent. This includes double-checking of the result, + * so together with the primality test above all core parameters are + * guaranteed to be sane if this call succeeds. */ + if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, + &ctx->D, &ctx->E ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + } + else if( complete ) + { + /* Check complete set of imported core parameters. */ + if( ( ret = mbedtls_rsa_check_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, + f_rng, p_rng ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + } + + /* In the remaining case of a public key, there's nothing to check for. */ + + /* + * Step 2: Deduce all additional parameters specific + * to our current RSA implementaiton. + */ + + if( is_priv ) + { + ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ); + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + /* + * Step 3: Double check + */ + + if( is_priv ) + { + if( ( ret = mbedtls_rsa_check_privkey( ctx ) ) != 0 ) + return( ret ); + } + else + { + if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) + return( ret ); + } + + return( 0 ); +} + +/* + * Check if CRT parameters match RSA context. + * This has to be implemented even if CRT is not used, + * in order to be able to validate DER encoded RSA keys, + * which always contain CRT parameters. + */ +int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + /* Check if key is private or public */ + const int opt_present = + mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0; + + if( !opt_present ) + { + /* Checking optional parameters only makes sense for private keys. */ + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + /* Alternative implementations not having DP, DQ, QP as part of + * the RSA context structure could perform the following checks instead: + * (1) Check that DP - P == 0 mod P - 1 + * (2) Check that DQ - Q == 0 mod Q - 1 + * (3) Check that QP * P - 1 == 0 mod P + */ + + if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || + ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || + ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + return( 0 ); +} + +int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, + unsigned char *N, size_t N_len, + unsigned char *P, size_t P_len, + unsigned char *Q, size_t Q_len, + unsigned char *D, size_t D_len, + unsigned char *E, size_t E_len ) +{ + int ret = 0; + + /* Check if key is private or public */ + const int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + { + /* If we're trying to export private parameters for a public key, + * something must be wrong. */ + if( P != NULL || Q != NULL || D != NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + } + + if( N != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->N, N, N_len ) ); + + if( P != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->P, P, P_len ) ); + + if( Q != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->Q, Q, Q_len ) ); + + if( D != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->D, D, D_len ) ); + + if( E != NULL ) + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &ctx->E, E, E_len ) ); cleanup: return( ret ); } +int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, + mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, + mbedtls_mpi *D, mbedtls_mpi *E ) +{ + int ret; + + /* Check if key is private or public */ + int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + { + /* If we're trying to export private parameters for a public key, + * something must be wrong. */ + if( P != NULL || Q != NULL || D != NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + } + + /* Export all requested core parameters. */ + + if( ( N != NULL && ( ret = mbedtls_mpi_copy( N, &ctx->N ) ) != 0 ) || + ( P != NULL && ( ret = mbedtls_mpi_copy( P, &ctx->P ) ) != 0 ) || + ( Q != NULL && ( ret = mbedtls_mpi_copy( Q, &ctx->Q ) ) != 0 ) || + ( D != NULL && ( ret = mbedtls_mpi_copy( D, &ctx->D ) ) != 0 ) || + ( E != NULL && ( ret = mbedtls_mpi_copy( E, &ctx->E ) ) != 0 ) ) + { + return( ret ); + } + + return( 0 ); +} + +/* + * Export CRT parameters + * This must also be implemented if CRT is not used, for being able to + * write DER encoded RSA keys. The helper function mbedtls_rsa_deduce_crt + * can be used in this case. + */ +int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret; + + /* Check if key is private or public */ + int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* Export all requested blinding parameters. */ + + if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || + ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || + ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) + { + return( ret ); + } + + return( 0 ); +} /* * Initialize an RSA context @@ -497,6 +818,16 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id ctx->hash_id = hash_id; } +/* + * Get length in bytes of RSA modulus + */ + +size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) +{ + return( mbedtls_mpi_size( &ctx->N ) ); +} + + #if defined(MBEDTLS_GENPRIME) /* From 8fd5548241b11589799b7a5dde0d44bf09975df6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 14:07:48 +0100 Subject: [PATCH 201/493] Minor formatting changes --- include/mbedtls/rsa.h | 24 +++++++++++++----------- library/pkwrite.c | 8 ++++---- tests/suites/test_suite_rsa.function | 9 +++++++-- 3 files changed, 24 insertions(+), 17 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6f527c176..366502a85 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -235,7 +235,7 @@ typedef struct mbedtls_mpi Vf; /*!< cached un-blinding value */ int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS @@ -271,8 +271,8 @@ mbedtls_rsa_context; * MBEDTLS_MD_NONE) for verifying them. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, - int padding, - int hash_id); + int padding, + int hash_id); /** @@ -466,7 +466,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier */ -void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); +void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, + int hash_id); /** * \brief Get length of RSA modulus in bytes @@ -493,12 +494,12 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, - unsigned int nbits, int exponent ); + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, + unsigned int nbits, int exponent ); /** - * \brief Check a public RSA key + * \brief Check if a context contains an RSA public key * * \param ctx RSA context to be checked * @@ -507,7 +508,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check a private RSA key + * \brief Check if a context contains a complete + * and valid RSA private key. * * \param ctx RSA context to be checked * @@ -729,10 +731,10 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size + * \note The input buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, diff --git a/library/pkwrite.c b/library/pkwrite.c index 83b798c11..e00545881 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -62,7 +62,7 @@ * } */ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, - mbedtls_rsa_context *rsa ) + mbedtls_rsa_context *rsa ) { int ret; size_t len = 0; @@ -83,7 +83,7 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, * EC public key is an EC point */ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) + mbedtls_ecp_keypair *ec ) { int ret; size_t len = 0; @@ -111,7 +111,7 @@ static int pk_write_ec_pubkey( unsigned char **p, unsigned char *start, * } */ static int pk_write_ec_param( unsigned char **p, unsigned char *start, - mbedtls_ecp_keypair *ec ) + mbedtls_ecp_keypair *ec ) { int ret; size_t len = 0; @@ -128,7 +128,7 @@ static int pk_write_ec_param( unsigned char **p, unsigned char *start, #endif /* MBEDTLS_ECP_C */ int mbedtls_pk_write_pubkey( unsigned char **p, unsigned char *start, - const mbedtls_pk_context *key ) + const mbedtls_pk_context *key ) { int ret; size_t len = 0; diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595..a4f5e1e04 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -156,7 +156,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unhexify( message_str, message_hex_string ); hash_len = unhexify( hash_result, hash_result_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, + hash_len, hash_result, output ) == 0 ); hexify( output_str, output, ctx.len ); @@ -212,7 +214,10 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, hash_len = unhexify( hash_result, hash_result_string ); unhexify( result_str, result_hex_str ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, hash_len, hash_result, result_str ) == correct ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_NONE, + hash_len, hash_result, + result_str ) == correct ); /* For PKCS#1 v1.5, there is an alternative way to verify signatures */ if( padding_mode == MBEDTLS_RSA_PKCS_V15 ) From 6b4ce49991607b25cb3b300aed7dc820675d0ea7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:00:21 +0100 Subject: [PATCH 202/493] Add tests for rsa_deduce_private This commit adds tests for the new library function mbedtls_rsa_deduce_private for deducing the private RSA exponent D from the public exponent E and the factorization (P,Q) of the RSA modulus: - Two toy examples with small numbers that can be checked by hand, one working fine and another failing due to bad parameters. - Two real world examples, one fine and one with bad parameters. --- tests/suites/test_suite_rsa.data | 12 ++++++ tests/suites/test_suite_rsa.function | 58 ++++++++++++++++++++++++++++ 2 files changed, 70 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b0..737df0b58 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -367,6 +367,18 @@ mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Deduce Private, toy example +mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 + +RSA Deduce Private, toy example, corrupted +mbedtls_rsa_deduce_private:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +RSA Deduce Private +mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 + +RSA Deduce Private, corrupted +mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index a4f5e1e04..3234649b6 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -693,6 +693,64 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_deduce_private( int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_E, char *input_E, + int radix_D, char *output_D, + int corrupt, int result ) +{ + mbedtls_mpi P, Q, D, Dp, E, R, Rp; + + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &Dp ); + mbedtls_mpi_init( &E ); + mbedtls_mpi_init( &R ); mbedtls_mpi_init( &Rp ); + + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Dp, radix_D, output_D ) == 0 ); + + if( corrupt ) + { + /* Make E even */ + TEST_ASSERT( mbedtls_mpi_set_bit( &E, 0, 0 ) == 0 ); + } + + /* Try to deduce D from N, P, Q, E. */ + TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result ); + + if( !corrupt ) + { + /* + * Check that D and Dp agree modulo LCM(P-1, Q-1). + */ + + /* Replace P,Q by P-1, Q-1 */ + TEST_ASSERT( mbedtls_mpi_sub_int( &P, &P, 1 ) == 0 ); + TEST_ASSERT( mbedtls_mpi_sub_int( &Q, &Q, 1 ) == 0 ); + + /* Check D == Dp modulo P-1 */ + TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); + + /* Check D == Dp modulo Q-1 */ + TEST_ASSERT( mbedtls_mpi_mod_mpi( &R, &D, &Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_mod_mpi( &Rp, &Dp, &Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &R, &Rp ) == 0 ); + } + +exit: + + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &Dp ); + mbedtls_mpi_free( &E ); + mbedtls_mpi_free( &R ); mbedtls_mpi_free( &Rp ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From e78fd8d1b62d3b19ff07313dcdd64a20cf55cff9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:00:44 +0100 Subject: [PATCH 203/493] Add tests for rsa_deduce_moduli This commit adds test for the new library function mbedtls_rsa_deduce_moduli for deducing the prime factors (P,Q) of an RSA modulus N from knowledge of a pair (D,E) of public and private exponent: - Two toy examples that can be checked by hand, one fine and with bad parameters. - Two real world examples, one fine and one with bad parameters. --- tests/suites/test_suite_rsa.data | 12 ++++++ tests/suites/test_suite_rsa.function | 56 ++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 737df0b58..610bc7893 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -379,6 +379,18 @@ mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18 RSA Deduce Private, corrupted mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +RSA Deduce Moduli, toy example +mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 + +RSA Deduce Moduli, toy example, corrupted +mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Deduce Moduli +mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 + +RSA Deduce Moduli, corrupted +mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 3234649b6..dc7ec40a0 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -693,6 +693,62 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, + int radix_D, char *input_D, + int radix_E, char *input_E, + int radix_P, char *output_P, + int radix_Q, char *output_Q, + int corrupt, int result ) +{ + mbedtls_mpi N, P, Pp, Q, Qp, D, E; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Qp, radix_P, output_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Pp, radix_Q, output_Q ) == 0 ); + + if( corrupt ) + TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); + + /* Try to deduce P, Q from N, D, E only. */ + TEST_ASSERT( mbedtls_rsa_deduce_moduli( &N, &D, &E, mbedtls_ctr_drbg_random, + &ctr_drbg, &P, &Q ) == result ); + + if( !corrupt ) + { + /* Check if (P,Q) = (Pp, Qp) or (P,Q) = (Qp, Pp) */ + TEST_ASSERT( ( mbedtls_mpi_cmp_mpi( &P, &Pp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Qp ) == 0 ) || + ( mbedtls_mpi_cmp_mpi( &P, &Qp ) == 0 && mbedtls_mpi_cmp_mpi( &Q, &Pp ) == 0 ) ); + } + +exit: + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); +} +/* END_CASE */ + /* BEGIN_CASE */ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, int radix_Q, char *input_Q, From c77ab892e5bc4d8c1c06dc8dd409d3fba27094d8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:01:06 +0100 Subject: [PATCH 204/493] Add tests for rsa_import, rsa_import_raw and rsa_complete This commit adds numerous tests for the new library functions mbedtls_rsa_import and mbedtls_rsa_import_raw in conjunction with mbedtls_rsa_complete for importing and completing core sets of core RSA parameters (N,P,Q,D,E) into an RSA context, with the importing accepting either MPI's or raw big endian buffers. Each test is determined by the following parameters: 1) Set of parameters provided We're testing full sets (N,P,Q,D,E), partial sets (N,-,-,D,E) and (N,P,Q,-,E) that are sufficient to generate missing parameters, and the partial and insufficient set (N, -, Q, -, E). 2) Simultaenous or successive importing The functions rsa_import and rsa_import_raw accept importing parameters at once or one after another. We test both. 3) Sanity of parameters --- tests/suites/test_suite_rsa.data | 60 ++++++++ tests/suites/test_suite_rsa.function | 199 +++++++++++++++++++++++++++ 2 files changed, 259 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 610bc7893..15bd3dfbf 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -391,6 +391,66 @@ mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +RSA Import (N,P,Q,D,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (N,P,Q,D,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + +RSA Import (N,-,-,D,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (N,-,-,D,E), succesive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + +RSA Import (N,P,Q,-,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 + +RSA Import (N,P,Q,-,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 + +RSA Import (N,-,Q,-,E) +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import (N,-,Q,-,E), successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import (N,-,-,-,E), complete public key +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 + +RSA Import (N,-,-,-,E), complete public key, successive +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0 + +RSA Import Raw (N,P,Q,D,E), complete private key +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (N,P,Q,D,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + +RSA Import Raw (N,-,-,D,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (N,-,-,D,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + +RSA Import Raw (N,P,Q,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 + +RSA Import Raw (N,P,Q,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 + +RSA Import Raw (N,-,Q,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import Raw (N,-,Q,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + +RSA Import Raw (N,-,-,-,E) +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 + +RSA Import Raw (N,-,-,-,E), successive +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index dc7ec40a0..19867ec3b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -807,6 +807,205 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_import( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int successive, + int result ) +{ + mbedtls_mpi N, P, Q, D, E; + mbedtls_rsa_context ctx; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + + mbedtls_rsa_init( &ctx, 0, 0 ); + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + if( strlen( input_N ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( strlen( input_P ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( strlen( input_Q ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( strlen( input_D ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( strlen( input_E ) ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + strlen( input_P ) ? &P : NULL, + strlen( input_Q ) ? &Q : NULL, + strlen( input_D ) ? &D : NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + } + else + { + /* Import N, P, Q, D, E separately. + * This should make no functional difference. */ + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + NULL, NULL, NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, + strlen( input_P ) ? &P : NULL, + NULL, NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, + strlen( input_Q ) ? &Q : NULL, + NULL, NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, NULL, + strlen( input_D ) ? &D : NULL, + NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + NULL, NULL, NULL, NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + } + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, + mbedtls_ctr_drbg_random, + &ctr_drbg ) == result ); + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); +} +/* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_import_raw( char *input_N, + char *input_P, char *input_Q, + char *input_D, char *input_E, + int successive, + int result ) +{ + unsigned char bufN[1000]; + unsigned char bufP[1000]; + unsigned char bufQ[1000]; + unsigned char bufD[1000]; + unsigned char bufE[1000]; + + size_t lenN = 0; + size_t lenP = 0; + size_t lenQ = 0; + size_t lenD = 0; + size_t lenE = 0; + + mbedtls_rsa_context ctx; + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_ctr_drbg_init( &ctr_drbg ); + + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); + + mbedtls_rsa_init( &ctx, 0, 0 ); + + if( strlen( input_N ) ) + lenN = unhexify( bufN, input_N ); + + if( strlen( input_P ) ) + lenP = unhexify( bufP, input_P ); + + if( strlen( input_Q ) ) + lenQ = unhexify( bufQ, input_Q ); + + if( strlen( input_D ) ) + lenD = unhexify( bufD, input_D ); + + if( strlen( input_E ) ) + lenE = unhexify( bufE, input_E ); + + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + ( lenN > 0 ) ? bufN : NULL, lenN, + ( lenP > 0 ) ? bufP : NULL, lenP, + ( lenQ > 0 ) ? bufQ : NULL, lenQ, + ( lenD > 0 ) ? bufD : NULL, lenD, + ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); + } + else + { + /* Import N, P, Q, D, E separately. + * This should make no functional difference. */ + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + ( lenN > 0 ) ? bufN : NULL, lenN, + NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, + ( lenP > 0 ) ? bufP : NULL, lenP, + NULL, 0, NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, + ( lenQ > 0 ) ? bufQ : NULL, lenQ, + NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, NULL, 0, + ( lenD > 0 ) ? bufD : NULL, lenD, + NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, + ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); + } + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, + mbedtls_ctr_drbg_random, + &ctr_drbg ) == result ); + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void rsa_selftest() { From 417f2d610721e819ae0f0340e3bdecec0a91329d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:44:51 +0100 Subject: [PATCH 205/493] Add tests for rsa_export This commit adds tests for the new library function mbedtls_rsa_export. Each test case performs the following steps: - Parse and convert a set of hex-string decoded core RSA parameters into MPI's. - Use these to initialize an RSA context - Export core RSA parameters as MPI's again afterwards - Compare initial MPI's to exported ones. In the private key case, all core parameters are exported and sanity-checked, regardless of whether they were also used during setup. Each test split is performed twice, once with successive and once with simultaneous exporting. --- tests/suites/test_suite_rsa.data | 21 +++++ tests/suites/test_suite_rsa.function | 125 +++++++++++++++++++++++++++ 2 files changed, 146 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 15bd3dfbf..9128be998 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -451,6 +451,27 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,-,-,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 +RSA Export (N,P,Q,D,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 + +RSA Export (N,P,Q,D,E), successive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 + +RSA Export (N,-,-,D,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 + +RSA Export (N,-,-,D,E), succesive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 + +RSA Export (N,P,Q,-,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0 + +RSA Export (N,P,Q,-,E), successive +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1 + +RSA Export (N,-,-,-,E) +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 19867ec3b..6229b829c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -905,6 +905,131 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_export( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int successive ) +{ + /* Original MPI's with which we set up the RSA context */ + mbedtls_mpi N, P, Q, D, E; + + /* Exported MPI's */ + mbedtls_mpi Ne, Pe, Qe, De, Ee; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + const int is_priv = have_P || have_Q || have_D; + + mbedtls_rsa_context ctx; + + mbedtls_rsa_init( &ctx, 0, 0 ); + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_mpi_init( &Ne ); + mbedtls_mpi_init( &Pe ); mbedtls_mpi_init( &Qe ); + mbedtls_mpi_init( &De ); mbedtls_mpi_init( &Ee ); + + /* Setup RSA context */ + + if( have_N ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( have_E ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_import( &ctx, + strlen( input_N ) ? &N : NULL, + strlen( input_P ) ? &P : NULL, + strlen( input_Q ) ? &Q : NULL, + strlen( input_D ) ? &D : NULL, + strlen( input_E ) ? &E : NULL ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + + /* + * Export parameters and compare to original ones. + */ + + /* N and E must always be present. */ + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, &Ee ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, &Ne, NULL, NULL, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, NULL, &Ee ) == 0 ); + } + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &N, &Ne ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &E, &Ee ) == 0 ); + + /* If we were providing enough information to setup a complete private context, + * we expect to be able to export all core parameters. */ + + if( is_priv ) + { + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, &Qe, + &De, NULL ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, &Pe, NULL, + NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, &Qe, + NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export( &ctx, NULL, NULL, NULL, + &De, NULL ) == 0 ); + } + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &P, &Pe ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &Q, &Qe ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &D, &De ) == 0 ); + + /* While at it, perform a sanity check */ + TEST_ASSERT( mbedtls_rsa_check_params( &Ne, &Pe, &Qe, &De, &Ee, + NULL, NULL ) == 0 ); + } + +exit: + + mbedtls_rsa_free( &ctx ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + + mbedtls_mpi_free( &Ne ); + mbedtls_mpi_free( &Pe ); mbedtls_mpi_free( &Qe ); + mbedtls_mpi_free( &De ); mbedtls_mpi_free( &Ee ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, From f1b9a2c78358a00ab264054781e3ebfc5caa7627 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 11:49:22 +0100 Subject: [PATCH 206/493] Add tests for rsa_export_raw This commit adds tests for the new library function mbedtls_rsa_export_raw. Each test case performs the following steps: - Parse and convert a set of hex-string decoded core RSA parameters into big endian byte arrays. - Use these to initialize an RSA context - Export core RSA parameters as byte arrays again afterwards - Compare byte strings. Each test split is performed twice, once with successive and once with simultaneous exporting. --- tests/suites/test_suite_rsa.data | 21 +++++ tests/suites/test_suite_rsa.function | 131 +++++++++++++++++++++++++++ 2 files changed, 152 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 9128be998..88ff9badb 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -472,6 +472,27 @@ mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Export (N,-,-,-,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 +RSA Export Raw (N,P,Q,D,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 + +RSA Export Raw (N,P,Q,D,E), successive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 + +RSA Export Raw (N,-,-,D,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 + +RSA Export Raw (N,-,-,D,E), succesive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 + +RSA Export Raw (N,P,Q,-,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0 + +RSA Export Raw (N,P,Q,-,E), successive +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1 + +RSA Export Raw (N,-,-,-,E) +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0 + RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 rsa_pkcs1_encrypt_bad_rng:"4E636AF98E40F3ADCFCCB698F4E80B9F":MBEDTLS_RSA_PKCS_V15:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"a42eda41e56235e666e7faaa77100197f657288a1bf183e4820f0c37ce2c456b960278d6003e0bbcd4be4a969f8e8fd9231e1f492414f00ed09844994c86ec32db7cde3bec7f0c3dbf6ae55baeb2712fa609f5fc3207a824eb3dace31849cd6a6084318523912bccb84cf42e3c6d6d1685131d69bb545acec827d2b0dfdd5568b7dcc4f5a11d6916583fefa689d367f8c9e1d95dcd2240895a9470b0c1730f97cd6e8546860bd254801769f54be96e16362ddcbf34d56035028890199e0f48db38642cb66a4181e028a6443a404fea284ce02b4614b683367d40874e505611d23142d49f06feea831d52d347b13610b413c4efc43a6de9f0b08d2a951dc503b6":MBEDTLS_ERR_RSA_RNG_FAILED diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 6229b829c..d5ca5fcae 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1030,6 +1030,137 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +void mbedtls_rsa_export_raw( char *input_N, char *input_P, + char *input_Q, char *input_D, + char *input_E, int successive ) +{ + /* Original raw buffers with which we set up the RSA context */ + unsigned char bufN[1000]; + unsigned char bufP[1000]; + unsigned char bufQ[1000]; + unsigned char bufD[1000]; + unsigned char bufE[1000]; + + size_t lenN = 0; + size_t lenP = 0; + size_t lenQ = 0; + size_t lenD = 0; + size_t lenE = 0; + + /* Exported buffers */ + unsigned char bufNe[ sizeof( bufN ) ]; + unsigned char bufPe[ sizeof( bufP ) ]; + unsigned char bufQe[ sizeof( bufQ ) ]; + unsigned char bufDe[ sizeof( bufD ) ]; + unsigned char bufEe[ sizeof( bufE ) ]; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + const int is_priv = have_P || have_Q || have_D; + + mbedtls_rsa_context ctx; + + mbedtls_rsa_init( &ctx, 0, 0 ); + + /* Setup RSA context */ + + if( have_N ) + lenN = unhexify( bufN, input_N ); + + if( have_P ) + lenP = unhexify( bufP, input_P ); + + if( have_Q ) + lenQ = unhexify( bufQ, input_Q ); + + if( have_D ) + lenD = unhexify( bufD, input_D ); + + if( have_E ) + lenE = unhexify( bufE, input_E ); + + TEST_ASSERT( mbedtls_rsa_import_raw( &ctx, + have_N ? bufN : NULL, lenN, + have_P ? bufP : NULL, lenP, + have_Q ? bufQ : NULL, lenQ, + have_D ? bufD : NULL, lenD, + have_E ? bufE : NULL, lenE ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + + /* + * Export parameters and compare to original ones. + */ + + /* N and E must always be present. */ + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN, + NULL, 0, NULL, 0, NULL, 0, + bufEe, lenE ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, bufNe, lenN, + NULL, 0, NULL, 0, NULL, 0, + NULL, 0 ) == 0 ); + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, + bufEe, lenE ) == 0 ); + } + TEST_ASSERT( memcmp( bufN, bufNe, lenN ) == 0 ); + TEST_ASSERT( memcmp( bufE, bufEe, lenE ) == 0 ); + + /* If we were providing enough information to setup a complete private context, + * we expect to be able to export all core parameters. */ + + if( is_priv ) + { + if( !successive ) + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + bufPe, lenP ? lenP : sizeof( bufPe ), + bufQe, lenQ ? lenQ : sizeof( bufQe ), + bufDe, lenD ? lenD : sizeof( bufDe ), + NULL, 0 ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, + bufPe, lenP ? lenP : sizeof( bufPe ), + NULL, 0, NULL, 0, + NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, + bufQe, lenQ ? lenQ : sizeof( bufQe ), + NULL, 0, NULL, 0 ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_export_raw( &ctx, NULL, 0, NULL, 0, + NULL, 0, bufDe, lenD ? lenD : sizeof( bufDe ), + NULL, 0 ) == 0 ); + } + + if( have_P ) + TEST_ASSERT( memcmp( bufP, bufPe, lenP ) == 0 ); + + if( have_Q ) + TEST_ASSERT( memcmp( bufQ, bufQe, lenQ ) == 0 ); + + if( have_D ) + TEST_ASSERT( memcmp( bufD, bufDe, lenD ) == 0 ); + + } + +exit: + mbedtls_rsa_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, From ce00263bd293b643840dbbdc97800296ee5c413c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 13:22:36 +0100 Subject: [PATCH 207/493] Add tests for rsa_check_params This commit adds test for the new library function mbedtls_rsa_check_params for checking a set of RSA core parameters. There are some toy example tests with small numbers that can be verified by hand, as well as tests with real world numbers. Complete, partial and corrupted data are tested, as well the check for primality exactly if a PRNG is provided. --- tests/suites/test_suite_rsa.data | 33 ++++++++++++++ tests/suites/test_suite_rsa.function | 64 ++++++++++++++++++++++++++++ 2 files changed, 97 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 88ff9badb..5bef580c4 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -367,6 +367,39 @@ mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +RSA Check Params, toy example +mbedtls_rsa_check_params:10:"15":10:"3":10:"5":10:"3":10:"3":0:0 + +RSA Check Params, toy example, N missing +mbedtls_rsa_check_params:10:"":10:"3":10:"5":10:"3":10:"3":0:0 + +RSA Check Params, toy example, E missing +mbedtls_rsa_check_params:10:"15":10:"3":10:"5":10:"3":10:"":0:0 + +RSA Check Params, toy example, corrupted +mbedtls_rsa_check_params:10:"16":10:"3":10:"5":10:"3":10:"3":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Check Params, toy example, non-primes, no PRNG +mbedtls_rsa_check_params:10:"45":10:"9":10:"5":10:"7":10:"23":0:0 + +RSA Check Params, toy example, non-primes, PRNG +mbedtls_rsa_check_params:10:"45":10:"9":10:"5":10:"7":10:"23":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + +RSA Check Params +mbedtls_rsa_check_params:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Check Params, N missing +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Check Params, bad N +mbedtls_rsa_check_params:16:"b38bc65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA + +RSA Check Params, non-prime, no PRNG +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":0:0 + +RSA Check Params, non-prime, PRNG +mbedtls_rsa_check_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE + RSA Deduce Private, toy example mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d5ca5fcae..1f3c3b339 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1030,6 +1030,70 @@ exit: } /* END_CASE */ +/* BEGIN_CASE */ +void mbedtls_rsa_check_params( int radix_N, char *input_N, + int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_D, char *input_D, + int radix_E, char *input_E, + int prng, int result ) +{ + /* Original MPI's with which we set up the RSA context */ + mbedtls_mpi N, P, Q, D, E; + + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + + mbedtls_entropy_context entropy; + mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; + + mbedtls_mpi_init( &N ); + mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + + mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_entropy_init( &entropy ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); + + if( have_N ) + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + + if( have_P ) + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + + if( have_Q ) + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + + if( have_D ) + TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); + + if( have_E ) + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + + TEST_ASSERT( mbedtls_rsa_check_params( have_N ? &N : NULL, + have_P ? &P : NULL, + have_Q ? &Q : NULL, + have_D ? &D : NULL, + have_E ? &E : NULL, + prng ? mbedtls_ctr_drbg_random : NULL, + prng ? &ctr_drbg : NULL ) == result ); +exit: + + mbedtls_ctr_drbg_free( &ctr_drbg ); + mbedtls_entropy_free( &entropy ); + + mbedtls_mpi_free( &N ); + mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); +} +/* END_CASE */ + /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_export_raw( char *input_N, char *input_P, char *input_Q, char *input_D, From 3a701161ff9b40d0945d0668ac4866237618938b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 13:52:43 +0100 Subject: [PATCH 208/493] Adapt RSA selftest to new RSA interface This commit replaces direct manipulation of structure fields in the RSA selftest by calls to the extended interface. --- library/rsa.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index c807f911c..78db24031 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2495,17 +2495,23 @@ int mbedtls_rsa_self_test( int verbose ) unsigned char sha1sum[20]; #endif + mbedtls_mpi K; + + mbedtls_mpi_init( &K ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - rsa.len = KEY_LEN; - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.N , 16, RSA_N ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.E , 16, RSA_E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.D , 16, RSA_D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.P , 16, RSA_P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.Q , 16, RSA_Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DP, 16, RSA_DP ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.DQ, 16, RSA_DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &rsa.QP, 16, RSA_QP ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_N ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, &K, NULL, NULL, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_P ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, &K, NULL, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_Q ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, &K, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_D ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, &K, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); + + MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa, NULL, NULL ) ); if( verbose != 0 ) mbedtls_printf( " RSA key validation: " ); @@ -2519,6 +2525,15 @@ int mbedtls_rsa_self_test( int verbose ) return( 1 ); } + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DP ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, &K, NULL, NULL ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DQ ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, &K, NULL ) ); + + MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_QP ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, NULL, &K ) ); + if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 encryption : " ); @@ -2592,6 +2607,7 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_printf( "\n" ); cleanup: + mbedtls_mpi_free( &K ); mbedtls_rsa_free( &rsa ); #else /* MBEDTLS_PKCS1_V15 */ ((void) verbose); From 6a1e7e5f4c072a6dee04473bd5602ab0bb1c7095 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 13:55:00 +0100 Subject: [PATCH 209/493] Adapt pk_wrap.c to new RSA interface This commit replaces direct manipulation of RSA context structure fields by calls to the extended RSA interface in pk_wrap.c. --- library/pk_wrap.c | 30 +++++++++++++++++++----------- 1 file changed, 19 insertions(+), 11 deletions(-) diff --git a/library/pk_wrap.c b/library/pk_wrap.c index db6274cbf..bdc0f3927 100644 --- a/library/pk_wrap.c +++ b/library/pk_wrap.c @@ -68,7 +68,8 @@ static int rsa_can_do( mbedtls_pk_type_t type ) static size_t rsa_get_bitlen( const void *ctx ) { - return( 8 * ((const mbedtls_rsa_context *) ctx)->len ); + const mbedtls_rsa_context * rsa = (const mbedtls_rsa_context *) ctx; + return( 8 * mbedtls_rsa_get_len( rsa ) ); } static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, @@ -76,21 +77,23 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg, const unsigned char *sig, size_t sig_len ) { int ret; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + size_t rsa_len = mbedtls_rsa_get_len( rsa ); #if defined(MBEDTLS_HAVE_INT64) if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_HAVE_INT64 */ - if( sig_len < ((mbedtls_rsa_context *) ctx)->len ) + if( sig_len < rsa_len ) return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( ( ret = mbedtls_rsa_pkcs1_verify( (mbedtls_rsa_context *) ctx, NULL, NULL, + if( ( ret = mbedtls_rsa_pkcs1_verify( rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, md_alg, (unsigned int) hash_len, hash, sig ) ) != 0 ) return( ret ); - if( sig_len > ((mbedtls_rsa_context *) ctx)->len ) + if( sig_len > rsa_len ) return( MBEDTLS_ERR_PK_SIG_LEN_MISMATCH ); return( 0 ); @@ -101,14 +104,16 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg, unsigned char *sig, size_t *sig_len, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + #if defined(MBEDTLS_HAVE_INT64) if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len ) return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); #endif /* MBEDTLS_HAVE_INT64 */ - *sig_len = ((mbedtls_rsa_context *) ctx)->len; + *sig_len = mbedtls_rsa_get_len( rsa ); - return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, + return( mbedtls_rsa_pkcs1_sign( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, md_alg, (unsigned int) hash_len, hash, sig ) ); } @@ -117,10 +122,12 @@ static int rsa_decrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - if( ilen != ((mbedtls_rsa_context *) ctx)->len ) + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + + if( ilen != mbedtls_rsa_get_len( rsa ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, f_rng, p_rng, + return( mbedtls_rsa_pkcs1_decrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PRIVATE, olen, input, output, osize ) ); } @@ -129,13 +136,14 @@ static int rsa_encrypt_wrap( void *ctx, unsigned char *output, size_t *olen, size_t osize, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) { - *olen = ((mbedtls_rsa_context *) ctx)->len; + mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx; + *olen = mbedtls_rsa_get_len( rsa ); if( *olen > osize ) return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE ); - return( mbedtls_rsa_pkcs1_encrypt( (mbedtls_rsa_context *) ctx, - f_rng, p_rng, MBEDTLS_RSA_PUBLIC, ilen, input, output ) ); + return( mbedtls_rsa_pkcs1_encrypt( rsa, f_rng, p_rng, MBEDTLS_RSA_PUBLIC, + ilen, input, output ) ); } static int rsa_check_pair_wrap( const void *pub, const void *prv ) From d58c5b2d164b0c05f5da81a843276ead828db683 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 22 Aug 2017 14:33:21 +0100 Subject: [PATCH 210/493] Adapt pkparse.c to new RSA interface --- library/pkparse.c | 123 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 94 insertions(+), 29 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index efdf43746..a6916e7b9 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -520,19 +520,33 @@ static int pk_get_rsapubkey( unsigned char **p, return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - if( ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( p, end, &rsa->E ) ) != 0 ) + /* Import N */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + + *p += len; + + /* Import E */ + if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + + if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, *p, len ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + + *p += len; + + if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + if( *p != end ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); - if( ( ret = mbedtls_rsa_check_pubkey( rsa ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); - - rsa->len = mbedtls_mpi_size( &rsa->N ); - return( 0 ); } #endif /* MBEDTLS_RSA_C */ @@ -643,10 +657,16 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, const unsigned char *key, size_t keylen ) { - int ret; + int ret, version; size_t len; unsigned char *p, *end; + mbedtls_mpi DP, DQ, QP; + + mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); + mbedtls_mpi_init( &QP ); + p = (unsigned char *) key; end = p + keylen; @@ -674,45 +694,90 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, end = p + len; - if( ( ret = mbedtls_asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); } - if( rsa->ver != 0 ) + if( version != 0 ) { return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); } - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->N ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->E ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->D ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->P ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->Q ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) - { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - } + /* Import N */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, p, len, NULL, 0, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; - rsa->len = mbedtls_mpi_size( &rsa->N ); + /* Import E */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + NULL, 0, p, len ) ) != 0 ) + goto cleanup; + p += len; + + /* Import D */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, + p, len, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Import P */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, p, len, NULL, 0, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Import Q */ + if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, + MBEDTLS_ASN1_INTEGER ) ) != 0 || + ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, p, len, + NULL, 0, NULL, 0 ) ) != 0 ) + goto cleanup; + p += len; + + /* Complete the RSA private key */ + if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + goto cleanup; + + /* Check optional parameters */ + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 || + ( ret = mbedtls_rsa_check_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + goto cleanup; if( p != end ) { - mbedtls_rsa_free( rsa ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; } - if( ( ret = mbedtls_rsa_check_privkey( rsa ) ) != 0 ) +cleanup: + + mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); + mbedtls_mpi_free( &QP ); + + if( ret != 0 ) { + if( ( ret & 0xff80 ) == 0 ) + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; + else + ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; + mbedtls_rsa_free( rsa ); - return( ret ); } - return( 0 ); + return( ret ); } #endif /* MBEDTLS_RSA_C */ From 15f81fa21cfed84bcf79517d77c05baab696fcc0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 12:38:27 +0100 Subject: [PATCH 211/493] Adapt pkwrite.c to new RSA interface --- library/pkwrite.c | 92 +++++++++++++++++++++++++++++++++++++++++------ 1 file changed, 81 insertions(+), 11 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index e00545881..cb3c426f6 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -66,9 +66,27 @@ static int pk_write_rsa_pubkey( unsigned char **p, unsigned char *start, { int ret; size_t len = 0; + mbedtls_mpi T; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->E ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( p, start, &rsa->N ) ); + mbedtls_mpi_init( &T ); + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( p, start, &T ) ) < 0 ) + goto end_of_export; + len += ret; + +end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_CONSTRUCTED | @@ -205,18 +223,70 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ #if defined(MBEDTLS_RSA_C) if( mbedtls_pk_get_type( key ) == MBEDTLS_PK_RSA ) { + mbedtls_mpi T; /* Temporary holding the exported parameters */ mbedtls_rsa_context *rsa = mbedtls_pk_rsa( *key ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->QP ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DQ ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->DP ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->Q ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->P ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->D ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->E ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_mpi( &c, buf, &rsa->N ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); + /* + * Export the parameters one after another to avoid simultaneous copies. + */ + mbedtls_mpi_init( &T ); + + /* Export QP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DQ */ + if( ( ret = mbedtls_rsa_export_crt( rsa, NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export DP */ + if( ( ret = mbedtls_rsa_export_crt( rsa, &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export Q */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, &T, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export P */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export D */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, &T, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export E */ + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + /* Export N */ + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) + goto end_of_export; + len += ret; + + end_of_export: + + mbedtls_mpi_free( &T ); + if( ret < 0 ) + return( ret ); + + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ); From d71dc159a6c6b0705ce1e5385f021fca7ad2d96d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:32:42 +0100 Subject: [PATCH 212/493] Adapt PK test suite to use new interface --- library/pkwrite.c | 20 ++++++++++++------- tests/suites/test_suite_pk.function | 30 +++++++++++++---------------- 2 files changed, 26 insertions(+), 24 deletions(-) diff --git a/library/pkwrite.c b/library/pkwrite.c index cb3c426f6..8eabd889b 100644 --- a/library/pkwrite.c +++ b/library/pkwrite.c @@ -251,31 +251,36 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ len += ret; /* Export Q */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, &T, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + &T, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export P */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, NULL, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, &T, + NULL, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export D */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, &T, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, &T, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export E */ - if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, NULL, NULL, &T ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, NULL, NULL, + NULL, NULL, &T ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; /* Export N */ - if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, NULL, NULL, NULL ) ) != 0 || + if ( ( ret = mbedtls_rsa_export( rsa, &T, NULL, + NULL, NULL, NULL ) ) != 0 || ( ret = mbedtls_asn1_write_mpi( &c, buf, &T ) ) < 0 ) goto end_of_export; len += ret; @@ -288,8 +293,9 @@ int mbedtls_pk_write_key_der( mbedtls_pk_context *key, unsigned char *buf, size_ MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_int( &c, buf, 0 ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, + buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); } else #endif /* MBEDTLS_RSA_C */ diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 5fa8a693a..58b6013d7 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -333,18 +333,19 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, unsigned char cipher[1000]; size_t clear_len, olen, cipher_len; rnd_pseudo_info rnd_info; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; mbedtls_rsa_context *rsa; mbedtls_pk_context pk; mbedtls_pk_init( &pk ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); memset( clear, 0, sizeof( clear ) ); memset( cipher, 0, sizeof( cipher ) ); - clear_len = unhexify( clear, clear_hex ); + clear_len = unhexify( clear, clear_hex ); cipher_len = unhexify( cipher, cipher_hex ); /* init pk-rsa context */ @@ -352,21 +353,15 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, rsa = mbedtls_pk_rsa( pk ); /* load public key */ - rsa->len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); /* load private key */ - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &rsa->Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &rsa->P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &rsa->Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &rsa->E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->D , &rsa->E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DP, &rsa->D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &rsa->DQ, &rsa->D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &rsa->QP, &rsa->Q, &rsa->P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( rsa, NULL, NULL ) == 0 ); /* decryption test */ memset( output, 0, sizeof( output ) ); @@ -381,7 +376,8 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_pk_free( &pk ); } /* END_CASE */ From 6d43f9e0a43922793176a87bd44aa867302c3c06 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:35:17 +0100 Subject: [PATCH 213/493] Adapt PKCS v15 test suite to new RSA interface --- tests/suites/test_suite_pkcs1_v15.function | 87 +++++++++++----------- 1 file changed, 43 insertions(+), 44 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 09fe05bb3..1a06e4fba 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -21,19 +21,21 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, mbedtls_rsa_context ctx; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, E; info.length = unhexify( rnd_buf, seed ); info.buf = rnd_buf; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -47,6 +49,7 @@ void pkcs1_rsaes_v15_encrypt( int mod, int radix_N, char *input_N, int radix_E, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -62,12 +65,13 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; ((void) seed); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); @@ -75,21 +79,14 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -103,7 +100,8 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -121,14 +119,15 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, unsigned char output_str[1000]; unsigned char rnd_buf[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; size_t msg_len; rnd_buf_info info; info.length = unhexify( rnd_buf, salt ); info.buf = rnd_buf; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); @@ -136,21 +135,14 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -167,7 +159,8 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -183,28 +176,34 @@ void pkcs1_rsassa_v15_verify( int mod, int radix_N, char *input_N, int radix_E, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; ((void) salt); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); unhexify( result_str, result_hex_str ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + digest, 0, hash_result, + result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ From 6326a6da7f1bb69869af97ef425c5f1c0393a497 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:38:22 +0100 Subject: [PATCH 214/493] Adapt PKCS v21 test suite to new RSA interface --- tests/suites/test_suite_pkcs1_v21.function | 102 +++++++++++---------- 1 file changed, 54 insertions(+), 48 deletions(-) diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index 4f1ff4509..bd0993045 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -21,19 +21,21 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E, mbedtls_rsa_context ctx; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, E; info.length = unhexify( rnd_buf, seed ); info.buf = rnd_buf; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -47,6 +49,7 @@ void pkcs1_rsaes_oaep_encrypt( int mod, int radix_N, char *input_N, int radix_E, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -62,12 +65,14 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; ((void) seed); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); + mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); @@ -75,21 +80,14 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -103,7 +101,8 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -121,14 +120,15 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, unsigned char output_str[1000]; unsigned char rnd_buf[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t msg_len; rnd_buf_info info; + mbedtls_mpi N, P, Q, E; info.length = unhexify( rnd_buf, salt ); info.buf = rnd_buf; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); @@ -136,29 +136,24 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, + msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_buffer_rand, &info, MBEDTLS_RSA_PRIVATE, + digest, 0, hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len); @@ -167,7 +162,8 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -183,28 +179,34 @@ void pkcs1_rsassa_pss_verify( int mod, int radix_N, char *input_N, int radix_E, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; ((void) salt); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); unhexify( result_str, result_hex_str ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, + msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, + digest, 0, hash_result, result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -225,16 +227,19 @@ void pkcs1_rsassa_pss_verify_ext( int mod, unsigned char result_str[1000]; mbedtls_rsa_context ctx; size_t msg_len, hash_len; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V21, ctx_hash ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8 + ( ( mod % 8 ) ? 1 : 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -262,6 +267,7 @@ void pkcs1_rsassa_pss_verify_ext( int mod, result_str ) == result_full ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ From ceb7a9ddb3c0cf6b63adce4389ce53cd95bdd903 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 08:33:08 +0100 Subject: [PATCH 215/493] Adapt RSA test suites to new RSA interface --- tests/suites/test_suite_rsa.function | 197 +++++++++++++++------------ 1 file changed, 107 insertions(+), 90 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 1f3c3b339..e3952d8f3 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -26,11 +26,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; int msg_len; rnd_pseudo_info rnd_info; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); @@ -39,29 +40,25 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -70,7 +67,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -86,15 +84,18 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d mbedtls_rsa_context ctx; int msg_len; + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -106,6 +107,7 @@ void mbedtls_rsa_pkcs1_verify( char *message_hex_string, int padding_mode, int d TEST_ASSERT( mbedtls_rsa_pkcs1_verify( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, digest, 0, hash_result, result_str ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -123,12 +125,13 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; int hash_len; rnd_pseudo_info rnd_info; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); @@ -136,21 +139,14 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -180,7 +176,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); + mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -198,16 +196,20 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, mbedtls_rsa_context ctx; size_t hash_len, olen; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); + mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( hash_result, 0x00, 1000 ); memset( result_str, 0x00, 1000 ); memset( output, 0x00, sizeof( output ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -236,6 +238,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -252,6 +255,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int size_t msg_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); + memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); @@ -259,10 +265,11 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -276,6 +283,7 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -292,15 +300,19 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, mbedtls_rsa_context ctx; size_t msg_len; + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -314,6 +326,7 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -328,11 +341,13 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx; - mbedtls_mpi P1, Q1, H, G; size_t output_len; rnd_pseudo_info rnd_info; + mbedtls_mpi N, P, Q, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); mbedtls_rsa_init( &ctx, padding_mode, 0 ); memset( message_str, 0x00, 1000 ); @@ -340,21 +355,15 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int memset( output_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -369,7 +378,8 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -383,16 +393,20 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i unsigned char output_str[1000]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ + mbedtls_mpi N, E; + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); memset( message_str, 0x00, 1000 ); memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -423,6 +437,7 @@ void mbedtls_rsa_public( char *message_hex_string, int mod, int radix_N, char *i } exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); } @@ -437,32 +452,26 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * unsigned char output[1000]; unsigned char output_str[1000]; mbedtls_rsa_context ctx, ctx2; /* Also test mbedtls_rsa_copy() while at it */ - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi N, P, Q, E; rnd_pseudo_info rnd_info; int i; - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); + mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_rsa_init( &ctx2, MBEDTLS_RSA_PKCS_V15, 0 ); memset( message_str, 0x00, 1000 ); memset( &rnd_info, 0, sizeof( rnd_pseudo_info ) ); - ctx.len = mod / 8; - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.P, radix_P, input_P ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.Q, radix_Q, input_Q ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); - - TEST_ASSERT( mbedtls_mpi_sub_int( &P1, &ctx.P, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_sub_int( &Q1, &ctx.Q, 1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_gcd( &G, &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.D , &ctx.E, &H ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DP, &ctx.D, &P1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_mod_mpi( &ctx.DQ, &ctx.D, &Q1 ) == 0 ); - TEST_ASSERT( mbedtls_mpi_inv_mod( &ctx.QP, &ctx.Q, &ctx.P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); + TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -503,7 +512,9 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); + mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &E ); + mbedtls_rsa_free( &ctx ); mbedtls_rsa_free( &ctx2 ); } /* END_CASE */ @@ -523,21 +534,25 @@ void mbedtls_rsa_check_pubkey( int radix_N, char *input_N, int radix_E, char *in int result ) { mbedtls_rsa_context ctx; + mbedtls_mpi N, E; + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &ctx, MBEDTLS_RSA_PKCS_V15, 0 ); if( strlen( input_N ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.N, radix_N, input_N ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); } if( strlen( input_E ) ) { - TEST_ASSERT( mbedtls_mpi_read_string( &ctx.E, radix_E, input_E ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); } + TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, NULL, NULL, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == result ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -674,12 +689,14 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); mbedtls_rsa_init( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); + TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) { TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); From c95fad35669a3330e4ec1a8be148280389335379 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:44:30 +0100 Subject: [PATCH 216/493] Adapt dh_server example program to new RSA interface --- programs/pkey/dh_server.c | 42 ++++++++++++++++++++++++++++----------- 1 file changed, 30 insertions(+), 12 deletions(-) diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 8bf2b1b29..49066cd43 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -86,6 +86,8 @@ int main( void ) mbedtls_dhm_context dhm; mbedtls_aes_context aes; + mbedtls_mpi N, P, Q, D, E; + mbedtls_net_init( &listen_fd ); mbedtls_net_init( &client_fd ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_SHA256 ); @@ -93,6 +95,9 @@ int main( void ) mbedtls_aes_init( &aes ); mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + /* * 1. Setup the RNG */ @@ -124,24 +129,34 @@ int main( void ) mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 ) { - mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); + mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", + ret ); fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + /* * 2b. Get the DHM modulus and generator */ @@ -287,6 +302,9 @@ int main( void ) exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); + mbedtls_net_free( &client_fd ); mbedtls_net_free( &listen_fd ); From 83aad1fa869381d4b257c40e0e32ada7eee77323 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:45:10 +0100 Subject: [PATCH 217/493] Adapt gen_key example program to new RSA interface --- library/rsa.c | 3 +++ programs/pkey/gen_key.c | 39 ++++++++++++++++++++++++++++----------- 2 files changed, 31 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 78db24031..cc8f5722b 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -894,6 +894,9 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3; + /* Double-check */ + MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); + cleanup: mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c index 48126948d..ed6ed308e 100644 --- a/programs/pkey/gen_key.c +++ b/programs/pkey/gen_key.c @@ -191,6 +191,7 @@ int main( int argc, char *argv[] ) char buf[1024]; int i; char *p, *q; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "gen_key"; @@ -201,6 +202,11 @@ int main( int argc, char *argv[] ) /* * Set to sane values */ + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + mbedtls_pk_init( &key ); mbedtls_ctr_drbg_init( &ctr_drbg ); memset( buf, 0, sizeof( buf ) ); @@ -323,7 +329,7 @@ int main( int argc, char *argv[] ) if( opt.type == MBEDTLS_PK_RSA ) { ret = mbedtls_rsa_gen_key( mbedtls_pk_rsa( key ), mbedtls_ctr_drbg_random, &ctr_drbg, - opt.rsa_keysize, 65537 ); + opt.rsa_keysize, 65537 ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); @@ -336,7 +342,7 @@ int main( int argc, char *argv[] ) if( opt.type == MBEDTLS_PK_ECKEY ) { ret = mbedtls_ecp_gen_key( opt.ec_curve, mbedtls_pk_ec( key ), - mbedtls_ctr_drbg_random, &ctr_drbg ); + mbedtls_ctr_drbg_random, &ctr_drbg ); if( ret != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned -0x%04x", -ret ); @@ -359,14 +365,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -409,6 +423,10 @@ exit: #endif } + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + mbedtls_pk_free( &key ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); @@ -422,4 +440,3 @@ exit: } #endif /* MBEDTLS_PK_WRITE_C && MBEDTLS_PEM_WRITE_C && MBEDTLS_FS_IO && * MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */ - From 54ebf9971d1645b2f08623df4b9e40204c4ffd61 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:45:38 +0100 Subject: [PATCH 218/493] Adapt key_app example program to new RSA interface --- programs/pkey/key_app.c | 53 +++++++++++++++++++++++++++++++---------- 1 file changed, 40 insertions(+), 13 deletions(-) diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c index b6b84464d..f1b548d05 100644 --- a/programs/pkey/key_app.c +++ b/programs/pkey/key_app.c @@ -84,17 +84,23 @@ struct options int main( int argc, char *argv[] ) { int ret = 0; - mbedtls_pk_context pk; char buf[1024]; int i; char *p, *q; + mbedtls_pk_context pk; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + /* * Set to sane values */ mbedtls_pk_init( &pk ); memset( buf, 0, sizeof(buf) ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + if( argc == 0 ) { usage: @@ -189,14 +195,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -239,8 +253,15 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &pk ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( pk ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); } else #endif @@ -265,11 +286,17 @@ int main( int argc, char *argv[] ) exit: #if defined(MBEDTLS_ERROR_C) - mbedtls_strerror( ret, buf, sizeof(buf) ); - mbedtls_printf( " ! Last error was: %s\n", buf ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, sizeof(buf) ); + mbedtls_printf( " ! Last error was: %s\n", buf ); + } #endif mbedtls_pk_free( &pk ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); From 40371ec7838b8b0a030912e43e8b54728536a2ff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:46:17 +0100 Subject: [PATCH 219/493] Adapt key_app_writer example program to new RSA interface --- programs/pkey/key_app_writer.c | 49 +++++++++++++++++++++++++--------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c index 9d120772a..52b0f8e74 100644 --- a/programs/pkey/key_app_writer.c +++ b/programs/pkey/key_app_writer.c @@ -76,7 +76,7 @@ #define OUTPUT_FORMAT_DER 1 #define USAGE \ - "\n usage: key_app param=<>...\n" \ + "\n usage: key_app_writer param=<>...\n" \ "\n acceptable parameters:\n" \ " mode=private|public default: none\n" \ " filename=%%s default: keyfile.key\n" \ @@ -190,17 +190,23 @@ static int write_private_key( mbedtls_pk_context *key, const char *output_file ) int main( int argc, char *argv[] ) { int ret = 0; - mbedtls_pk_context key; char buf[1024]; int i; char *p, *q; + mbedtls_pk_context key; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; + /* * Set to sane values */ mbedtls_pk_init( &key ); memset( buf, 0, sizeof( buf ) ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + if( argc == 0 ) { usage: @@ -300,14 +306,22 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); - mbedtls_mpi_write_file( "D: ", &rsa->D, 16, NULL ); - mbedtls_mpi_write_file( "P: ", &rsa->P, 16, NULL ); - mbedtls_mpi_write_file( "Q: ", &rsa->Q, 16, NULL ); - mbedtls_mpi_write_file( "DP: ", &rsa->DP, 16, NULL ); - mbedtls_mpi_write_file( "DQ: ", &rsa->DQ, 16, NULL ); - mbedtls_mpi_write_file( "QP: ", &rsa->QP, 16, NULL ); + + if( ( ret = mbedtls_rsa_export ( rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); + mbedtls_mpi_write_file( "D: ", &D, 16, NULL ); + mbedtls_mpi_write_file( "P: ", &P, 16, NULL ); + mbedtls_mpi_write_file( "Q: ", &Q, 16, NULL ); + mbedtls_mpi_write_file( "DP: ", &DP, 16, NULL ); + mbedtls_mpi_write_file( "DQ: ", &DQ, 16, NULL ); + mbedtls_mpi_write_file( "QP: ", &QP, 16, NULL ); } else #endif @@ -353,8 +367,15 @@ int main( int argc, char *argv[] ) if( mbedtls_pk_get_type( &key ) == MBEDTLS_PK_RSA ) { mbedtls_rsa_context *rsa = mbedtls_pk_rsa( key ); - mbedtls_mpi_write_file( "N: ", &rsa->N, 16, NULL ); - mbedtls_mpi_write_file( "E: ", &rsa->E, 16, NULL ); + + if( ( ret = mbedtls_rsa_export( rsa, &N, NULL, NULL, + NULL, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + goto exit; + } + mbedtls_mpi_write_file( "N: ", &N, 16, NULL ); + mbedtls_mpi_write_file( "E: ", &E, 16, NULL ); } else #endif @@ -394,6 +415,10 @@ exit: #endif } + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); + mbedtls_pk_free( &key ); #if defined(_WIN32) From ccef18c2ff28541877366c63eee6e41d7f28016b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:46:45 +0100 Subject: [PATCH 220/493] Adapt rsa_decrypt example program to new RSA interface --- programs/pkey/rsa_decrypt.c | 50 ++++++++++++++++++++++++++++--------- 1 file changed, 38 insertions(+), 12 deletions(-) diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index b64e1564a..493c8706e 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -64,6 +64,7 @@ int main( int argc, char *argv[] ) int return_val, exit_val, c; size_t i; mbedtls_rsa_context rsa; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; unsigned char result[1024]; @@ -91,6 +92,9 @@ int main( int argc, char *argv[] ) mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); return_val = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, @@ -114,14 +118,14 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) { exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", @@ -129,11 +133,31 @@ int main( int argc, char *argv[] ) fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( return_val = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + return_val ); + goto exit; + } + + if( ( return_val = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, + &ctr_drbg ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + return_val ); + goto exit; + } + + /* Although we're not using them, verify CRT parameters */ + if( ( return_val = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", + return_val ); + goto exit; + } + /* * Extract the RSA encrypted value from the text file */ @@ -184,6 +208,9 @@ exit: mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); @@ -193,4 +220,3 @@ exit: return( exit_val ); } #endif /* MBEDTLS_BIGNUM_C && MBEDTLS_RSA_C && MBEDTLS_FS_IO */ - From d6ba5e3d8b7572a9cce4cb712cddf61523f459df Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:48:07 +0100 Subject: [PATCH 221/493] Adapt rsa_sign example program to new RSA interface --- programs/pkey/rsa_sign.c | 50 +++++++++++++++++++++++++++++++--------- 1 file changed, 39 insertions(+), 11 deletions(-) diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index affbf7afc..5f615618f 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -61,8 +61,14 @@ int main( int argc, char *argv[] ) unsigned char hash[32]; unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; char filename[512]; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); + ret = 1; if( argc != 2 ) @@ -87,24 +93,35 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_mpi_read_file( &rsa.N , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.E , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.D , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.P , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.Q , 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DP, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.DQ, 16, f ) ) != 0 || - ( ret = mbedtls_mpi_read_file( &rsa.QP, 16, f ) ) != 0 ) + if( ( ret = mbedtls_mpi_read_file( &N , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &E , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &D , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &P , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &Q , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DP , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &DQ , 16, f ) ) != 0 || + ( ret = mbedtls_mpi_read_file( &QP , 16, f ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", ret ); fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( ret = mbedtls_rsa_import( &rsa, &N, &P, &Q, &D, &E ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + ret ); + goto exit; + } + + if( ( ret = mbedtls_rsa_complete( &rsa, NULL, NULL ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", + ret ); + goto exit; + } + mbedtls_printf( "\n . Checking the private key" ); fflush( stdout ); if( ( ret = mbedtls_rsa_check_privkey( &rsa ) ) != 0 ) @@ -113,6 +130,14 @@ int main( int argc, char *argv[] ) goto exit; } + /* Although we're not using them, verify CRT parameters */ + if( ( ret = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", + ret ); + goto exit; + } + /* * Compute the SHA-256 hash of the input file, * then calculate the RSA signature of the hash. @@ -158,6 +183,9 @@ int main( int argc, char *argv[] ) exit: mbedtls_rsa_free( &rsa ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); #if defined(_WIN32) mbedtls_printf( " + Press Enter to exit this program.\n" ); From 0c2639386ee09f7c971ea827c938e776d5caafd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:47:06 +0100 Subject: [PATCH 222/493] Adapt rsa_encrypt example program to new RSA interface --- programs/pkey/rsa_encrypt.c | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/programs/pkey/rsa_encrypt.c b/programs/pkey/rsa_encrypt.c index b9cb18765..81c27d888 100644 --- a/programs/pkey/rsa_encrypt.c +++ b/programs/pkey/rsa_encrypt.c @@ -69,6 +69,7 @@ int main( int argc, char *argv[] ) unsigned char input[1024]; unsigned char buf[512]; const char *pers = "rsa_encrypt"; + mbedtls_mpi N, E; exit_val = MBEDTLS_EXIT_SUCCESS; @@ -86,6 +87,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &E ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); @@ -112,8 +114,8 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_mpi_read_file( &rsa.N, 16, f ) ) != 0 || - ( return_val = mbedtls_mpi_read_file( &rsa.E, 16, f ) ) != 0 ) + if( ( return_val = mbedtls_mpi_read_file( &N, 16, f ) ) != 0 || + ( return_val = mbedtls_mpi_read_file( &E, 16, f ) ) != 0 ) { exit_val = MBEDTLS_EXIT_FAILURE; mbedtls_printf( " failed\n ! mbedtls_mpi_read_file returned %d\n\n", @@ -121,11 +123,17 @@ int main( int argc, char *argv[] ) fclose( f ); goto exit; } - - rsa.len = ( mbedtls_mpi_bitlen( &rsa.N ) + 7 ) >> 3; - fclose( f ); + if( ( return_val = mbedtls_rsa_import( &rsa, &N, NULL, + NULL, NULL, &E ) ) != 0 ) + { + exit_val = MBEDTLS_EXIT_FAILURE; + mbedtls_printf( " failed\n ! mbedtls_rsa_import returned %d\n\n", + return_val ); + goto exit; + } + if( strlen( argv[1] ) > 100 ) { exit_val = MBEDTLS_EXIT_FAILURE; @@ -171,6 +179,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( "\n . Done (created \"%s\")\n\n", "result-enc.txt" ); exit: + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &E ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); mbedtls_rsa_free( &rsa ); From f073de0c257008998d79ccd6cd54e7eac9aa494c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:42:28 +0100 Subject: [PATCH 223/493] Adapt rsa_genkey example program to use new RSA interface --- programs/pkey/rsa_genkey.c | 37 ++++++++++++++++++++++++++----------- 1 file changed, 26 insertions(+), 11 deletions(-) diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index e199ad247..3dae0a6c8 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -65,6 +65,7 @@ int main( void ) mbedtls_rsa_context rsa; mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; + mbedtls_mpi N, P, Q, D, E, DP, DQ, QP; FILE *fpub = NULL; FILE *fpriv = NULL; const char *pers = "rsa_genkey"; @@ -87,9 +88,12 @@ int main( void ) fflush( stdout ); mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, - EXPONENT ) ) != 0 ) + EXPONENT ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_gen_key returned %d\n\n", ret ); goto exit; @@ -98,6 +102,14 @@ int main( void ) mbedtls_printf( " ok\n . Exporting the public key in rsa_pub.txt...." ); fflush( stdout ); + if( ( ret = mbedtls_rsa_export ( &rsa, &N, &P, &Q, &D, &E ) ) != 0 || + ( ret = mbedtls_rsa_export_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) + { + mbedtls_printf( " failed\n ! could not export RSA parameters\n\n" ); + ret = 1; + goto exit; + } + if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL ) { mbedtls_printf( " failed\n ! could not open rsa_pub.txt for writing\n\n" ); @@ -105,8 +117,8 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "N = ", &rsa.N, 16, fpub ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "E = ", &rsa.E, 16, fpub ) ) != 0 ) + if( ( ret = mbedtls_mpi_write_file( "N = ", &N, 16, fpub ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = ", &E, 16, fpub ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); goto exit; @@ -122,14 +134,14 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_mpi_write_file( "N = " , &rsa.N , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "E = " , &rsa.E , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "D = " , &rsa.D , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "P = " , &rsa.P , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "Q = " , &rsa.Q , 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "DP = ", &rsa.DP, 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "DQ = ", &rsa.DQ, 16, fpriv ) ) != 0 || - ( ret = mbedtls_mpi_write_file( "QP = ", &rsa.QP, 16, fpriv ) ) != 0 ) + if( ( ret = mbedtls_mpi_write_file( "N = " , &N , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "E = " , &E , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "D = " , &D , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "P = " , &P , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "Q = " , &Q , 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DP = ", &DP, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "DQ = ", &DQ, 16, fpriv ) ) != 0 || + ( ret = mbedtls_mpi_write_file( "QP = ", &QP, 16, fpriv ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_mpi_write_file returned %d\n\n", ret ); goto exit; @@ -157,6 +169,9 @@ exit: if( fpriv != NULL ) fclose( fpriv ); + mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); + mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); mbedtls_mpi_free( &DP ); + mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); mbedtls_rsa_free( &rsa ); mbedtls_ctr_drbg_free( &ctr_drbg ); mbedtls_entropy_free( &entropy ); From 1a59e791e52ae41ccdafa321d82e0cd9849c8e7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:41:10 +0100 Subject: [PATCH 224/493] Remove CRT fields from RSA context if RSA_NO_CRT is defined --- include/mbedtls/rsa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 366502a85..8aefdb660 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -223,13 +223,19 @@ typedef struct mbedtls_mpi D; /*!< private exponent */ mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ + +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi RN; /*!< cached R^2 mod N */ + +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ From 131134fa1af672066318737a568c0539922176ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 08:31:07 +0100 Subject: [PATCH 225/493] Adapt RSA test suite to deal with RSA_NON_CRT option --- tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_rsa.function | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5bef580c4..e1c51a9b1 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -272,12 +272,15 @@ RSA Check Private key #6 (No D) mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #7 (No DP) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #8 (No DQ) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #9 (No QP) +depends_on:!MBEDTLS_RSA_NO_CRT mbedtls_rsa_check_privkey:2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Private key #10 (Incorrect) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e3952d8f3..c8506db3a 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -590,6 +590,7 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.D, radix_D, input_D ) == 0 ); } +#if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.DP, radix_DP, input_DP ) == 0 ); @@ -602,6 +603,11 @@ void mbedtls_rsa_check_privkey( int mod, int radix_P, char *input_P, int radix_Q { TEST_ASSERT( mbedtls_mpi_read_string( &ctx.QP, radix_QP, input_QP ) == 0 ); } +#else + ((void) radix_DP); ((void) input_DP); + ((void) radix_DQ); ((void) input_DQ); + ((void) radix_QP); ((void) input_QP); +#endif TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == result ); @@ -657,6 +663,7 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub, { TEST_ASSERT( mbedtls_mpi_read_string( &prv.D, radix_D, input_D ) == 0 ); } +#if !defined(MBEDTLS_RSA_NO_CRT) if( strlen( input_DP ) ) { TEST_ASSERT( mbedtls_mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 ); @@ -669,6 +676,11 @@ void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub, { TEST_ASSERT( mbedtls_mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 ); } +#else + ((void) radix_DP); ((void) input_DP); + ((void) radix_DQ); ((void) input_DQ); + ((void) radix_QP); ((void) input_QP); +#endif TEST_ASSERT( mbedtls_rsa_check_pub_priv( &pub, &prv ) == result ); From 23344b5fccf792a9945e982b59adc2352f596c4d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:43:27 +0100 Subject: [PATCH 226/493] Adapt rsa_complete to deal with RSA_NO_CRT option --- library/rsa.c | 86 +++++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 73 insertions(+), 13 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index cc8f5722b..0808a71d5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -612,6 +612,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * to our current RSA implementaiton. */ +#if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv ) { ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, @@ -619,6 +620,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#endif /* MBEDTLS_RSA_NO_CRT */ /* * Step 3: Double check @@ -647,31 +649,89 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { - /* Check if key is private or public */ - const int opt_present = - mbedtls_mpi_cmp_int( &ctx->DP, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) != 0; + int ret = 0; - if( !opt_present ) + /* Check if key is private or public */ + const int is_priv = + mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && + mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; + + if( !is_priv ) { /* Checking optional parameters only makes sense for private keys. */ return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - /* Alternative implementations not having DP, DQ, QP as part of - * the RSA context structure could perform the following checks instead: - * (1) Check that DP - P == 0 mod P - 1 - * (2) Check that DQ - Q == 0 mod Q - 1 - * (3) Check that QP * P - 1 == 0 mod P - */ - +#if !defined(MBEDTLS_RSA_NO_CRT) if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } +#else /* MBEDTLS_RSA_NO_CRT */ + + /* + * Check that DP, DQ and QP are in accordance with core parameters. + * (1) Check that DP - P == 0 mod P - 1 + * (2) Check that DQ - Q == 0 mod Q - 1 + * (3) Check that QP * P - 1 == 0 mod P + + * Alternative implementation also not using DP, DQ and QP + * should be able to reuse this codepath. + */ + + /* Check (1) */ + if( DP != NULL ) + { + /* Temporarily replace P by P-1 and compute DP - D mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DP, DP, &ctx->D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, DP, &ctx->P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); + + if( mbedtls_mpi_cmp_int( DP, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + + /* Check (1) */ + if( DQ != NULL ) + { + /* Temporarily replace Q by Q-1 and compute DQ - D mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DQ, DQ, &ctx->D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, DQ, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + + if( mbedtls_mpi_cmp_int( DQ, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + + /* Check (3) */ + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( QP, QP, &ctx->Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( QP, QP, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( QP, QP, &ctx->P ) ); + if( mbedtls_mpi_cmp_int( QP, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + } + +cleanup: + +#endif + + if( ret != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( 0 ); } From 33c30a0c7ecbbb09c7bcf8976b3f77ee25d3af44 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 07:00:22 +0100 Subject: [PATCH 227/493] Adapt rsa_copy and rsa_free to deal with RSA_NO_CRT option --- library/rsa.c | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 0808a71d5..9a111b75c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2425,13 +2425,16 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->D, &src->D ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->P, &src->P ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Q, &src->Q ) ); + +#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DP, &src->DP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->DQ, &src->DQ ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->QP, &src->QP ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RP, &src->RP ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RQ, &src->RQ ) ); +#endif + + MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->RN, &src->RN ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vi, &src->Vi ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_copy( &dst->Vf, &src->Vf ) ); @@ -2452,11 +2455,16 @@ cleanup: void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) { mbedtls_mpi_free( &ctx->Vi ); mbedtls_mpi_free( &ctx->Vf ); - mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); mbedtls_mpi_free( &ctx->RN ); - mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); mbedtls_mpi_free( &ctx->DP ); - mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->D ); + mbedtls_mpi_free( &ctx->RN ); mbedtls_mpi_free( &ctx->D ); + mbedtls_mpi_free( &ctx->Q ); mbedtls_mpi_free( &ctx->P ); mbedtls_mpi_free( &ctx->E ); mbedtls_mpi_free( &ctx->N ); +#if !defined(MBEDTLS_RSA_NO_CRT) + mbedtls_mpi_free( &ctx->RQ ); mbedtls_mpi_free( &ctx->RP ); + mbedtls_mpi_free( &ctx->QP ); mbedtls_mpi_free( &ctx->DQ ); + mbedtls_mpi_free( &ctx->DP ); +#endif /* MBEDTLS_RSA_NO_CRT */ + #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &ctx->mutex ); #endif From dc95c890ad4c81e8df66f8a9ab42d24941730fb4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:57:02 +0100 Subject: [PATCH 228/493] Adapt rsa_deduce_crt to deal with RSA_NO_CRT option --- library/rsa.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 9a111b75c..a1a9debb3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -841,14 +841,21 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, if( !is_priv ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +#if !defined(MBEDTLS_RSA_NO_CRT) /* Export all requested blinding parameters. */ - if( ( DP != NULL && ( ret = mbedtls_mpi_copy( DP, &ctx->DP ) ) != 0 ) || ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) { - return( ret ); + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#else + if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } +#endif return( 0 ); } From bee3aaeb5068b6fa3f072c82574c612abc8b07b0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:59:15 +0100 Subject: [PATCH 229/493] Adapt rsa_gen_key to deal with RSA_NO_CRT option --- library/rsa.c | 39 ++++++++++++++++++++++++--------------- 1 file changed, 24 insertions(+), 15 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a1a9debb3..78814bbdc 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -906,7 +906,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ) { int ret; - mbedtls_mpi P1, Q1, H, G; + mbedtls_mpi H, G; if( f_rng == NULL || nbits < 128 || exponent < 3 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -914,8 +914,8 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, if( nbits % 2 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &H ); mbedtls_mpi_init( &G ); + mbedtls_mpi_init( &H ); + mbedtls_mpi_init( &G ); /* * find primes P and Q with Q < P so that: @@ -926,10 +926,10 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, do { MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->P, nbits >> 1, 0, - f_rng, p_rng ) ); + f_rng, p_rng ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gen_prime( &ctx->Q, nbits >> 1, 0, - f_rng, p_rng ) ); + f_rng, p_rng ) ); if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) == 0 ) continue; @@ -939,34 +939,43 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, continue; if( mbedtls_mpi_cmp_mpi( &ctx->P, &ctx->Q ) < 0 ) - mbedtls_mpi_swap( &ctx->P, &ctx->Q ); + mbedtls_mpi_swap( &ctx->P, &ctx->Q ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); + /* Temporarily replace P,Q by P-1, Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &ctx->P, &ctx->Q ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); } while( mbedtls_mpi_cmp_int( &G, 1 ) != 0 ); + /* Restore P,Q */ + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); + + ctx->len = mbedtls_mpi_size( &ctx->N ); + /* * D = E^-1 mod ((P-1)*(Q-1)) * DP = D mod (P - 1) * DQ = D mod (Q - 1) * QP = Q^-1 mod P */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D , &ctx->E, &H ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DP, &ctx->D, &P1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &ctx->DQ, &ctx->D, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->QP, &ctx->Q, &ctx->P ) ); - ctx->len = ( mbedtls_mpi_bitlen( &ctx->N ) + 7 ) >> 3; + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &ctx->D, &ctx->E, &H ) ); + +#if !defined(MBEDTLS_RSA_NO_CRT) + MBEDTLS_MPI_CHK( mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ) ); +#endif /* MBEDTLS_RSA_NO_CRT */ /* Double-check */ MBEDTLS_MPI_CHK( mbedtls_rsa_check_privkey( ctx ) ); cleanup: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &H ); + mbedtls_mpi_free( &G ); if( ret != 0 ) { From 6345dd33b9e8996a4face60a7960ed078c1f9d10 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 06:59:48 +0100 Subject: [PATCH 230/493] Adapt rsa_check_privkey to deal with NO_CRT option --- library/rsa.c | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 78814bbdc..dc1fae59c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1025,9 +1025,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); - mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); - mbedtls_mpi_init( &L1 ); mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); + mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); + mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); + mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &L1 ); + mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); @@ -1041,27 +1042,33 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) ); +#if !defined(MBEDTLS_RSA_NO_CRT) MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) ); +#endif + /* * Check for a valid PKCS1v2 private key */ - if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || + if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || +#if !defined(MBEDTLS_RSA_NO_CRT) mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 || mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 || mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 || +#endif mbedtls_mpi_cmp_int( &L2, 0 ) != 0 || - mbedtls_mpi_cmp_int( &I, 1 ) != 0 || + mbedtls_mpi_cmp_int( &I, 1 ) != 0 || mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; } cleanup: - mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); - mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); - mbedtls_mpi_free( &L1 ); mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); + mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); + mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); + mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &L1 ); + mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); mbedtls_mpi_free( &QP ); if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) From bf37b103708a1d434a26bbe2310088aabb611567 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 10:29:42 +0100 Subject: [PATCH 231/493] Add test run for RSA_NO_CRT to all.sh --- tests/scripts/all.sh | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4..b84d5289b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -439,6 +439,15 @@ msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make +msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make + +msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" +make test + msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" From ab3773123c80c7895f50377def0be42f1d1d6269 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 16:24:51 +0100 Subject: [PATCH 232/493] Add support for alternative RSA implementations Alternative RSA implementations can be provided by defining MBEDTLS_RSA_ALT in config.h, defining an mbedtls_rsa_context struct in a new file rsa_alt.h and re-implementing the RSA interface specified in rsa.h. Through the previous reworkings, the adherence to the interface is the only implementation obligation - in particular, implementors are free to use a different layout for the RSA context structure. --- include/mbedtls/config.h | 1 + include/mbedtls/rsa.h | 8 ++++++++ library/rsa.c | 3 +++ library/version_features.c | 3 +++ 4 files changed, 15 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c719640..ec004f5b3 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -267,6 +267,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_RSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 8aefdb660..0deff0031 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -209,6 +209,8 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, * Implementation of RSA interface */ +#if !defined(MBEDTLS_RSA_ALT) + /** * \brief RSA context structure */ @@ -252,6 +254,12 @@ typedef struct } mbedtls_rsa_context; +#else + +#include "rsa_alt.h" + +#endif /* MBEDTLS_RSA_ALT */ + /** * \brief Initialize an RSA context * diff --git a/library/rsa.c b/library/rsa.c index dc1fae59c..2976b71c2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -464,6 +464,7 @@ cleanup: * Default RSA interface implementation */ +#if !defined(MBEDTLS_RSA_ALT) int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, @@ -2493,6 +2494,8 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) #endif } +#endif /* !MBEDTLS_RSA_ALT */ + #if defined(MBEDTLS_SELF_TEST) #include "mbedtls/sha1.h" diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca3..9bf6c61ec 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -99,6 +99,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_RSA_ALT) + "MBEDTLS_RSA_ALT", +#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From b0c5edcc2f7108604c179e68057ffa8e46d51026 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 23 Aug 2017 22:16:10 +0100 Subject: [PATCH 233/493] Correct typo in rsa.h --- include/mbedtls/rsa.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0deff0031..6e07bfd60 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -79,7 +79,7 @@ extern "C" { /** * \brief Compute RSA prime moduli P, Q from public modulus N=PQ -& and a pair of private and public key. + * and a pair of private and public key. * * \note This is a 'static' helper function not operating on * an RSA context. Alternative implementations need not From fb81c0ec2efbe0ec73990e010ece6be9e9634cae Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 24 Aug 2017 06:55:11 +0100 Subject: [PATCH 234/493] Guard primality checks in RSA module by MBEDTLS_GENPRIME Primality testing is guarded by the configuration flag MBEDTLS_GENPRIME and used in the new RSA helper functions. This commit adds a corresponding preprocessor directive. --- library/rsa.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 2976b71c2..72f661061 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -361,6 +361,7 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, * Step 1: If PRNG provided, check that P and Q are prime */ +#if defined(MBEDTLS_GENPRIME) if( f_rng != NULL && P != NULL && ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) { @@ -372,6 +373,10 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, { goto cleanup; } +#else + ((void) f_rng); + ((void) p_rng); +#endif /* MBEDTLS_GENPRIME */ /* * Step 2: Check that N = PQ @@ -571,6 +576,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } else if( d_missing ) { +#if defined(MBEDTLS_GENPRIME) /* If a PRNG is provided, check if P, Q are prime. */ if( f_rng != NULL && ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || @@ -578,6 +584,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } +#endif /* MBEDTLS_GENPRIME */ /* Compute N if missing. */ if( !have_N && From 750e8b4596c5c0a3d84303b432fe5be60cc4337c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 07:54:27 +0100 Subject: [PATCH 235/493] Rename rsa_check_params->rsa_validate_params and change error codes --- include/mbedtls/rsa.h | 21 +++------ library/rsa.c | 69 +++++++++++++++++----------- tests/suites/test_suite_rsa.data | 46 +++++++++---------- tests/suites/test_suite_rsa.function | 30 ++++++------ 4 files changed, 86 insertions(+), 80 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 6e07bfd60..90c667b5b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -186,24 +186,17 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * if D,E,P,Q != NULL * - P prime if f_rng, P != NULL * - Q prime if f_rng, Q != NULL - * - A non-zero error code otherwise. In this case, the values - * of N, P, Q, D, E are undefined. + * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments * to perform specific checks only. E.g., calling it with * (-,P,-,-,-) and a PRNG amounts to a primality check for P. - * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); /** * Implementation of RSA interface @@ -374,7 +367,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \return - 0 if successful. In this case, all core parameters * as well as other internally needed parameters have * been generated, and it is guaranteed that they are - * sane in the sense of \c mbedtls_rsa_check_params + * sane in the sense of \c mbedtls_rsa_validate_params * (with primality of P, Q checked if a PRNG is given). * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. diff --git a/library/rsa.c b/library/rsa.c index 72f661061..07cd66bec 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -331,7 +331,7 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); /* Double-check result */ - MBEDTLS_MPI_CHK( mbedtls_rsa_check_params( NULL, P, Q, D, E, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_validate_params( NULL, P, Q, D, E, NULL, NULL ) ); cleanup: @@ -342,20 +342,19 @@ cleanup: /* * Check that core RSA parameters are sane. - * - * Note that the inputs are not declared const and may be - * altered on an unsuccessful run. */ -int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) { int ret = 0; - mbedtls_mpi K; + mbedtls_mpi K, L; mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); /* * Step 1: If PRNG provided, check that P and Q are prime @@ -365,12 +364,14 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( f_rng != NULL && P != NULL && ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } if( f_rng != NULL && Q != NULL && ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } #else @@ -385,9 +386,10 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( P != NULL && Q != NULL && N != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } } @@ -398,37 +400,48 @@ int mbedtls_rsa_check_params( mbedtls_mpi *N, mbedtls_mpi *P, mbedtls_mpi *Q, if( P != NULL && Q != NULL && D != NULL && E != NULL ) { - /* Temporarily replace P, Q by P-1, Q-1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; } - - /* Restore P, Q. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); } cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } return( ret ); } @@ -605,9 +618,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, else if( complete ) { /* Check complete set of imported core parameters. */ - if( ( ret = mbedtls_rsa_check_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, - f_rng, p_rng ) ) != 0 ) + if( ( ret = mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, + f_rng, p_rng ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e1c51a9b1..8b1d1d59a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,4 +1,4 @@ -RSA PKCS1 Verify v1.5 CAVS #1 + Date: Fri, 25 Aug 2017 07:29:35 +0100 Subject: [PATCH 236/493] Remove double-checking code from rsa_deduce_moduli and rsa_complete --- library/rsa.c | 50 ++------------------------------------------------ 1 file changed, 2 insertions(+), 48 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 07cd66bec..d0cc9e033 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -88,7 +88,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ /* - * mbedtls_rsa_deduce_moduli * * Given the modulus N=PQ and a pair of public and private * exponents E and D, respectively, factor N. @@ -167,8 +166,6 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, */ mbedtls_mpi_init( &K ); - mbedtls_mpi_init( P ); - mbedtls_mpi_init( Q ); /* Replace D by DE - 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); @@ -231,44 +228,14 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, { /* * Have found a nontrivial divisor P of N. - * Set Q := N / P and verify D, E. + * Set Q := N / P. */ MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); - /* - * Verify that DE - 1 is indeed a multiple of - * lcm(P-1, Q-1), i.e. that it's a multiple of both - * P-1 and Q-1. - */ + /* Restore D */ - /* Restore DE - 1 and temporarily replace P, Q by P-1, Q-1. */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); - - /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, D, Q ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* - * All good, restore P, Q and D and return. - */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); @@ -330,9 +297,6 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); - /* Double-check result */ - MBEDTLS_MPI_CHK( mbedtls_rsa_validate_params( NULL, P, Q, D, E, NULL, NULL ) ); - cleanup: mbedtls_mpi_free( &K ); @@ -615,16 +579,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } } - else if( complete ) - { - /* Check complete set of imported core parameters. */ - if( ( ret = mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, - &ctx->D, &ctx->E, - f_rng, p_rng ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } - } /* In the remaining case of a public key, there's nothing to check for. */ From d363799a9dfde3596a0aa763897abdfd6b4c411e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 07:55:03 +0100 Subject: [PATCH 237/493] Add mbedtls_rsa_validate_crt This commit adds the function mbedtls_rsa_validate_crt for validating a set of CRT parameters. The function mbedtls_rsa_check_crt is simplified accordingly. --- include/mbedtls/rsa.h | 34 +++++++++- library/rsa.c | 146 ++++++++++++++++++++++++++---------------- 2 files changed, 124 insertions(+), 56 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 90c667b5b..734c779c1 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -198,6 +198,38 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); +/** + * \brief Check validity of RSA CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param D RSA private exponent + * \param DP MPI to check for D modulo P-1 + * \param DQ MPI to check for D modulo P-1 + * \param QP MPI to check for the modular inverse of Q modulo P. + * + * \return - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including MBEDTLS_ERR_MPI_XXX if some + * MPI calculations failed. + * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * data was provided to check DP, DQ or QP. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with the + * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); + /** * Implementation of RSA interface */ @@ -394,7 +426,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * before calling this function. * */ -int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, +int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ); diff --git a/library/rsa.c b/library/rsa.c index d0cc9e033..bd72aee8e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -304,6 +304,92 @@ cleanup: return( ret ); } +/* + * Check that RSA CRT parameters are in accordance with core parameters. + */ + +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) +{ + int ret = 0; + + mbedtls_mpi K, L; + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Check that DP - P == 0 mod P - 1 */ + if( DP != NULL ) + { + if( P == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + + /* Check that DQ - Q == 0 mod Q - 1 */ + if( DQ != NULL ) + { + if( Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + + /* Check that QP * P - 1 == 0 mod P */ + if( QP != NULL ) + { + if( P == NULL || Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } + } + +cleanup: + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && + ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + /* * Check that core RSA parameters are sane. */ @@ -621,8 +707,8 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * in order to be able to validate DER encoded RSA keys, * which always contain CRT parameters. */ -int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) +int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, + mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) { int ret = 0; @@ -648,61 +734,11 @@ int mbedtls_rsa_check_crt( mbedtls_rsa_context *ctx, mbedtls_mpi *DP, return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } #else /* MBEDTLS_RSA_NO_CRT */ - - /* - * Check that DP, DQ and QP are in accordance with core parameters. - * (1) Check that DP - P == 0 mod P - 1 - * (2) Check that DQ - Q == 0 mod Q - 1 - * (3) Check that QP * P - 1 == 0 mod P - - * Alternative implementation also not using DP, DQ and QP - * should be able to reuse this codepath. - */ - - /* Check (1) */ - if( DP != NULL ) + if( ( ret = mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, + DP, DQ, QP ) ) != 0 ) { - /* Temporarily replace P by P-1 and compute DP - D mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->P, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DP, DP, &ctx->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, DP, &ctx->P ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->P, &ctx->P, 1 ) ); - - if( mbedtls_mpi_cmp_int( DP, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } - - /* Check (1) */ - if( DQ != NULL ) - { - /* Temporarily replace Q by Q-1 and compute DQ - D mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &ctx->Q, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( DQ, DQ, &ctx->D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, DQ, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &ctx->Q, &ctx->Q, 1 ) ); - - if( mbedtls_mpi_cmp_int( DQ, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - } - - /* Check (3) */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( QP, QP, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( QP, QP, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( QP, QP, &ctx->P ) ); - if( mbedtls_mpi_cmp_int( QP, 0 ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - } - -cleanup: - #endif if( ret != 0 ) From d9431a781748e64f3a90f8a08d3d31fe8dc9548f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 08:03:13 +0100 Subject: [PATCH 238/493] Minor comments improvement --- library/rsa.c | 29 ++++++++++++++++++++--------- 1 file changed, 20 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bd72aee8e..073bde528 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -74,16 +74,24 @@ static void mbedtls_zeroize( void *v, size_t n ) { /* * Context-independent RSA helper functions. * - * The following three functions - * - mbedtls_rsa_deduce_moduli - * - mbedtls_rsa_deduce_private - * - mbedtls_rsa_check_params - * are helper functions operating on the core RSA parameters - * (represented as MPI's). They do not use the RSA context structure - * and therefore need not be replaced when providing an alternative - * RSA implementation. + * There are two classes of helper functions: + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters + * and generates some other, or CRT related parameters. + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters + * and check their validity. * - * Their purpose is to provide common MPI operations in the context + * The helper functions do not use the RSA context structure + * and therefore do not need to be replaced when providing + * an alternative RSA implementation. + * + * Their main purpose is to provide common MPI operations in the context * of RSA that can be easily shared across multiple implementations. */ @@ -504,18 +512,21 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, mbedtls_mpi K; mbedtls_mpi_init( &K ); + /* DP = D mod P-1 */ if( DP != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); } + /* DQ = D mod Q-1 */ if( DQ != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); } + /* QP = Q^{-1} mod P */ if( QP != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); From b269a8584ac6a2cf0c246cf7d45c370dacf38e20 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 08:03:21 +0100 Subject: [PATCH 239/493] Change mbedtls_rsa_check_privkey to use new helper functions --- library/rsa.c | 69 ++++++++------------------------------------------- 1 file changed, 11 insertions(+), 58 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 073bde528..903a57ca3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1038,66 +1038,19 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - int ret; - mbedtls_mpi PQ, DE, P1, Q1, H, I, G, G2, L1, L2, DP, DQ, QP; - - if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) - return( ret ); - - if( !ctx->P.p || !ctx->Q.p || !ctx->D.p ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - - mbedtls_mpi_init( &PQ ); mbedtls_mpi_init( &DE ); mbedtls_mpi_init( &P1 ); - mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &H ); mbedtls_mpi_init( &I ); - mbedtls_mpi_init( &G ); mbedtls_mpi_init( &G2 ); mbedtls_mpi_init( &L1 ); - mbedtls_mpi_init( &L2 ); mbedtls_mpi_init( &DP ); mbedtls_mpi_init( &DQ ); - mbedtls_mpi_init( &QP ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &PQ, &ctx->P, &ctx->Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DE, &ctx->D, &ctx->E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &H, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G, &ctx->E, &H ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( &G2, &P1, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &L1, &L2, &H, &G2 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &I, &DE, &L1 ) ); - -#if !defined(MBEDTLS_RSA_NO_CRT) - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DP, &ctx->D, &P1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &DQ, &ctx->D, &Q1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &QP, &ctx->Q, &ctx->P ) ); -#endif - - /* - * Check for a valid PKCS1v2 private key - */ - if( mbedtls_mpi_cmp_mpi( &PQ, &ctx->N ) != 0 || -#if !defined(MBEDTLS_RSA_NO_CRT) - mbedtls_mpi_cmp_mpi( &DP, &ctx->DP ) != 0 || - mbedtls_mpi_cmp_mpi( &DQ, &ctx->DQ ) != 0 || - mbedtls_mpi_cmp_mpi( &QP, &ctx->QP ) != 0 || -#endif - mbedtls_mpi_cmp_int( &L2, 0 ) != 0 || - mbedtls_mpi_cmp_int( &I, 1 ) != 0 || - mbedtls_mpi_cmp_int( &G, 1 ) != 0 ) + if( mbedtls_rsa_check_pubkey( ctx ) != 0 || + mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - -cleanup: - mbedtls_mpi_free( &PQ ); mbedtls_mpi_free( &DE ); mbedtls_mpi_free( &P1 ); - mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &I ); - mbedtls_mpi_free( &G ); mbedtls_mpi_free( &G2 ); mbedtls_mpi_free( &L1 ); - mbedtls_mpi_free( &L2 ); mbedtls_mpi_free( &DP ); mbedtls_mpi_free( &DQ ); - mbedtls_mpi_free( &QP ); - - if( ret == MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - return( ret ); - - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED + ret ); +#if !defined(MBEDTLS_RSA_NO_CRT) + else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, + &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) + { + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } +#endif return( 0 ); } From 603b8c62c44c90fd37babc6743868252b39c18d5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:03:07 +0100 Subject: [PATCH 240/493] Clarify guarantees made by successful mbedtls_rsa_complete call --- include/mbedtls/rsa.h | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 734c779c1..48b0145eb 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -396,11 +396,9 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * like the derivation of P, Q from N, D, E, as * well as primality checks. * - * \return - 0 if successful. In this case, all core parameters - * as well as other internally needed parameters have - * been generated, and it is guaranteed that they are - * sane in the sense of \c mbedtls_rsa_validate_params - * (with primality of P, Q checked if a PRNG is given). + * \return - 0 if successful. In this case, all imported core + * parameters are guaranteed to be sane, the RSA context + * has been fully setup and is ready for use. * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. */ From 771d30edac2f8b38b4d3e628cd62e109f2a85c1c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 13:54:04 +0100 Subject: [PATCH 241/493] Add missing calls to mbedtls_pem_free in mbedtls_pk_parse --- library/pkparse.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/library/pkparse.c b/library/pkparse.c index efdf43746..de0881adb 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1082,7 +1082,10 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) + { + mbedtls_pem_free( &pem ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + } if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), @@ -1114,7 +1117,10 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) + { + mbedtls_pem_free( &pem ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + } if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), From fab356996336ba286d71b5747ed981b6021878ff Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 13:38:26 +0100 Subject: [PATCH 242/493] Use in-place decryption in pk_parse_pkcs8_encrypted_der The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit RSA keys. This commit resolves the problem by performing the key-decryption in-place, circumventing the introduction of another stack or heap copy of the key. There are two situations where pk_parse_pkcs8_encrypted_der is invoked: 1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key. This does not need adaption since the PEM context used to hold the decoded key is already constructed and owned by mbedtls_pk_parse_key. 2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key. In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with the buffer provided by the user, which is declared const. The commit therefore adds a small code paths making a copy of the keybuffer before calling pk_parse_pkcs8_encrypted_der. --- library/pkparse.c | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index de0881adb..3368f5bb2 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -936,12 +936,12 @@ static int pk_parse_key_pkcs8_unencrypted_der( #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( mbedtls_pk_context *pk, - const unsigned char *key, size_t keylen, + unsigned char *key, size_t keylen, const unsigned char *pwd, size_t pwdlen ) { int ret, decrypted = 0; size_t len; - unsigned char buf[2048]; + unsigned char *buf; unsigned char *p, *end; mbedtls_asn1_buf pbe_alg_oid, pbe_params; #if defined(MBEDTLS_PKCS12_C) @@ -949,8 +949,6 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_md_type_t md_alg; #endif - memset( buf, 0, sizeof( buf ) ); - p = (unsigned char *) key; end = p + keylen; @@ -985,8 +983,7 @@ static int pk_parse_key_pkcs8_encrypted_der( if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); - if( len > sizeof( buf ) ) - return( MBEDTLS_ERR_PK_BAD_INPUT_DATA ); + buf = p; /* * Decrypt EncryptedData with appropriate PDE @@ -1087,7 +1084,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1122,7 +1119,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); } - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), pem.buf, pem.buflen ) ) != 0 ) { @@ -1200,12 +1197,24 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, * error */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) - if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen, - pwd, pwdlen ) ) == 0 ) { - return( 0 ); + unsigned char *key_copy; + + if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL ) + return( MBEDTLS_ERR_PK_ALLOC_FAILED ); + + memcpy( key_copy, key, keylen ); + + ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen, + pwd, pwdlen ); + + mbedtls_zeroize( key_copy, keylen ); + mbedtls_free( key_copy ); } + if( ret == 0 ) + return( 0 ); + mbedtls_pk_free( pk ); if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH ) @@ -1223,7 +1232,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) { return( 0 ); @@ -1236,7 +1245,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || + if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) { return( 0 ); From 37c6b6b339d8eb342ac610d4109453e5699dc536 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Sat, 26 Aug 2017 08:15:22 +0100 Subject: [PATCH 243/493] Add tests for encrypted 2048 and 4096-bit RSA keys --- tests/data_files/keyfile_2048 | 27 +++ tests/data_files/keyfile_2048.3des | 30 +++ tests/data_files/keyfile_2048.aes128 | 30 +++ tests/data_files/keyfile_2048.aes192 | 30 +++ tests/data_files/keyfile_2048.aes256 | 30 +++ tests/data_files/keyfile_2048.des | 30 +++ tests/data_files/keyfile_4096 | 51 +++++ tests/data_files/keyfile_4096.3des | 54 +++++ tests/data_files/keyfile_4096.aes128 | 54 +++++ tests/data_files/keyfile_4096.aes192 | 54 +++++ tests/data_files/keyfile_4096.aes256 | 54 +++++ tests/data_files/keyfile_4096.des | 54 +++++ tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 0 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 29 +++ tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 0 -> 2422 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 53 +++++ tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 0 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 29 +++ tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 0 -> 2422 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 53 +++++ .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 0 -> 1254 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 29 +++ .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 0 -> 2414 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 53 +++++ .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 0 -> 1298 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 30 +++ .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 0 -> 2458 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 54 +++++ .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 0 -> 1295 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 29 +++ .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 0 -> 2455 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 54 +++++ tests/suites/test_suite_pkparse.data | 212 ++++++++++++++++-- 33 files changed, 1105 insertions(+), 18 deletions(-) create mode 100644 tests/data_files/keyfile_2048 create mode 100644 tests/data_files/keyfile_2048.3des create mode 100644 tests/data_files/keyfile_2048.aes128 create mode 100644 tests/data_files/keyfile_2048.aes192 create mode 100644 tests/data_files/keyfile_2048.aes256 create mode 100644 tests/data_files/keyfile_2048.des create mode 100644 tests/data_files/keyfile_4096 create mode 100644 tests/data_files/keyfile_4096.3des create mode 100644 tests/data_files/keyfile_4096.aes128 create mode 100644 tests/data_files/keyfile_4096.aes192 create mode 100644 tests/data_files/keyfile_4096.aes256 create mode 100644 tests/data_files/keyfile_4096.des create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 new file mode 100644 index 000000000..35f6ee815 --- /dev/null +++ b/tests/data_files/keyfile_2048 @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEogIBAAKCAQEAieB9VRoWSXNwOBE/oR4/BhFEh8goR4jIysmjU2v6+WU5Xjtj +/G0EHK6OKpqUNF0mtBzeckZokzUOFt14VghYrUQKwYGb5Slc6ghXaQLeAkr0dfKx +JgTj6t5mMsqV3CrCFl/P6DAEyRg8paquPPYHczkwM8UZRB002IoYNXpLafM2XTnB +TKlskSWU/h2JzWrwwwZkMKyHAuIQ44x8vEtqSJDmX72qKJgsXJN54Yh1IPnMxXam +St4FtOhJHDHDQRB96tpzU9wGIcIFzuyOP7gUnisyobt9Xz0vc+vingOn1jKuQlyS +3fUpJHbGvwsTndLVsmbnlK9hvu1CAUb41PBoAQIDAQABAoIBAAjSPRKRzbU7VoWv +zNNhHQUlW64YR0N0Y+xdhD6VHQSRzl7SC+6dhvLS1DOzmiHTh+NkKXNEP/KTJWif +GNDgTdQgE1QYF8JMqC4tBHKqhUu+Qe+97EmTbIWdXwqG3Zmtfqdxz9p6IARBsbej +uOwbjZR4pzXYuWobOENWaoAZZ/PKS5yo6oMTgmn4navy2QJ2f7fduCF4YmMXRpnO +ORhAx1HCOgymPEhUzXaIiRsDzqY9nVxpz/S4UBw61JL4zQHTJpFe6EQokAFgsG6m +22cEvgdTn7cnf+pzh08XByXbD+WM9CYxe20GhtG62YY1zRTgK+9rxhiHobmNk7VU +YWQDEYUCgYEA/krm/p04dYRaRXcSOCdei57+R5toYYEH7g2DXaKLai171gUzc1k3 +z5TdXGSBBsAf59XBZ/5pXUgHzoOvd6d6aaVey7vkiaZQy9k0wbPK3qgFPhK1YbOc +UbMVEigtDLg0/5ZQ725mfXSp1oUsDbGEVTkeTakb8bTNr6qwtbzECP8CgYEAis17 +qAFQRWoFo6AqtAyG+xFC6C/ih5eboq2wibusXfloeb2dBd8ARpjSZ8H25+8m+Atq +fZRMzMfKRGRI59w/a10knRaafaVYFW27lMAuG8PcYeuRnM2MH1lFTsnWArBJKd7N +0FczGVMEufH9l+xaLLt76o3f3KTBScAk5tFSjv8CgYAa5qebJdy0KeU21graX+fT +k2VJA/q93d2N5GYSQMDI4bjpAjHYMQcDcbcdMBCqOybk6qsEKljRIm6Y/TtRyCje +Bj2KBf1+Rlbjyb2YBEIg3dt4HpiLlmmiBvTir9dcMhyBMVCsk5xKB050QDBR3oam +UV2QT6SCJGNiAwegojCG1wKBgDbLh9V7L0U35aICyNjrWR4kYlVnEfaVU0uVZev5 +usIeg7ALusFml6VHD0kGuYI2Vxv05cVNlkQBW0hEjsN5n0+zJZEeKz8O1wcemr7O +X2V2nLnLVWChhH+brlC8PVAyZ6+v1XA5/GIy89q0PXiMRc0C9phSCd4A7I1A3VCB +siXhAoGAJtiHq2Hy8Oh6JK+vEgXTyxYkqc8TRQn+sdg++9ObBv58XDGCwzvkK1J8 +NCLV1R5tOssownh9RkGbZ/qrhVxreUfSXa3tCuyF7bD0URULhCYCS7BNwVEHCUol +BwAbLAtcDnWZsVkpyCD/d8SUCovDyNLFMxacu3MuZCQuRRvnNqM= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des new file mode 100644 index 000000000..1ac99fc4d --- /dev/null +++ b/tests/data_files/keyfile_2048.3des @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,769BBE561AFA55C5 + +4nlR2uEny6CDJHEdEG8Y3CUh5Pn54k7lCgd9UvP3CAo5DmKn7nGG+1Hvjky+dLD3 +pDCLOKKNUYM7Dx+HWw4SSfQzYfq2NySnTvnkGITEQfoqIBjQ+O0jkgPS2MTaB+lh +Vs0DYz26OWna8OAjR2gxxXxruCLmY4psmqYd6DX3yIlFawDTwFSbbhZpEGtJ/i/m +aQ1aRZGEgCgpmVIEPigHJaDZYUP6pSev8FPilGm9QbGkJSK10HIrBrk3xLAQtZVB +SYs/k3G7ZUNFF8GbvmyYmnx7Pfzsx90RZsHjRxW7je/eY5v7hf9XRcEnefLQ61ux +lfBKW8S+yVZueC34RIupsYKd8K9/iaAwkpRaCyiVNKicBlgoKPYSr3xGk06DMTTU +vYUZ/Usa8Bvc29MP+qHb/D4D/fKZiHJABNEVecWCnCBdZbCgSlrjEKMVeYg3nTAx +VrkvcPenfafuIBLPb2zYUGlehNmd7sWWVqCBQO64Xlmwy6ALpYBwlBUwpU75jB4w +H7duzO1+UAAz0WssleNKKbUc3YLwpojU6/y11bJw51BFjquTfxbkoTuXvALLiPQY +yUmFze+2DYeCRhlz/rPePHh9JzHBnm94vo48uThNzvf6aAdrqgHs5dbstotKpqW8 +bhlhzKdYjIcWV2JXV9klX3l7GA4aoSSlJAmljyxjGYPM8G3Zl0S/v9nUFXm8/o+e +e8HTTKnCUUUGOyForwo2mzoeTiDT5R/L5divX7Ni+liqQXWAnQEsHi+98RfkdDtn +86lW1uqEVLRT7E98fHDdSLtIXRbgBMO76dExWvqwtPPDj2UlOK3x4i4S4AOf/iy1 ++cmoBjwUVDcj/AaBBd9IzbSu/YUKxFNwmi7KPOJ2ZfJncqixoNb2cUPrWg37m7hD +5dodU4a56lUn04phzuem4z4HmNJqPFIDGUfePEQvgbkU1n+38yW7pQeP2xhJEYhv +ZqnSa1HK/mE8dZOldPQtOwUr4FwTc4JQwNW6vRmx1eothOfoaWpMWFPMOfKqL20O +JMN66nIqB7f0AXf+b2kVgTH46di/ldnbG5kj94h4zRd05ZfYJQKFktMYpi5/D+gS +7uZU7kLMeg4Ox5m3Wy1SuvIEvrdUtAULhO9i6DKu1SAn+9HPML3//hAxVmocJa5T +IGSSaOjRGluhbXjjGGJjm4GKP6WWNinprkT9xi46bWOlmi7/r8MMkLQ12aIeIwnY +1ClnkD+8AVDqZait8qZyJ8zYBUaS/v5lCS3tsTmjWfECFOsuJf+asintIWBP9tfj +YJPRxqpQ7+Idgd5a5LfLjalC+nLP6MzYoYtG2/erUr/YAYbr8Nmce9XH0m9f9Qhz +wGDRv/ydOJX+tK+ElPebeodDh7YGnOr/wrwTuuM/EQ4t/gFOYT+uFsrH4XvUAKU9 +TI1PewoS6+hDTzTB38KkYzfYPzVmRPHOegQWUf6QBYyWXg/2aL5am+S82ROCh+M2 +VZ0vHXs6b80gNBVm3wmCej51//biiBUZp/gundDksI4z3ucD6feQrbx6Qhlu6YTF +TW2LtoRtE+LdUkjEBZD2jwQKWIAXxY3/wMBeEo59mnBrbgRMfjYESQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 new file mode 100644 index 000000000..847cb7fb1 --- /dev/null +++ b/tests/data_files/keyfile_2048.aes128 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,3ACD4E1226A197871FFE1D9EEC0BE0C7 + +yCMsLxfTSxyPdDUOtPAfcyMkUT6x3XsTPnRgBWGL3+tR1WviaRivMd0dHDH3gFS6 +NFaWZ4RLqVmj52D8VmHVGaZTup0Xeeoog4M3ooFerM8RMINZq1U0VW7o1BIMcWE+ +FIkjP5UP2+rhDTZbbU8YoGa0Q6cOYGRzu55c/x59S1QAz0M22MfpstNw1Gd+K5vH +jGmvdEkkPAYMh7t1kFMHt8Pt4hyBdBO9xeOJTfGLsWGQl6PZVLhOCH3pVHMSa3Z+ +7yu9CmUmFoiiKxzx4oavwlcPnzYUtnUoh1+Yvc3wzDwPiq4/rVtxMRGJ1GNO1nyP +sCTj/DKRzQY9ca06HRl6KQP4FLILbxLodOHWLj8sAEgIIdpAX1j2YBkvMR2usldD +RwEl6sBrldVz/kIK9BF6ThAFKIEHs6zNhPI0H1KC7AlsWFXxn+mHMwpg04Kw7Qdc +D+1x7EdiLMR8pcHxYYVhfgIJwnkS49wQ2ujn4vQijmWrXkB1n0soxTGHZiZr/J+i +8AzuS/RXwb0XzWD3wUivArIJSG5gF8u/ewfkSQcHrNFD2+O43dApEZQWx6EVPXBA +DDHO1HbvGvN8wvo9SlgN8cL9DlMRcmUp9Y7JYohCq02t8iPwAP11dMUjc6pA6a1G +He4/IB4H4E80Ldwz4L/KiP3LYwc6DoXz7C7XFrYHc/tvQ5Wl99Mk2shxhPmC8t0b +1hrNQFm00kL8ieGJMEi4hcSzG557CK5OKqigUWBb9hF1z/D2hRNt2rF8+6YmkmLq +HJgtyb7I5+u/lrCkiYjiJEJIwHVyaOswaMGX/VFNHXYxsCowslvRKhHGPIFfGzsv +H4LOjGEF7YDr+wb72WYmQ7aMIUTntmxoIlj90WRsZBSzs4WeiIE9zOkAUpq/E13I +fKbxvOSJoNnkQ97sWSq2KkdAa6Cni81c1aVPIBWsfxf0zHoffpHcLEKdGwvR/QOs +79KjkBypahLIqKLSv+/6nUv4cgHryrWV5SGBA2tDU9Kpd9oFIhhRFALnX7iHoY9v +zVIXa+I7LnL7J1vY2r1gybkud/dW5cj8ktBn2cPIKWja7OwdQ0r1XP3agHUng5F+ +fS4KKcqrIJc1u8jBKW2iCZ1blPL1dHnD882IaKbgAimmPPWY2M3V3NYY+U/HCgRn +dPflKeuBx8EVj5RnXJDb9hKyLUHZ7rwWkJl4ebPNKidCbdJTAge5BLQncbOwjytV +M8HdMtk5AzBZ7yPQ9UYrUpBJZZtV4fTY6Anlz5KtUAuQluAAcIMmdSQwL2nuimMt +Q65Ws5gvVx6CA7JVfCgLPt577z7EUNuGPTZ2MVOgsok9KDtkm30QZ7btB6H4eROY +H5qw2z6+m/LXhS7MdlLChbUJYQ3REmfHoiAPt+wiHVCvb+iTkMaWd41F3L9Ku9Kg +4XsNsu1I695Mxgoy0cokJrx75OAML8UMcc3JBSKiT2Tyqa5g4LVitqRzC+Bmywn+ +1LV0FLViAeOa9Znq4oh6YTPnq2obsYgDDWwXLd19T6zZMyIuyqFIKheCUjb8Tkcd +X0Yow6UfByeYxRsEcJ+kOGESjglGHCd1hVP5oaXfopmEHDV6s43o1LDNTO3lE1ft +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 new file mode 100644 index 000000000..7df17ef8c --- /dev/null +++ b/tests/data_files/keyfile_2048.aes192 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,0FA7D4B72A5225AAD0A49DC257E29504 + +j8E0QV2YwI9uwTQIW+nl+LP6Fe7uTQsalCqvSLGuEy6uBeyjFMwaW7Sovz0BuHIM +ZvuL/KEGJnWg259cK/dxV5PS9ATz7ak/2rkb/rCKxYbPoFjFb0PIPqPhwuD4KCvl +obeT1NQFMeE+yOQW1Fe0hCXwRtGjw8qQVMrfb5sPuvTLSvD31XuzBx8AhYWZWJ4T +ETnVqTYahGFJfwQclHxIRPDiflmPwK0mZKtNZRDk5EA7wUQ+jnB/vKbdrSYcDS7q +et8n13+KjGucYX9rBHRo44AksP4iy7IwmNLdV00zND3jr8lcg39zjZd+5Vgj6mtA +tPZrZ12TFJQ6R5mVwnNTousWvYEY+fCe3xa7hNMzYQ2royLj2Y4cL/r9yrqhwJTp +yqYBIDH7t5xEvwww27vNiMrpWBrJ81O83bsGJDwn1knOjyO48zyZWSvBbCEPmPQX +B26mVBa3Ihp7uWfySnFFTDBc/bo/PBbr7YcQmRtt70jl/h4w1aOyrY3GHNL5j+VP +RKbZHkFbdTcsGIMil8uoWNA9ysra7xGvd0UdqpEffXVmtTrQ8i18FiqW3RsJoD3q +gw6Mm59LNaQJYe4/K/yaVKSJjOZb+a34sQjWjEOFWfDx2Go6/xZiQYRZAu3BFG5E +rs8F0RWAI27KTyVi1Nyv1FB/FVjhhrZHFJ0Na9Pn+EwaQ3UHbgOnAYzrWrMpviF5 +NTGCCXNLezbUFsHoY+Aa4kDD6O9PCYu8QD4uxAA9lrdYzdSFYGMaODpxkbCOyiws +VHm7BdNpFtXDcNpe1pJqo2MwpubR4UJf0Sdb6Vny9wujhHK7mvG4yuPbgcE3JFgO +hwutCwfiuErcCVmDUz83g0cwb+kCaovHFOxLMcf83dIOHPLQ7RlipBRxNFAr/A0z +cE9gJn2mumxX8AznBq+CjXlDe3okJY+gLFPQRurLS7HLkx9HCC5hC1Rtz+ublt4P +MMd4IONQPNAyycgK3v3U2+tYXuDY+Ys61p5AuHtWXc1drGw5oJICW7XJo4qpuzdF +V1iArLM488o1dYUJsA1ZtzaahmjfBBKOSYWmuxkG1VbI66Gr03gvTEM5itrBYBSO +4LMO7v8q7Ee7PATOdfbSzepEWNK3FwxuPIssKLak2FYHQrHMj2n267gUxUqN0Vql +Htz3yqFC+2v9GYX8M0w880SPbIiya3YBoQiNsvvJiQPX7LOyfPeVHQcBAtNiFEqU +zpnHZmTNp8smBNDjnnDG/kvx0AZma3jKJGInRKAm1Hvq/OxcgY3MRFFFmqFHJymT +2/TaxY+uKTHuemDktqkagjNrSkfl/pUkVBM//kSToQipvPPCSY4IrxCEy3evokgD +l8t//cSxZ+gysNSb5BfUVn0OacdCMNX59N+6EZqlemRP12br7EGZI51TtRI9Yrf5 +wTHgAJYHUzdlZFXY7Le9rlAqP9NvAyHeco13usz61hft2VYbzsSLCpr9TNdrWAp5 +STiqgigEDSdadgVmdGPW7wtwo/sBSJqn4t0E3ft21hBnZTrJMtVOjaOZH1vAjbbg +GMAYWVm+kNQlcWZ/5m4d5JEBqAO44uf2DOJFKB6BSqMq4uLRMd2ad36D8yD20EoU +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 new file mode 100644 index 000000000..c4528af54 --- /dev/null +++ b/tests/data_files/keyfile_2048.aes256 @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,511900B2A1B48AA3743724F105949A8C + +1bvPjaxx3owwhwO2763Zv8MDBgVZfK2hF+5pujHKuw3YH/Qntpnml3nqkSV0gLAM +vqxc6u2HRZFp0PhEEgeFP5UWhLS0F+lTByVzHThe+e/ihgvzZUFyto0SqqBz7hui +9BIpTGiGMckW7+AwzE3PgBERus7vTYxlnkvXjyUGsDCgfiqsfyU8I7q1s+3Tk8D7 +dCCHjo78bQ7uQ20htuje3bZqC4/AySd2k9UcyQ8QhdqCIgV6NjrT6iEFdkcwBPoh +9ZcbK6KWxG4zoKOmVtwrMfjEDKKoE1pJw01qE5mOcUJ+iEiLmNrZxQkSytu5A67d +yy34rEXs7MI7woh/TVW+rXlQcWhMlRSmsU3VymT7ghbXJQxc6NBTkvolCpz/tYdQ +0qr0V8khTQXWj71knrVdwe/NSaKX5GHJHs7Fp+V2L20uDgTc64x6JlLB9zpa+PJp +1LslcakIUsC/MXNonm7xZi0m3YoVQzXvMxAVY5PwMYzEm01olpxCakZo6LY5EjUs +bZElTHPey4RckyZmHwAzDLH6wcVFYdjhMWS/cHmJm6/j8jIRnFMpICknRAJgvfRf +zIm+WPZ6dUF2twRbbCuC6s4NxoKWTNRmzSRaxVt9CjLxOvuO41wJZ2aa7j+krlS0 +4SZo6Faay2OATt0eHhPciA2JlGUUyocIbMIxw4Lw8esTz8LU4xQIOUdR7hO/biv2 +Fdceg9iNajXem3pUF1vrkpYEJKaaIzyW4STaquF66XymP9qFwsMA09bv68qpJhA4 +Tg2Oo+3mWXhPv7zOj9dgmRjDMN5A6UBOjIS+bBkqBvEYB3X4h/YFJvHiwZh5YQDS +y0fObDaAl1lAFRDlUQgj1RhdGFzb7EKGi76L1AJ0ifYKgo29UTGZZ6G6OoMH/dNC +UdXmKuv3/zBDaJMY6to34D9qnYZvqzyyFMJjDQ6U+SVmxr0+Mc7yKMRp/pNFKVH1 +1jXg9KgpyE5YSFkNy5jNDMOkKpYE5AxCtw0ZL6YqElWIYESBEp8bwiK8TLiihZIM +cNehQUEeIXtlbp+jdJdF7Fv6NlQqi4LYW+z1ismkRGqRMFpatCWDZgTE3N/WtenZ +fNgG81hdHtGjGu8u4ZaWiGICZeEHLDHHnnJInPv0vubHfq6QpZXCf6wglgWcCAOo +iSC+wPkMxSvYv2NPrXSKObwgTidtFxP6Rif3Tw1K0NbQMXwiwlFlYJzSoScWFXVc +Y0jwHQYetW0d3s8pdRlfiMuH9WcuyBKTPdRp2qJbDvMPhIkyCfxlon1Y6HudM/LH +TgtDvoocD+Hz4eAGjtlSPALEKFAw9jk7PTh5n5Xi8PQOD9BtmVfKrGodCEVvsuWS +2D4fIBJrRn1gx2S/myv9NHdY27RhM+aE0ec+hUyIUbtX8nCtwYiD3aM+1pLqpbBt +uanVuLMGzxibRDHXgw9gaPMZU/9Abl6jKP73kSSybCUsLQaqlmiaXWrt6Kb7Lz9Q +GKECXwTRYRWKm3Pr8aLiP0sNCx0mpYbrNB91QGYzMxIKyqTh9ccMmYbWCgpW9xr1 +0ycuyY2KZO1iZZZvX7aBC0HiXpmoeBVIwCEx5VnQRa+53kmPrvgmAD4UxOZLH/wg +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des new file mode 100644 index 000000000..048fe7973 --- /dev/null +++ b/tests/data_files/keyfile_2048.des @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,4796A5CA4097FA2D + +Od7a7T2LoN2Hf00FTfCe+ZMu28YxdKLYKE5WF8YFC9FxwcO3mYPo7ROHZNG3sxvC +Er0NpOKSOg4Ni4QQKLCfiTljV07dK6Cy/fi20a74x73Vs/AC241uNlDBr6/R2Aht +nQqQxi15mjvofHPFtfG2wxhAMVd1j+hYKjrV67+X7x2GHxthRZu0vy0wC4HJSZWT +1SigoP6Lh6lbuaGdE2qvgqycD8NYLPEvYEyVr9FnnXg2W8wtSA2x8XqpHc1szwjO +XCSS2NFkkwMU7sVEzhz8wufbiG7aTFgQ4BNY6CN2u4sbfpWVH06vITPjVXeSdqbh +qD6jXSJbUyk7uBcRV8XUxuiOzzLQX7ijn9Hid2pX+TQhkKNYUZv1L8MrffYln2+L +txRYlOn0zl9T84amHwbwvRDjbrO0Kby3kbquGsL6EpHcq5HSSrPzqGjJeYOF5Ym5 +/xO52cz1YGU340eEJ1K1liW17pym6hy8hiD3xO/H0d2CLktp1aPKMX/HBkn4i7dG +8JmPySxMCBn3/vTps+4+tL8M63cNOOF0eb5RwhgX3hRk/bne1zvLLsZokGR4Z0Kj +Ru14fX2OZSpzzSthrcFWVygo3jlDzNzQfmf7s8s9XXH3lKQp1yNIYORqIyyNWGab +CRWoBNCpMcQqD3vCoi+NxbbA/tBc/TQTi5S3a1KNALqg+O+GoSM10qXFSyI55Nlx +EOmsNpS2T18E5eFjiQwuj5j6/qzMUDqFrt8P+QKAFDedJK0VCohIbALF7tiN0QR0 +EUfx2D5emuO+oMF1pa0XXy1EiG137dscOYxkcLemAkb49kv7dH4rAmU/pBW8GpwN +q3EVxN/0kCrS9UGU2w0FJxQy8nmkM2spnkUI0vMbDH1YWFi3hZE3oNs9VdIImXYo +IZ4nvkFJ3DRZxtV69CJGPwvypKG7v/BoHJNsupGBnsDhIN7gePKz7LOV+ucCg+yL +ZC+s6iN8CdvEBzmZvE0IdcGZEPKvTlbm94+uOVm7Vs5akbdbcHjUi7eeiOyYgC22 +0ACV2bKFcKbD6aDV+963luMfJxyLi/G8qUmjD4PRHxwg2C10NHmgD0fqA8V9urqZ +OY7KY5UZ+PQKN5YyJUKWEFLT+uMoH/q7ChwwSZbxUhaN+QTskr4eVIP8n9XWGyNo +VHlLx3tBjrFnkLwnlaTtXxcGGBQt7x+et8Imlgut9f7/w/2GKYSVtxuvLWNjfkWl +0+QIntSyRDHI3eVss+KXSYLyp4UafktHdSi0mIx+Ia3dpPt1ZPLo1IB7xebGCBx+ +9pPVhzfAIVx4B8KME8hcsR+WDUB46KoBpzMQCrmDfU1jdr1YmEXUZFk6m5aiGXsA +hm+VFGxx8m/eZUexvOo7JJ0A4zpQahUuaCpqmYQ9eulUCG59T6t/4mZoHrRfrVvs +qDfHQOgCqHwACgPn4qcn8uLym3L5TqY0o7yjhRHsCPUg8nN3Kox7Wv6xEDfLLFuM +vvNsqWvqyrPPUPV8FQKFZd4DquElvJg/YL0elZ4WvrxKs7qv7+iEGUNQQe+nRxJW +O9hCWxvg0Sbq5+i4P8qmBS64auGeTqM2NouuXBBv82dPZgx9ZFzBDw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 new file mode 100644 index 000000000..4999077ae --- /dev/null +++ b/tests/data_files/keyfile_4096 @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKgIBAAKCAgEAkfkL9r8wEbm5rrsc9TwDi0lUaf6MPgYt+31JveSBl3EAX2HB +DlQLXSYHtFpj1p8Qi6peXf4U20+o6+MefB35J9eN75cpl4F0UY1zoXT3juF3T4f7 +/lGiHLevqxvEt2acK9/9YQYBV5iydDiPWUpOCTgMSsU1j9YklcSC7U+oVgTWXVla +80P53fw9yPHknM6uVXzgeI2A3/FaF4WF5n2eEZTLMRfxT2C73ySgZN5kWgaMjJvP +x/q5QJ+cLH9m/Z/xm8fDSWHrB125iAnLYOFNLkYIpLg/Tc62gZLzFyQQj96lIkqj +p+hoLrf0oRTKwkicOiIug0OP+CLrX4AxxZ1eHF9DMFgMMS3ymQvLl732DMyyJfyV +tXgeb8AKBuPAg9GNbDfZktJ9Azna5FjOeqngu/5Svfemd2gSLVLwiDGjm19euhG9 +01k85Haos2NjfvQZv8R6H6df6lGkch4tFMbeSaP0OEIukJU3agGRq4r9CrdbtoKh +7s+cewsbQf7xIkRGdovV389MotB3CO8wzamrJ1DRcmuFIhe64r0DhUZ8IUv8UAHc +ZmZ/uZ+EZeQOdz04LmcBV1WUqllU0jLTmKUk3X4dJ9E1/VDFbGmvstshdVOtDAHD +xI7hRLYtDYPYqpvIEuRQHTvDqtKzeVP5wU6Fqrsq8nvP0m8Vs72mmWA7JgECAwEA +AQKCAgEAgrsvEc9sd5OETo7ZgnA7JFWKOlt0sl/Kcr9keaLaxQy5LrNXuUNf4g6b +O9TwMVjH8q2kUj2p5DhVqtz/gl09tYcBYSBaaYvQ5vDuLB2bUOVwe1PoRX5K17lS +pMX7yd0l5M14GZrNPOxOdnPpPiij9vGxYI16SNWacl9Kesqqkk9GxNev8spgT4UG +uJ6bBiy8SWfLiWwBjY6UBxjYMPMzy78cs10kCtkxqMketPfPnCjdW1h4IDvWCaBo +uBlp3Z+PPNsNdP0zBqfT75gGA0AEZXrnZs50M3T8UtOOzpzIEHFwJ2P9afVkyOKL +PnBmntV0xUOzsG+j0rFDZ4ZiDP/BNfd3d3G3wDSYuUcg2XZe5VvdGOFkUAa4zk/z +6DI9nB6aEfq06GA9emaroTxNEED36dhnr82rV5bqS3RaI0sdPDOG7UGsxGItsdft +7L7/rzfMgI5wOyhNdOgeF4rdGtzADaRXMC1JblON1n/G9tbRJIVeELWPwSb62aQJ +rVYNafJjUWejpWMVd8NSBeC2s/cmhhNnF3ZUjHRh4fRx4jfTcPuuYi8ccwULDp9m +lbryYyclm1eUHmi8Lh1A2j0yZf1OTAaEQPQ62HBdlOnM+mgSPYI0w3oW68BOp5qQ +AuHmOfeCFql+exzruexKhzFxFmYadORkedVmh7KhE4EO4Ls6A/kCggEBAPXMNYgG +EfsWdp/IlnUg9Jf73VzPcG3feOg917sbzqKfgTY/VRtyhiJh4NLebXTZE1v0j3sr +rGQXtRXkvvgKtkDZmMB24aINf78RlxKUFFAHHQzpH1eNdxscOaYwc49R1SNZvyyh ++vzJHT6l5Y++gnsKzfdyFSZjF6pWSuupYMqHp+jXnrIvT6Ew0md0SM8I1Lt4vWG6 +PpJzhVWJ+EZSkzs1oApL7mAq5nIaxRc9VGRzFMi3p9VKJWcgLIyCTQcRd8uTsiYh +X4Qp2s4z8l5WSxLoHxzMMrSBc+j6yIC/rBcbdsfXQuaDG4RSB5UdbHd1suE1rDvG +3iRKyztVGpug7RMCggEBAJgIHwjwCPhthBipMm84v+o9clGk7GPofsp1d1V9gQs0 +/f5IqCsERCVcI+4il2inM+Gl6WAFAbwv2GrwzEgIJ15gstgaWdTnnmfGIDGG5A++ +nLPhvHyNUDek8pU5ZZX0uM2pHfNkCmLcZS3p2gCMTW4j9RSgtT9FpntVpGyRWn1/ +4Px0Lc5bke+c/HuXVnJ8TS8dOEgMzn5eVx8/UgqvGo5/bZXsNdOWjkVRUgFfrn+m +er7+VaO/lMFKWAoA7FyAjb37B4blxRVTAySCDtE7QFsNE4+HvSiMxoL2qpOpm696 +kp9Hw8TIkYEc5BA2S2e09pvnaYk61mbBfsz2DzcS5xsCggEBAOfCbs8c+iNIIP20 +ArnaIwaTQzvZlGblCXnhpeIU7BdGUm019id1KqiMpZHujEJa0/gmdotquJeACwzj +rHTwlLw879y5uzIzjDo6ebnYyfZTXr7nqNfC2YVEbc8XbD68qD02yB1rdd6YOuzx +O6z3sswVefNRLEQPtyazSt09zbfphRb1B/t2xJx2Dk3hxS0BZKSHyfm1xH4OUrA+ +8UxNW+m+PHK4+cDPco4wU5oAB+zW3cgL80IXMYE1QwwRaFO70rqvPpDZctiJJni7 +XlI5B3yCRaO/nie4z/PjUt6i277F9I+llr0G7hErz154aeeRoOLc2tNaRebuZwZA +zl/jsuUCggEAQ4r4HsRld9lP4pTo7zjLKon6DAO1cf2Mtu3RAo4rkosMfLhS3imb +DO4OmHGNytTd29YWBK60wqKPB5PLbgURWICldBTg7BGq8ne3Pcmr8MLCY7haQQuX +I+GIVHuXgjOjFtuXjtZXNuyrluZaD/xFOjWHYI61d1K+T/UQg5tgFHmHvyDuaMuN +3mJkWZQ2t845jEDzDC+EXegT1LIRBOYeakh6qyyyDTrKIkmqoSmdIOEZj1j3OzSW +Jfmde3RFjiMe1dR815WlJYAn2UReyN4GDW2VzyKDC0zftLdZuRiVLjTKhzEe7IIf +ArmPKRS2E3D2TvVUkb8uGaDFcNGwmMsxGQKCAQEAvALBprORw97j7qcPnMIO5/sD +jx+oglAWI4EkeOzvB7r5TiJrirPkjoBOk9W97WNUQ3vOYSuKJ1wJhMM8n3gVwdjP +LXcfeP2p+TSeARCQ3r54+OqSuwElOsyhT1GzZ+GvyRD9kOOBpU3zVCfsyGz8X2Tf +U5W70nCUrFgaZa6uwmUsOrnxmusN429PUHwsj8QbfrobaZI7n/bH+J6zG9wc54OQ +s2XMK1XOXkS1WYEf6PHsXux8ogYhBT/W52JQ05Wl7AJz/Kc5U1/NBGiQfN6PbA5s +9wYPwUpKPn/iisfFAyxPUZGdpXQVI0wdFN/834Nf4te6INzSsCRMqYX+QGuSTw== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des new file mode 100644 index 000000000..d608730f8 --- /dev/null +++ b/tests/data_files/keyfile_4096.3des @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,C49557C4D4A4968E + +qlXFWXp6OLjn/F8uMYgmMhV5UpDsFidTPbRpXs2Jlj289804AWCqfPr8AKCNVjoU +KuzdyuHnIUh7/Z0HfwnSncod9FD/vOUrg0j1mX3nQrM1IppNRClU8DnBIMi35ZQY +ObT5dyuTIxfxmAFMMrPMpoJs0Jfq1Wuqer4Z3OdU5sL9wTxvGl7aMVlrjN7NJiaH +j2LD3/z73dl3Whcrib6Z0ZI+GwFZHhgNHsx2c7DdlNPXAlW2fdLiwUHd4Li5sbAE +B6lV2qmvgO634KmpXka7AWAMMLEHGNArN1SIi+Ll9pcec+tJclysnFvgSAnjtt2n +eaqBWXneaJrKH3MM7fpeYKM6lCxsZaxWBxOCSM9XvFgi9QO587FrjZcak3JkxVpo +nISJlgYTMEmUpbmqfG3xHQa9uLd2HVIHw8FZkH25p3Uu86Tf5uuMSn91kU9+uvl3 +xq3JOAG+KqRl4AI1BhCuJeWv0cgRw7eNMj2He3qZ0+rFnqSpvgKB9gVVsSjAMl5c +g0WDcmiaTlF9e9or5HJCSOoGc5kkTHD412CNDHolYXGSiUOeWXvt1VFJJ4aJ0Lmo +WWgCcWllUuSabs8RCzEuuBAVEitJjUcUcG6FizXo+T92Mrw98PLFhut/UbOOYIIY +AbTL0ponOUMHCdkgPTOTXyEbL/Um6dAzCixf/WL2bJ4RcVML7yk7dVuwdgdnru9j +zxOoatuFkjvbGOG+7I8y+Qqv5qUAR235VwDiXVMyNJhFIk21Z5Qyo563R1t0kEI7 +SkuSNM+3mlx6TAgX6R0L0LwH+mS0PwFPeh3TA4hOtkEExexhsH8ks7lkJ7V1JEgQ +js+2r/ePzXpdNwrhUotUbbWz1khj9gGQ+9OV3vByJ2UFTgEgTqAwGwSrGJfQerdS +uAlbsEDSMCiP7zb3cGdXQLY7ztBJTksWPj9OJEy+LY2qD9Kc8/4ftrUZnumChvfw +9HClkFAN7CpkWUl/31KPGFayjU2wuhXI3Duo23+GOMLnaJ/uH3lc0bEWVQpJEc8g +NwpIZEHWSBARsOzmuP0xZs2URvHUpFxkQaoLBk3k2q3pqEBj3q0ApqAE0rb7jIFI +1n0FCLmPBMQob4BWgbhr5ow41dbtZaxjtkbIOp0129Xmwf+i1V2huwJM6AUPDWiM +eMPya1/uAX9x9d4mRSe44GBulSTYwf7eDZCB9dgABI2F4HbjePD/qFYQEoshAhpe +YXuL5EDwIgRzkS36tTcUuRzewcoSz8D/SUrsjfxzK+JEExqBSJm6rmS32hW8XmQb +Li9bT648+FAIu0wId9veTPkwVgIFUz7QKjUOd1WHIbU6OkWpuKE6woQ7BoQy6tRa +pdOAIhBfmEGL/qV6agqNcqgF6qxf+2R8sp/58EFjXgeY1nY7ZINGLqfWP158ZswX +P7JfkJ7kg3UNBG/mbM07hFALKTaGHjjQtY1xRz9FWA2fPzxbfv5hIwb/EQ2CchwV +zEVhpl3khkepiE4tGY4FEYmhOoh+5wJ03Ay4vkVRo7OnJaHMFOjQVo7Jwi8jtu89 +lKf5kSnvdbhhDVo0Gb5rbyAOQprCFdhj4Ko8MzBH+NCtPRXv8Jk2N5Zc32Q3+7Io +0lUH8SunlYu2ykOmTo/IRCqVDiv4gvCeUNrjthsr0yVgfkYZw9ud+BTaX96O2uXC +cjnSws5XrgeetKS5VV8Ogo/X4dTeSlau9UlN28R+hKmTU78Ncrs+lAQo2hSYQKMF +AL2MS1f4y32SVXeZrLgU2Meg9vF27eIQRaD7UR27GU+pwCL5IoOyNeUYz4Ci9UUA +YmNR/kuVQWk5E0qBVELTX/fOCCBoFbtak2ufWTu95WXPendiYQ7R3pmX0ZiVf7CU +0+QkwBqIT1kFDKsidTqfFYTkM8vX0GrI1AGv+xqzMualIAI5Kx+NNJuwzoZu0cZp +Vgk59ve6idtMJSql5IvdI6zFKmSZ8lSbLnoQnUv2Uc0s3vZrj5C0UO7hRVMT1FHa +avZEKzGWDfRAvbMPnsT0iuACJF9thU5rm2uzdr2ln/9U6BmrJgJeqD0txP+ikToy +MeIK6ZnV+fUejCy/qWqrNSji1mnLcU0vSV4HzlHAa/gYyAAHOOlV1fosgewmpm8p +I7SxZ5C7s5mBmLc7Ueam0i72nCGRsxK9+w0VHj9JcfH8oFKnjb9dyAOcLnXvYE5q +zURrLXmAfPaZbIx2z6d97gtkupOICzr45cLVCgAiU2rkQQr0TicIzG3GSpX4J6pG +8vMfBTH5AJ2M6B4Ni/QXc8U28NcTCMjbDKQ9lDO2MCCSMzdbU9PW07Rtym1ph+Tl +o1EV/67kxtrOUV1YTnt7WWty8NFUEMDi/TdTBERQyz0YhRHdDzo8dk/s7b+eIvJc +qdft8UM+ElZ02Pe2Fb/0sEJGO4yL8PQEhCwar7b/QIlM6PDXVgd6tLh13WajoGUU +C5OGC7WIYgzL09pOW9vPqV/LCBQUEQ/StRNrXS9TGuXHFmkmS/VeWOY3FdugI4mY +B4/Ws+3b9xZ7eXa7h/B/2AazjKqjZ2U84yRnbmyK56bMDSB03Y4HtpDApx4bLCad +UE5nObIUx8pUc55A71HYfmPqmK1bRsThsEZkjKsAEGaiflhkFLu8nVlphvFkGE3P +GerttzRweOHdEtnxkVdr2GHqzedj9X/gwzKWBPl5Ngm1lFR+q7mS9u90bAbfFpTk +oiQc00QnmAmMFanMs4ncb/6DQZ57LLprPaH+rstIIKW7BbhlmjoyWHrgn7kVn93L +ip67aX3xgE5HBxVmfUvAd6CxAoSGQBmurYk5lVe71ePLB2a+Op8LhJ8S03u9nZG6 +6w99tFdMgpBUgSsFsbxAZZ/ltn7LxvLLcP4yQFoIQhlK/NRY+RQHEgVbvBDVmRCA +WcRfGz+AGMqGpeIAah8X2qBpNcHVpGQ3pS6GNmbT3GdJrdWvnXpmniOCz2wdv5S0 +M9MMlNdCK/UyoM+nF6fJngMINQNECVtOyevBo7ukADf+oisMj/V+Xl0egU0rsAzG +F5JZbKlYEpwbJAdTesRKiD7GDVK/h/2nEtr0RrzgXdhE7I9ZLWbfo8AZrD97wIN3 +bcCjpsxhqy/RqMpft1ZXMtqhCD3RBYzLdd6E4c+BlgR8XiN8puKGj9MnmWjujl8j +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 new file mode 100644 index 000000000..09530538d --- /dev/null +++ b/tests/data_files/keyfile_4096.aes128 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,6B62153E2407E123D027E7EA4D1DF26E + +Cp66825tjpbBQ5Qcq+y7kWlmn6qskut5oYCipmNnE+0qgSPAeIuaCAHf5U/N/IFg +zUn4EZnD03zkB0Bq1ei+8abHnyTSkMANDO0TcSnHMVeBr/TNTtwB6QjlwDv+zLUF +EEaFoKFcoxE52tjDqS1S9IGq+lv+p9hEIi5fNOLkxh+AMsabQqUklAg8rn5aN3Kn +gzCfNnX4nZJMf8JJWXOFn+kJCh2HD0NXmKhKj4Psxn8xftkUHlKJsjdUbCQhwD3x +lxj9CSYrePDehxsBIBDuanY8WoUOQ77Iv7Y3YBKlmvNDESeQLuRYRSpCSl5hIMlI +7/2yMkx+Pl1Ep7CM2FGC8qrdZb8x64G5GtxIWP8EHqAgV5jAbCwuViBf1xcZ1UMn +DMswwO3miy1ggWkBGJhazzKPrJ7dqEAwHLqxaNfNAjdTdihDd8DpRnrmwprFjIQX +KPwVuMit4h9Xcl8M1cKijtnjOBtfk/BVOkP9cGbU+kCl6TBl1NqhDecpAu1R6r68 +q0ROxGvDjABCwHfZA2TbHVGsn/aBqLwn6mauWX9c8Z4JmOLf7nir17FOe0PUJNGT +EdCTpErScYaJLYbz9mnK8L75S9hgt3gED5UG2hH1YJjKDf20KqxEWskiHdAj5Ael +0qX4rG7+sui/go5QAATS2YMiRco+M/Bq8nCURYvvOqUL9X8Q6/kgsGofSoR1CGE8 +HcS2ubr5jjCakmN82pYj1YOVWbvzyJ+/bc8qXOsdCRJJTB+IvimCf2dKKkc+um/g +pYWYtauJxAAc+gGlCAZa9NB6mz8/cDcj7p6mDZ89K4T2zgD3PbfLEnQoJFqbHvvA +mCJkQBkLkSxuMHWmylPdVkChZvpZN4grqeQNQMnatejp0lqFnv6ZehJmJm5LnKJj +vuuijQNfhv0Vdsr+FxbnV/MmpKctf8aes+2YE3u6k2TBzbhbFmvD9QzNGk1KgagY +s79CRyj8UhavfE88/LpdU0RkJbl3ffbstGDXkOx5UpHphasch53YWCyN+y7KUiEJ +tHU87mSbtyy0MAZr2RcZP4AKf1pdTRquO1o4S1PvExkKkdzCbTXD9Rcj34WbGirG +fgMf5uba690hBZdafIlJr0Ol40QBZbPSdk9zJwFWKpGwBZb9J6QkVR8fVH61+lpj +bWs5SoNKJ9t2Jw7WaX025WuKzORAwUYU3CLs/r6XptA5daN9VeILnFda1Aj+MKga +HLihqFYgrXOqgzdGuGpMKD0oKP5tu/KzkXqkdUr7xA9xchnx+gwmEYYMIH5Wl1TV +3sCLP0tbqlVXa3Uy3iLPf/rrL6nXY487Q2jS401F1JHuegOLtp03uDzkr4mTaw4K +78gbYUySkfFnKb11s8/ZtafZmKNKCeVRkmo+rglZ7CQ82atxIDy5uST5a1BgW2XT +1SRDNTCoopuP7iaX2ktuLARCVWk0BySWWfnDhKLBhdqxbPrarp0drAT59/IgUFyx +MFRUrploUmZ4TvMJ9QSeC1WEgEn70PDMAEZ8oaQu0DOX5CYA4QQVVlm5Si0Lys8R +Kky5YnzRG49yYnxqfmEkUPWVanIzcSLvqaXEcsNKSLLAvs5uhlLQNuTHOGkaERzx +Z1VQwKAPkLLtFRHnXMvEBlfuoLrGclC7MZukPrEC2QPz4IOgS5lIsmyKsVPcD9Jd +89B+4nAA/RlXik/m9bfKp2LVmzl5xQ9mbEN0sSZBXjrGh9cmwWY3SV0qPuUtjv1d +YSwQ9JI1AdwoyurbsgeGyIpP+o8lfEDUPJORcLeLjTCfJb113mz3b+S47ETZRhIj +eXxNebSwpSQyKejpOt8yKNLuyOel3bgxb3J7bFofOw42FwLd7T5PNRPt+kTlLthX +CbO3960CENB1aYd+TbSfMeHteuxI6uPyfiVGa5wpBh00zKl1zhNII7tLA1a9Pul1 +em8Jn4MHtH1oO1+Hw3gMn0HzfIWOTxi+IxmpHU8PLFkCV7UJYwdk2Wb4NmyXE3+c +fp5NDiQR9fnFWBW3rqZ4ubIr126bkdTSYqjCAUClszegqm6oY6SUjfQzuwJaZpLR +tDouKHiHLG76Qxz8codVcy3Jc8fClJPXyj8A5qMp7sCZVDiv7yramalFfF+wQCCi +H1nQk9mVd7BGbH3VU11PCkm4isilwlS7TJPGInCAi4PVI+HaEHBhKUrl2Z2at7UR +07GpPjV+6iLLio0FglaRzGBf/Q1Hps6rJ0Pe0jSp9CH7xKsaUG1MbiwgzSmu7IBt +to6gYlLbj+YRdgxoGJyrgPixxfNgxEkcNstGo8RbLZZpDL2T+4W64hlP6PcY4dpV +VJddVfKV08J+DBYOkFy5nFV6ay6d49uRbCyRT+KsqoH0rpMivJGbTBl33TAQDHko +oZdg5mlFiHg5SHLzPYGmH5FqPqAPZxHVc9JWHMbNQreKd6+UXDg+JSblTtWfgSy6 +O13/NoJ01DFy2WvrbSgrqThFAaRWkixQPpXLFCXCvFhGsw6ukla9mKc70oRp4zIb +h4/JBm1tW/MGbIDjGY/zcZeM1XEZLh2aGHiOeUNC/wbd57pFRr58Be7SUg9J4RAM +RJN/GkCDCUsOIyQzFDn0rCphN7gYsb6dZkCp6w3U/f6MTAETSkc/xn1K93WvV2iq +PbuUY/O7Dq6zavzhXhhEjPSST6x16JwaeVdXYjeIZptIoo9fFcxDVFGHcaOI+dPY +9QcQlL/uocYdZ9+bjBPnY2l8sObjr7JoizfKO54qECrgKZj3D8HRsDZHtmzIAFW7 +tK+FrP3c7FT8yUalaxgxoWEL3XtHynC1jawJzoaDNnrjr8Xq6UDK3Bsbd/6wGBaS +h3WInxkUMTxQ2l6ccGBYuYrk1d7bZgZgbw6qI43BhjGXo/AZr+Rg+HiCobIKjgpl +nwxxgt4BuoHU5+hOtXGTXa9r2IDYP0nzLt9pWKrlO4MvDRyijQVppGz4EuuO3QCJ ++Dt7wOO6B+VnncidbUMLtCtADXy2dYXP4UWwGbC8VzoQyiJg9VU63a/NwaOf167b +n8vFDcd8ErAQVm+wJzuFDymGBK8WkGGK98RB4/r4WtoUDbOJRx+ELu/dRzHtK4+x +rc8IUhgZnZlpFRDVCZZFkwQQdviVGkrGCprtzJo0owLl4BKIy28rTu4VUoBOmH8w +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 new file mode 100644 index 000000000..203d57a65 --- /dev/null +++ b/tests/data_files/keyfile_4096.aes192 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,8AD7089E60B2EF8FE869EC60E0F3B161 + +F0RA2bY0ofjsvKaTHKhWzLvrDBPB/mZY7R5bfOU9Mk/OKtFxWo09uzQgTLsbG5Z3 +7esNgfAmB0Awm5np3OAfxb9dqprhSOoSSzBzd2TPy9AE3U6NwNPmv2DC+r312+M/ +QwGStdM4k8qAoi5c+GF6S8gqwZzTxInFd6AnoTvUJOZEmctMgGXz4xpW9ys7W2rR +ThumSKL6++oXPFjOsvBbVzMxscRIS/yEWnZvkxyzGpoN6+ewcXQYwbmIZpn2yYCm +M6liobqp5QweJZVANYPHWa6i+Xa8BsYAy311BQ8kVLiitoH8ok2tyrX4zkFqtX/J +MND3G17tOs2sDEtVfJHzxDau0G1zsbL6iQuwSg8fBDmk797iiT+7YYI7M5QhfmSd +oqrRoje8knwCbBZWfDb0mdHv0D1Z4dNqVcoO+YbndUf6mKLDvOCcnSZivSB2tcFZ +K4BoJJa6vGeWhIZ5i98WIfa/G1k7TNDEl/WJIcegTJMkT1YIeOtzodgnihKhAhUS +wyKmpmTvUNvaro5jFXJ1IYTpveyi6TpT2SM9/W/qJ07ih1ZqWynD7A4cEf1Q080v +hRxccwsVNkzQfA3DBigvrwmcm5xxNx4A/YrcqWbHIaudvQpsinTQTnE8A9c4SWti +SzfTLxkgxio8DADk+gTmh/kFx7AEaK0Wjyx3irLki+BmqcwzY0lYa9JECUktw9+F +jmakvBLHylkuFmnQzYhG2Km1+o83YkPpa7tXxQbuhw1YdLN0+PZRhZVz17FxZlv3 +824STsOCs4hhnOD4bqFaVgnj35SRa22K6BjkdSGHV2ZndLmKNbABg+qQmttS+rPV +WbgroCF54qM4ZciMlLBxlvIxJI8pIXkTwSRdBqMUFN/QNGFzWNFyYyIXKTz+T8ns +8LWy/Udvx6WQMAWHHEhzp+GbBOWnY2a+C0gENq80HK6n7d0tKWzRYy0dhUpki50A +yu1G2HvpDUboZQtlzBwXi9PXUZH7T9UPrymYchJrdW22Wz8oN4hyp6KQdrVSJ8YA +QpURkWaJfnWAdp+cQrRKl1x5mpDGShcRg6+hbpd7NGks1vNIFALb6/lTWmYQCZiR +ZjtGHubdUJIVqQovfJXL1fpOheR5k/N4UsqCc9Aal7cbcpIqGuWdDNL4caeI1SF0 +u3oYwK/58CBZQI09e+nQT4UHZb1+L9jr2EAgN45PU2XZ//Mz/+1/5MEZvMP0/lGq +ppUqwRRhBnDaueOrXmoh4XGTSYia3wsd8Zr5ElgvuYBjiUe49MwixI1UA8mmx6WG +JdgD3DE6W4soft3NuGYhQi3JzqlrqCux0KakYYORdrrdwXLszJf3euG1oqpmYhho +fIwH95eRygWBh+/kgN5CcVx50d0WZB4lteSEHQj8CZdlkEHwBGStVo7FtKRHQ2Uq +6eLB6VjxbpX2GxaS422xs/xGOoY7rnblB/9CKjdHYJ7xt/HPgOpkJxQv/6gcQqO/ +lIwxEj91hS7Hye+HCjGgK0XMG9so3ijT4UwLUvlVuePgdu3nwlAdVEXXBpRodsPA +fyZyYQbU4Rl0SVfwiZAZQ64rSvgjbHzb6vcu/hIzsSyuFLSk9CwFdPFqsLR+WRTH +JniyFGR/x4MM5OqStUbbNyFTIJgSN5KKgQ4Xd3BcK97hDX8cPhyaNxQ9y8HQSjqz +qfnq4t7VoNCIPqBdQ1en40Q76nYtq/9+1ENXZEJAgoiyZfKZm2Zw8HPYqLluhzzr +D7H+fmBAwngY8be1J3nphNM/m/oSzU3qbiKun2vORCkCPIrg5Hp9JQ1Ns4bQLVKn +7mAjgHCaB9kVzpNVokoMX8xlj5aaslke6y1NyA0T5RPb6oaD+KGmvQP6kZ2kP9z+ +uuKLwBkUFKlo+sqm4bV5DPg6bOJ8+xwd/yDv4NbY8qNWxKFXHmsgDjZZ/tOh/BP6 +RWXjFdSYD/R64wiXkJEylpBlEMvgCVPjm/+nHuNaLW0gV610kSd/jZhYkjzEYICH +O4qOTs014X53NjvnHBFwCoQSKmL0GqKIXnvJbpn6aOnN6UMsFxAbZyjytM/1C3w1 +lXbqTRI+dgA5Q5uxAa0QpA2HL2CqHuYfpLOsbT7dd+5wpaqffcUF3YyFyl4eCh5z +70CpqR3DOn47FbapjWGCbkYtIuLBo0TqlHWnX9k1XBsYdNSli7llyeAiY3w2k3Ho +HlXjaY1tuUjdmuJzB0MZ1G0ZUoW5mM9sVx1euab++rxDAMwR+qiOji+k3U6Qz2pM +d3waK8bSAmweFdfRZpeXh10ai4WVEJai30BXoiVEmnMTVTUp7pIjGX+q+x45wW1w +uoFPcjaTKLlNYNyBhPYOFtSymxJlHLvKnHaCp/DTCHHB/4knrX9We3mnSN2L6JuY +LNjbhtLFl646jYUsXanpLJHMQtgA30W4ddDMG8fUxKa4VcskrewBxbXb6+zS/Mql +EhYsdcTirrC4M7cknFI83z3wenvLdwSJicl4KRaCrJo33ayOCvU4qO9Whr2m3GZo +lxf6pcD082DhN+vw7oCQ9KvTEMDP1Hb+7Or1yD7aQrY2ZLv4kNicVMwAaaDHsuHj +fk9n05irX/1+fph2foJ5JJHP3Noh7rAIGH4qSIQY/w6MJ2IygEeS+JJt9z5q5GTI +VbwZ7XlFNZO83hG8XqcdXlOIl03utxhXYXu5bWqdWOfPdNyHDaF091jexC9ZfMGP +jc/Wv0Ig6lIGAgBhhBYIXV6E3i//+T3MJgvVIXgV6YmvZwOSWUw03JrHX4Fx6v0z +dP+LFD/xlwwBWgj9UN61Okzup0u5TE9vMy0P9mOkxlPzyo1bDnzqZYH+Eth7ZpF4 +04rodTycoTF63sFeX2LDzAgbtD1VdbLY9P9SlEEN3S3ZvjQOVnChaUXi4dU8riUj +GIw7VjIzlPdlq8WPvqueYVZK/t1OitNUHo6qUscFm2HMstR6dtpC2B/3wzr/3ECs +ChNTAcBibelDLRSFVgVTmHQK5e7cRVNK/uesIU75aICbNXjTMdLLZz1uOrHhpQUY +CcQOmOhM5Vc9I3EbglbQzVJkOACXV9w2Ak0EEXyFEiXmIuVRnSaiG13PqvpZWrdU +LVqnzUcsICEDZWQNbYVz3D9lV6Ox/hTsMv0lKDfrTepI2AXeTJ68uy4os/RG080c +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 new file mode 100644 index 000000000..062986035 --- /dev/null +++ b/tests/data_files/keyfile_4096.aes256 @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,B3D9724EA29BBCF46A5040D3B872750B + +DgCxMRNHyW13QuP0pGqEhke/+HP0/3HEKVZ0DLRAKhVYpKF1sHrPYD02dI6+6916 +b4Ny+LG0qEY7Lsv0NOAZq9alCMqKntUuXvRM5FeBDl4o0WKbR9y5i4c2LCutHIjx +AtYAP9gkvwfPolz8sM6GdWO2DLZLp3W/pQOrDKXdtU1wD9xcv/V0yfakSWMw2VPc +o8Lv1VkukXeP0aV5ZauaMYg6ZRebVIXtryt5BdXeR4IpZx/nbwrajalhcswYxGv6 +J+p2R67kbxED6XseD5darr9zZHV6I+m9vesetvnxFWYLR/j5nmGzuSi+8EAieuuC +vl+YaehTumHRsWWqQmr+4DBTh9dI5gxkP589Esy3Gim95oV/YxvTpWNOLEkbxTPr +Rq1tythoitFQ8sSNtpH9x56wC6mtOj4NOxyPIOb0+keYmzGFuLOhT6/TtJjMLYKj +1P+74kaYBAhlI7CVbnXiwyNR8nZxvaonXuixJvfJnERK6OyhfUoU7HaUjBrVCv3S +hEE4CqIkdlYjBl4UOcehKd8fPf79OSmFk58bUYZ1Bv2rf8SbLB0WUovnfL9Kdiat +uSW10c/ImG1y8NEF0uG6el71KpZX/fwZn+Ek7NJdc+fQxAfJniWIdAxalv5C1FBj +J6Rx1VWfSOUH+qbUkI3lkPmqAKK9SuIbh6B5tf43XYlWijeJUbMkH5CRHaS944Cj +2rcW23oWNmltKtXbfmjSRZiCN+nhQeRFEUuiUSMB5Qv3k0hPNLwVphSpDUFvclLc +UIzuDJCdYViTTgAGzVsM1Ob1zjBmtGc/gHZMOCHqXPZr7TFBhicXhAXzF40TX4ml +qBc3/Qn/2pM3yKM7+W8GgSN/kyU7E1R1bL2QhiXIXdhB0La9yhZKB702z7zVXa8k +QxJxiaS56cskCkIzb+/iW8JK2BW7A2q4gj45FDV7ITGsFT3rT0qF2pvxjfzClwwH +czxv/M25q3syT+P2H0b0EyJznkU5kpqBwL3dxLejybTQWMxEDElCF7YZS4LhRg7N +8sfIW8k13ko6/Jmkyb9zzsKTfoRMi2rAJQPaFbAqLHDiQJmo1HB4Wr3iYvHVnazl +WADVY1eSB6nMbGwZxNZDRU6Ul96nW5CoRUJCq2Y7ctN7wjomqKGZhhsp2fx1a2hQ +vrsYooqCM1EEVp+F2y9mJsuCl43EFPV7YJlGHbPUNF2s2hpBi0sWwWIWLMSnflh4 +eB+Jopij9C4plAPVF5LdcWxzDaZU//URaGoWeCPbAzLdKCXezVEGaQgm8PIcmLZU +XL09+4kIhptqw8GCjbjwArrceRhXrTuDsajv+uTfEthK5j7V963tWYF4DLYOtt9o +ecqQuCrVeeusnI7iSpiIwod1mYxNb7UoXui7yb9QcJemlBr/Ez3BfyAy9yQSXjGW +cM9ArsTG+n+IsPxNROQ/W2V7HJKfmVRjBcBgJnfl8sj3jxosLGxFtfnP8slzVAVi +KHaYSOOjR7KSiW91/7yvTMxXRuVGtARYalN+HrMssszpFFSCS1ubgYO+dKWmKGLl +VtgPiAwj7jghGvYUBg1EXoihi5j1HYIU5mPBEIuT9YVokHgg5eT+Wm5BG5SkVNIt +2Y8Z0zWXgnO0iDIHyxCNAajQXbQnBnx01QY3/PVowksQG/KhSFa/PLiGgxwNC+z0 +bTZiEbtHBe5O7kfoIvazYmuSOgyCfPkukEszxAivwcmZ7uIWwHlC74oXILvzJVuH +lvLXBEtnsfDEwjEnMevssUhnFgJ8hihwODF71L+2VBwjDqRkndjAVYBhON34Vg/R +0LGhtUSYMFfOfk0yrltNxD5iaMMIeds1Jktkn6Xz70rFy0Ykt59iTjrza6bDhGgY +h4ZSG9jO4Xknb/meoOacYb/3xX1pA9JQbb3G/R7haC5l9wmtMGFy2G3NPqtAtwKZ +2gDBrqu9MOp7a2Mxm3brQXE/rhlJB0AjyyioyOsGZKV/okY8bhGyGhx/1bgrDcob +LCP6XykjvFGOAU2RWAYkbvl4CKW9Bo1x1XrF9+QpPAXUg4lCLW6Fwoom3QVo/oIr +sZstrV4d7ajfbU8KeKz3+sG6O5xO49NXNtptYml7zMUFXsVsFbnVwLOqcTbtg68A +ICLYa0iFRTSgidqd7coY3yee5xwf8LkPGVnoUrtog6GWE4lLLamKF3+mPrtB+KAH +BWy42+yLrV07IDLVcAQdSNhKT1ppXxIE+ZnWQgPu3GJOmWxiRbygD9N7HbiaByDA +QAFVtsPdqQX05LVGoWE/EZsOQbxoXm8WQ2GxTUZQyMWFTOmRuxKa3tIwQOCPlQlX +xOdGIof2a7aAXIUAl91f+64uU09WXxt9UgPgV3WYLrsV0xHPLqMISYGkOJ13CpJi +TalaKQpm03W7nymKPST7QV5c21xZ1Q5DW5r/zOBF0+WbMJaHrqoZANvg2dzKUKWx +lbmCmclpWnTXl5LhIupCW8S2ft0Gpcypzj91du4LJoyTGi6mpqtGT/ZyrB3TpjYp +MtreLfl5R91IKBj7rW7/qUNRfBAsbhic6L/JXLNDIpqWBlk6vyU/dOwnt8GNa/xV +SELIaZZyofmRabnMISWPj48LoqqVUpWO+LhHDtqOo4f9Kp7cRfMJ1cVzMAL2fg18 +dQ7Gu4Kfv/CSQvl7YUZEMGFAAI264Nn8vnbhzsv+a5RDB4MYZQwCHUIIAczx+iEg +7PX/83vn/oZO/bmtJ+g2KDp1oBg3fab/rBOGsFucF3Pe+kBTZy23PpL1oX6xxqA3 +D0gN79PTLiOSV432aIIuCIm0LexCxAUW3c9CES9faNA2W0uyprVDPF+ML4sx8b1z +GRdVnsUcdJQzfG+JqJKeNb6lVVjOJIaG2/jtBvAzL3d0sNX2oSPJk0ruITRCsPfx +ZrPwjhZIZA/CjQ5PhzmLeL7P0Ker9E8HGI6UUdX5/Gh4DsfCwRfqP4hsc0TkjBum +bwFa5y9Bag/sTNzEOHVjWm5A1YhYGK8zl+NB109HYmAh5pryqWLwckREIB2uL7Bl +c8n8Z3wGeaC6Y6KEnrZlAdQyoTeBG2qQtW8iS4T17VF0JbCm8Crp9CbpkodksXZ2 +WyV//WE3Qgur3e+EYmZLyR3FwPym/zGTChoPFdsR+g8nDEJDSxJtmM/e0xMcJIJN +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des new file mode 100644 index 000000000..59d67719f --- /dev/null +++ b/tests/data_files/keyfile_4096.des @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,2E1F86610218C7B3 + ++MJCE88fZkQQVdfI30MO09vUhc7VYoC5g0/idfl9dpNVV2mqy/M2lmH1NeTiGB3V +DY6zf05uSMj+IQBduchbmhlbRmDH41di917QJaysH0D/GbG57tHJW+Qet9dD4FPv +YuTnYvy1nyceFJ8n23kuVQoRIBKKRc9GOe06BEpUQGd/dPEuCyy/Am7jK4IZBWup +QcurBNyzsCqSiIYobIrymnUb62yS0eWabcD5L1ATxc90jL23HTivUfXHHD6D5ENO +n/ARuBvasopR7ZQPExokOjTD7e9mHJ5vnfK5JHd4VYLAs+IEYfTfMhOPheEIHas7 +ODOBtn4cLuNupP0m3BNKHbTg8t3iEu6/in0BcHkPyVCeDX/19Ga2T8inDAT7wC/U +OdYo71PTmRLrb9Ak8msGgsR1mzziBcz7ZNjQCoU+MuNJ82zFMQuw7A/TB7zRFoyR +qyP55Gu8yTM8K13wBvnvH7o9ttJNB3lwqo88po5foN8Tu8Q4T8M+2CEmxgYhZS7d +8LY1B3xmtpyyfuXXI/ten4s/aZ6vO1hnTCFq5sgwHH69JnvYxMAqPmEj1s6K6x/0 +OFzL0RPRXFPAKoJgd8gtSj7PEZ0MmrQxkmVFRU6EdO9waRxNDTN9aCqrTratrSJp +jUHLb72Xw98XEoVmTKWRTEodB4zuV+OjlGu6op7GhqroQPSQmwkVKg3wXIRJhDHg +61yj8m6Ph8qDUOn6WqixbBmyshyETIO4dDP7k2dsaRnduLtkicbeFIU8Q5sfkiVg +mDB67gGKJMGWNWthtwjVLtgE1y7Cpgj+tEWwZQkgnPKi9lT9dJodgysXMLIgaDS1 +XUUk0Ynt29jqAAvOUoikpQzf8DZqmYDpkhKnf8M2ATxsybrNnnb7/2W2kQe9wNsP +fq/z0iK/LM6sf+7y5sIifYlP80XRHJ/3K9T7sDZkK03xp0ok2+dZxAILjkuHGkJt +ANLTXuwgslPKusNgZNMVlpk0wJQCET2pRQNKUOjnRjo1T94gt5eBHUqX8qIlEHEn +9ANHy5AdKkI3Ay4G7qqAigz2+c2yXeF/8+HBHKX0F70VOiYvmKouufuntJ6FP9FN +i0QBIRKT/MgslD/WrAAjhjoTwoSLhnz50iQiim/UaIc7LkgqMypSsi29UQcNfQKg +4p0jPTJ11YE54IawbXVt5IEihhSNJBwuJEIa7ENDp8MAQXTe/9CXaj6rRNeqKLp7 +Oz1D6zHe7lYxFMSXi3jWsmqq48r7Kxc/hnn/WjHupGXjrszoTlc9/Vu+Q64wr9iV +bWq8nsz3IXCjJISOblO7CLVvuv5O46U0mADmxlftcjfbnTYuylixmZMtIncC8vgf +4GTi6bMub6hCuV0UWtMrjSNnIgatNdVoxq3kjKxwPjF1Vd27Pu6wnJgbDdMRhx87 +tJdcuPE8xDpAPW8U+zGyhhuvdbWTCXzlR64uJFpCS3TnGqQ3vE3uYsg4Bnpbw4So +A6dTvhw5Q/4+DDzpNXZkHY21zNtaDHs3Mbbr1ma+RrFlIU0PwgjjryogdGP9REoK +5XN5hvITGhzf0Hj3YwkWzU78Fmv87FQC7mtA9ag2Bfjc93axeOqKP7Gzel/iX4DR +dRZyUQ9E1Jthl+XgfRR7iQoZYI81plJjIj9xr0P2jG8ShjzKBdldsYD+sKQF8jfD +4obHk+gw9STV2u6EjFC26WfD4Ux11IL4sMRUXyVQng4DWameIiYHWesiR1ryIX5U +QGdEfUpTRiO+HTuLgOxc6eh801cvfbR7CU6WM4p0EBHbWcDnHRZHO3cM18W7JtO2 +J9g/F5ZInU2iji8v86fFtr1e8l1Mly7Njo7VTYJgqCT5G5bQ6C44y1ttwvSW9486 +T2AqshbmFIIhExA/inRzWPbPyQydj51TH0llWP1ZgQbBYjVX+Q8Nd2AdcJd/L5dq +/bfHbl3U2bTqZ1iT2HvS1wcwEOa+zlQgecmWg5VhEE5RGlhfLZNFYa08bYBIX4Yg +QOa+iHbwT5YOnPf9V1wGL+wZryzTXIT35lGa4GtqcZYvUz++gzlzv+LJnscTZJDx +zYSmeRI0jgjeJv6gIDRJiz9TBAr8Yug6ZGXLFGy8oTdhY80MQAlcS7UA21jQe2eN +tW5PW67ezVaoK5TnSIcMp3v8fsb8xNr9iK8sAvVaSLbtKQaj+8oOCnPfpjhgYYOy +VhPVRg6b2ZWNuFL+kSn+fEdaenWv5jNk/lfHnRuINjkjAXPiY2oBNLsoQPs/5/zA +aAIgO7507k2RI0Lhfeof+9XgJXbZBjTpvnxLWs8I1vY2SsycCXo6I6PwhFEYzTkX +hiWrHwPG6XqfVQspptIvCT2NmxDE73/ODuJgGrLx2Ok/gDOch85x6EyhTBklp83i +PBY6/vnoHj/evPwZl/wlSm8rTsLZhEj77teLiSul4sEpAttjEpjszBm0PBWR/RW8 +DyIQHjt2tZ6+9riPqXP0OBTyIluMuGR8XzGDhGI9lH6ndQFnl+rOfKt8j70cuDTp +wUHDHWwXm96yy2DxdIx2uMu19NI+FpHpGWaQgxW/AIUymtw+2NS+ihj5rsJ7xMF9 +EPIfUr3SUqnIqJ6lJNAN+hHFQgv/N1zhzNtkd4kftrzwWGdQHuVdu6CNnDzOUFKT +TWaq2BFkV76kl1L0DWFMefDPVXpD8vSqb99MGmdtlsqT6Czl98Q4+RPqk3QVFUJz +/2ClpgJriqeTJnZt25jjKUYEAATPjdBTDoaFFinkJo7802SRpOjaUGaR6ICatmdl +2pgTPHYGjz+YxucUbRQfeYj/gXRb7srOI/MlkCUinppTzJESCcVbnurWNsBJo+yD +2YgKoMZk0ARmYHw+sJ44fUmTU3/g9z+xHx97bqZCkqa+vNBeT7VmqRTrlHEzFnJI +UeqlyKtBq7P0z80OENkViVgnvzVakn9cd/4R/rQfy7jysGqLbXIt88fvFmcjLHdQ ++tcIjb68uxFo1W9KDVvj7iHrQpOaA9fKb42/AD5B1ditj4BvnbW+kma7IRGeG2FM +csj9KdGZNcwi+/X8lV9eoRN5U6F4NaGRI47P2wrICFY3WpYjvvM2bc2TNiwGOJmj +WA+fa9+a/l1UUjthsfMtLROPUJ6XBxLAAE0HWFmhx9Us3+Wm4pNu948ljecr21d5 +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..935d9fa7014a4c4a97fa0a31f66f62f4f957dc60 GIT binary patch literal 1262 zcmVr$Zvrn8a!P^ zj#qhNwXVUA_(!J1B)+IxBmqyV$OV!8p5@vI-b*VGvD6l^S#7@roy2xh1r|heeQL>i zj?8wv!6RKw(VL+K0=;9+43_h0tStWN<}=0j{Md-L-Pp2{yBmw;P)3S~sEd~S zhML2?{)rm!%Rk4?1)q)`(1gB`N}{R>^uxrgcc(c&EVr@!jcPJZ$T#rxyko5O;b21C zKs$0b5y^HV^PeAJ>p6rW1+dXnr|Z zxMWemPNwGbO*&haq#eoCOrusv+fB#kUA1t0);0MPr#-r)B%ZrH2(j@&Cp zV#k7?Gf3%iGADdK`FZd~$28YJUOM+tBfpwr(zhtB! zDABdx0}Khc`b92Z1WgHeb-Pg!>)M!$=&Jf*u*=_eC*n&~VBgziH(1mPn@G7RGIO>^ zi=B12AAT5&nAOUtr50f+E>-ar+r9dQmhYkvJ$}&-K*;|#6fsR034``RwuUX1*3vTl zo!C9goBeq(V4r#~esOAYpf@pJiMJA|Z$Pbfg>W2DXU^Cx?q4EkTfhcbMP2d<#JFLL zmYZE-O*Ft?sQZSGgh(#Xogsq6=g6M4pcb*?_ELA(Ue{4*Zi&*(sV|K$*OAIW=_e>> zLoY~rLli;M=Zs3zCTr0atC$nF?)*=z4OgpcMC4#2VcKpGM{EeQA0Q-}M_NrJvcXU~ z5kFUj_QMx9cvm^VWGq+JQt&KfXvPny`=4xkR#rZDC=_1y_2MDg@;&8=6F4Qm3spI? z-^5MvBt=Tg1DkS<==ze(<+hC6S2-E3BdFRLkbJ+cYNo6GHBurM8O~yu=Fs{xr#>t& z2*iRtzDm=S`U8R)pup~GL-cIM9P1PAop_p2!Y|6X;TXVx-=br12j`1lAlj$oVhV{B zRIqt(>ROeBkaQ7-VJuGm1w_qfBr`0pIB-`sas`4gNFf343aoxX<;;%>RDWwG3EVe% z7w%vUza4ws0)F~MLxKmS6C^huNAmm`3jp}*19^@|yBX=_hSDJs50ykfHc^t$ z!ym97Z)3h^al9~y9=b>h+J>ePlb}d$X&j}5fBcQdHdlcL{o@3zX0$^W_*{JN7g*z9 zP{O1h2Cas>XLuzoyc#X>=4`*F1pX+lh3`HVjl2`rR*Xm2>5?1BI7IMAl}dG?5YOP) Y3~S125U7CdZ_^?jIHo}?pa+_c8#pj)!~g&Q literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key new file mode 100644 index 000000000..e05f22cdc --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECC0AvA+c58vLAgIIAASCBMh9ku9CbE1W63cd +HGEVS7iodjHFNt2Vsjh8B7GSQ5lyAy3wozXJYYvgtw/N4EZ8Jdmdklj+ck+s48Tr +3giAn8huTBx4HAU70AR5T0Wjbgks+bTnRyHPxs0uZkwgQIlMFfFh/ZnhayXsyxRP +03kTimiJ1m3Kwch495it9eBmZmEAiHRlBwspAfT3UXjpVd/8qECbuYNn/uyme2et +BatTFTK3vKsV3msEl5/bmzc45Qga7n0bNqoNi22tI2jaqrH1ybxueoD0E+52RQXD +ViZdEQXS7YhtLYj02Rlbmlp72Y9tww9MF+uXO1xWtSJsthNQFN9g46mLlXAOPUf2 +xWiDIrcCsh72d7sEhKRF4AXQEpDb34XziB0046yUSi1zilRswStINEIL2F/ssqme +SMmEyphL2k8iwarQsYmUnoS4bDcWcKXkMmY2j2eZs0YMIgc4sRSnzKmwRGqvLXrF +NQNcJqJCnJgrhTTxrKlrC3ptbjtQpazv4hblqjdOtUOc5yXgm4jPZVsf82NZlH1i +HzUa4UT/Ne30diLxy8UAWZkPFup4Gn+bXFONEWywiYqvvpunkCXMCX9/6tpCn2s/ +K8m3+HE+eZW2RX239NYCwpFKazlQKySw4tc4CiN0LDO8rkxCyaSODej8hVqEj3TK +YviNS847cULC0dz3UrWkBv/YBY1MzvEty9yx7TNRc9c/X/NwSUH3YFWIhATBdufp +moTh8j0aRTC3jy2Steconay3qbdLP5zK2riGEqP9fbrNr9R1gfGNJQ9J+Yg5rYJF +fuxJ8bmgh9mtmqgdYkhe9vaLgBmMcLjTFo9GNHLKrpHMHfboim7avQskg9leLX0k +GAkY3vRvJqbC2M9rUVtSxNYbvbA4n1VJ9gSoLhVIXz0UpPi2YV6f3c0H7mpWQ1ZY +fBxgUVy9hoV7q3FwbcgoUU/BGxQ19BTrSAinnRn2n4UkbnYeYnjv89SB0yBFZfQB +u6VVXmHALMqCoc4H8EEfyk+5R4eLKm5Ww1rar6DmK3TIhANvcsrOpftZ8AoNj10h +CzDvzhMODRwPNM994D6zo6GJh7UGF5ksZvtFreZSHCmW5YtGgiikvKWYYrwQTLyq +HR+ytVmJhSoIpQsHMG961hZ/Qd8Tdg7/feDo+DaDidASbg3+4pZGOHCcmtrBSuup +gRncAbxFy3C0684xbHYENbq75ikegx7VXrlYC4sDYKtw/Qu+z7cOsEKzJ4WbXqMn +Bez5QaKKBBODEuCVOu5gfYoxcWNnUBBxmGF2LFlBU8SzHooZN/rBzIXv2I420dUo +XxyB/7dyyZuN3+/FDDwDcWhnS6oKtuhBW2/AwlnLmexICSIkRLzko8HqvdTav8ow +xShAP4plrwIPNlxirRtesWaDVIEcv1GxdKe+sOJOFEiAFGf+5xECeK79vq+A3Fuc +/ih4wKFYAXK2T5dBTrg3aHs8I4qg7l2Le2i0/ODFUAjMD2/wbSBnPlJj8brdabQe +lMmiz2iLK/HN0JGSq2CMBuF4zgPMbG2Tji1qSuKN4iSE3IJET+iGsH4zQ8SBETIK +bbKUkNL0BhFL9R1uSOPRBnI8wu58aDLEJ+KphlHpIouBohz+b82SfFPbrUQ9zIkG +PiknJ5EvALgdG+nOQqI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..a73a21201b58fcf5b91df5fe87f8363b409edddd GIT binary patch literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R1TYQ+2%)y?zFwE_CjtTp00e>wP^rqkV*(^Zgx7jn0tF> z|B|o|4@_;u2zGgpk^(!?7hyHg&K0Zu)(#r5R zAYj2rDyw2@fUAoGOy)*BuLOmc#MURCg0 zWM9xyjBD%y0ahWdhgvnG6JK$IAtPrzoC`U4M*VCZzyLQYi9iBhdwMq;U$VS=!EqXa zpaS3FSiL3YAtp5Ml()(G;sBE)ptu9pYGLE@>PyY_bvFQ5dI4=5mTyhBF7IN7i}-lb z0=olq;Vfl6NARb)S>lcylBW>EEn?6=PMtRFh(Rdqb3&rfKvP6n6w5c)x>VvdCMA}9|lOJ)L zJa^=~I}1;c`C(nRV(Tn64{f;(&}&PwRpaai)))iOJd|if$)fYEa<|u}BcE zwiOZ8Zq(xt`?6<@>0&$!L?)ip?==`V4fk|rfi;t!agc(>cv!i3o8=1EpAyHNT!S|w zs(tVurmGwP2_x!0A?{rQQjuKPZMKtn=EPCCiUP$|<#bVPW)7wZ zT4GnLS4ZkX>@KSY2{CtcPa}j_Zs-eS;dgb2aMa98YZkSdkc>=~@v5bUL#0Y*6tpjfP(tsIV;nMgFOORUY1WDH(u-Ic-A7oMoJjv#83F;*{QPrL%)MI> zt~ay)8ychT*-c+0m-W{GSQXcL2s{a|mS~(4ynhfad1@F)ry+v`&IC*tc zg`kvMcb(raN)hI=yYVDvhbj0?>Da9q{RFhNU;NfExW5Ef?p4!d?0CmOZ}&h#szJ!) zWZ;o_;*^s-O}zZ6Taf05)b8wzH+V6))W@3m70^kctBi@jcI^!HG}EB9gM`Tw0D&5- z>$+!}H2fR%XdZIFJacj5r^Igp!wy!H8o?K0=-!Xx{J0nVCRM=hy$ENc&@)xbx*(0k zLi5ms4ScGCcMG_1uiAxFG4TgnzKVdK%4-Q0pk;F9O)9gt%G9SB!wle0YcopR>%Ui8 z$Gr>$Z?MbJ7aeJyR3w%=if`5z2C17UgkZSJ3@A|8JOh92D!oq8;?Mst+t`bY7w0=7 z5Z>B_V?9MY9F=0uZyi-Uihj$nU-G-qH(Y*yGxKBiAOmBRCyOX|9CuS(@SMx>p>!N) zZ=8;vJ?H3Y;t{jilh$ssrXd8_>FM?q=Qj8RAwqXFTKNv_{OC1e_Z^}P!z4(FyheE2 zuP1U=X@3#8t2DvRX_Q65XT{3pthg)YUa;&>Y_8H%QZt(qTECE}O&Xx42s-QUYDu`( zTQYB?X5ETbA*=;)->NYLNp()JhG*q+e*C(K-Pr=Wt>kkXNo0*bWnu3I0+NDTtdo3!T-xc7dw#ktc)84Y3buC+Ig;d8msT0zhOb z(Op0Hdd^dzD!wIp&s$XKkS1LGPD&jKw&*Ca@Dx!FdWuxg5q>dpc;!w^4xo0U&6y!; zmhBV)eXjB4#d`7EWGquERdj6NNZ2Q#qB}*IW11;?!2sZUX<&>k^MRj2M`t{qzS@Rv z32TB7{6ik-GYAMe68fn?Kh3KSt%ahIWUg1tZ@g;qq8WjDQlOEHfL~YZ1q4a1Z-x^A z|1lF6(^-J%>n0T}czf7_!YBN!@Gp2#? zH!xr@Jc`eQ1*)s8XbEhZsMQU7cY1yCcM`c+@N#`Uvt@d#v6A{Mu{n1E6_oJHNi1T6 z-2j9q=_C$IEo%DG{mGZ03%dQYkUwWB({N8Y_E(>p%5TAZs}wvukzSq`nh0=zJ`Ynb zUMUuNf*v5>^;@a_sbdOAIKCsaaAJLz?YtmDgCk8~WOyA*q+JY+|L-3_rIBw6tD@d(YYlspYT{p60#-Yc=Z2TuJ3;Y@k%>VzXk zU?6f+I7+0pi05JZn}ggrhr{Vid|^C*^hWNThO5ee1TAG|piDrIPuVryT)KLkO_(MJ z>_)N9T)!f%pI4S&za@U;qTYv|24GdE;O=v%K7v<{Gv{DSm^X6Nc<_Huu!(b#Z5>|@4i+9rd~qinmH6#iYs41w*ei2&jK zQO)nU1|<3&0G-ffS>{cLXEAAe@Q}E zG~jOPptjtrJ4Y)DF6Tf literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key new file mode 100644 index 000000000..2ca214a24 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJcjAcBgoqhkiG9w0BDAEEMA4ECIpgp+ssMIzDAgIIAASCCVBDJHT4FOJ+26Sd +3kuSYQDyknBs7j+ylhQNFD9E8Du9RM+TVKQbt1FuJ6cjAwRhiZrx3zfyAhPvMWBA +v0sJuO0F7aNibKWc3iMNaL9d0bm8vPrTL5Lz6fhCbejgFJG3DecVMYRLCLjchUFZ +BS1acSyRN+7v+f/T11i6+PfOVdPga4innQOvYkr8AocduLbrlWJCWtnaVIh8e90S +VfTJgqKYYG2ez31SR+V+pzWJSHI7bQZraZ/YpIE7eeMrfJlHW7eDtc0jK4TTlP8r +YFt5TNl8nGnM/NE7RYcJfTVnddmFGGaHshYA5RK8L+A7rjmEv8wS6l/CJxRooex7 +zKvRwQLQsBgUsYzffpJz/fI2lPQrNDrAtNdK+haz4SiSLdK2GVNHoS/HkCH6wN7F +caaKkVxj4aldmDtI7zpOWBl/GlSZ7d2/0BwjQeAaaduA47WZ7u0ljgykeBJd1eI/ +t1dWeFvHnO3iOvQ1E1hagCWFufrA79Dkxc2sADwxofR3gZiVa8jDue+sHu1HA0P8 +ekhy/Jf/aKH0fSD1oddCHz+aUHFedwZmZdSdEY1y4fO8VJod6Uwqu6iVPsvJ4qLE +W9sArxJ0nTz7uELk84ij6Yz0ZRWlTb6PM2KRnj3TMne0ff6BmTBpfOjOjxKOdVzQ +HA8YNHZ5ZfJLQR3my2mt1CUGT5Tw5+0/7bsIveSgV1+LKC6llpZRstJt0c8CmUl8 +Yg+YvLFUDN8bHQD8OAa92gmmZvWbqr55vz+NV6/F5CfvhnghwWelaQ7NOE/3rGyd +K5RRJTjtYGZfjuCXt3Ve0m6mWS4XqE0jszIAiC0xxGCaYIoQww5tFxj9MBwA1nVK +o6HjdcDLuqry9qdzvwemw9vDRF9NPd995g0AFO6CwAG+gyOiWbO0usd195CG+Taq +kOiT/THcHtk8Gq5tFWxcJ0zkuIoEX4LTJ1EOsCbcY4cien7G6jZ7BTakZqAB6JBl +4fnh7BXPPuBcrqrDiKyBoHNW1J6cB+J0zakKT+F47R6cu31DNgzq9BbCExu9l1JN +7Rb+K07Na8pQgLNbaGOSOATYczhcqWIPKt3qUllEBTCalTLK0ho8foO9ctqZsJ5+ +MM2/gYO/WsnSJ/JbqHnqg9Ng5xG71iahs5r+2R+9hwuzVHNo8Oe0JnT0eoElQNQx +Xk1iNrOb+/0xzMTCTYoAT/i7SdlpLnDAMvPNaF0KfYJoPxKwmhMSD1J0C8PJKx3J +CLhvBpJbdyY2utAv81DqEYAskzfxlka8h+i0gjVNoCT/a9keEPhu/dn4SmAiPHYa +h0l9aKXnUSm8JgHCohwhUlKPpUyRo4GBsBJSoXvNtYS2jzHKofbAyjWoQ8UFarCL +HVYeLLUmROTSDux39ULkmL7rL1mVkIecRBYqYV7Fl9+t7hF2Tz64D3OdQ74D7wct +BmRhBAJczFFcic64n1CdYNSxVdto9qa9wVnyKjFEeQAw7pfxU/3Hxen0hkZG51y9 +U4WSVLohunyuHWqpcopV91Rr5P8N5b33FVgl8HF44vcnn+KTmIwzzZ1qSgoHN63+ +kOAv5HU/aY12/ZCNCiyMs1EY3t7mTE19CNR6gIuXoD6MsBKiAm+XaCpSUnTbPv04 +m1bPS30nqTWpcZMSHaGoWx7cuSijmBX80imC9n2VsDE0O3P/I7WcM6OGwv7pQx7u +/aJkbk8wDjJcc10DYlmLdcBr093lBc0lKfuKEDLPJGo+eJt5JxWi7rGKNgLoaa/V +lRHWr1sJGhLXPZl4Y+CJM4TdMerZwHPFIndgZChs8OLHpgQsr2SCkPy+cjF10Q9u +QQEuh5DiOexB/auRiE0c7SHlLYWVeADlf1ImIW6fX5SAjyjWWjT8KP3cHq3mdSX8 +y6rxL9myDGHp7I/z5x7ZvqM/4RWTUhL4bKFnX9goiLJ0Tcpo5NdRR1nKLeTZrTiF +z5O0Zt6r0rYPXCqesecSwHhDVPpDhS1UDGNiUSk1QVNCdorvgU5B9X3ugC/nUVRx +b8DPbE+5i+GWms0RjPBlKy3M0TVhOUltFnyPwiADs3CRZ/l8HrokYLOpSiJJ5RuT +I7aVPeubvPgm4efW0h7o0r5NwMAth1L0ABZRlKeShyx5Bqz7g7umvTRH80VTB36j +wvWPM93SOAbccq4A5rBNtZkH+vJe8KshJEQezBdr3PtxCspKmBjHEXvppx2WDMBh +RdJXlCowoAgwzs4+dp8GhABYdEvJ+xCTYmcDX3wM296iWpV+wfgDCV3/mpGDpa2u +gOtZl0+kPAbjbj9fOkunQlyEGMy3HUfhxXsKcK4n94aY9rCYuTOohimuSdLFqEX/ +s77SA+e+q5Mnfw2axLlNKa8WzpT0W6M2Kw+pFf7uk6qXVYtypUJyvPDDoh64zpDM +G81Wr98g9iDTbAvzslAoO+z11g382Jdt+UPq9BDQtUgHwIhUGubcgs0N7Cu8m4JM +mVFu2JyKeBigekzyVvceKnvV8k7VUHu7hPt/zSnUinLKXGC5UGfVJSBwA9VyOA0v +O/6SNcFsnx0vDb+g2hqTX773/avq/LIoHlw/b3oKtNOnw0SAjocJJW444Yh/FnES +nGKUX/9bHEiAcWglqXEnRfQWQChHYjvGN8fMWgDMOGh46PvBf1v/HQtdBfacEFZ2 +98Eh0rUWvjp9YfjaiCI90XLBLb9iavUeDNg5ks77KBllqrZlKJJxZXVBXbrosVe/ +O/Rf3Izluo8Sc3J3QftDOe1huQA92b5vQcH386esZs7E6gtILUMIML24h9VfTTvQ +31Y2auKpN5uFl0QVVlnY0JQ5G0fue7XNHLyrKif2VOExDYzcBwLP/IFmDgRi2dAV +gBm8WASp1eCZSDYGf6aTWA0ouHG7WfV4kPI2njIUWk7enbsUbbqdfvWGE+taweFX +A7XFbpeCAVwZpP5C3iK7aPV6Zf7ctvrS1/qutfKIQEiBAO4FaAlxVSvLjVdIZlAx +3ZD0pYH//GJwjvzAmRUN/laSRj7GVePfIkJdpSzeU3RtFb8ekChbamQIx7ZbMNgU +r28PfKxO1xwLswMY95XgFJjl7cgDNxyCgrqiAihSc0kIeD3HCaXq1l4SqpBRIyBs +qacV1cWIVfLQP9nvDFuS/sVMFBhzSXSmjAnJQ6IHTvcQUSbADf2X3PkQTFTlnSUe +LF6ihYqh9JYWVY1SHkFU1hxgKgz9Gg== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.der b/tests/data_files/pkcs8_pbe_sha1_3des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..582bcf324bc2c53bf677a06a49c6a487c1be0d3a GIT binary patch literal 1262 zcmVr$mUhDi9r1( zvg}RK(@`*Um}F}j5nAI$XFZ0{eLKw3M>P{eJ8xxZ0o0;XIo8aO)tQp%A?}M47X?mQ|W5)?+m&6_wwNXf^WKlBhZ(`gFSAnnCo(^?>0(jv3)vzEgSQ= z6XMPL7{4vrVl-Y7UsPFSyGKZur<>ca6ymDEt-_e!4SDP!s5&8m?Tt-{OvL)F? z@gdQJx^cG-K*nR`Oj+qZ`vh{HO|D-SX`!L}o@%XP@tZM(QO4K@>%^fyGW9Enr*Y)q zzDT%TOQT5ha8*rrpT9q3kY6{b<_(ICZYZlCNkLIfea1`B9O4VeM<5~90DFEF?gu1# z+I|o3@;sEZp}+Vs4{)6@tug5}{Ob@#Q^MuX?3%>8(iR<&Gk~3FUJ^GEKxU>gFX38iQs*C*qf`1@|?6y7@;$LHReDvK?Kpyqex0QBLR%JNRhrzR(g|j^E9)FyJ+eGI^i(qkSqC{smS(Kn4O&JUFLt(OoOlq#KXsrEG_0@%j?5 z;`jmm9blWhtm+NrW*A%pw6=9;VmokVD1P4gNA{gI&AB3*E*roY9BMdvS2W=a+iG@~ zr!2Ug&~dpLHG&|oXxhyl@nWX(Qh;x(6t8a}tDI+qeG^z7Qu8cMYo;wxfVkNYgaKso zl`EJkZX?%-n!`lvhB|=#XhlyPgyKx2NHfRS*wz$5a<*LKAaf9lhZ+?zzwirjuJe!C;f00|+$*Svdb!Rhu8Vi`Q~U_IMYYH}^dqHC?nU^< z4sk;SQ&PsFi#3>MKVlel+1{)U@_xJBt{;mFnt3}(p~elIXB>bi-xkn^tg)?ZX613Z Y{%!t8m;w@YU5KXVWRkMZ~y=R literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key new file mode 100644 index 000000000..2874f50b6 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEDMA4ECM3pCBusaVRoAgIIAASCBMgZZBwVJeBPrqxX +hi7/gjk9K8Vx/YJa4nPH2oJdye5SiS0/q8ASZqRsn5jBdPAJBHDiFRWy/41FaTlx +s7vsT7742TYD/e+ZVHA6UaPJdhzECX+GvjfIhBOd7y6Eiuxij/ZexslcrZRwbYVJ +5+H28KdN3AWY7ACq21t/lwv05cOcy1NHs6oqQjm9JV+8qxh5HuGP9SYNpN5OD6Hr +ai7I6q7v+U4qd8kvtLcoL3rkLTxQncH1f6hZeKlJMCJv43rtwJWE26VnKDyGrbdP +a4vXwk5HwytHTcH9uvK5tjTmPRC52go82aviax6Fx/dvMhsTwyVqw8Ywap+wD4MS +8BTpDUyO4v0VEWc2zNk3c93wkHUjXRoG5O6BHhJG1sVIPgzUeCZyjHB3gVHDmYTT +ZQ3FLyqQsEVefeiUz+s6LbDwXVLZVhX5PSVnetIVxRkkeCada0fA/fjhFLKucK8k +vsim891a0VdLll8lB92pvuQD3S0JpTW3EdeGUBxMNHgx3NkfZMEFObFgG0mAEy2U +9ybc574YxfVDGMMCWrt83L0F3LOnLvqOjQSsasg1QjLAvqruyeWtmWFgiS7MJ9VI +6oGG8ZnNvXIQ5AG4VdbrllV32oi4JugJ8LrTrjnh+r4pd8MrEB21wleWIPe+jeZa +dmgQKJ0r+QvnejsytlXIFlQ6eBB+cw1qo4mKI2DnwUAfOBu7h/OSD1oRF/+Y01WP +9ptC1CdTdK8mCD8QW0v5Z3FLLUIlONdig4Fq+se4Uwwq5JlFypWFE5Er9l8DTb2c +ruZoEjhKnL8cW1I0VBr89fhCyutlyKPeWMNmzdBt+U5NsKB1arqDH8hssKQWCbme +65gRebXN0fWMXFONintX7sVPu2oqI+x0UA0s399rqPXmAVBHWA45Z4i/Zuvreb38 +LoqfF09rvj5roqo2HTJt4pGjFBVngNXv+8lClUixm0bdGV2dr/o39c3LtiooxRzd +Pd0iLNAWLiQmW0Mk24WfG6q59iVSc6W0EDizbAZWG0MsV0VmOon9HtxCMqNVG0CW +DM1UDfAJ1D2nKXaAuj/JFsCvJ18M5M6fvETi7WOCSrYgIgmNP7kum04+fgAhbV8O +ehwEBag9e1/L3NVkySrM0z1tRWa49dxtL549rKdNAfOrwHZWYr2WQJnpXwWpEOuJ +Z6s10S2XiQhyl41iK9EA7Kouowed3dOzJavsm9Wpnbm5i/3CTKps5rT7bSMKN3hq +n9xPQEJUdc0lvG50LJfIWB8aHQIpsAUUyMOKHesKRXV68RMfs5aVUMP6jIuzqrbC +OLd5SDLUEu+LKVfaB71eCExVEuSVqOVum9CJipMjzXPZa1AOLvr30t/pZpRWutbs +eYIBVfJDgLtvPGtnPGOQEFbZBqCNJLWIARYxZZhVnnNAfG79ZJ8BdI7tl3tkpDM1 +Fn6k67yHfjS7n/rCFBKo3KPZHnwSUpYtQkTuHoqLQT1yBKjTV1qHLJLvsx/QUhzg +7r00IW0gtFgTE+dD8fYbN+pEku0KqnGUS9lCw9NJEr0iF8c79FpPhyT+4E4RZeNL +OlU93qSoPoA7BBhEcsOkpiLiZHj/EVkLJKAvYCloNz8GUb1p1sEO7rrOpqtVD5tv +GSw+8WKYTLWZE9MWxNA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.der b/tests/data_files/pkcs8_pbe_sha1_3des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..e8cefc04de3a6adbf0dde59d4d98f718b1c82bc7 GIT binary patch literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R127H*2qge9tRl7kd;$Up00e>wPy!COLlv)DfT9VWR9b!g<2#4Ik>qQ*)!0s6lh;Vd>h|nm8Zw4XUc0vN#e&`C*40eTJ&1EvI~K-jYKs01%b2 z&yNyR0SX2V1hHPDDiPC9Otqq1u{i%{kD384~0D@Cmdhi6qMZ30Dur$+y+WwS7n9KFe ztl-zenBe8jH*{SFU)9thPurxO@3)L?O4eyPj@xG#2hvLeQHR?*I|OFZP| zsX0vy{=72z^2~L!Tsp&>wJ_6`9^U06i+v*jS0hL zJYsSYk#97KZbT52;D)b=Xc5&SKrIXB65^&!k%K@-D&Tp+*_xW824}I^-NG zx}Y{m16~$IrOWQBndW55F66D2c$B!95{eSkb(tgCGVab6)o&AkWBWyjK3=g70lsA~ zioVAomd72e7GvX5RsJ=WTL8M)GrQwv)g+GEE3xE?TR(luG)rD-t9I``ZUZwNzpwEK zMhCa=dI#3?U>9WMy)Ba@=n5SC*lC{)LSu-9`M1Ww&_TiQ$18vzue;U0&i+Zpa7ieB zKefD(LjJsRWhyYpwqiV&g;Rj2`Yee^S&d5(0kPlRxg=K<)xExjYknbmDs;**gBqh$ z&Wy88UR=@#1!O<6o**Qkg@#`U5Eo@%JW+__DLUAS8C;!G`7e^@KYY){CC^HLb4-P<=~wsN*K!1lNrTk>HXMuk1Pi#V&?2O!%!ocWk`Ax_(={T_`*i?%L$oJmWjE%at9xo#XG1aJBDDAxUB* zjY9#aqNr9grwIyGQ z1#ZUtE$T^6MwK{8`gL}sV{a=kiZf6oFTDMEWS1WK^@)?$*xE*%DhY+FGY`NWArIE7 zVWIuJzB`K{hnYM_2AAc`%RuF~6MRixKrc}_11x1+T^#%y&NjF0OLq`Uk<-7`clnb6 zW&oI2E_Gwoj7c$CtWZGKLUOoX0ZyWM1RZ+cE}(U8%sY64{!rC|C&n3n+E!2It^OHMy0yq1*k-1nzGJR%MDPgqcf zduI&yx46D;O4ystNZe_Z{$c*`U~`%5`oS_;BYLD0QKkuT-WW&*X4@2154UY|*7hdk zA60p+tBHc~zC4XN`H_2R~>CL3o<#keW{pRL$`#hmW1xK9_pD)V9GZ_v6)moco6ZtDxvUq zQ-Qh6Y|}R{2Uo+aZvRR{6FgpO&>beu$xgX>EjtodpBd#s0~F)T&84}&C;jQMw6L>a z0)B?yE~>r?(Q1IJciRK)_!X=@5*NQI6XSlne=5!hSaqk!h9~SDsTh_&gU7()c~hnb z`kIMt<-TvsS@u@0kfkbaPF~9%F4{P!y#}bHGCKPZ@PdLuOlPr|V)>tPx5;Qb(Phrc zqi61G7VRF{E3&-qUW;8&zG&d62{A0lxb002!6%X~DBwt{byRrs>JbFN=%|}4+y%#D zE9N{3n1jisQP2htAvB)CO$-{<)Cl0Pidl?~#iz@3FwEZj#^b|+xB0KH!W?cq(S>%* zjDRTn{b9PH@`u#M%}N)K8r3g@4Ljy`RkC9U1lZ!RP01*>d?3rz`Bi#)9@hD zX&bO7vI>-GCKK=Q%hI2YkA-aSTCH9GSs!B&V1FR{)LN{A2!MT_ru=UAH%2|gX}Q%^ zM#7F!`I5=3p{v!Q$1h9`iA7?epN3KrU^SNu59$M4rMzVQgXc-ncQzY2*E8EJSNJRtbPyA zzMy^hV3Bjsiv}ekM0=auQyw+zL{VMZAE{#ht%@?4T%LxG$xg%@A^;PF^;lt07>u#9 zBGO0b9W0bW&XLtanO|F(YW!{km8S22+(y|oQ1^#axFPaA=mYQ)F~yp58bNt$hUZkK z_u6Qx4FX#l;OUN@p7I>BTVYAv_Edm_YB<_rzy+JWx>tT6DJO{OkaL-L8xUx|CX%16 ze{bL$r0+T-Z57L=&@^PI2}1qLI}sjwBr>s>8?@gAdAv|2yT+U7%S5GIF=n3KMV?Fb zjf-Cd{GmS% z8Ki_wzWRgTnZ6y*_%BiYJmEQ#2Z#gCg#U#C> z)8v?65EYJ4LbHkTwIMTUfO9nG!aP6llrpNli-;!fJ~UgKQNKD z;jGAoNyLt+z=>eFO`wG(`&p|CW)}0NX)mg5F%oKQRrW#Un@ngbuYtT@ol^ns46_S5 zt2wH$%Q#;4Biy3+=&{Wq!(qPn==t@R)H_0URh{bdjZQgWFq(mMWsJ7EBvI~1-qyVo zI3k*4%?Z;W#rOm##fZyL8g-0vZz8k90;C<^41`{2ehmWfq#)3}R1 z?B`o4rAL*p_G?r2y|-(wtQaC;WFx@p+}WR0e#Oit)pgMDO5?><)u?eE*K0w2`pqmYW~7Oh`+)7R2mjf_9pT&FcO?>x&QzG literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key new file mode 100644 index 000000000..21ad4166c --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE4jAcBgoqhkiG9w0BDAEBMA4ECLhM7LCVyIdRAgIIAASCBMC1LBF5f+s/Y4/l +ttdYBasNsmSdbAHr7uKFELCvdAZJrcBNjMfO/lyS+KeH4N7hG9CX+qJ5ydK5yKog +rcjUdVixRfP0HwhUyqVDwe8L7gwzf0VDq2ObUkM6a55Gw0rcTWfz86kM0PSBgNlc +Z1pAdMhjXMYBwSo3eH+yVbcyemWP1KyYFD4xan/RMdZJNrTIOaG/9ccFrQXsnXpH +C42JC8cqufj3WEvRzbuNYsdlAqD7aEvSPDsHIe1SAXUUmyFBvkJtRo5xatqQ0lBo +VDxpgx38EP6mUQ2pE4gPY+YFbn/PTajNrBv9IlDO42yPC90QAxo4OVd2NF1hH/Hx +zoIuEKvOefr8wZjZhwosFt2MvPWr0B1tNPNdIyyihp+ZdZn8yQxWDdBgiwGAdhdz +Misp9XphHmnRl2rpsWtThnZ9o+00UovchtQ+wFEZO59Xp8b4eM9acEk0Ktqkohg8 +4qQSYoAQkSZbPAqVB9nYTMhqolY7X9vL1/O7AsWACGlQzQUBZyUJBeT+UB5dlNNI +ncdBQa/HmZXoF+SKmikchJnBJ3wBAcHBddw4Yw48adYvuhB9XQn3cl2YHyZENyzB +b9jlQ5TcqiFzuZnPPwvOAOst05lYt3s08ewuPHCCb2tGiaLmIakQ9lvx8C/W67b5 +nH+E2verRjsRR2/Yj+aJBdvTuTSSKcCnEFey5wOVF0iWx5AuPdSEFf82LTeF2Dlw +bWiAaGIJFKUcotGUHnUB3Dp8s4rLPVgEoy2wyYJzYK1NyFD736Yn0vbi5l0WuAEp +HBTxrL28TxH6LDkSlb840bV5zPFVpKHH7Jb+jkya7iW1SGFU5bIHZrEJCa2rRiR9 +RUXvSJ7WuzaZmJa3OIsgsC8PB07zcoHdwERuVLYMoBZcMkI+/ThM4hEg/KMJ8BI7 +9A6VZ411tkTx+Vh7Qm2/t3OECeG28fogoDq5IR/qOMA8XstYGt3aJrUbMh47Znr5 +HtYmu0xFsmBGMTwZGnI0CPCyiMIwL0X3u41xP89x7+2VSAnSf9pzQWAJ2wYFWy/O +6VrBGfK5AqLK0Him+qfPqNT2663LjzSKy9MxCqte8BpVhJS1Lq6NS0FfvLnfBwSJ +TVrB2ERnKwgrxk2wIOAmzvsyLTpkM3OX1+rEEkjDTzcP1bDN4DseEzDgsXQythML +quS1cDEJvtMglw5ha3dnAawRnhHSTw8U4I750ZJhcgisryCP7NDecQp4gdXKOcI8 +f3Kpew6Iw9g2uBGzySebxJ4EPLygLYzn4n5Qm1BxMx0Rtxigmz7kNVx2LSma6v6g +ldBdUM/1wsk/wsfchNPKjzn/15sxdqE/i6CGO4BRZLY+f8TCh7T557AHVa+h/Tf2 +k0/pSyA5FSlfHaqAG7ythmvlGTgpe/ypeYsKsZzslmFEM9jYkfWbnD88sYgmZwhK +Bbg5p67BTPad6fRzp+M2JSGTz4zID2/78zttGF9+760OOqbazTN82SVdt2Hc5kPj +aHCFl5ZeFpaCuMojv/RbNdsHAryYpgaEwK91lh1Da6MPrq7Pc8J0df2Ns095kx5S +XinqwOUvRMCD8310j9fISt9mBiH2BG+69pz0CTMWL3Gje78oKEVaFfaFa/r4SjXD +01/LrZRT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..496d602aebc1a479aa2860457774cd4a920fd837 GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R0Wb~(2t8Or%k%ly$N~Zg00e>wNKTh*ngTgF z81c8uS3%57HW6slfS`~>Hl`bouo)So+(rq7E5TVJLIQcj`*%NQ3e1Tmhb0wz)ri~J z7khNK!hG!UPRPFjqgRuSNc|}M6qzSW6Y`J{$g8ZjI%eFLX~mKZilN3VX@v-`FZb}Z z)WDufq&3Wz$P9DJu4saPqQQOlw9sl?<(Qk%BBq}8!>>pe0k{?|wC8p5YHP|rr-_mZ zH7q2z8yUlb9%{LOS%_tVY#dhdLW%3(bW$;EXb>s_`?vV`cJg1u;2l{gtsrgb{& zO-9iCK5?ByuO7(K+IOHA;s-RWsNr;!8OWo1zrE{k4Yc&cD|c{BnAp&MN_LU{*i6b! z+Rv2BiTA)m0XF>vCNv33Ayl1i*ffCuugmG=uYNi14w*SP5fxZ|a|Zv_4|ou$I`+li zNh%@3!E0D^=)oQ&%jJ@iFZH8rElKfzNQyIPHS(rb6ETa2KrC?59-{AP-hsLgiD`si zrBu(adlFwhcVSNsMh;;Y7&!_(Jc1`wbo6xO`0v>Y)-B_t_@C(*f?7l%X6Myrw!H7E zoi`%KK9i1T5FLU6t8iY7PT+||y($ZK@~7GXq}5x7%D>xsx0!yCjS}8ta6oNG@bcbBSv0qqo#kqBM zvkWuEgbe^Mc)a8_7i+oK02c}yT3qCnVaN(GQja=i1rSB6yX&H?cXqlPpYXh@&E`^! zFbCrs+y+evhWRE)A`#abagd{s>{Y0`f|Qxija=6s*RnUZy5o7+j)>$Mo)I3PK~M+X z4Rh#8E2F$3fFrC5D`1|QHw8Po?j~STMfz=m{bLF8VJirHVfyy<+OcoHWPe-<-BMJL z{+OXrHQ9v^I>Os9>8#&Di$aNrMyirhj-)Wkxv32S;pjiSExR+POCZEE>vEyGq+Ryj z?2?K*&u>)Fdp_e~koP=TmYb6Z5Mvia!GRM{B^?8b<|K>8NGRks&WpCNmU!UiNJqao zH6N`fQ)++I&mY|kPt72WU#58#$Z;pes6v?Q~&G&jtKAOz;8U(k})c`=$tAK z4mSdV6WzDsr{&CI&3EI%PuuvU{z8`Df2T5!klq0u(8xG2?IE*rZN6!0$tr{;D=Ig2 z#@mgei#cYLhjArO;asWu^oa+X zWCUHr%+aRM=hc*NxeKZn=eOGT*c8ZXSgLByHOQ~CPKoi9yBGhX|1`X!Y_|<8BNZaC zN!vmNaXKy;H33+uYo-YM4Jif7+U+q1N;bDKXCnPm=i5tGsr4_6p+S%2@BA1(^30@N zPL_l~n?v{%*)ncd4pr(L7P{pu5V~H*)&G?`+f{0%RkW31yWdzM`DA{~V@0sA%Md}< zzQt*NO4mW$HBa(Ow9EG=@m+)tUfw+Xoj|<5h?Iawdp#t$TR{=Aw$Qf_1GQmL9a8jM z&&;czK7V+1cZmKANq{xrpcVV=_&%>E+kc)II6{eb6ZS_)=s+cR8|Qq!qPY&xUd0JO zUkMdi=P1Wp3Gayo$Dh6Z3A&Iy4t-R*)OS+GeK$2LBI-%lG%FR-&*>mB7$oF*Rdh;@~cH!S+o zBPXv`d2jy&*3yb4gtKF!a=%8X#3=8&6f7P6<`6aqFxx=2mKN-YPNNXl4e;*vWjjETvl zI*!jgs)ogFXtXL}W<&vqM0_z2cMB$}L|M1)SJtK3Z1_q51|Jwc}?8&S;Z z;t%VYQ5;ffHIXrGmC4mDTVasj7pPta62n2(u|9rIE#B68nVI_NE~79JhAT99nSama&>(*2kls;$ z^l}(4*HH6VHp9n`f|Qrp+(h?>mi;HC2J3W zCdMd#4$*lcI{%C9b)emYZ!s@Z>giL#5v&eUo0}Afkq8T`0IGYV0p?*v3l*|$#i0v@ z+qyC=G^?lCRFZ(9u`G2hr#qTB1)`BhioOKf`1d0=3gsOWDv*%&PLg&N!JYQvfom`= z{EO;g*}RmMC@lH`4w#@F-R!ykcAu(kO1DhuhzBK(5Szq%ti$Va9OILJ%9xrU_68aG z6XO4syUry92F)j(>x~B|E>!BUlJ3D*A>UYWm+l!}y-w*0o&T(WXyCaa gVrO8do{%DRas6zCD?Hc(qtG=eQ1%Bc@VSV4XQ2SJ6951J literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key new file mode 100644 index 000000000..92e0e1561 --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEBMA4ECHvTDAvIXz7AAgIIAASCCUjmBX8AmQpI9qj9 +Eo6lmEmiUx+lObs/dCZP7u5PPftqIRtvg3O+170z+r7uYglA8RqbYFg/JmK0CT+S +/A10tdB60Oz5hDC6KramdtnyeeH0H/KR+GkBaWQdY/7MLmC2YAtQV8toKVbuFfoX +StBmlMTPiEtANXoJqD2l+wpIDSD/TPNRmiMTh74oU466Stxah85wUbbSoi5QlqUm +td/cTP3A7BumyUl/PYWHx26TO+dvdvg6bCT/IJyVZt3Xp5pjQCIH/HOr6i1+IUtF +JSPcfRVfvmWD46RjhOHTTWFUPx8gUDoMkabOD2iivmSiAYJNY8wZtqIO19EAjsxG +RuleRANfaNIFjkz8mU1QQzct98GDX7+OKCWBLSDzzNQFWvMZ8p1UIh7PcIdEpEdF +gSqHjLmDYk4IVNtBHg2hChjrZ+F/4chSMykehuyDwsn1BhUtRST/Atml6XoryBnE +2imMAvq6Guu8BOUfOYJHU+FBojKox2K9tadY/DvFRXNMOw7TSVY+v/t9ZGlwTrX0 +6e3dSKBjQHN7P1a9TinOgY7nwGMowYaEv+xyJ89h8a4H04SG+N4WqbHf2+B5KpNN +gwMlps+hT6V2/9LfJpJCb0GpB73Mxkc+RAFZVOUZlEtSyMbOgoRjF0S0IRSvP1/3 +auHEr1z62LTXsh+kAIvOOH+2zN91S5wn3xjFLepI6jq5QYk0jfyIRDcLzX5dpPSf +Q0QJmG4Pzx7ScAUfYh30Ga9FjQSWQjGbeHwTQ2V0QbqweNfdLEaYm7mSzNAtuaGD +y34Bta2mIQ3eWo6c/ipdViLzsCh5wBUuMXA+bWGHTPbyYae7jalnK6k6sfCe7teC +fC+im8v2tiO/eTl+82/NquFKyRfTHWCFC2AbgAJNqV0BxBeHAKYVNCYRXXhPD0Ag +0D7afVUFrsnL0DvLEdQ93YRV4Ykrcw8wl/bnGTRqfmAaiXkdP+gScxlWJH97r4Sq +sYN5S+M9653ETiZlQLsELtVf9LNbGja5qK2kdr6CdYts4fQS2sxjwADGjdaP4ANR +RwVvRsIX1uxfFI6kSwnOf6NxIkSz58i925e2w6bSv0/IDp+Ofu0fyGLECzVLNhoj +79tzEA3dXZr7jRzf00itVYcaPxzMJMROZWgdWvKPVJAPrSEiCCvmTfC+LMAHSHqB +6ajEO6Vkft60cfC7qRgpjKquaVkwPqSr9Wu75WTVG+cqEulZ+nJqFVUhFM6CqPyW +ER5d3M793S7dinii8E4BiqgFtnw3DtAt4WJh8cj5R64SxoddIyXmGQY8gPunjzF3 +62frHXLeuRx18AYRCyBL0emL+AEmPiUdEM3ltKv/YA+GEZcmCI11ZXLASkvb2HEp +MjiPH4OACqN50fb82qXurRCxNLteocd+BUO2ESyQDhFjHhH4zgWmBmSnMTUYCTm2 +KP19HV53QlMv4rwNLU1ASle5F6dUgnYTYpdQ/0UslKCSyesrfWOCscXvYYrVCqSm +6QN3/FoUcWwGLWX51LsaBfxIzrf2hIjHbmXlYwujcWMtrSPillPZP+w381xSTPVv +S/HEn8BKifMD2zLxF4w2MLHYO562lVGpkxdGlrufPUfKZrZ7AB6BDUBbj36GIFfN +s7vpIcboXmaycv2FhmUlvmhyYBudB+g4pfVSUdQyqg+dQQqyrrisZXyaIQKl+RIv +1RKb1rij6I5Ay1TCPuWRMhBK9yAEkQ0quC7Xd/1O/vVKpMSWkj5fMKNHA2XZfaUA +NJCkap0bQyEEi5qG5HGDTD5+NVRfj4v6U0fzBsuya35hHdSsjPHbzMic7IvUesDb +QwjQLxIpibWd2g2QHwY2eLCjLf9Sgo7rnOH/4lbFVWPiB46yrYACatnSRZu95nZT +C3MDgYKqxzjkcl+qohpRODnR8iDosl0GgeOAn/7de/RRVhjRs7RtYg+94fJCOOkr +LGgL8kdB/k1cVzn42z9+A6sVtKuduo5tTOAheEN59+440wO2P0CAy86kjrOCEsxc +tcm6FLxJrtQfUG/jp3uqoWpe7WjyD2P9YilJO85QrFzfFX2VLhssQlr+cThnyc82 +iRJp/idj6dpda1A75sg14sfk7tiEs1mo1gn5LQV+/9JQjEp6hJag3JJuUqJsNoVG +45P0Pbv/LAZ84h9E8TMfLauSZ+r5AY8heiWHahg+MiCOPdsp7TbhYF3fichCB/0/ +7dHuxP0Mu/4725kLDxFfkn/M5jtRnT0jXlzcZoVramqWPhagkvSjcpJy/csLjWJN +VisGc6GbTUe2XvEeUQb8/Fx6MS477PZsLEHu/gtkH2jBMnbXhRtbBjVPsRQjG0mc +g24itQD7FE3ZCwrB0m6kv2hrQfYDrK2F46oK83DwqnNlRHjMIgmIekBIwAz5AmzH +2tnMw8F2ISZE+PaQ110RuBCTrCKG0sQPfF/7RIbeaq/aHjvmBTDxYZS2Co5Un8RM +pxENTFdtTB+yXs8iUoeFXRrNcdXQXvME7PymTP9768le3JjtOIwq6f4dnRdlvUEq +SnwPWChWK26c9/1G7Zml+m5Ya++Ya5RZThvDBPCMIOlu7k04IkNOBFV83AsVT5lo +vkLlcLz8OPv/OpWCc1FcxsmXQHD3fKFI+mSM/JMyGA+VKcXedjXJwuRAVz2ZgHk1 +n3LZAfVF9IEZPgt1qFuHsc2j2YUwf4T330R9dNc5N2LzwyxLp1Q0Qer57UCI9IQR +K3k6PszIYyHLISqniGdiokjiXidiAeDCB0Kll2sK/GFmezEefQrte3nlLaV+Wh7Q +qo0pwTxkW96OzDIVj4sHqheb5y8Rifhf6E8NSBlrswgWCOC0DfNnbDn50GxlpCpy +8axIY9JbPNpNlcG9Iik0bIHRHRYF6h1M54QsKXQwX12DGRYVfm/Y37l3IMYSXp4o +sj/EpBwht3mMh8BYFz7Z9pcSGRpzUCu0Eos9v2vchwkcQJuWLztmLy8LCnWU3mB1 +ACZ00ce3SuBfbPp79ZMXVZIjz6r6fUX1nFrVh9s01Q29VFb5oatb+Mk8PHflebvi +i/z0Ku2K5tcyl8wzIVUwHyr9DlzSXRHePT9CI0JmWnVOy/jiB0LVWN7mlEuEjmsk +fh9h/67/JvVfpU3opyBu9mR5D0y3NSWUdvGkaFJ/my1I/jPDclQ02TgUIcuJyQGo +V8gMphCDNGFehLwnptI= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der new file mode 100644 index 0000000000000000000000000000000000000000..9a1eb403186a69fe60d074baa6e69c9c499abc63 GIT binary patch literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?75TGU8UT`>y+ z0tf&w6b1+?hDe6@4Fd-R2pt!R*d)5-dIW+5$gS+|5#`0XSzTa~$4eyiFxjj4hT<-C zsun4oor!5Eh?X6Lvkg8rJ@{S=ym7?sBK;ax?IS;5DNda9`0&`&tfAsArYg6JW%3ik z<}@cA+*GAL0Y{ZAJ5eq;e~SAausAs^Ek-i_A9 z12cXYs| z3cUM6FdBI)P|uqS847xzmeD$j76uxGr0sgzot4o;^5ewcAluy9BzGwVuvo)=fOB<9}# ze=tC+NRQ*4Gu2MiA(^4vCr-I7!EOy>=HzTY619Q>QfF{=Ru58r>@}a*PnePi3f)== z$$mu@7(i7VCN(Za)mIQ`W>r2Cl$7k?@kwy9_1d)~GRz$amBn&@#c^j@X9gf>U@%V@e zHu{8i&apc@!DaH1=Mt;g2Np^FBa@8p9BSXq9T}u4svui{GRp~WZ9t~)##rO3`bOm`I&hlj^0!^ZQvyz+*c6$>|+pmFqP_U`^L+g&KS z96*)S*s1fq8dY~MV(Ngw&`I^goK%cR|7FF-WbxpC_RZBI{BSe%!~sJMnZx`tr8cv;cFd);C6@joRM zjy#ESfruz51LSzJrs&HFCOWe_0V%mX880ZdjrUEWFWM8EoVAKnu98cm2s19r) zozNpQ1{%QNxRcl84Au}N1-3*CU&-Q?va;V4F)nJ-Ij@e^>Z!7 IGV1wdpwC`sZU6uP literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key new file mode 100644 index 000000000..d595fc724 --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key @@ -0,0 +1,30 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIP6oIwSIapDICAggA +MBQGCCqGSIb3DQMHBAgsTKISyhpWuQSCBMjQoazTeTtrgdDa+phkGwSDgcgxSUHf +E8DmqX5hUNU4uX+hcqHbaRZIVGUs+GXw8iySarVbswbXakNVQCgp4HX8w46mhes/ +BlcJ0ALGf5jD4wluHNWZgEei3pMW7yJxXitoEoa9Hyshjeq//HLSNxmkWWTrrSAg +cUBLStsUHeSxXEXWpcRPin6LuZEGV0spb30BHi4vohIOYN6DDtxugbvwxzUChgDu +RyyhlA4F3ZjZW37BMTiZDyKSBODgj7nfPzzHfZnSC16ekiXYWbo7h3MihQmMkjOm +YLNBhOHRzZtXlmgFtY1yRfiREyk9zGcGYv14PB8sUOwotN8pktnwd2UgINaX+ccO +6/PHAoU/MiqJ0cpZH8SZlFalqGSsF+LI/bf/qs14YwXI4DeCTyvoOJdobU16Lg9W +Ole229Tg4eV96X82MbQ7cCx1QGWwAGR8spmrls5b1OAGbEXBFWZXK666SQMpOE27 +1qVKiwg7PIdzyDwPGj4UoJbhg+9APRNfIh6ihxALmy1N5qprY/B4I60QJzACgXb7 +wixSFbpDBqztCI0BkS3K4CgZnnrf7OTbOdZKVIcESen9P3xn3dfn1+7unZzGRm8M +nHQzTrlCW2z77AX8HGvP7AjETxG2JQxefER1+AyZFTbWp/zkv5ApYy/u/24MXRH3 +lYVBxaX2iZ/R9TRCDkr13VhQMpSCCPY0M3yphbUWAmk2OjjqKccw6IMMG8Xb/4u0 +IwtFeFzk567WQ4NL3WlyFjjeTww6LjXaI6IYvFMHvRrOBJt0OYLtVa8vACYWF5PF +XpE+xYDYt0RE9+c6j83c5UOriuo7KEsZ1d0JmHy4cck+17GR1TlNiciKyoY7Gvf3 +/8vm/kziEWJVcstgFdsIC1eZmRSJwCSmK3yXs+bejnmWmxHEpUaSDotfFH+U9Te6 +TfBoQFfOZfLYxhYFOPTcvAgo3ru1wxxMyaADZ0e40hPKbpOJrM0fA+GSkTf+kKUF +oHwZi3SZ39SLYTR/GoOKgkARtS1NjQDDjwLUTnKq118Uzma7ZFAkAmwMCF0eyY0o +ZI7NItEFTGH9QGEZosF4n+R4iHpQj8bkZWSt92K+j9PxqNSVesAi/uluj11F42mt +yGhSdFVG5ogemvS/5Uad797V4QVg4mepAx61dr8s8utEJkx1x78XP2bHpV5JxH3t +8zndRtHC7HD235BVjfgkU4Fwq5GElTXbhrVVsgivrerJsgvQGxpMI2rL84geFt83 +/ceWgA40BxkifJgaDLxSeSgt+7d8jWuDBRE/pHpFPI3Ey/0TuO85/D18mSS4YFr+ +66mB5Fr5cNJHC/NvJCgCRPncN4At/UgXhl9e/r/j8ENYaw4jZmiMo8GncmE1J6jc +Ze3V9q//pAb1rQoI1X6Buvp+a9vyFMn1MJ8CO56rwWnv5MK8m9Nx9uLO4Ufstv7x +/fYWGCoHBHsueiASMzZ8bL0hJe2ytIJawKxngUtWfYEO4N5W8H3TqtY1KY3lRqAx +0gTmt0e6a8veJkUFG1JCjr27A0GUaVJZ2gXC8A+QeW5DveMfYLkje6pyg+Opw+qv +5gz4twbCOAFuG+wvraNvHE3HVuqdcdTGlpBaYOyblwlWBzEAVVvsKNtWyXQDlV9Q +0JA= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..cd6c52074d5eae29860dcbbf18e92e03e34a0367 GIT binary patch literal 2458 zcmV;L31#*$f(e!|Kn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?542SI!M2_Uut z0tf&w6b1+?hDe6@4Fd-R2$z{*tqud(^#ps6Y+zT_ZHh0 zJF{%fK!Y{k2OssZcMO{`E5ZPs^4Wgk;;pb_Ato~x1VNTsy4>uP8P9S6OUsM~N$D2N zAg>fcHrsl4ibc{y8S4fpB)mYKNXoiQId(kx!I`-n{D@vDy^GJV1u5s{ItD&5^gEl!=_ z12Q%d-8}MY$n{G^Hkz2ZfRp)v#-q2O9Iw>_l;RJYu;=UhqZ@$DJrtFsuYyuRiw_o|MLxJZDmfm?TT1VY)jGlZ9fcEar{{85&eV&Pxj7}U&>{qL>C%FMFM^za?K$jzCh9@VDf&8C+kPa zf?ca)3sZ$uoJ$1(?0%1fozodY;s;axCRz4CTyN*dzH|o`gFOAck)POjcv^(18Dkj2T1267Q{vCp*OumCyzPEs91SWIq+E%y6; zoL%fV*XKjfY=3?>3jR-olDumyR2JV(i;eq7NFU7r>g_(x$?{vhB7Il(`G(-`Z|(;pNmnK1Dc4MNce-r!`5s_(EJACn!x zLR^_tPw}so@W^Oq;yuOl==%fcHK2zFa*A+-t1!=twQHa|KrjvpxZ~PKnM=Ngm+|7qp@U4evWi=%3bD;Z@OKb3IP+Ld0bBnamNit93eGnziCl{txhn%eU zjWJa$0JA}YkUyNZto4`=neK4-Vsp~5&IP|zaG(1t8&fmL79o|n`(Z_hLGJ@6Q;x>X zRiG<4!nMW0d=1@p@5?i1eX#MjP%q1G*+VAT530zd=i;)tlV(lmpweAI4D)FyWp=>8 zng?Abf!j`TLD*x|j1Jq(s-CBB)%Y84b}c43-cS*d_l$sbHiJQ@3C7Vj+zDgel_Z?2YtJWI!%KTM{)GeF--7S-&FrOdi}Zd-fc^NX|RU!JJ8&2;S6eZ$?7RH zFjWY9|L<<0sYU#S{&{!53YZ}4k4aQVv6=@M-TzUg=}TDckWX`w=Pb>VxK zT{37HxQ^G=4cW)sDV(uN;{|d=I$HO;&%jd?z&zr?pMkrqAo@NhuFzMQ{C7 zv|axP(HneN=t+BFNMI^z^6yqQU@-A|g55Ci)`>I1d-l^Gsi!x7&tb>K863Md5&EfF zOGGoq=@<<_`ay^etpqGO5KEyGc*=rZ|66?WXcU8qub@WVlcKNRFF&_YyF`+-e(W%0 z&sl_FB}KLbIF_3mB~!UM&AZ!R?$Jo_#nX&>u-bN>p+0?gp1Cvf#l0mt1X$^DGDko4 zVtBlm7{LYcO-A0`dWlYN?grt^E?*6ELOrIZ-if*g$ zs5G(0EO*yi%a|tFqqt6`?+$6;Hod%z9?(5zf}6%oImBqj3=MyH+JojNmcV4VTy z1?&oMpUT$V*YO+2M(L=i)Y{S z{}Yuz4klz{AWt$v-T^&oGn%#w8rNwI2aD(fHy(#geiw^5x9mtlvlqTRwUUabvHn!N zUmI+oZF*n;Z4|g3&gP=9L0mYK>>eJl%iaD*Cf7QP26(e7Jd5;BkXG~?x5#vRPd(uW zcXeXWGLIBW72+%D#gm+r@I-U`KhziusS%l|6jQZLkgeIi?~oH~cxgYLO$0S$nwrQ( zlYUbPQvMg5k6Nr|SVv%@#m)Ss+LX1-*pY5%@+vL}P!tWYZ`Hz~@Zq>@IvzjG9Negr4;S!a+*b&9R?D={$rKF7sL%C>9nTF(9X`j>TcvsM{zdSyN~uufOvhm+;u? zv4Q7vT|>=w5BjG%et2;QN~h?41LAGOe~+&YUlb8aw+@o@^$@dw_^5;!O~#+F3A;Wi zvbkWuDl&Nfq2_fMdc(mNE|Lv%N?MiA=^v;hgcbDd|6|<23Dx&-`>9rb509tb3U;&# z4ri>DqxoJzzuZFX<)igO2r){dS2?|wG#`Mvnb}oCNkQzz{)&9+cGCYn#{7Z@pVD;< z(A7T?*2HAN|C`h*Fqw;egP`(ZVBqQP$zL65&LNQU&4g?4T`i6u0kewj{ z0tf&w5e5Y-4g&%Q1PBhXLlt(=(;oza1jsmR4ec7?g-Z4LMT&5oZxxtF3cMi8TfT!12NNIEwb`i-&?x1)FZ3S!Al_o7YYR#3~^IDEGr6AClJP2MnYBayV5WIrC0iMQ!9vV&s;Vk5jv zhPrjXm9aZl&EiCFce!KcevO1FAOm&81AD)`CBm?86JmB16)~3 z3y&nL%}>%iyWA3!ehivNf{vy|%Ouj(kQPU2XPUTn2cJkPG#%b)$XI;Yc|;hiR^LU5 zy(>t6ddEG43m);SDgwQji4CH=wA%kyqwSIA^$>W7?-U>I=Mev!IFF$@Z{SNi>VIHw zTQed>;R{A#F#;=8VbnUBGQwTcF>QNAIVgc~4K2JL=TxhSrwEh_jagF-)>**KFptC7{Enc}C{rb-mMA_d2NBSv=dF+XCfo?& zjHiqEwJQUp#;afJ(5vh7W%rnGt5+{$?R6}K1iT~8uK4+KF_m$NO*x8RB=Ckkv&>Ny z=wPaNNBF)SBH+XHEdQ`*1BjUKx+taXCa{Gq4i`~triyr~>7YUD_t-TLJ^c~3f#$7< z`Qx-ghk@~AJ^Ed}`7TaS1&XDD4o_M2cKcZjhoGCQ(F8<05a;fJNVS9wY(9HBzK?gN z&CghKbcXGUxGnEl0;y(^xws@hg*AJ9pg-NX12Va z#pFv&qZLE3cg7{cuR>_?Y01EFOs zQNB@k*02;2Jgk*hEcBzAmqE3{p~55Y5)&5l&z-Zz>ur`9dX-e3wY(X{wL!3`_AEst z7Tz(&>^e?_p7t6s!OcjhOf8G-mAM{b=UI&EUzGdWsFY1VbAx>(QSguKb_tn`)3= zetB2G=lTJpW-);N9a3|?DNh>~91On~gM+YO8)W&q*Sr=g)2zbnLS4E3tw@kEIWg{I ziU5{@`}a&39t$qnaHrSJGDP#q?Vo}aUVF?@itLB!5J8EzuQ19b*)CtUs$Ocz$0Y<7 F_i1TAcCG*b literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key new file mode 100644 index 000000000..ca7cff402 --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIEDYe4aq4yfMCAggA +MBEGBSsOAwIHBAgp0IpjLtyryASCBMitqsiyjPiiJ6ci5kNUZdGr7xH5+81sTFxC +Zhbf56sBQnE48C8HY65UlxJGxHUClT6bgybYu6VMgcQGInOW4DjdV7u+vDfNhCii +uidpEDyfS3aQMLByHkUcMpZiGl5KDwf46fQvrvXlBSOzbc7fCPxam0x4Ix8M50qd +3vNA9Eh8X3ReRBtDLma3bUKU+Y6Kk0yyrvZE8H0+UFj71UaHPFUvmi3a+v7MUC7R +4HQScJGprzSVcZLz42/83bGqjgDAdD0ryi5U4akMBf1eMjGUjoy2wOjQtQf1Px+s +8e9Ub8JmGEU5t2h9i4oHj67nvw+8suF9q9zRYgqDXodCnRltpyuvZz8916FM+kG1 +RR2/9xKEKbEfpNDaBmTbVjnwyrOAULyVz1BSeMEh6Tfg8I/fSU9VPtKk0Wr+bS6Y +rd9GLkAEhiML1ZN3O8OnuB+e8UhJB/qZudqCFsD39IrCEp048yYMJrhPS5wHUI1D +rUJWw3J5ziwClSse0Y4ppTOvfLfA4yOFPgp8nB9aJcBZ8fhkGtz48yTHDoY5RQiQ +RTIpdYqsGXJXnDdJvGOHjsME+4C5dN1V2+3EPtu6j413Ctc6Z8D3K8/MYPhRrMYQ +40WpQbWqUjQToJcnLrrgn1F5oAP+mnmd+nVCkX0XEaoUhIm0VXOHN8ABuq2CGf8N +Hw0+MPSE9C/PxZsDhvKHdMOUm9SN7SFSyrUv/61NXNPhy2Z2RgOcuLJ4hw4969tg +T0TgdXgb5sgEUq7ln3D14RIabR3WBdMB2502IM+j5cDFK+lNR0RtdCiaXI45tBol ++V77k5BZ2fkdtKjAxoRKztIbIUpaX2kkXXBQkpQ1pGItskIBKCAbTy9AF9h4Zr9l +Kelod0A7Ekut9gVngxnlJPAtjqHl1oNqAjGMIPoG4WSvkun6/Bz5xSii7GOlXYQ9 +xnYfQfEV0qFNmLoSEAy6mzpeY69pxWzAfnsf8AZiqCy8gW2ggx78HikxW8opXDiY +KdKpUxc/LhAKln/QwEqLnTl81sqnviCGO2g0lsXE/+h9TXd3Q6sgFR1jjP2+zWAi +XUS4Lz3dE1W7bNWz3DrSzCnoRTWNAZYPjh1GP6R1SEkzzZtM/yLR/r808kcn9jaU ++EisB+kYdzIkOVe2pKAB5JGpjhjkZVN3uDkHbuEGpx5F2g6fAPbIY8cXOjcaipEu +mY9qO4/iVUv/ToILmvG/dXwO3o9vXHT3NFm5OKi+y4nMvniemui3FnwJC7O/3OPk +uy2Z//ODIoE070u3rSR441fIwS2rSyFmHQ1fKkHoYoq0yK6MSh0I6Y+xkAhNn5DR +ojDOP3N9H6Cu6V3+r0PXxsFHmyj2r7lxSS7imFuCtFYHWDbO4ie+W+tzebVHZxpZ +LWtsOypUyJBHLeg5TrnSnvnnnBh90SOi36CEyzkQHK6/wr64cUw2jS1N/DpxbDWt +hGAjmSYj+iNHA0BjhPQYfvKj8xOW7pHOWZWnFFztJ5JLEta2NShBF7RMdgos5MbW +PeX5r0tHAjGnJR0taH5ZJWs1uaJVtSjke720le3v/7e9lDkcgItgef48miGXzHUo +AG9DMQs7/Smv+9/6mXjKMV+34RLqzWEJbkcdGtKvPn2A5BkkRfXScYpjtGhVPhU= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der new file mode 100644 index 0000000000000000000000000000000000000000..d9561e489ae179da513d3ef483bd10bc29edfad5 GIT binary patch literal 2455 zcmV;I3262(f(er_Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?5KE_EFonT!Mi z0tf&w5e5Y-4g&%Q1PFsEIubxG9UlaO2~haH{sjP{;J*;DR@(^OJ#N?)+@C;=w-M!! z(tfHB1Uc&Kso=5B%_vPr!CP~C29^BPl3b2UC?88LWWPb-_gino=P)i7lyzTcPba89 z%Vw+-PZW0AY2{xO3wHzM5EUOspqTw4R9jcYd6qi{>5a(eal}@~*`je~>T<56bxzWg zK1SuwugZczo`dz+!D?)Zd`FMSl)=yn>SrtwDiY9_@1acheyR<3e?pz(^@p zl*W;a;ff>s3?X%G!O=Izm&8=^?O8o)+*Wgfcon@;L&|)-a!^G?fluS+<0Tr4f?!Z@ zRn(La%CCH0@&DJgEz;DLqk_mR7wG4801@@d;%rb|4i8#-UUJ^a{uegh5vQLNDx}Aq z8(@_}_II{KG3->ZQs=cx8j%KvSzlWD$vMs<2>xA)Eu?Jf-aQF@1M$-mh(^AjU@?20 z!LVb52yD*=8qePMj6Ys=`?1!y;2PlZ>Pop7`W z%E;8O0A`dzG|%$#pUDan(=}kQ>sR%Nk2PLl~WI9YHa$o>SmSWrFw5Um~ zwZ159WBqtP`bc(BsV9;unC|^PpbiNIS*$d0XKu4Wn8(~d9gzJs^>3JoLUfi}IE zz(NDI2w5&|0tUwA6YFRCEr%WK(#F=_6dy?V*%EwiKA?+>hnr}^m`&j-0_B@rhQ16g=G)Pc z55i1m=qH~e+Bzh&L0CjwD>xf@lPnMHn)iGuu5i!jnJQF<{Rc+QdED_RW*(`(Z?Dod z$2^*Ew?=pvGb~{LYX>0^`Jf8bP~AKdHBnlZ+~6Mzwjq zh0ziKNjO6UTB@@jB^e7jHPk(P{0N_S)csk~K7#xGuSTQu49{m9;n)I*j4%MV)aOc3 z6^@$JG0xWr5QgLuP-fq7{r$gnZaiVtpK&SsMT6O}pH^*`Sm}BQ4|wxqq>f5=hznqx z0lFpubVk7fBNFtzPZXeG(JeLkYn-B6-o>wBXR5EcA(;R@Dx!RE3616IY6W(te9U!N z*69e7aX{#Ix|0YuOUI`3B2XqF-Lal3xbPAtMQ2n-Iwv%nD(=TSjlJPIihw_&iOy9> z5;H73sh*1paIW>nmkX9X&70%Fwqd8r!b3p)lZE+Xm|t;rg4QwpjV=_o;()1cPZ3t9#78c5*kJ_9v|0nk>rQfi9-!uTr6YQ+G~M{Ba9;jfYNVhhBNkDwxBQd~ z;kU;7PuA&pbf%B;@m}H{`T`a6l|sQK!(_fwh2unvAyYyO0|Z&;#WH zV|duS(!EMjz`u~sIPup~sJKBh7ba2~RHvUnu%c&+Rg$0%4-&igP&s#!QJY*Gbxa6o zBLu(_$S;si0hW0Gv_A*17e zeH6GbdbqaA$326;A)IWGnymorEQp|1&apMCG0j6Y%3AT3D={_!y2BdAy?NV68u`!6 zSG?ah$fV|rHA%c@{!?$;BJ|+j^7^>~JG6e;v%j3aToNl?Hy0k;n@%3fX}Z)I@{2l+ z@Wk<{71=jI6gKactGgwC8i?<<)wMFN Date: Mon, 4 Sep 2017 13:07:52 +0100 Subject: [PATCH 244/493] Adapt ChangeLog --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c9..b45b98481 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,9 @@ API Changes Found by James Cowgill. Bugfix + * Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys. + Found independently by Florian in the mbed TLS forum and by Mishamax. + #878, #1019. * Add a check if iv_len is zero, and return an error if it is zero. reported by roberto. #716 * Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD) From 9c6cb38ba8e0ab9d0774fdc6aa54d504e4616ea2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:08:01 +0100 Subject: [PATCH 245/493] Fix typo in pkparse.c --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3368f5bb2..6db9a5a9e 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -859,7 +859,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( const mbedtls_pk_info_t *pk_info; /* - * This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208) + * This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208) * * PrivateKeyInfo ::= SEQUENCE { * version Version, From d16f6126c7ed40f7f5bb063ad5319229347771af Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 09:23:50 +0100 Subject: [PATCH 246/493] Add RSA key generation commands to test Makefile This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future. --- tests/data_files/Makefile | 197 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 197 insertions(+) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d435..fa7e0b4e8 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -64,7 +64,204 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +################################################################ +#### Generate various RSA keys +################################################################ +### Password used for PKCS1-encoded encrypted RSA keys +keys_rsa_basic_pwd = testkey + +### Password used for PKCS8-encoded encrypted RSA keys +keys_rsa_pkcs8_pwd = PolarSSLTest + +### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which +### all other encrypted RSA keys are derived. +keyfile: + $(OPENSSL) genrsa -out $@ 1024 +keyfile_2048: + $(OPENSSL) genrsa -out $@ 2048 +keyfile_4096: + $(OPENSSL) genrsa -out $@ 4096 + +### +### PKCS1-encoded, encrypted RSA keys +### + +### 1024-bit +keyfile.des: keyfile + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.3des: keyfile + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes128: keyfile + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes192: keyfile + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile.aes256: keyfile + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_1024: keyfile.des keyfile.3des keyfile.aes128 keyfile.aes192 keyfile.aes256 + +# 2048-bit +keyfile_2048.des: keyfile_2048 + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.3des: keyfile_2048 + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes128: keyfile_2048 + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes192: keyfile_2048 + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_2048.aes256: keyfile_2048 + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 + +# 4096-bit +keyfile_4096.des: keyfile_4096 + $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.3des: keyfile_4096 + $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes128: keyfile_4096 + $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes192: keyfile_4096 + $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keyfile_4096.aes256: keyfile_4096 + $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 + +### +### PKCS8-v1 encoded, encrypted RSA keys +### + +### 1024-bit +pkcs8_pbe_sha1_3des.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des.key pkcs8_pbe_sha1_3des.der + +pkcs8_pbe_sha1_2des.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des.key pkcs8_pbe_sha1_2des.der + +pkcs8_pbe_sha1_rc4_128.der: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128.key: keyfile + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128.key pkcs8_pbe_sha1_rc4_128.der + +keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 + +### 2048-bit +pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der + +pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der + +pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der + +keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 + +### 4096-bit +pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der + +pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der + +pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der + +keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 + +### +### PKCS8-v2 encoded, encrypted RSA keys +### + +### 1024-bit +pkcs8_pbes2_pbkdf2_3des.der: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des.key: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des.der pkcs8_pbes2_pbkdf2_3des.key + +pkcs8_pbes2_pbkdf2_des.der: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des.key: keyfile + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des.der pkcs8_pbes2_pbkdf2_des.key + +keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des + +### 2048-bit +pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key + +pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key + +keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des + +### 4096-bit +pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key + +pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 + $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key + +keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des + +### +### Rules to generate all RSA keys from a particular class +### + +### Generate basic unencrypted RSA keys +keys_rsa_unenc: keyfile keyfile_2048 keyfile_4096 + +### Generate PKCS1-encoded encrypted RSA keys +keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 + +### Generate PKCS8-v1 encrypted RSA keys +keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 + +### Generate PKCS8-v2 encrypted RSA keys +keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 + +### Generate all RSA keys +keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 + +all_final += keys_rsa_all ################################################################ #### Meta targets From 8fdfc98676e868bc2057afeb73da02abd869fec1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:08:14 +0100 Subject: [PATCH 247/493] Update keyfiles This commit replaces the previous keyfiles with those generated by the commands added in the previous commit. --- tests/data_files/keyfile | 26 ++--- tests/data_files/keyfile.3des | 28 ++--- tests/data_files/keyfile.aes128 | 28 ++--- tests/data_files/keyfile.aes192 | 28 ++--- tests/data_files/keyfile.aes256 | 28 ++--- tests/data_files/keyfile.des | 28 ++--- tests/data_files/keyfile_2048 | 50 ++++----- tests/data_files/keyfile_2048.3des | 52 ++++----- tests/data_files/keyfile_2048.aes128 | 52 ++++----- tests/data_files/keyfile_2048.aes192 | 52 ++++----- tests/data_files/keyfile_2048.aes256 | 52 ++++----- tests/data_files/keyfile_2048.des | 52 ++++----- tests/data_files/keyfile_4096 | 98 ++++++++--------- tests/data_files/keyfile_4096.3des | 100 ++++++++--------- tests/data_files/keyfile_4096.aes128 | 100 ++++++++--------- tests/data_files/keyfile_4096.aes192 | 100 ++++++++--------- tests/data_files/keyfile_4096.aes256 | 100 ++++++++--------- tests/data_files/keyfile_4096.des | 100 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_2des.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_2des.key | 42 +++---- tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 1262 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 54 ++++----- tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 2422 -> 2414 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_3des.der | Bin 1262 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_3des.key | 42 +++---- tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 1262 -> 1262 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 54 ++++----- tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 2422 -> 2414 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbe_sha1_rc4_128.der | Bin 0 -> 675 bytes tests/data_files/pkcs8_pbe_sha1_rc4_128.key | 42 +++---- .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 1254 -> 1256 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 54 ++++----- .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 2414 -> 2413 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 102 ++++++++--------- tests/data_files/pkcs8_pbes2_pbkdf2_3des.der | Bin 1298 -> 714 bytes tests/data_files/pkcs8_pbes2_pbkdf2_3des.key | 43 +++----- .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 1298 -> 1298 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 56 +++++----- .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 2458 -> 2450 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 104 +++++++++--------- tests/data_files/pkcs8_pbes2_pbkdf2_des.der | Bin 0 -> 711 bytes tests/data_files/pkcs8_pbes2_pbkdf2_des.key | 42 +++---- .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 1295 -> 1295 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 54 ++++----- .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 2455 -> 2447 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 103 +++++++++-------- 48 files changed, 1004 insertions(+), 1066 deletions(-) create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.der diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile index f54d47aa7..771b10ad6 100644 --- a/tests/data_files/keyfile +++ b/tests/data_files/keyfile @@ -1,15 +1,15 @@ -----BEGIN RSA PRIVATE KEY----- -MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF -UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y -pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB -AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo -iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z -fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v -3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6 -ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O -pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz -JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP -CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr -JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k -+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA== +MIICXwIBAAKBgQDvJKjZuDqQ2agQjrRv+p5X62dazZ6YVmDiwExrOOaK5Aw/FZ3Z +Ap1TA757ztYlgZNH/lHg5JLM/dSdkG6Q1I6cTC6hW79LHORjUWjkIoCsw3lPd4Mc +brIBdp3x0PwqgLGnEa/dwFX6hjakG4aorygTzI0OwKkBgKwJOivjRqLqMwIDAQAB +AoGBALoGZmKWcNhkt9vJZosFBU+XCtsTwB74cn1w4QE3Tf8UzoH0Ksm4wvDkpLRi +fSrH1O3X45FxvNBBU7cNtzRqZFOn7VMsZZGqBPQW0StBjsJH5dOIRGkAWXxOFZM+ +2nrQi9TANPA9bkYSziV3GFQJdGyDqa7OO5FEXY3g6ixCrNwBAkEA94vFPuqEWKyy +rW/jDqBF/1wTORJnsUjh7uhMjjMkeURVCZUifkvQdaX3t7s3LC/yxL/nx7fCEnLb +JzT0i1U/swJBAPdPbQGw2g0oafAX7T0frJKe+cSOjEMc2id3c6AeHvDgfSL90zWD +aGMZQkmnRbbo/oBtv/2HvKYhJT5pN726a4ECQQCmQsES9c44BJ3pcRmObEU3Mq9S +iLMOVoYwwOMSKvVXYXa//eNx8hervPH4/AwdaILkdIQHFruJSo048w9AOdyTAkEA +mVBPz2CHjOik5AaxN9dO8IZFaKjGI0TbqOPQdk6197XzXaHlMaOJLwYVpftgqIfA +XnWrM8zWElcx84Le32uWAQJBAN0X2SkMv/MWch+AA2EsY0ALljCmMCTNp6LaZr5h +kudMwxesdaCurkUPFIBm9PCsaXHTWWFD8pCCWUz0FPpg488= -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des index 638c19afc..b2a99e28a 100644 --- a/tests/data_files/keyfile.3des +++ b/tests/data_files/keyfile.3des @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7 +DEK-Info: DES-EDE3-CBC,AB136F328DDD2C0F -9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w -uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d -aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4 -Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw -JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E -P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P -zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF -3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE -cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz -0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A -mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs -JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY -jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ== +3GKW34v4i1BywDddKPMXBIfeM85tay5D8+LrADXsquyBUVqioeqG/Ygz4ZYkNZ9K +5aJUwCa0TOdn0eJkOLzZOUL87hECX15vrPGfUNeVBsh9ReFhCwqCpCc8dWLlnlBb +WyFd5HTqikL5D2/e/MYgyMhOaBkl4ESTEZ1o3G2h1bF24MDbTEVjwK0oZCyoMbKe +GeC/GN/D2lizQ3Yh/hYb0N+d1f0BUtZsUZsx8ml7JCm2zdJnMPviQaboeb++zbfO +nI70ZJ0yuiUcYd0u6uFAWMX+Gnf7tZlk6k/gS3Jjyuf9YyWq2YnFfxZiA3FsglqB +qygFM4IOGe6PF/pGuJe1daF6/AAR5Dn6S0T0sscgK+5GhOUwF2PhsDcbeVT66HSI +BGbuEg79ujmgursuPGUAxsvi6r3yC1D1z+OL1+xlh0sWmFNjmfop0MSkM2fRvNRt +89yVwDHKCxM/cz8dztQFuInszGOhDyJ2HATpmdEiT1h6Q8azP7NjnUCXV0OA3+Uv +idxumV9JpG7JtAqiXcptgHkADYMgxqYoww7mwoo+2lyjbASn79BYZmI+3tB9BuVk ++oczQchP3OouMBI7Y96s1xlsKlDSXZfRCUuGBx4aXinu6OUf72+t7ipM+1x2ynxn +2JYg15XoRV+kEpHvnLR9/cDTuhdlg2rzo5zWRDqabxDm77ALd5SXp6tEkSlIm10r +VsahTDGDVkbaqN5VUzLd30YNVa/G+s1HSuSGPNyIlSaG8+ckf8gyfdhDR8QpCWvM +1682JZ+jwoHWDWXIF0XBV9BMO014qR7VA9iPIzEF/K7dfKiTzxyyZA== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128 index dd7443f84..9f516e998 100644 --- a/tests/data_files/keyfile.aes128 +++ b/tests/data_files/keyfile.aes128 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A +DEK-Info: AES-128-CBC,F7A9614C20516E29ADB2DC9D079E3018 -iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI -tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg -flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z -Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3 -j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ -3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94 -F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ -66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ -/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC -IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9 -drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G -Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP -1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs +j5v8fB9pDuTc8t0D2iQpndreTtTNCS28H8NK6Pc3ad4I5ERNT8V93QTq5NGf7lHJ +PCjcO8GMPzKodDb70GEB81ObBcHygZutW3Byn9ENZoIQUXxaW3JVI7d8Yg07c5Aa +cKmrhUk8ncv2utbitfzEzTQsargP8Nbm4I8iroFGoOY5GKTBdMaImcmqyL8c64Cf +vU4boaK1+OWBjE6R2POFpZVQCeNZpcsWTO6vEX0Z2+PCnlctgmnO2DAUxSeRr8Ie +J2TDFi1+8z8aY6SNFcsymn37SeNXfi2u97VEE8oWG3snG07iOxCCjQB+dZ8t7f0D +qHcybxcuTffIeq4tPygwX4UgebqoVn/DIq4m2GV72CcNdgFE0mtsPlXXEMUFgIqy +glrxVkMpJbpKFP1gsbWx+ID3gchowkYSxnpJFDk7fPR4H/vGFGIBOk+6ATwUSuy6 +eRqMRQExweGx5lWZbGtt8fbwoEEDhnlxyy0iDgAhiORi4tZmramx/M9N6SLMb9sB +WmdzF3ln6VNw+mrjnpImJJZjQE7Nd+cdgkCzdFoTn7B+paOsrGeJx5RvfOdsL4Yl +Ls9DWvDfOydk/zxr4Sm9xPYX6oqZnhUFrJqvT8ION3IZNpE88YZw/1UFCH88p4/0 +dwNsE5LDkXkBase+bek3bEN0mH0oTIY4PxMiil3tpofUZYE4T/pugMLLWgSEdhkT +2V16w940MdQI8qrGaEzW09b73kqSLBGZOb5CEthftlCts1vAI9KA4CJ2cqcH7x2n +9aYJi9aCNty2PLeuf+MIsksiAQNoj3vhoXVJiBWQSCcAv6TS5b1FjbEWqxHbz6+w -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192 index 96702d8e9..265570b37 100644 --- a/tests/data_files/keyfile.aes192 +++ b/tests/data_files/keyfile.aes192 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8 +DEK-Info: AES-192-CBC,9831127EF949CE8891358563737C8475 -R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+ -ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu -zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs -mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb -IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h -7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM -ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6 -3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD -9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw -JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3 -gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH -dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE -Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc +A3uLv2ThHEmFGS7TOmSGiLonOVoA+XNEBTlWBQP+I5OnqwrHsMkTkapzbXRD7eSE +QYB86HPYN+WbJO4TWVnOoDcZtlcUCTfFtjvLst8QkhPbmx/xfmwErvlED2o14fej +BawhMCLeczK14m/Nbe46tTGTqasyjTl7eFvyQ4TokadkyFK3kDX2DvtrU5pHIRbm +flmJAjMC0kfioXzx7TrmrOOvY8pu8qCTkuiO6EeB6HMboy/W3amnsP9KmmBv1NHL +velzzuA37tICJdq+alspf6porlN19qH2DQL5h1lArP0qO5JNMcHQGp2r4b9KRGdo +3wMMbmKztoEUrvAfZcuJQgQ80aYWxpsYb91WT0hqRoX9q6HmyuELq+/dnfpwKZmo +YlZ3aKeUvGFOxdahvNr7ywJ+lMesCxiW0E44t+prM4pJvrQ56JbmXG21q8BDLOBr +nOt22DAOLXTOctBgVSDDPKuo1X+cp5F9epH7PPbE0u0XFXA+8VgeDUGXolXtwfGf +UjtvfPQdrbM8CduT/7TT1umamqYkmI1FkCQ/HMb3LeLXoZBqEBkj8EuVOZPLOIeW +/rVOk9TKxOSdF+bQ5aF6VXbJ+KcrbofCA6PgJMlsIkz3WMwQ9JHgTlyYC+7m+FfA +pXg4/GB6G9Nl/WDJD/xVapOQ3B8a6N0KYHW/yBbEA9jjlUTMBmFM4+ZZagITJnNP +6/yHsF1ut2E5Gv76/35zs+Gcgs+vk4rNRVTX54lPSFwHi99450R7Oj6hi4398lq7 +dKRDezJJt/ROSlzCjVzU53aBnR1rIELa1L9F+M15nhqSb/ynUzB8c9k7UGRUBDp0 -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256 index 5df09cf47..6ec7f94bb 100644 --- a/tests/data_files/keyfile.aes256 +++ b/tests/data_files/keyfile.aes256 @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A +DEK-Info: AES-256-CBC,858F24A86BA1DC0D1FB4EAFCD5DD9609 -p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1 -1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd -qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9 -sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy -klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j -uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU -YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1 -dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk -pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG -ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S -5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH -RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji -3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q +7kccrTo2XAy79ZZsAhvkOfav9jShAUXiw4BpsII7s+wqvfsLPzJHfAJcKZSO4Rp6 +Wja5xdqAPhGO/kAMkfggB2g0mXnvDxc65Zz/NOcSNQhoJ65uGMmrzdMM1zY1NR7d +bufwqH3jDM669W/LhbKJ5csJIekKwmMjqBX36K+qCrTI6oooZ8ko0BuyW16vVxfK +pxG//gyfMgoiEvyW5k3Z+pgC4zeG579bi7ki8O2U4dtNJQ7i+6boWEfUmtNoRZij +6GFdqoW+vfXRHMcr0uHDoCzTp3MCuon/lI7uzeb3rH/tgMp52JomyLFJ+wG2ichA +ERGFNPzjX9UNEUP/R3Mn40cG3L0f9n5XJmp8N3xp07BWuOcUQMTkZrI4R8s6ZQaj +p6GFIOJ3XKrJg1uw+onV5mwwmaGJ7EVMPsaCsQ+weYyefYyymSqA/lHVg1pMFoWN +k1sSfmioROdyu/s/Ezw/yfwv0+2zNkpg5b4H6r4/gdm6LWIxF1wnMixENkhzPfLz +kwhS/53mVrReLgObYx/+w3VPC7PHGNG1TMVmTY5+5o7Dd979v/nWSUCeG4jttuit +6KjB77SQcBWvF7vVBZUmcS0Z0mkJ+F8OR4VSlALfUmKxfD35Q0oChZlyyDxt3xDk +sbJSlaiYOJyt+gBmIAzywug+1+nBcfD2CVw6Jh0Kp+6m4Ut+p8/8GBjWXn0w4nNF ++rH1Y19HVdWrPMdOrUhVpYdiyebVIRW9w5ml+USAOeFfIfZMha3wtGWVXEmH7NOp +wZGlTdZXZ5j7VXIBYtGDfTkuITtZFCFXIS4sdYaXNUw0golWc/BAVsOkz2cVEI+W -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des index f23230559..ecd5f0b56 100644 --- a/tests/data_files/keyfile.des +++ b/tests/data_files/keyfile.des @@ -1,18 +1,18 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,F87FE1C0FB9B3E77 +DEK-Info: DES-CBC,A32BD7692C82A0E9 -1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG -JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6 -7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8 -Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO -vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM -pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK -St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn -Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR -cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy -0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8 -lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp -FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv -VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ== +sOwd5YFqP90s5t2qqblAwEbDQNmC0HWsNgbV2Fd1gunftZarO/L32SIYEkdEUNk9 +uJuyoImiyiJN769s1pXUIW8QyPzl2Pk+lykB1XvaVvOzcEhqRAKeXmPBvAT5GXJf +kqARjcqVnZZv7pc6pWwQkrGigXFDx3Wy3U02rrBFWiZTqgraiA0EOMZ/CU9bDZBm +nx2inK2rw8G57JxEzn9uDyxVNJdf1xL0Ge1vNOJcnQWu0cNnIgMZCYPx6L7MubcL +BN6wnJkZgHCHfM2tfJTXVaRGGy/0VSICwgUm7UyU6MNa9KeuLDuiD8Cy9t68he+e +9XVfoz41D81+2Q6YKOsc+xws4WXnvMsXLzDr1lCxK0B6VP/G30Mav+DZ9HQQOE4a +CcPCM9ep2Fx77ihkXhbuurbUsqZq0b2httFJUJ7KXzwHKi8fzN86VlEnx/yMtVKD +Y7zEMo+HsOQGHSN35kJvZyrrve3kW8IZVJhr2si52KLKCwUdObHNsMbKbRsiHGy7 +ukwEnObbrgAzI1rme0Xkkz5ayRZT/fH5BVIYEBvlRGBPE2mreoMU0BP0cUXjZPio +KcYla15Ay2pa3RoaoVSicuxe4TmW9rY2oqMEkGqLwuGmWl6H/qnpakR5MX/edpky +qIo51fHolYpPqGlo0Q+3uomI/l+rILu+nl++9v63uENeP8YYPFfYFOww75i4Zi4T +P5ABY/dWZkEPU5Yah3pcOznbDZzkDhorWZtXTMNvolb88D3zUY6W0TDfA91w3tze +jz977r1ERLuXD7cHjtNK/6QsdnZGZx5pAIx7mIGBJN+5v/HV5tS8YA== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 index 35f6ee815..7babef484 100644 --- a/tests/data_files/keyfile_2048 +++ b/tests/data_files/keyfile_2048 @@ -1,27 +1,27 @@ -----BEGIN RSA PRIVATE KEY----- -MIIEogIBAAKCAQEAieB9VRoWSXNwOBE/oR4/BhFEh8goR4jIysmjU2v6+WU5Xjtj -/G0EHK6OKpqUNF0mtBzeckZokzUOFt14VghYrUQKwYGb5Slc6ghXaQLeAkr0dfKx -JgTj6t5mMsqV3CrCFl/P6DAEyRg8paquPPYHczkwM8UZRB002IoYNXpLafM2XTnB -TKlskSWU/h2JzWrwwwZkMKyHAuIQ44x8vEtqSJDmX72qKJgsXJN54Yh1IPnMxXam -St4FtOhJHDHDQRB96tpzU9wGIcIFzuyOP7gUnisyobt9Xz0vc+vingOn1jKuQlyS -3fUpJHbGvwsTndLVsmbnlK9hvu1CAUb41PBoAQIDAQABAoIBAAjSPRKRzbU7VoWv -zNNhHQUlW64YR0N0Y+xdhD6VHQSRzl7SC+6dhvLS1DOzmiHTh+NkKXNEP/KTJWif -GNDgTdQgE1QYF8JMqC4tBHKqhUu+Qe+97EmTbIWdXwqG3Zmtfqdxz9p6IARBsbej -uOwbjZR4pzXYuWobOENWaoAZZ/PKS5yo6oMTgmn4navy2QJ2f7fduCF4YmMXRpnO -ORhAx1HCOgymPEhUzXaIiRsDzqY9nVxpz/S4UBw61JL4zQHTJpFe6EQokAFgsG6m -22cEvgdTn7cnf+pzh08XByXbD+WM9CYxe20GhtG62YY1zRTgK+9rxhiHobmNk7VU -YWQDEYUCgYEA/krm/p04dYRaRXcSOCdei57+R5toYYEH7g2DXaKLai171gUzc1k3 -z5TdXGSBBsAf59XBZ/5pXUgHzoOvd6d6aaVey7vkiaZQy9k0wbPK3qgFPhK1YbOc -UbMVEigtDLg0/5ZQ725mfXSp1oUsDbGEVTkeTakb8bTNr6qwtbzECP8CgYEAis17 -qAFQRWoFo6AqtAyG+xFC6C/ih5eboq2wibusXfloeb2dBd8ARpjSZ8H25+8m+Atq -fZRMzMfKRGRI59w/a10knRaafaVYFW27lMAuG8PcYeuRnM2MH1lFTsnWArBJKd7N -0FczGVMEufH9l+xaLLt76o3f3KTBScAk5tFSjv8CgYAa5qebJdy0KeU21graX+fT -k2VJA/q93d2N5GYSQMDI4bjpAjHYMQcDcbcdMBCqOybk6qsEKljRIm6Y/TtRyCje -Bj2KBf1+Rlbjyb2YBEIg3dt4HpiLlmmiBvTir9dcMhyBMVCsk5xKB050QDBR3oam -UV2QT6SCJGNiAwegojCG1wKBgDbLh9V7L0U35aICyNjrWR4kYlVnEfaVU0uVZev5 -usIeg7ALusFml6VHD0kGuYI2Vxv05cVNlkQBW0hEjsN5n0+zJZEeKz8O1wcemr7O -X2V2nLnLVWChhH+brlC8PVAyZ6+v1XA5/GIy89q0PXiMRc0C9phSCd4A7I1A3VCB -siXhAoGAJtiHq2Hy8Oh6JK+vEgXTyxYkqc8TRQn+sdg++9ObBv58XDGCwzvkK1J8 -NCLV1R5tOssownh9RkGbZ/qrhVxreUfSXa3tCuyF7bD0URULhCYCS7BNwVEHCUol -BwAbLAtcDnWZsVkpyCD/d8SUCovDyNLFMxacu3MuZCQuRRvnNqM= +MIIEpAIBAAKCAQEAuhHGZIwzdqq6yM3+ecmqj6DGpBZAYPHca2Dw3E0k/1/iLEXP +n4wSWWza88HneHU6wv/75Zuv+Z/K0ZeZ/OuG9vNIExUEfsZZkUM/cly9GFZrcDH4 +KXE7bxgiDP3zvSzKjPdk5aFZ6DJfK/iVmDCpjngEXsn0I3iadMWMtxokJipoGRlW +F+6b40DMQlX8VNJYU7269w84SmRRBAKLo5ZeNskI+BKpmqInZRfa9yGFOB/g448f +bE2NuV8E1wQzHbsdXV1HpIi+7hRmiYXsZVWIW2WHqy1TJxXWFo2sTOUW18CvNhac +zorRB9lZGT4uzIfJ0eKr1Z4uT/7rl6f/T5QRnQIDAQABAoIBACJtc4XbIxKL2G+b +HcCu/a4Bk3981oCZf60mjKpWY8gUl6aVbCsbIbIGICUF9awmFK9L6fG78r1/QWmy +YT2Y3qoGrYlKVECYtq3YAX9JhXthUhO6Sy5v0w1lK7e3rUeNaBTZGYQbbKU33MAo +CJXWOykvL6/SMif2Aq4kdzrRzWp6EVE73bSiicKCInJCDw+lQjtKWQQp0z0/pRRW +td3SLE0uIgjseRd6IQQugccdWcxqcIdA4u9IFEONI0VA0UGbckM0A59SC0EKL/tR +b6yUbOTkyXPAERVn9LqmBEIj1k3WyIkO+w/6q2hNTcTTTax8dnsTMfdG9OKnpL+4 +EnheMUkCgYEA5qftyM8sDgZsVLg57xfuX6BRiuJjtNwN0bMjkX+HD1FmqjniygYh +LvczUHDf1jwQKS6GQrMEWT03oojd5E/pOB+2RvCF5pPzCZrNNBVi7mSZVDMDgDpf +vIQRaH5VXVbjt7MSMTl2XonAsVtP0N9ivhFF1zbJ9X8UyM5FpO2VlssCgYEAzoOu +YdNqjWsVIgdq8HKiURrbhjSdggPU/dE7/aJZUrW0eAMrUBs2b5OxUzhJ2wdJq5h2 +N3VI9hYyeKzlnGbHuO9Sfxd0Pq2zus4t/tMs9xSy0UnwYfI4e49Ni/aWTVWE4Y8a +dVDPd5+Qe8ji9MCjcS685fbYWzx9CxzidGIQhDcCgYEAw2QMNajyW+srB9WMFjOC +lfU8PlerOQGUn0iOX+nVIq/FNXyV1qe8ool8Ka+EnnoBArHLwGLf0yzdnU0uEwNy +wD107sE/3OUF4+QD4xQe223SyZXxaEWK5ipGiOtEKy649tu2FIbl9A3jcxq0EW+6 +uOHu9PIPwWxm0fiS3LT6nGMCgYEAiOWZz5eKZry5gZlRNpuHJiSbqVdvoiRQKQFu +ty/L7pwtSfEv4SZo64YIYpZJvzwRhgLHOvQwrZEBXCWhABDSDLH5Ce7OTE5xej/7 +FZV/lTrPXxWYmBUthBr22PVZpWIveCaY73PmU/IeoTAF4yFgN0M4TWlY+wIaEifP +pj7rm/kCgYAORhWCosYykYqHKSC+pv0oCg68E4muam4GeHALm1tbPtQhn6C2Q9pu +4TVc/Pp47XZolwxsDPDvKlH6QsbFkQR5OJ/nhD3aVE1Giuv/gIZNk0d5aQMFjn3u +xChnA9dsOsZRDBglKZUMPG3Vz5IrVg0nTkpc1j8eRiiZa2W7gjx8jQ== -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des index 1ac99fc4d..8b44ef6eb 100644 --- a/tests/data_files/keyfile_2048.3des +++ b/tests/data_files/keyfile_2048.3des @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,769BBE561AFA55C5 +DEK-Info: DES-EDE3-CBC,1B629C0CEE2C13F3 -4nlR2uEny6CDJHEdEG8Y3CUh5Pn54k7lCgd9UvP3CAo5DmKn7nGG+1Hvjky+dLD3 -pDCLOKKNUYM7Dx+HWw4SSfQzYfq2NySnTvnkGITEQfoqIBjQ+O0jkgPS2MTaB+lh -Vs0DYz26OWna8OAjR2gxxXxruCLmY4psmqYd6DX3yIlFawDTwFSbbhZpEGtJ/i/m -aQ1aRZGEgCgpmVIEPigHJaDZYUP6pSev8FPilGm9QbGkJSK10HIrBrk3xLAQtZVB -SYs/k3G7ZUNFF8GbvmyYmnx7Pfzsx90RZsHjRxW7je/eY5v7hf9XRcEnefLQ61ux -lfBKW8S+yVZueC34RIupsYKd8K9/iaAwkpRaCyiVNKicBlgoKPYSr3xGk06DMTTU -vYUZ/Usa8Bvc29MP+qHb/D4D/fKZiHJABNEVecWCnCBdZbCgSlrjEKMVeYg3nTAx -VrkvcPenfafuIBLPb2zYUGlehNmd7sWWVqCBQO64Xlmwy6ALpYBwlBUwpU75jB4w -H7duzO1+UAAz0WssleNKKbUc3YLwpojU6/y11bJw51BFjquTfxbkoTuXvALLiPQY -yUmFze+2DYeCRhlz/rPePHh9JzHBnm94vo48uThNzvf6aAdrqgHs5dbstotKpqW8 -bhlhzKdYjIcWV2JXV9klX3l7GA4aoSSlJAmljyxjGYPM8G3Zl0S/v9nUFXm8/o+e -e8HTTKnCUUUGOyForwo2mzoeTiDT5R/L5divX7Ni+liqQXWAnQEsHi+98RfkdDtn -86lW1uqEVLRT7E98fHDdSLtIXRbgBMO76dExWvqwtPPDj2UlOK3x4i4S4AOf/iy1 -+cmoBjwUVDcj/AaBBd9IzbSu/YUKxFNwmi7KPOJ2ZfJncqixoNb2cUPrWg37m7hD -5dodU4a56lUn04phzuem4z4HmNJqPFIDGUfePEQvgbkU1n+38yW7pQeP2xhJEYhv -ZqnSa1HK/mE8dZOldPQtOwUr4FwTc4JQwNW6vRmx1eothOfoaWpMWFPMOfKqL20O -JMN66nIqB7f0AXf+b2kVgTH46di/ldnbG5kj94h4zRd05ZfYJQKFktMYpi5/D+gS -7uZU7kLMeg4Ox5m3Wy1SuvIEvrdUtAULhO9i6DKu1SAn+9HPML3//hAxVmocJa5T -IGSSaOjRGluhbXjjGGJjm4GKP6WWNinprkT9xi46bWOlmi7/r8MMkLQ12aIeIwnY -1ClnkD+8AVDqZait8qZyJ8zYBUaS/v5lCS3tsTmjWfECFOsuJf+asintIWBP9tfj -YJPRxqpQ7+Idgd5a5LfLjalC+nLP6MzYoYtG2/erUr/YAYbr8Nmce9XH0m9f9Qhz -wGDRv/ydOJX+tK+ElPebeodDh7YGnOr/wrwTuuM/EQ4t/gFOYT+uFsrH4XvUAKU9 -TI1PewoS6+hDTzTB38KkYzfYPzVmRPHOegQWUf6QBYyWXg/2aL5am+S82ROCh+M2 -VZ0vHXs6b80gNBVm3wmCej51//biiBUZp/gundDksI4z3ucD6feQrbx6Qhlu6YTF -TW2LtoRtE+LdUkjEBZD2jwQKWIAXxY3/wMBeEo59mnBrbgRMfjYESQ== +TwNn7h27JVNdu/bms41vRpA3vrEtzTbWjdf+3pACwbYWJV4i6iSHoRxOLZLzqDx7 +27pz4aBASEH3sIuzcz8tuhh06rE0L4k69Pct2/sKiEKxx0g+fINBGpdRTdGnxMbU +EbIaOR92b06MvCxROoXx1EsrJ0BSPGW2VvJQ1LitBZrOFVWEKc3LLki09c30Laor +qGmU0LDGTC6gu+ykuEgeyl2IiSv6Jjq58UQPO+pSUrr1WdjS02LWjy7WT/I121Tv +4VepqJLgU+HmIBmrjBhdE4CFI+cM7ndlhboU4mKCrMxGbSYlJFARCdW/Kk8CiWGb +XKXBheyHZ0pxWZ6QcYFv7fvqQNqdvZZyEJBythPBklpz7omnveKYj287i+RbhndW +jeEJA7WEf04AlM1q3dyfWUrvpfeAygqSyaU+xp2c5TpYp34KYd2OGhvCYn9PqIKB +DlkdHnWEwP6IgPDKB9gqBz9ET6ZIdBJ5R0c7FIsR3IE39uRwkGaggQrcHRPzWVgZ +9GwkaH4i2R0c1hXlOCa0CaHqWjAbtiBxGlBeJdww+UZcaV4Q/mCCA5/fSKI+DqsE +Z+D1mC53Qe8TDj06XUiB42J8EjiBzBlm8O/v6HHoXuvR7ijLfaKeCuLTM5HRFyCC +6Fbax5JO1cyt/45DjrWvOnyKOZuzri/ctybeqmLxMneka/rXZsq6I/QqJzflq/PQ +aqrj4c3hfB30cjwkqRaQafPrlOWiU9bZSgLctzPTZycqfp1l9uwnlZm0jhJ10UNs +1crxnWFpwIfLtaR41iiHvZC4CT8WBRgWhUURStd/N7/BLN19kOP0hDH1Qu7Wdw9o +5mIqvlFKrakaNl4cJRrw6QKqP0HpEFcG5cuaj6fM1r7WyDJbZlHibOYYT3ZJ3XCd +GzI57blCRtm1UbffIr08fAOQg+1amJ/Q13RCb1OpA/3I+FCrT0n3zXT1fKwFWaXf +VaaFdPdAfUssJTcbgfjRUWklTFp9/6QE7m34BZwmgm2nNziTjJ+mthtqXN2nNtOx +tr6zFp+Ih4DnJfRQTf9ew5Jt+IceqEwQ7gp+BzidvxS3sCVFxIdN10E31DYj1tS4 +VIMUm6canmvRGMl85i7m3KB154MBdjPBkPnDBaBLkiyFlMdtc5YU08clNqSKkYM/ +kMaOfqtfI8AcfqllQRw/Zyolxd37FhI4rmrHjSQFNsJVcHQkXoRfy8M6rmrp9VnS +hUjPUBnH4grz5oXbZftkgxPI/q4ODhFI1XtqdzBgOvqPNc/zo+tFboad5mUMgeVN +jFvyupWlFRp6I1Bfqmd+LDiv/ufJcLyPEOAaUJ8TeU7T8QOMnkbU/K1u9nVzB+cf +YAwCewn+hrKiBk3c6bqGwObMa41rapV5bgnct7K7GJTikr8B+KGom40GyQtrYlK/ +qosSH5BiIyUkDKaQKZdC/ZZAAXKhvTkOMq3WrF3fs+LdDLcY73lG+LbksxmSKMS+ ++MyZ1/v3+QPSgbPu/9MNsdu+Is7WfkX5TGD55ct1JhEWWW+XJr6LLuLvd87WsESz +fmo4x1dh3tbiT7bYvsTcgcGURaw8lmP3+ohW5WS9Nu8m+7+aVYvRtsIRJ/82n2Fi -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 index 847cb7fb1..bc6c6d44a 100644 --- a/tests/data_files/keyfile_2048.aes128 +++ b/tests/data_files/keyfile_2048.aes128 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,3ACD4E1226A197871FFE1D9EEC0BE0C7 +DEK-Info: AES-128-CBC,09F6885B998C878DA5DB6A603F90CEBF -yCMsLxfTSxyPdDUOtPAfcyMkUT6x3XsTPnRgBWGL3+tR1WviaRivMd0dHDH3gFS6 -NFaWZ4RLqVmj52D8VmHVGaZTup0Xeeoog4M3ooFerM8RMINZq1U0VW7o1BIMcWE+ -FIkjP5UP2+rhDTZbbU8YoGa0Q6cOYGRzu55c/x59S1QAz0M22MfpstNw1Gd+K5vH -jGmvdEkkPAYMh7t1kFMHt8Pt4hyBdBO9xeOJTfGLsWGQl6PZVLhOCH3pVHMSa3Z+ -7yu9CmUmFoiiKxzx4oavwlcPnzYUtnUoh1+Yvc3wzDwPiq4/rVtxMRGJ1GNO1nyP -sCTj/DKRzQY9ca06HRl6KQP4FLILbxLodOHWLj8sAEgIIdpAX1j2YBkvMR2usldD -RwEl6sBrldVz/kIK9BF6ThAFKIEHs6zNhPI0H1KC7AlsWFXxn+mHMwpg04Kw7Qdc -D+1x7EdiLMR8pcHxYYVhfgIJwnkS49wQ2ujn4vQijmWrXkB1n0soxTGHZiZr/J+i -8AzuS/RXwb0XzWD3wUivArIJSG5gF8u/ewfkSQcHrNFD2+O43dApEZQWx6EVPXBA -DDHO1HbvGvN8wvo9SlgN8cL9DlMRcmUp9Y7JYohCq02t8iPwAP11dMUjc6pA6a1G -He4/IB4H4E80Ldwz4L/KiP3LYwc6DoXz7C7XFrYHc/tvQ5Wl99Mk2shxhPmC8t0b -1hrNQFm00kL8ieGJMEi4hcSzG557CK5OKqigUWBb9hF1z/D2hRNt2rF8+6YmkmLq -HJgtyb7I5+u/lrCkiYjiJEJIwHVyaOswaMGX/VFNHXYxsCowslvRKhHGPIFfGzsv -H4LOjGEF7YDr+wb72WYmQ7aMIUTntmxoIlj90WRsZBSzs4WeiIE9zOkAUpq/E13I -fKbxvOSJoNnkQ97sWSq2KkdAa6Cni81c1aVPIBWsfxf0zHoffpHcLEKdGwvR/QOs -79KjkBypahLIqKLSv+/6nUv4cgHryrWV5SGBA2tDU9Kpd9oFIhhRFALnX7iHoY9v -zVIXa+I7LnL7J1vY2r1gybkud/dW5cj8ktBn2cPIKWja7OwdQ0r1XP3agHUng5F+ -fS4KKcqrIJc1u8jBKW2iCZ1blPL1dHnD882IaKbgAimmPPWY2M3V3NYY+U/HCgRn -dPflKeuBx8EVj5RnXJDb9hKyLUHZ7rwWkJl4ebPNKidCbdJTAge5BLQncbOwjytV -M8HdMtk5AzBZ7yPQ9UYrUpBJZZtV4fTY6Anlz5KtUAuQluAAcIMmdSQwL2nuimMt -Q65Ws5gvVx6CA7JVfCgLPt577z7EUNuGPTZ2MVOgsok9KDtkm30QZ7btB6H4eROY -H5qw2z6+m/LXhS7MdlLChbUJYQ3REmfHoiAPt+wiHVCvb+iTkMaWd41F3L9Ku9Kg -4XsNsu1I695Mxgoy0cokJrx75OAML8UMcc3JBSKiT2Tyqa5g4LVitqRzC+Bmywn+ -1LV0FLViAeOa9Znq4oh6YTPnq2obsYgDDWwXLd19T6zZMyIuyqFIKheCUjb8Tkcd -X0Yow6UfByeYxRsEcJ+kOGESjglGHCd1hVP5oaXfopmEHDV6s43o1LDNTO3lE1ft +hvmN7Ox4lz+aEmS3OztRTZEr0VuV5zpVHNy5RJGfyPodyY8ituvU7PsGbgESsd3n +7h0kwWnW8xYkIXGfRPUI/I6ji8JaDsEHAO42rP6FhqL/lF4KiBg3NnydOAO99j8i +MYY2vBsInyxe+VkbanwSAwbQIXoTfgHQf2KMs5HSQ5AHnuyZBC1mEbSiyVtlUU4A +o8HJRHEXQTV+jkfDY8JLK1gE3AhsLXaLrepU2L6ASpgXl4bWc5GpUtVFA7POuIQ+ +Y1V/7gfu6hSXNSY7iW3am9i1eN7fyLcrYTWty/FrnGDO9UBe9XBD6OE1J6ohgz5X +lL9cvSHRq604gmHe4MxN8UHLKVxCP3/xlB8lI/YsfBc3AyqqVjZq1f+fa63D2Xre +rl5xnil6O4mTMnN57RuKInewdTA9cRu0Ex+Ye6ZnA3KMCyXd+UxhayMTx/3XykMu +4QE04te+BN5wEjQ10TbH3s3yYgUjrDQ29Olq/YUFMo0AiZFw9eOlKCCfuD+BBRot +6s4xF6YrUd3bENdqS6QytziTJ4D6h6zUtWkdO9Z28E8hcc4CpPPBwjGMkmwCW2dm +EXkv260cMSPD9HCvG19EvSQoTuhfpO1bLxr1dJJCiU18GfeJOzq9w9mmYRtSluxQ +houae8e+lozcQ1yIIlj5qgHIB0mB9AGB62XIisLpdOeej50pzVkWZ8d8iHynFa5x +78HO2XDf0fAmocHYu/OLSE4FTXXKAidMfo4jHfsvjQbqE+5J89ZcBT1e5vFqUqye +K2iiZacRWrUUVpNMlONyxoX7h8kYyyxf/j4Q6/wIWS5OZGLttvEl3MCN9iNmF2r9 +voM1PopgX2j8GTE+FLRtebmbKZbv0wXGqaJoW6VBoWd7KrLgig1UeYagwnoiUJp4 +TgcJFJoC2Mzaeap2fSph+Zvuh4PMZnWn+k1Xccrn/DPrOSkvZZQErmwNpHh3qonz +hYN4IChtOgviXungpmVMHFWcxQg2zYu5AKO68PXHvYY8LUnS+4GXqGlkcFrY6eV1 +w/tlM0HuvqaLcOk710cVpc6vC0sMtKrf70nRKm0P0SIlxcnVJuk9PenpdrMUttAD +27ey//ZVeGSQ9MZfpDKcvXRmxWUv9VLESF3XeqnwKkLqtXRTs3GYX4xnbHkSjkvy +o2uFNqBedABVSthArwWBCYX10BISsbN4cM0fNoxDtSmr7gOt9bxwNeauATvbKWYx +MZ8c0My2PDz+dN2sTqUV3IyHOGrPxU2R0V9VlyhTqRf7J2E4KpXeso9nJGGMMIcP +f9luT9BGtmAWBS7t3XE0TMTmTuUFHxQC1Yh430yAIXQtHQNYtwEna2u/3R3LkEaJ +HTWWX4oGKbHG+cyiDqN7C2rQ09Rw7+iysqXYJqmpGq/DofmZaE/odDR2DRixW6Gg +8+5PkwTkuQOTFJJxUjK8qBCNIl2luh+2Zg+uXNceQYgAkv6sWwBq8kSdERfNz7t4 ++YwQAipTGiv5wpIYfisXsUZi+lSijfo7j0G55M07lZ7Zr0er9QIEsoYrpW1Z8QTl +/gUw7loYsrQYc0G0XfrmAxez/QSv6J09RPlFTUtIIRpJXcCahmQdDjed8vqSYgqd -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 index 7df17ef8c..cf3801891 100644 --- a/tests/data_files/keyfile_2048.aes192 +++ b/tests/data_files/keyfile_2048.aes192 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,0FA7D4B72A5225AAD0A49DC257E29504 +DEK-Info: AES-192-CBC,C3122B70EC372C6C99AFF447A1D84E0D -j8E0QV2YwI9uwTQIW+nl+LP6Fe7uTQsalCqvSLGuEy6uBeyjFMwaW7Sovz0BuHIM -ZvuL/KEGJnWg259cK/dxV5PS9ATz7ak/2rkb/rCKxYbPoFjFb0PIPqPhwuD4KCvl -obeT1NQFMeE+yOQW1Fe0hCXwRtGjw8qQVMrfb5sPuvTLSvD31XuzBx8AhYWZWJ4T -ETnVqTYahGFJfwQclHxIRPDiflmPwK0mZKtNZRDk5EA7wUQ+jnB/vKbdrSYcDS7q -et8n13+KjGucYX9rBHRo44AksP4iy7IwmNLdV00zND3jr8lcg39zjZd+5Vgj6mtA -tPZrZ12TFJQ6R5mVwnNTousWvYEY+fCe3xa7hNMzYQ2royLj2Y4cL/r9yrqhwJTp -yqYBIDH7t5xEvwww27vNiMrpWBrJ81O83bsGJDwn1knOjyO48zyZWSvBbCEPmPQX -B26mVBa3Ihp7uWfySnFFTDBc/bo/PBbr7YcQmRtt70jl/h4w1aOyrY3GHNL5j+VP -RKbZHkFbdTcsGIMil8uoWNA9ysra7xGvd0UdqpEffXVmtTrQ8i18FiqW3RsJoD3q -gw6Mm59LNaQJYe4/K/yaVKSJjOZb+a34sQjWjEOFWfDx2Go6/xZiQYRZAu3BFG5E -rs8F0RWAI27KTyVi1Nyv1FB/FVjhhrZHFJ0Na9Pn+EwaQ3UHbgOnAYzrWrMpviF5 -NTGCCXNLezbUFsHoY+Aa4kDD6O9PCYu8QD4uxAA9lrdYzdSFYGMaODpxkbCOyiws -VHm7BdNpFtXDcNpe1pJqo2MwpubR4UJf0Sdb6Vny9wujhHK7mvG4yuPbgcE3JFgO -hwutCwfiuErcCVmDUz83g0cwb+kCaovHFOxLMcf83dIOHPLQ7RlipBRxNFAr/A0z -cE9gJn2mumxX8AznBq+CjXlDe3okJY+gLFPQRurLS7HLkx9HCC5hC1Rtz+ublt4P -MMd4IONQPNAyycgK3v3U2+tYXuDY+Ys61p5AuHtWXc1drGw5oJICW7XJo4qpuzdF -V1iArLM488o1dYUJsA1ZtzaahmjfBBKOSYWmuxkG1VbI66Gr03gvTEM5itrBYBSO -4LMO7v8q7Ee7PATOdfbSzepEWNK3FwxuPIssKLak2FYHQrHMj2n267gUxUqN0Vql -Htz3yqFC+2v9GYX8M0w880SPbIiya3YBoQiNsvvJiQPX7LOyfPeVHQcBAtNiFEqU -zpnHZmTNp8smBNDjnnDG/kvx0AZma3jKJGInRKAm1Hvq/OxcgY3MRFFFmqFHJymT -2/TaxY+uKTHuemDktqkagjNrSkfl/pUkVBM//kSToQipvPPCSY4IrxCEy3evokgD -l8t//cSxZ+gysNSb5BfUVn0OacdCMNX59N+6EZqlemRP12br7EGZI51TtRI9Yrf5 -wTHgAJYHUzdlZFXY7Le9rlAqP9NvAyHeco13usz61hft2VYbzsSLCpr9TNdrWAp5 -STiqgigEDSdadgVmdGPW7wtwo/sBSJqn4t0E3ft21hBnZTrJMtVOjaOZH1vAjbbg -GMAYWVm+kNQlcWZ/5m4d5JEBqAO44uf2DOJFKB6BSqMq4uLRMd2ad36D8yD20EoU +mO7xSSSHQcDBCmn1BCFOKUgXct81dzRa38bPymInB1HugA/j7uvCqW+2W7sU3vFc +Aa6M3eSP1vEI2CtDKhRta3zPDMUQk5eHk/+2CzUN+KO725Xk+e/6vqVzN9iVjidv +g20cdRX8GYUKXdokvPtqmUSmbBxVpdy453uFT3/lIo7C01jHmVu+vc+yM2Uf6mwx +lS/LQ0Z3odgb3S1j1iby8NETi3bud/Va6h9T+t7BGEL8l/tgIuSBvJtMdmxbjbSK +4phRVV6il7wE68idotsVj/FChvnjuXe5E9oskpjw+sBioesfLrX4C/zAE8QwBULH +DcmrBt7LHsjuNEHYDXglyWfTpifCo2D7mS8IxcYH76xasVxEenDYZIcQlcstFQtT +CAR7gmeGxzJOkmOsgXeqiwxSY+Bz6f1P7D+jzuUuOr211DVMhnN+TELPWX3bHbJb +RwFy0ZfKxKKS5V5s82sQLw4RsB5kE/Re8Zkq1ZVIW7QhECDlA0kT+lf2fYX6JpN1 +FgPsgrSWaL0ZRJkz/aZERxbjJeZthsHIqvo5UBccVkgo9fgl0FJTcu4lGz6FPNMS +BhknarG5RzKHjY9q9FRCNrv/KirahCslEspwF7yBTh3oUPJ+61t9tQyqG54vTzje +wcit20iWvgMo+efX0awDmDgEtATsvG/9BmNQE2KPfXYvtZcvNnlUMIEFEpbcG7Kd +nehGyCZE1OsRpVwlDjtBi4GsgbscIswCqMo6496cnEV7NhzpaHpmFsVGoAek7p69 +UEMidOmO0VxnOgAnVO2ldTMzJvkE93YwweSbKIqE6yQN2CTukZ4eOUS7F7ZYa0Nl +De9MgTUuiCQ+ZFucIuzNUMQlkMrqSmaKdDVtr00OBeJgwXnl/5lSRY5Tv0gHnyLv +UFQPPtMB0aD3xzCI3BrlyFSCB8qj0EiLiHTF+f1cZ9rfVHykoTezA27278bCGeqP +2Vso6ZcXLaLawwzGfl7YQBpf3rcy/Vs3x+3b6pVbJ0QVISHon/Wb0GWh4C7ZV/MF +r2k2KveOcL4yWCxeh9UU7VYPjb0B9D5y3XsGwUeQfnYqgpbMincB7vBXId2kS9nP +N2vAnZaI4V8f+GBHmTr2LU6MRI5WYWKFPpY32ysR/Uwa4MfjPefD8C6djzyyrkk6 +UWylB2/NO4JVpwM1NmV81U0yOS8gEwIo779sB72bkdZWItgkuld8GTRU3/aJez5O ++cK4+EOtMALAf+DmFAsI41CXcjjk6mDWp4tZ1GCst0WvRf9sZs4kDbQNMdTih7aN +p+B8fwGlvErmmPl9jHmnISV2QNlbovmpInKD/cERx1RjZrc2uGLTQMIZBgwhqnzY +xj4hv1O3s0lHw+FEJ/xYI4gAJa95gs4eFPAZr/TQ3U7N0MweFI6LMNDJFQpuh7AB +djCTIoVv8EuHXxp+MhqavzO3LGxlB8fFDhFLPGfUhRioCDxExs12MR3qFKqmiA+e +/KntWeHDWcjmJTfhazq3hldUJVy43J7dACCKJ+QXsvvsgW1YswXWQIW5D594hcrq +9AzXl5Qd8kvf+2q+AoT7yZfvQY2YhLI7n0p8sww6+pGUZQd+aEyBsJK/JiW1LqeB -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 index c4528af54..3cadb3b84 100644 --- a/tests/data_files/keyfile_2048.aes256 +++ b/tests/data_files/keyfile_2048.aes256 @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,511900B2A1B48AA3743724F105949A8C +DEK-Info: AES-256-CBC,5C4224A75B008756921BA509FCC77A53 -1bvPjaxx3owwhwO2763Zv8MDBgVZfK2hF+5pujHKuw3YH/Qntpnml3nqkSV0gLAM -vqxc6u2HRZFp0PhEEgeFP5UWhLS0F+lTByVzHThe+e/ihgvzZUFyto0SqqBz7hui -9BIpTGiGMckW7+AwzE3PgBERus7vTYxlnkvXjyUGsDCgfiqsfyU8I7q1s+3Tk8D7 -dCCHjo78bQ7uQ20htuje3bZqC4/AySd2k9UcyQ8QhdqCIgV6NjrT6iEFdkcwBPoh -9ZcbK6KWxG4zoKOmVtwrMfjEDKKoE1pJw01qE5mOcUJ+iEiLmNrZxQkSytu5A67d -yy34rEXs7MI7woh/TVW+rXlQcWhMlRSmsU3VymT7ghbXJQxc6NBTkvolCpz/tYdQ -0qr0V8khTQXWj71knrVdwe/NSaKX5GHJHs7Fp+V2L20uDgTc64x6JlLB9zpa+PJp -1LslcakIUsC/MXNonm7xZi0m3YoVQzXvMxAVY5PwMYzEm01olpxCakZo6LY5EjUs -bZElTHPey4RckyZmHwAzDLH6wcVFYdjhMWS/cHmJm6/j8jIRnFMpICknRAJgvfRf -zIm+WPZ6dUF2twRbbCuC6s4NxoKWTNRmzSRaxVt9CjLxOvuO41wJZ2aa7j+krlS0 -4SZo6Faay2OATt0eHhPciA2JlGUUyocIbMIxw4Lw8esTz8LU4xQIOUdR7hO/biv2 -Fdceg9iNajXem3pUF1vrkpYEJKaaIzyW4STaquF66XymP9qFwsMA09bv68qpJhA4 -Tg2Oo+3mWXhPv7zOj9dgmRjDMN5A6UBOjIS+bBkqBvEYB3X4h/YFJvHiwZh5YQDS -y0fObDaAl1lAFRDlUQgj1RhdGFzb7EKGi76L1AJ0ifYKgo29UTGZZ6G6OoMH/dNC -UdXmKuv3/zBDaJMY6to34D9qnYZvqzyyFMJjDQ6U+SVmxr0+Mc7yKMRp/pNFKVH1 -1jXg9KgpyE5YSFkNy5jNDMOkKpYE5AxCtw0ZL6YqElWIYESBEp8bwiK8TLiihZIM -cNehQUEeIXtlbp+jdJdF7Fv6NlQqi4LYW+z1ismkRGqRMFpatCWDZgTE3N/WtenZ -fNgG81hdHtGjGu8u4ZaWiGICZeEHLDHHnnJInPv0vubHfq6QpZXCf6wglgWcCAOo -iSC+wPkMxSvYv2NPrXSKObwgTidtFxP6Rif3Tw1K0NbQMXwiwlFlYJzSoScWFXVc -Y0jwHQYetW0d3s8pdRlfiMuH9WcuyBKTPdRp2qJbDvMPhIkyCfxlon1Y6HudM/LH -TgtDvoocD+Hz4eAGjtlSPALEKFAw9jk7PTh5n5Xi8PQOD9BtmVfKrGodCEVvsuWS -2D4fIBJrRn1gx2S/myv9NHdY27RhM+aE0ec+hUyIUbtX8nCtwYiD3aM+1pLqpbBt -uanVuLMGzxibRDHXgw9gaPMZU/9Abl6jKP73kSSybCUsLQaqlmiaXWrt6Kb7Lz9Q -GKECXwTRYRWKm3Pr8aLiP0sNCx0mpYbrNB91QGYzMxIKyqTh9ccMmYbWCgpW9xr1 -0ycuyY2KZO1iZZZvX7aBC0HiXpmoeBVIwCEx5VnQRa+53kmPrvgmAD4UxOZLH/wg +nw3Mep+219ueQNBL7RhkmesgREtMPl3yohuuqHupVs6uPaYWAheiV5rcm+EZiLlO +ddAv1DSTCLjB8Xuo0Y5DjNTr33C+2WGrq3yrCKq0xSMkHMmA84fclskk/YYHkFKe +oRNng+Zv+S87IflFUw4M8GRi2a6A9vUj9699rvXTlNkzj2iOPJqckBX/qRnSwa3F +5lCe0A/PgZ4spbp+FgYnKv3VKFjkNR/eE34K/F+H02CVyzUKZsWnrmMIkoLn9Z9J +Z9EagIWMNgGVWpMEbnnG0vgv361ZTGkAqW8o0WRY/Ptr5MWVdyaLogopGF8HPbMT +CIztgQ+IpOwpTREeIK12UqEi7sPISsFHdeayTFwKZEjKPOXHe3tqze7riGAvNONI +wUe1JNAjSH9wyRSvnOjafUG96KWOeNwHB3EpZeZ3Rf9KPsLklXo4Bdh2rqpsiIrD +WpKjVtzdTh5Nd2ce2RYGjqmwKQLVpf91RHEyyHOBHCMsQ8NzaH1YA13RXQTg5sXQ +PHn57cQv2Z2RgBCEFgNTvYu0F8HHq7b6phb4CBenBOGpGMFD5QzWO0yTLDsZI01h +oVZbBALfhBboe0NauJyR86GRtZYdq66mfrp4En8ugzB4ifm5K0TLSmAox9pxKgKy ++93XfEMZ8Z8VpOprOIQEqMVRE901fVzrRrf2QjoGhdWoopAxofDIo/C5JvhkxSB/ +pfm3G0wqjsEZhA0sDbCuAGVpUQmrgEc0Wlm96fOtb3e7Ya0x0vdIHDvtxvrYrSjp +iTdhYq0DRzMOBnppVqdQWZRSrNJh0rcRMO0VMYLc7FBUdW4siX7M8WpwPM9yNnET +2hOOPv8eZdm9zq2A3rrrd0OU/BRtT7aFAW3ZdE4isKL/4Ky3KKYyOHnM4g+GeA/L +RHWlvnLAIo3JoetFwB1VnH2y6PTBkND27vFn3YUrkYerIk9Bp5uNfhfhieDaXNy6 +hnUnit0Q4VrobXSLvNt6Hm+cAWlYa2d2EQ1pyUl1RMrvj8l2ad3NFVNdBEN680v2 +yvP+OBTkhDe5XvVskpUbXMyhWoY5lOJWMsDdXg48vffJmwM+eSsmEzocFPmjElYt +39NRsBJ4p1AbdpqS6HiV6ErjUh6qKANnsNwZEF98pGTR3XfsoZWlgqlKTZH+5OuL +N+o7218DxiTcFuy8/tx9zsoZHymQFxWLUVeWQNKoZEf12nVusvHlLKSppeHHG6ab +3AxZ2NICNmELYnT0LxeeQL88b+IAMGEkp1gKY5UE7b71/hu4YaIKV9YUPe48fcnn +tY8gioAQOfhX2yywBQrRopgkw/H7ehh+dC8J56gDQg74aY092dgTQbPcvG6RMZnh +n5B9GpJSrr8xwRczfIvm/aLoL/fQAu1EmfW3IAcTZ9sfsMSg7OGNmgSp8OqvZIlI +2qxn1Lgo7Px0bKsw6aBBbrB3J6Mi8NWumj6ToX9wNFr2i3qldKKOQ9pGiqgewqYi +3lH5Cx7BDwLQOyTo+JMfi9pcUCfXDd8N6t6eD1sAU4FFo/9hVtX36MNKn/nC0Vzc +GxufVFCtKOFvqwkegRDh0izD4VrXiE4+URxis+ux56x0G9l/3c4ACYxB9Wrwi3Vv -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des index 048fe7973..98b376624 100644 --- a/tests/data_files/keyfile_2048.des +++ b/tests/data_files/keyfile_2048.des @@ -1,30 +1,30 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,4796A5CA4097FA2D +DEK-Info: DES-CBC,21F054678F8CF188 -Od7a7T2LoN2Hf00FTfCe+ZMu28YxdKLYKE5WF8YFC9FxwcO3mYPo7ROHZNG3sxvC -Er0NpOKSOg4Ni4QQKLCfiTljV07dK6Cy/fi20a74x73Vs/AC241uNlDBr6/R2Aht -nQqQxi15mjvofHPFtfG2wxhAMVd1j+hYKjrV67+X7x2GHxthRZu0vy0wC4HJSZWT -1SigoP6Lh6lbuaGdE2qvgqycD8NYLPEvYEyVr9FnnXg2W8wtSA2x8XqpHc1szwjO -XCSS2NFkkwMU7sVEzhz8wufbiG7aTFgQ4BNY6CN2u4sbfpWVH06vITPjVXeSdqbh -qD6jXSJbUyk7uBcRV8XUxuiOzzLQX7ijn9Hid2pX+TQhkKNYUZv1L8MrffYln2+L -txRYlOn0zl9T84amHwbwvRDjbrO0Kby3kbquGsL6EpHcq5HSSrPzqGjJeYOF5Ym5 -/xO52cz1YGU340eEJ1K1liW17pym6hy8hiD3xO/H0d2CLktp1aPKMX/HBkn4i7dG -8JmPySxMCBn3/vTps+4+tL8M63cNOOF0eb5RwhgX3hRk/bne1zvLLsZokGR4Z0Kj -Ru14fX2OZSpzzSthrcFWVygo3jlDzNzQfmf7s8s9XXH3lKQp1yNIYORqIyyNWGab -CRWoBNCpMcQqD3vCoi+NxbbA/tBc/TQTi5S3a1KNALqg+O+GoSM10qXFSyI55Nlx -EOmsNpS2T18E5eFjiQwuj5j6/qzMUDqFrt8P+QKAFDedJK0VCohIbALF7tiN0QR0 -EUfx2D5emuO+oMF1pa0XXy1EiG137dscOYxkcLemAkb49kv7dH4rAmU/pBW8GpwN -q3EVxN/0kCrS9UGU2w0FJxQy8nmkM2spnkUI0vMbDH1YWFi3hZE3oNs9VdIImXYo -IZ4nvkFJ3DRZxtV69CJGPwvypKG7v/BoHJNsupGBnsDhIN7gePKz7LOV+ucCg+yL -ZC+s6iN8CdvEBzmZvE0IdcGZEPKvTlbm94+uOVm7Vs5akbdbcHjUi7eeiOyYgC22 -0ACV2bKFcKbD6aDV+963luMfJxyLi/G8qUmjD4PRHxwg2C10NHmgD0fqA8V9urqZ -OY7KY5UZ+PQKN5YyJUKWEFLT+uMoH/q7ChwwSZbxUhaN+QTskr4eVIP8n9XWGyNo -VHlLx3tBjrFnkLwnlaTtXxcGGBQt7x+et8Imlgut9f7/w/2GKYSVtxuvLWNjfkWl -0+QIntSyRDHI3eVss+KXSYLyp4UafktHdSi0mIx+Ia3dpPt1ZPLo1IB7xebGCBx+ -9pPVhzfAIVx4B8KME8hcsR+WDUB46KoBpzMQCrmDfU1jdr1YmEXUZFk6m5aiGXsA -hm+VFGxx8m/eZUexvOo7JJ0A4zpQahUuaCpqmYQ9eulUCG59T6t/4mZoHrRfrVvs -qDfHQOgCqHwACgPn4qcn8uLym3L5TqY0o7yjhRHsCPUg8nN3Kox7Wv6xEDfLLFuM -vvNsqWvqyrPPUPV8FQKFZd4DquElvJg/YL0elZ4WvrxKs7qv7+iEGUNQQe+nRxJW -O9hCWxvg0Sbq5+i4P8qmBS64auGeTqM2NouuXBBv82dPZgx9ZFzBDw== +dEvko+lzz29yp8Y2vCjX4YJjBk4c+2XGn8M5DZeMnL7/X/3EdRtMwoJnHcJMoxbN +Jy3Of6J1bYM61UQ1Bwr3vjFvOMrnHcPWHi7W0Imje8oS0aKV8UlJermDWEKULjPi +j7k2N1XnAzPmdrt1TjRwi2+T2KtFK9qAJ1Sjcjva+HecKMeVHXPO7upK04GyN2aH +30dmzhG9P+/kek2vaZ/8PrV5A4fBoN86vt3zRtxk5cV4XbLkjL21gSicSl+OMcqG +lI+6acn3jeal+y/zl1skowmIHjV8JQvRkDXFlyDncnvy7iJa2CHk2VPfRRAJACXN +3r6ZfDvIjI7eTl3blPUZ90GhopvVyPr5SuT/I4sXR349tn/PmuSPM5Erw/8zdQDW +GSVI7S0FP9WNZq76ioyQyc+ZarKatOiuq+F9LyBU6Yjv35f9+efZ+e9tDqtyaHkU +cWMbVC+oAnSrohQR8XxLWiL8Hu77E9y/0tDP2GTmrKYVTnIe7/mSN8C4gi58lhFy +vMLda2yi8VncSb7oPUl3MAKNq8w1y105JqHD+nWLQxc70kMwaW8/UQPgawpUbLCs +7cr9LhQmqmjiHxioMtg3wgzfSP+iewQhtigWxfVQyXwnPVpzyqAroHmIA9aM36Mu +TodpMeM8B6hiv0g88qKBjwRhCo/XSEyowZbMx4R5GWvHXJ6bIeh39xV/FXB+tj24 +5HsK82ZKC1gfdmy73/PFjdX3jpeAZ80BqZEaE7q1RD9HJPmArdBY3qF1wYA8leBF +IDgx8LqlxzQld/ZEFzTLZBK3fdlnKx3p9b2QmyBxz3ULsPHChQyvP1Jc9jULRQbF +GUMPOCgtIfbtcH/DwsXh8Y252/tn5SI6u5pDkPtr+KIeJAv/AUzI7mqeIAw3pDpJ +KehaOsXkrt202nQ5jt8zwSJxL6ZMxJFSPIjRqsBIXvsiMd0a7vsBkmYnDyKB2bGJ +LQ7ik9z6OdemGygYUTTjh0GuRf66VWtvOt6cSJPobRMLFSttW7qJBrcVRRWyT/ZT +PyrIsoGvgahbSLE9EPlqDbFHoAWGK+gmXjypBBcJNkCU4EzUNYylCFPqAcz3+klq +Kaq4OK02qAoYk8dHwAHgljO2UlJBDibwT+Kxg9jiAhBIMBoJLGubLjUEpAeevi0p +Ct632gh0lpxhIp/pBKTBYDaZQiNB2zW8gvK7CS5WJiP0J2OustmQvBLjW+vVmeqj +9125snRxKCCkx3xZyv4IOVF0l5Go7NCGi6P3hD5EsYQyBB3sQJtOIue0tr1vBL9/ ++eiZ2T1NTfSFUmHGsvEq9ikqL+tequRkX770l36+58w4080x+VM/8BNcFgZ5FP1m +/tUo8Bq+bCu2Of/JBllHNXrHXVsUJs/vSvAcibuAzHTTHoC1AainO/M9OKy5GxLB +KaTjliduSDvhUgW8g1lI1ipN3r+ddA1LuhsBIUBPuD1TvzXTgh9FhxbFNlRPQB2b +Sw1OU1lXtu6ExKH+Qwk0/rYXQ3Qv0118MoB9X/uGAzEcaZAIrwdh8XGeTMIKk+Y6 +e5VgSSbtOFiaVe/PcbX4ADucy1Ai1iEMP97YgmiG2z3zW6gPTeuO55TllV9jN+1V -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 index 4999077ae..d9d3cf497 100644 --- a/tests/data_files/keyfile_4096 +++ b/tests/data_files/keyfile_4096 @@ -1,51 +1,51 @@ -----BEGIN RSA PRIVATE KEY----- -MIIJKgIBAAKCAgEAkfkL9r8wEbm5rrsc9TwDi0lUaf6MPgYt+31JveSBl3EAX2HB -DlQLXSYHtFpj1p8Qi6peXf4U20+o6+MefB35J9eN75cpl4F0UY1zoXT3juF3T4f7 -/lGiHLevqxvEt2acK9/9YQYBV5iydDiPWUpOCTgMSsU1j9YklcSC7U+oVgTWXVla -80P53fw9yPHknM6uVXzgeI2A3/FaF4WF5n2eEZTLMRfxT2C73ySgZN5kWgaMjJvP -x/q5QJ+cLH9m/Z/xm8fDSWHrB125iAnLYOFNLkYIpLg/Tc62gZLzFyQQj96lIkqj -p+hoLrf0oRTKwkicOiIug0OP+CLrX4AxxZ1eHF9DMFgMMS3ymQvLl732DMyyJfyV -tXgeb8AKBuPAg9GNbDfZktJ9Azna5FjOeqngu/5Svfemd2gSLVLwiDGjm19euhG9 -01k85Haos2NjfvQZv8R6H6df6lGkch4tFMbeSaP0OEIukJU3agGRq4r9CrdbtoKh -7s+cewsbQf7xIkRGdovV389MotB3CO8wzamrJ1DRcmuFIhe64r0DhUZ8IUv8UAHc -ZmZ/uZ+EZeQOdz04LmcBV1WUqllU0jLTmKUk3X4dJ9E1/VDFbGmvstshdVOtDAHD -xI7hRLYtDYPYqpvIEuRQHTvDqtKzeVP5wU6Fqrsq8nvP0m8Vs72mmWA7JgECAwEA -AQKCAgEAgrsvEc9sd5OETo7ZgnA7JFWKOlt0sl/Kcr9keaLaxQy5LrNXuUNf4g6b -O9TwMVjH8q2kUj2p5DhVqtz/gl09tYcBYSBaaYvQ5vDuLB2bUOVwe1PoRX5K17lS -pMX7yd0l5M14GZrNPOxOdnPpPiij9vGxYI16SNWacl9Kesqqkk9GxNev8spgT4UG -uJ6bBiy8SWfLiWwBjY6UBxjYMPMzy78cs10kCtkxqMketPfPnCjdW1h4IDvWCaBo -uBlp3Z+PPNsNdP0zBqfT75gGA0AEZXrnZs50M3T8UtOOzpzIEHFwJ2P9afVkyOKL -PnBmntV0xUOzsG+j0rFDZ4ZiDP/BNfd3d3G3wDSYuUcg2XZe5VvdGOFkUAa4zk/z -6DI9nB6aEfq06GA9emaroTxNEED36dhnr82rV5bqS3RaI0sdPDOG7UGsxGItsdft -7L7/rzfMgI5wOyhNdOgeF4rdGtzADaRXMC1JblON1n/G9tbRJIVeELWPwSb62aQJ -rVYNafJjUWejpWMVd8NSBeC2s/cmhhNnF3ZUjHRh4fRx4jfTcPuuYi8ccwULDp9m -lbryYyclm1eUHmi8Lh1A2j0yZf1OTAaEQPQ62HBdlOnM+mgSPYI0w3oW68BOp5qQ -AuHmOfeCFql+exzruexKhzFxFmYadORkedVmh7KhE4EO4Ls6A/kCggEBAPXMNYgG -EfsWdp/IlnUg9Jf73VzPcG3feOg917sbzqKfgTY/VRtyhiJh4NLebXTZE1v0j3sr -rGQXtRXkvvgKtkDZmMB24aINf78RlxKUFFAHHQzpH1eNdxscOaYwc49R1SNZvyyh -+vzJHT6l5Y++gnsKzfdyFSZjF6pWSuupYMqHp+jXnrIvT6Ew0md0SM8I1Lt4vWG6 -PpJzhVWJ+EZSkzs1oApL7mAq5nIaxRc9VGRzFMi3p9VKJWcgLIyCTQcRd8uTsiYh -X4Qp2s4z8l5WSxLoHxzMMrSBc+j6yIC/rBcbdsfXQuaDG4RSB5UdbHd1suE1rDvG -3iRKyztVGpug7RMCggEBAJgIHwjwCPhthBipMm84v+o9clGk7GPofsp1d1V9gQs0 -/f5IqCsERCVcI+4il2inM+Gl6WAFAbwv2GrwzEgIJ15gstgaWdTnnmfGIDGG5A++ -nLPhvHyNUDek8pU5ZZX0uM2pHfNkCmLcZS3p2gCMTW4j9RSgtT9FpntVpGyRWn1/ -4Px0Lc5bke+c/HuXVnJ8TS8dOEgMzn5eVx8/UgqvGo5/bZXsNdOWjkVRUgFfrn+m -er7+VaO/lMFKWAoA7FyAjb37B4blxRVTAySCDtE7QFsNE4+HvSiMxoL2qpOpm696 -kp9Hw8TIkYEc5BA2S2e09pvnaYk61mbBfsz2DzcS5xsCggEBAOfCbs8c+iNIIP20 -ArnaIwaTQzvZlGblCXnhpeIU7BdGUm019id1KqiMpZHujEJa0/gmdotquJeACwzj -rHTwlLw879y5uzIzjDo6ebnYyfZTXr7nqNfC2YVEbc8XbD68qD02yB1rdd6YOuzx -O6z3sswVefNRLEQPtyazSt09zbfphRb1B/t2xJx2Dk3hxS0BZKSHyfm1xH4OUrA+ -8UxNW+m+PHK4+cDPco4wU5oAB+zW3cgL80IXMYE1QwwRaFO70rqvPpDZctiJJni7 -XlI5B3yCRaO/nie4z/PjUt6i277F9I+llr0G7hErz154aeeRoOLc2tNaRebuZwZA -zl/jsuUCggEAQ4r4HsRld9lP4pTo7zjLKon6DAO1cf2Mtu3RAo4rkosMfLhS3imb -DO4OmHGNytTd29YWBK60wqKPB5PLbgURWICldBTg7BGq8ne3Pcmr8MLCY7haQQuX -I+GIVHuXgjOjFtuXjtZXNuyrluZaD/xFOjWHYI61d1K+T/UQg5tgFHmHvyDuaMuN -3mJkWZQ2t845jEDzDC+EXegT1LIRBOYeakh6qyyyDTrKIkmqoSmdIOEZj1j3OzSW -Jfmde3RFjiMe1dR815WlJYAn2UReyN4GDW2VzyKDC0zftLdZuRiVLjTKhzEe7IIf -ArmPKRS2E3D2TvVUkb8uGaDFcNGwmMsxGQKCAQEAvALBprORw97j7qcPnMIO5/sD -jx+oglAWI4EkeOzvB7r5TiJrirPkjoBOk9W97WNUQ3vOYSuKJ1wJhMM8n3gVwdjP -LXcfeP2p+TSeARCQ3r54+OqSuwElOsyhT1GzZ+GvyRD9kOOBpU3zVCfsyGz8X2Tf -U5W70nCUrFgaZa6uwmUsOrnxmusN429PUHwsj8QbfrobaZI7n/bH+J6zG9wc54OQ -s2XMK1XOXkS1WYEf6PHsXux8ogYhBT/W52JQ05Wl7AJz/Kc5U1/NBGiQfN6PbA5s -9wYPwUpKPn/iisfFAyxPUZGdpXQVI0wdFN/834Nf4te6INzSsCRMqYX+QGuSTw== +MIIJKQIBAAKCAgEAt3PBJGlHt6w57Vr0TIEI0G27iIJLe1tl1ATc4+K43/RlH3fE +a4OE2TxPBKQ6Mcy5b4MkB+EnI5V3JqrkoJR+B709+utMzv+vLVZHR5CZR9eGsgp9 +jC39qX1GcoWhVF9TjNzrsvFNmdVuwGfnxanvVbUunyR/CyF41DzHpUAPirH9a4Z7 +dH5lAWrBpPxsvCVTObdsTgEiQBsOKPFXE5i0x67zYCkAuO0OAW9dD0b0B3tjJVhk +5iHV0eNBFcvx+6El2RK5zM4UcL9LD6epmV+nwBVfxMSrniuu0cjvi075thDRR2GY +vYMmM8PXCvVVrsejvzUNEu1ANXjwn+uYrdqag+4vmdoDDHGfR2objA9Lr0XQuyul +JqzPT0zZYbY6Vb2TWWhc0jvdwXU767nTw/4z9jHSPkyF20x2tOv3tpEcMTxFn8G7 +ZjPAWMqf/OmJm3j3vVAkmjKzsC3wdJkEWz31HwAdfX/QCrMs2mP+ISRxfCZi9RiP +btc27/nm9FhQrns5wyfUlK4ZzqOEuHCgoAd1eyBR1ejPg8ppm0aUBRcqw5xVUWN5 +pRSlbZdOMugYi7lp9tOaUEvv8O2lSXtGbSQaquZ3cFz1B3pgoebqxkV9gnJnI6La +eCYWB6C0RkosfEFqBTIb+IWosrN8/a83iHacVSEosmq9TGDXUHiUJVhldDECAwEA +AQKCAgEAsy2B9ZhGjeTPZz6w4ZAeFcU3p2rrYn6whFaDkKi+vS6tHgESfZglRzAa +VYQ5uq4kaAAETxXf7mdryv6a8yRVvCVfxhXQHVWpuXRNhl5696pQStDoMuQwnzxW +dECEhC3fIvQb2djJXHkUBST3QR5rPqEJ+jHhS/PTWihLLuHUzDhwNndRWUSiTrIA +lK5fXZxvHy5BwCZnV4mVWPPvgpph566+0qr5o6UVSt2EXQmGC1C+U5l0Yzmk5604 +wptBq+2HU+9wPdMCL+UG4TF2+vBsnbXCpiMZJBGyXAAPx1bJmsPuQ/PVBTR1OZYM +EQ3yNBWVn4mnTVcgoZmQHAI2S4f55T2ckwYTMqQGwGiRIVK/x5Z/cXDEmevmpqLb +8U9atXX+WSmu2B08T+DPPT8SvYAkAdHPXltVrGIyZs8a+R8L6YoRboVjKys8AItA +wvOzzf1qJJ3irXwBVEiSwqDhwmHFKbX42njfsBS1tpCARgNBrwZdhWj+z+g61sli +kikLrenGCc0AURtO+2SIuxUVhmJiazsBYuZfC49eQ77ATLwc0YliPbni16NnwRn9 +eBFo+FG4wc6eAIpIipO/nSIUNUTd6kHZKsL+eHLx2lKD8J02GbifcGkaY3IVNfPJ +2WGmlHy6vh/o9KM1o6jyrwSNRNgOQTi2j5/TeOKmxZE24OIZ9AECggEBAOd5c5xw +NV7vO/3Qmr8T8dagPiyIqjCt15420OsFo+Fd6laU/i3jDVG5fGp+b0I67IBlNIji +FpycORAajQZkUAgd9bRCm37SZ9yi0f9k94MK6sCLzAoDaQ5gHPSPRoUc7YGM+AFC +Ls+vyXcrQLb2Hxwt9H+TIo/cw67rSZThy1zIsLf7Aganq0pTG7+yMhcq/quUoJkv +ssBiftip4butkCk8aHhWRNkicKx+h8D5fRjpmDC3JEFTlleHKhUCTZ29Y5CdGR8e +c52w3GyJbiuWTv0Tc3Kp3OvHu6Mui+iZHpEUwmbm+kBewBwCSm148ViW3P4LZZjt +CYC4gyvXu9ftORECggEBAMrjvV3Gkrwah74IqE0eKJvFM4b0MZ1UzSSM30/z+T8I +t1qiF07KnmTET/IPWP58AGY1fHSanGG5/ScRrFRQjKxK0w0KiOpZMn+VwD/aziQk +LoW+yTBhUCFZ9DxBjlIoivjMlx3fYun35dfMtzAf66xjNDo7QKT1aKBngADtnZR4 +sEObu+3bxldD/qcO+HIC8FoqLwBAvmJqJ7YmsNJWFqc99q8Qt3taJPGp8jv0M283 +gs0W7WTjaUuBKus9bkjE7hH8XXKsSlkO1ufl6TGj+9kdW0mPB4dpQq8MJHJTP1gk +VEKsCVUPsHKcl0/u4ZSRAqfYubaIjLIIa6rEe4LXiSECggEAK5okHe7BDu3vlgMK +cz3Vi0FKFOd1b4//kqzus6avVQ90yfRs4MXpR2CyP/krCgXBcPofaD12Vu/Si+cE +c5THwo+qLddyJPSLXfNJrVseiI+w4q4ytBwqWOvf6G1oskBduM6OFOabnMGXKJx8 +Jzq7Z3p8mN9lXkYOkk99386cmRCwwSdGHWzOBkUbcAOoDdcqe7WWfuSOPlEPZc6y +V8D869eWMjzF4UTshoGbHs2gM+YkpeCJssiFBF3Qnn59kl4PeDkvdz4sNyMOkl9c +4lcA8AkO8SVwGPXZsYZeEmVtbZTEfc+6ig+PDneb/30NsUtRu4T4EVNtO9MF2mdb +2fO0kQKCAQBd09xrVb3eR9amx5Itt9jH0Pb3Xk7jl6gXUx6i9w05XWqN+5AT3BhM +OY1PQFHDvszgd7PKqQXRHBY6zy2HAIlN1Hyt90VCO2XjIvn5jdLvW9w39fdM7HQG +OHd+tkJ/NEiwrszj/77avM4Kcp31H4359xbcJzLKFsQACl1kEH9jfjzlx0utwImF +KejGkWHMOBe3WvLJhyeEk9sxncsAOtfXGAzRAUYZQaL8L7/agiCXOnC/L+8xTQoQ +5PdYOtyZwpjmsHL26T6o2PgB3o1ta4y4556j8gVlVgSEt3TTejQ9Ku/ctXrLX6oW +FtzTFoI0FqvHu66G/7cxTjuciakk5VCBAoIBAQDe9ZvhmCpCaRmFOULVGqb711Qj +cyM/ns+5qaNx4WuOJW6tspCeKy3ngUFHWnkfutKQTnD1TmYe/HISkiIa4w10ejSG +AjX4JQsWQbYJcUaUrFgUm5oCPM9pmWQwJnjmt1lHEggx+DqyD6kgPrUlSzmJHUTS +8KSaMCBXdkcHZDmy1N1QNIUGzmTv8QaJzb2+wFhf0A8vuDnqG/2/MlBUJwJE0fGe +v/1EABZzkJgjnNmtIDi8GuEbbVFms0iyIaWc1bUwiKbSs3KIWu3BYYeBu+5a8wfA +A4LkwhigbAn2hAwHwKjngT18EMf+A6EpElXI4lpQaauYTlerNfR+nDw9SgJP -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des index d608730f8..6097b42a7 100644 --- a/tests/data_files/keyfile_4096.3des +++ b/tests/data_files/keyfile_4096.3des @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,C49557C4D4A4968E +DEK-Info: DES-EDE3-CBC,2204E2DEE853E8F8 -qlXFWXp6OLjn/F8uMYgmMhV5UpDsFidTPbRpXs2Jlj289804AWCqfPr8AKCNVjoU -KuzdyuHnIUh7/Z0HfwnSncod9FD/vOUrg0j1mX3nQrM1IppNRClU8DnBIMi35ZQY -ObT5dyuTIxfxmAFMMrPMpoJs0Jfq1Wuqer4Z3OdU5sL9wTxvGl7aMVlrjN7NJiaH -j2LD3/z73dl3Whcrib6Z0ZI+GwFZHhgNHsx2c7DdlNPXAlW2fdLiwUHd4Li5sbAE -B6lV2qmvgO634KmpXka7AWAMMLEHGNArN1SIi+Ll9pcec+tJclysnFvgSAnjtt2n -eaqBWXneaJrKH3MM7fpeYKM6lCxsZaxWBxOCSM9XvFgi9QO587FrjZcak3JkxVpo -nISJlgYTMEmUpbmqfG3xHQa9uLd2HVIHw8FZkH25p3Uu86Tf5uuMSn91kU9+uvl3 -xq3JOAG+KqRl4AI1BhCuJeWv0cgRw7eNMj2He3qZ0+rFnqSpvgKB9gVVsSjAMl5c -g0WDcmiaTlF9e9or5HJCSOoGc5kkTHD412CNDHolYXGSiUOeWXvt1VFJJ4aJ0Lmo -WWgCcWllUuSabs8RCzEuuBAVEitJjUcUcG6FizXo+T92Mrw98PLFhut/UbOOYIIY -AbTL0ponOUMHCdkgPTOTXyEbL/Um6dAzCixf/WL2bJ4RcVML7yk7dVuwdgdnru9j -zxOoatuFkjvbGOG+7I8y+Qqv5qUAR235VwDiXVMyNJhFIk21Z5Qyo563R1t0kEI7 -SkuSNM+3mlx6TAgX6R0L0LwH+mS0PwFPeh3TA4hOtkEExexhsH8ks7lkJ7V1JEgQ -js+2r/ePzXpdNwrhUotUbbWz1khj9gGQ+9OV3vByJ2UFTgEgTqAwGwSrGJfQerdS -uAlbsEDSMCiP7zb3cGdXQLY7ztBJTksWPj9OJEy+LY2qD9Kc8/4ftrUZnumChvfw -9HClkFAN7CpkWUl/31KPGFayjU2wuhXI3Duo23+GOMLnaJ/uH3lc0bEWVQpJEc8g -NwpIZEHWSBARsOzmuP0xZs2URvHUpFxkQaoLBk3k2q3pqEBj3q0ApqAE0rb7jIFI -1n0FCLmPBMQob4BWgbhr5ow41dbtZaxjtkbIOp0129Xmwf+i1V2huwJM6AUPDWiM -eMPya1/uAX9x9d4mRSe44GBulSTYwf7eDZCB9dgABI2F4HbjePD/qFYQEoshAhpe -YXuL5EDwIgRzkS36tTcUuRzewcoSz8D/SUrsjfxzK+JEExqBSJm6rmS32hW8XmQb -Li9bT648+FAIu0wId9veTPkwVgIFUz7QKjUOd1WHIbU6OkWpuKE6woQ7BoQy6tRa -pdOAIhBfmEGL/qV6agqNcqgF6qxf+2R8sp/58EFjXgeY1nY7ZINGLqfWP158ZswX -P7JfkJ7kg3UNBG/mbM07hFALKTaGHjjQtY1xRz9FWA2fPzxbfv5hIwb/EQ2CchwV -zEVhpl3khkepiE4tGY4FEYmhOoh+5wJ03Ay4vkVRo7OnJaHMFOjQVo7Jwi8jtu89 -lKf5kSnvdbhhDVo0Gb5rbyAOQprCFdhj4Ko8MzBH+NCtPRXv8Jk2N5Zc32Q3+7Io -0lUH8SunlYu2ykOmTo/IRCqVDiv4gvCeUNrjthsr0yVgfkYZw9ud+BTaX96O2uXC -cjnSws5XrgeetKS5VV8Ogo/X4dTeSlau9UlN28R+hKmTU78Ncrs+lAQo2hSYQKMF -AL2MS1f4y32SVXeZrLgU2Meg9vF27eIQRaD7UR27GU+pwCL5IoOyNeUYz4Ci9UUA -YmNR/kuVQWk5E0qBVELTX/fOCCBoFbtak2ufWTu95WXPendiYQ7R3pmX0ZiVf7CU -0+QkwBqIT1kFDKsidTqfFYTkM8vX0GrI1AGv+xqzMualIAI5Kx+NNJuwzoZu0cZp -Vgk59ve6idtMJSql5IvdI6zFKmSZ8lSbLnoQnUv2Uc0s3vZrj5C0UO7hRVMT1FHa -avZEKzGWDfRAvbMPnsT0iuACJF9thU5rm2uzdr2ln/9U6BmrJgJeqD0txP+ikToy -MeIK6ZnV+fUejCy/qWqrNSji1mnLcU0vSV4HzlHAa/gYyAAHOOlV1fosgewmpm8p -I7SxZ5C7s5mBmLc7Ueam0i72nCGRsxK9+w0VHj9JcfH8oFKnjb9dyAOcLnXvYE5q -zURrLXmAfPaZbIx2z6d97gtkupOICzr45cLVCgAiU2rkQQr0TicIzG3GSpX4J6pG -8vMfBTH5AJ2M6B4Ni/QXc8U28NcTCMjbDKQ9lDO2MCCSMzdbU9PW07Rtym1ph+Tl -o1EV/67kxtrOUV1YTnt7WWty8NFUEMDi/TdTBERQyz0YhRHdDzo8dk/s7b+eIvJc -qdft8UM+ElZ02Pe2Fb/0sEJGO4yL8PQEhCwar7b/QIlM6PDXVgd6tLh13WajoGUU -C5OGC7WIYgzL09pOW9vPqV/LCBQUEQ/StRNrXS9TGuXHFmkmS/VeWOY3FdugI4mY -B4/Ws+3b9xZ7eXa7h/B/2AazjKqjZ2U84yRnbmyK56bMDSB03Y4HtpDApx4bLCad -UE5nObIUx8pUc55A71HYfmPqmK1bRsThsEZkjKsAEGaiflhkFLu8nVlphvFkGE3P -GerttzRweOHdEtnxkVdr2GHqzedj9X/gwzKWBPl5Ngm1lFR+q7mS9u90bAbfFpTk -oiQc00QnmAmMFanMs4ncb/6DQZ57LLprPaH+rstIIKW7BbhlmjoyWHrgn7kVn93L -ip67aX3xgE5HBxVmfUvAd6CxAoSGQBmurYk5lVe71ePLB2a+Op8LhJ8S03u9nZG6 -6w99tFdMgpBUgSsFsbxAZZ/ltn7LxvLLcP4yQFoIQhlK/NRY+RQHEgVbvBDVmRCA -WcRfGz+AGMqGpeIAah8X2qBpNcHVpGQ3pS6GNmbT3GdJrdWvnXpmniOCz2wdv5S0 -M9MMlNdCK/UyoM+nF6fJngMINQNECVtOyevBo7ukADf+oisMj/V+Xl0egU0rsAzG -F5JZbKlYEpwbJAdTesRKiD7GDVK/h/2nEtr0RrzgXdhE7I9ZLWbfo8AZrD97wIN3 -bcCjpsxhqy/RqMpft1ZXMtqhCD3RBYzLdd6E4c+BlgR8XiN8puKGj9MnmWjujl8j +pzJieIpy4v5DtIf+CVzXVtlCPjgbxIoq3Ci2qhreHyAK0H9MP6x6Vzt5vVYwolSS +5ZxkaIyY0NlCbO/ZBW16MEjYtNrLhOL+ih/BLSAnfNmW5g7UEJ35ZA8VNY6ElT/E +iadQPNj6NvAgtLfFC9elacidA/6nfTNmALxhWINolLc1kQa3CBsTRnpCbYyaHluz +/xo7Dgjaoj61YU4UyiOYtxHtYkQOXhdiKpXdLHHltxKxJ0fYmbBJ8OKGv596MIQq +8hKpYrcj8binwafQSYjj6KNEFL/PlkDii3G/wuLrFwgkDlNUNkUxSe96e6JUVBNn +uEgC9gg6BEAa42psaEFaq29Z1R0qkMNfnx16T/425zxdtcBebhdj8pIaQjxMlVhM +Qe9P/fypX3B9rS6dkRloK9AqGuRBeZBZJUUA6qgGagoBXsqGQc4FhFqrKdqBeB4p +IQJbWa++aH/bdP4HNrcLoA1lB2WvjtvPmdTdto8fICulbTDBDgsU96MUyquIkT4T +6p0yeXEVc4oKYYmHb+1/FncwawYz2KjloM1bX0f/PKtsrpk9kLDSj+cVxyRvi7+R +39NoFuEa7NPB8VKJCgurVL6lQKIiitBos2loUn0/NMBaSMJc0XrVvFG05hxGL23c +1tFhRr1lktE+TycAL59GKGJBh4Kuwjnu/eA9hkyJxDfJt5l85yIXmaqdjNtmyZ2w +2b0Lq0f3yX6NGc8zGhgIy8ZrknnRnPDtHSck14Uy0TJoooFbWFJ/PLpBrJxHx9yi +ApWbpC2vdtIVlPaYdlEAimuzQhEvwjSIqwiVc087PbCaCBEWbUizcdde3PGAw6U6 +I/m1FGHD4DqImDXSGB9iix1cjbf+4lsSHJNuB5iejSqu7FDkC5V2YZzZaHDFKLgW +hwpV4JKxZgnA09dIRQw5oNNI/LjcViA/R24rChIp3papG5CO8vD190CMTbDSDJPQ +NRwBQz5LCpIQaUU4I67sdyqhFQ0lvl0asTmBZzUOAjWyMEpOocQEy/W0vAUu+OEa +amImjcP4H9UBYfrXkLEuuUYofr3RwZMX9KIEQNF+0VvAfeJt3IDOV17zjm0kN1Ql +bjN4/iJAms1ljrjBev751DluzttX9t4Bsf7VKsmlGp5yM8YpzjFndh6/pjbks8iF +W2pGpdStiXJ27xq1aa4YrBk6zH0UDRL3yq9k7CUAwwT//qlKcgU/U1OU82gLkl+g +Jxy/93KgpM1H7g1FD7WM01LswEwPMWtMMA3IogL5L0mya8wEth15DxWKAkOgub4A +8YG6WnroG9aEovgHl5b/6laTryhbe4vMw8onGscsLK+9FbSPDiVAJfQisGnJYZie +PEOJw8iISTVXPCqbjHwIi7I1Kp6Yih4PLfUxmc4+Eq9FoB1pzxG3xEfcXinsJIuF +d3vH9uwUTv5mKO4IJxjc3Tg6nTMjrDfJHrRYeA40r+30abeWc6X3KhEQsk9nuj9N +PJmTY7dRkzxRsmpA9inJkunwhHF5FQdj2IqiQJNbapqE62MGlVofSKO8P2uF7UNh +8+C0k4ZSHTnS9+b55RDRvfduWosJbililNh6B12yqEfDMXayn812h0JNWv7lglVu ++EiCrCqnAWYhbqLPtIXHv2lowx+gulxyIrPlK4D6LCYy9iL3Qqh2bERfccPS5EaK +eU+Sj0KN2KeXv3X0DTKI1iieWOjk8dv5G+wml5cUNDHeBdKbsGuWWaG9F4l9Em7c +V8cLN84RcsyRKJCRL1kOpejD/eTWzuT3CmoWqFsqxsJGu2wXmrrXfBuTLIsC7liM +jtnF+BZZSebX4ST05USOHbKojx+yXhIOnO9oabm+ylnbOUrXXe3ufIA1P+z8GMJP +KSrRIeaRMfkiotW72wa+ofmRl98vSwzHdeP950ACf26OVe3Z7PWYI9nSmGR4lqrf +vxMAbLBvLbpq0CXQgDhpw1YX4UvvVLGndlcxVey6btFuy5Lmwoci+cgpkGBoDsau +oemfgVOMNoFSjoFO96kaKbrMLHmniEWdXX1FlHw2PTjv4YeniblvywFz3KqtxKzW +xOnWF7BwBTTm299ojTotOOl/iGMeMFXyGAc/lm7SLtpdHxYlr/3906Jee4ubhch4 +EEsNxqsvo4vBOl1tmspazPHVeECeL1Io664PTdTACQnENd67dHa0ytLS8SdW8w+r +7UrjK41PRhAhEBJUVnTKOE7QA9CPVMT74Qx51AQbW1uqlxuoFyO3w1Ra+B51eVjj +zjzN4x9M9m1TQzmpGBf5j8inIctdSAmhCpEB7qxyJVmHOoIUn48u3i47uWmQVwmB +W58f9J1TYAmUTvaSC+Mcmvbpo0ELhCRKVMQjuFT45ukrG3jeohiecPU9ga1VcWPc +uQdaijy+oNHDfJstQloWn8TU2Uaf2LvdSc2tuex/qdEt7eBXDpSzEl2gRlfrBFcz +/8jQqhsdmp0aFv5GkOtO0M7C6GAA9IMwYUDJBthITvUQa3feKKZNMWp61LUdbS+j +CwExwV8nX6YonV6QSq6nPL4+cmu70PthGuqgWSihuSYYbVi9UQWBiWET4PpFFpcc +5AVuyZrFhCYggeRGmukNTDhYUdThC9Ar35e5vFHWvZBbY+6Y9onhTiszAW9uESIf +ZBtmpRyZmbUYeuQgX2PwtD+ELBXMikyVt2mzuLKjeVocqaHsaZHiCuj24OsgdWji +IDr7DNNiLn06KFduCeQY+qWqyaj+Zo+m6Ez9h5BlINgDoNteEOIn0EshqsYgnmld +rYDfPHIxPFdRWaEI718VX5OLUdOXrPuW1joXZX3wiWstOBhqeAcKLbxlDd6FKyRN +xOXnKYOUXTJ69+FnPvUDpvoSIyFwOBqzQj27FhFIKNwjgdqLWiGeWNa5lhRf/XF8 +saaVma+d4alTp5KDMa1FdysEjbmWSZ+2WAF0NIx73qq9gpoHxFxLJ9K0dsYIfMx7 +SlckNm7qyFXsplSVieEC+xrQoU6E2Qz+o0bI/XSnPBN2ZvYaCrcgqe3SXDVNGXVC +HWmv85z1IBGP/DtcE3upNZyAR+Ty5PH+QhdzSPk5bxAp4dwqax+MD/cH7wB4CQ3j +Qm0WkWw5n9NkGQ+j6q5SH/eJsk060+irhPNKsT3ZefENM0K3JrMMFOZea6vRiT5e -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 index 09530538d..0a7be9112 100644 --- a/tests/data_files/keyfile_4096.aes128 +++ b/tests/data_files/keyfile_4096.aes128 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,6B62153E2407E123D027E7EA4D1DF26E +DEK-Info: AES-128-CBC,04DD86A29AB89C3160EF3A295444C3C8 -Cp66825tjpbBQ5Qcq+y7kWlmn6qskut5oYCipmNnE+0qgSPAeIuaCAHf5U/N/IFg -zUn4EZnD03zkB0Bq1ei+8abHnyTSkMANDO0TcSnHMVeBr/TNTtwB6QjlwDv+zLUF -EEaFoKFcoxE52tjDqS1S9IGq+lv+p9hEIi5fNOLkxh+AMsabQqUklAg8rn5aN3Kn -gzCfNnX4nZJMf8JJWXOFn+kJCh2HD0NXmKhKj4Psxn8xftkUHlKJsjdUbCQhwD3x -lxj9CSYrePDehxsBIBDuanY8WoUOQ77Iv7Y3YBKlmvNDESeQLuRYRSpCSl5hIMlI -7/2yMkx+Pl1Ep7CM2FGC8qrdZb8x64G5GtxIWP8EHqAgV5jAbCwuViBf1xcZ1UMn -DMswwO3miy1ggWkBGJhazzKPrJ7dqEAwHLqxaNfNAjdTdihDd8DpRnrmwprFjIQX -KPwVuMit4h9Xcl8M1cKijtnjOBtfk/BVOkP9cGbU+kCl6TBl1NqhDecpAu1R6r68 -q0ROxGvDjABCwHfZA2TbHVGsn/aBqLwn6mauWX9c8Z4JmOLf7nir17FOe0PUJNGT -EdCTpErScYaJLYbz9mnK8L75S9hgt3gED5UG2hH1YJjKDf20KqxEWskiHdAj5Ael -0qX4rG7+sui/go5QAATS2YMiRco+M/Bq8nCURYvvOqUL9X8Q6/kgsGofSoR1CGE8 -HcS2ubr5jjCakmN82pYj1YOVWbvzyJ+/bc8qXOsdCRJJTB+IvimCf2dKKkc+um/g -pYWYtauJxAAc+gGlCAZa9NB6mz8/cDcj7p6mDZ89K4T2zgD3PbfLEnQoJFqbHvvA -mCJkQBkLkSxuMHWmylPdVkChZvpZN4grqeQNQMnatejp0lqFnv6ZehJmJm5LnKJj -vuuijQNfhv0Vdsr+FxbnV/MmpKctf8aes+2YE3u6k2TBzbhbFmvD9QzNGk1KgagY -s79CRyj8UhavfE88/LpdU0RkJbl3ffbstGDXkOx5UpHphasch53YWCyN+y7KUiEJ -tHU87mSbtyy0MAZr2RcZP4AKf1pdTRquO1o4S1PvExkKkdzCbTXD9Rcj34WbGirG -fgMf5uba690hBZdafIlJr0Ol40QBZbPSdk9zJwFWKpGwBZb9J6QkVR8fVH61+lpj -bWs5SoNKJ9t2Jw7WaX025WuKzORAwUYU3CLs/r6XptA5daN9VeILnFda1Aj+MKga -HLihqFYgrXOqgzdGuGpMKD0oKP5tu/KzkXqkdUr7xA9xchnx+gwmEYYMIH5Wl1TV -3sCLP0tbqlVXa3Uy3iLPf/rrL6nXY487Q2jS401F1JHuegOLtp03uDzkr4mTaw4K -78gbYUySkfFnKb11s8/ZtafZmKNKCeVRkmo+rglZ7CQ82atxIDy5uST5a1BgW2XT -1SRDNTCoopuP7iaX2ktuLARCVWk0BySWWfnDhKLBhdqxbPrarp0drAT59/IgUFyx -MFRUrploUmZ4TvMJ9QSeC1WEgEn70PDMAEZ8oaQu0DOX5CYA4QQVVlm5Si0Lys8R -Kky5YnzRG49yYnxqfmEkUPWVanIzcSLvqaXEcsNKSLLAvs5uhlLQNuTHOGkaERzx -Z1VQwKAPkLLtFRHnXMvEBlfuoLrGclC7MZukPrEC2QPz4IOgS5lIsmyKsVPcD9Jd -89B+4nAA/RlXik/m9bfKp2LVmzl5xQ9mbEN0sSZBXjrGh9cmwWY3SV0qPuUtjv1d -YSwQ9JI1AdwoyurbsgeGyIpP+o8lfEDUPJORcLeLjTCfJb113mz3b+S47ETZRhIj -eXxNebSwpSQyKejpOt8yKNLuyOel3bgxb3J7bFofOw42FwLd7T5PNRPt+kTlLthX -CbO3960CENB1aYd+TbSfMeHteuxI6uPyfiVGa5wpBh00zKl1zhNII7tLA1a9Pul1 -em8Jn4MHtH1oO1+Hw3gMn0HzfIWOTxi+IxmpHU8PLFkCV7UJYwdk2Wb4NmyXE3+c -fp5NDiQR9fnFWBW3rqZ4ubIr126bkdTSYqjCAUClszegqm6oY6SUjfQzuwJaZpLR -tDouKHiHLG76Qxz8codVcy3Jc8fClJPXyj8A5qMp7sCZVDiv7yramalFfF+wQCCi -H1nQk9mVd7BGbH3VU11PCkm4isilwlS7TJPGInCAi4PVI+HaEHBhKUrl2Z2at7UR -07GpPjV+6iLLio0FglaRzGBf/Q1Hps6rJ0Pe0jSp9CH7xKsaUG1MbiwgzSmu7IBt -to6gYlLbj+YRdgxoGJyrgPixxfNgxEkcNstGo8RbLZZpDL2T+4W64hlP6PcY4dpV -VJddVfKV08J+DBYOkFy5nFV6ay6d49uRbCyRT+KsqoH0rpMivJGbTBl33TAQDHko -oZdg5mlFiHg5SHLzPYGmH5FqPqAPZxHVc9JWHMbNQreKd6+UXDg+JSblTtWfgSy6 -O13/NoJ01DFy2WvrbSgrqThFAaRWkixQPpXLFCXCvFhGsw6ukla9mKc70oRp4zIb -h4/JBm1tW/MGbIDjGY/zcZeM1XEZLh2aGHiOeUNC/wbd57pFRr58Be7SUg9J4RAM -RJN/GkCDCUsOIyQzFDn0rCphN7gYsb6dZkCp6w3U/f6MTAETSkc/xn1K93WvV2iq -PbuUY/O7Dq6zavzhXhhEjPSST6x16JwaeVdXYjeIZptIoo9fFcxDVFGHcaOI+dPY -9QcQlL/uocYdZ9+bjBPnY2l8sObjr7JoizfKO54qECrgKZj3D8HRsDZHtmzIAFW7 -tK+FrP3c7FT8yUalaxgxoWEL3XtHynC1jawJzoaDNnrjr8Xq6UDK3Bsbd/6wGBaS -h3WInxkUMTxQ2l6ccGBYuYrk1d7bZgZgbw6qI43BhjGXo/AZr+Rg+HiCobIKjgpl -nwxxgt4BuoHU5+hOtXGTXa9r2IDYP0nzLt9pWKrlO4MvDRyijQVppGz4EuuO3QCJ -+Dt7wOO6B+VnncidbUMLtCtADXy2dYXP4UWwGbC8VzoQyiJg9VU63a/NwaOf167b -n8vFDcd8ErAQVm+wJzuFDymGBK8WkGGK98RB4/r4WtoUDbOJRx+ELu/dRzHtK4+x -rc8IUhgZnZlpFRDVCZZFkwQQdviVGkrGCprtzJo0owLl4BKIy28rTu4VUoBOmH8w +Ki+maRW6CfjCEUAf9gX8bbOj/x1wHiYmRAj3x0J3NewGLeE4Et/nTwrzB7TGxCuj +foKa76U0GQGZe/8Z5Vx6GYVs4ChxVxa6nYWrC589Hil5GS/ycXyeW3dD+TRSDEGO +sBROGmdh9+EooNu62ohi3ttvBcreIz+sENprX6o6x9+bJzxUPiccEBIUcJHA4noF +NilSaT99A+m5j8/yBg5UIcYKgIwcn2Fmzg9g9GbPDY7zM/EkmEJUo8FaYYScuciW +6dyTpswA8ixR7drSJASXCLXpHbO3cK3gZJ1yUCEq2Ymn0pZyomonaSdN8sURvt1V +DeZJzoW7zc44L63B2+XKRjNtv84EtHa6UOOq5Y/0MhRGiPRJPAe4SruSB/Zf5N24 +jrQasz0+UYSl6sIvonmQje4G+jxyQDpGI6IZNK1tHunpMmjognhGV2CROrGkX/U8 +n6fhpITz3KYVtSyVapeyX8uk1wNEFlBIf6UTtt3hSN3js2RI7WnQ8Qpn6FJ8DXy7 +fMjPGhO3Tmx3aR2hL1ulv1B19DMmBabMiow6TW1BFT3YQvHpO4A/hp9eK3wd44me +dKrj39oYoB/yuEIp+UZ7dJaQtz5ZFwJGrFmmyow4wRJ7a6Bdkq+moN5VdK6AL+y6 +TFQashQT1KSQgqdiXX9wCvFMLe7PIsCR7i/tIr18fzbV4ejYKtece1vMBajyg4cX +RCVKSYO9zGTuxsBQX+mTPT/Wv+CA6H6CLssasdHrfxiJFP7jYLbkDUYtxgBhIWU1 +s7SygJETP01b37YuRhGPPYs4nMhv3QH9T6P+nx82nOPE2V83mxGF/g6Ht96qCn95 +1l2aPGrpw6zAd7ZmbRWPcNaDsxgkeFkpeGGCULybcP5yupRVm/lEQ1+YZ6JWUw6y +Yi3JYUuPDSvzEIxqSCLK+M4lWsTvjG5XLhl3e0nbjf5PIEeQcpU5O0aWHGMJbVwF +fRrcaCzuws5xZrdeSMDEOVN2IZspX5OEYruePtvF3RLHIFONcwIE5RZailYmdC3l +6+T3elpIndnb2OmbQsCV7fMXcoEcDn6UeGHtP2gtyg3zUKu1gd8gAt3XJRSAC4iB +vguPWHU9s84I263KiB6PyqtKrlCsXJ1AG5HCuBCejiganE3UwLbhs7JNAjiMAzFD +yvnXz5h66IQyG11LkPFBZEedm/9LPyM7yJtILKRRYZKnHEhO5wOqaVkp+d3BJU+8 +kqjreiCLqoxnncFWLre87AWGrlr4dLHqGnixbUyaT1ep7L2wogRzGcfkY4n4ERxT +VCXw1KrhAOCZ5KBA38byKwvSJBZSNrAK488lnTpm6/zU37VwrhXmdbJx2dS3DtYu +54wk6RIkfYKXK3NNz9auG5WpucUarApvX/56B1nGMvO2zuJr4C9b3IXFGl68jl9H +x1D27Rb4V/dMYW6XIhJ2DCZcWuHu1DkaugBW4kmRgbfyFk0JKpB1rQMXKsIPaAVs +uV02aOD+tCZ5Kd/l/cXISpaDIFXHO99hAv5euQck30hczI3y7LdUj4u945RxEgC1 +dA/VzSsQ88hbDavULg4t2Kk+jwdqm7aojbFTgjr3K7wJvocyJxDzgCrW6yZCZksY +C3z1hjzZldeFORDrgxptpeHfuwYHK9FFfDL1ItySWmETJK8YFo7rP3f1HvS31QbW +vFgseAteA9kn/EAskSR7tulrj2FAyF4CzXHAW1VsBbzmIMPx+HLuFON4TwVBibfC +udwwu4XNtK3yNqz7uPUHbUxYZ3E2CbJfBs698YauieNPZNboKLl3N2ITmpxlAcLN +2wNfh1v6UODeqepRXsn0NmYY4RZm7/90mnfcoe4zJ8+rRdCbNWLrXthra6ouqGsa +7qKH9xcsxp+y75/2S5sJ14TnXFFD72A5AdowSMH3poYSRgQT+SiBpTIOhl4/Lsz/ +jTHieMNE5htL3l+wjtkq+cGsZsDpV1GQhgB/0U0ps27jH+Q49KxB4TT71XLZJ/lj +gsDk9aVktLI/fZVzgzHWTXLXXPwbyKcKd6idJyOlekbddK7ESd4z0FXLNOVgkZr1 +JPFL6I5K3Cnx5TPt80shUH4noNHu1U/LdrAlwJ58CRZm0AQ5H+an1nhgis5lAOSp +iW4XQZ5SQgiCDNWSBer5qyXdJxA1j6BFNN3d8bm6OWCxTz3fYw6sqNe/gWtpnyi5 +WpUeNrkxIHiZSNyjfLjjJ19+Pxqrliz7vYVKw3YQ8u1R+8H6hDThB2d6yUOFc2Vh +XD3kl79zWYBUJRLOoi3mev3zTj4NK0NCXYQnM18+CmZcQPVPpyjC5dnukGjqJWdq +CBMt4gPhd+6oQXJJ7T4xkEo0g7N7x+Ha0dhPP5tyoX6aglAWLGbk4ZpT+87km4TB +4revhoSNcIWWwDqj34Mgh+9cH22fTLWqhmCNrUl0rTMgnZSQO8Z4gGSDRQxHFyzT +p0+vXucoTQ7Jci6VCqLUCfTLdNyTRgUubEBU/cTWgKZU0rutq3AB1G6++dEFZTtH +Ul04D+T/+G6Cc6R5s+Y1UzLVVpWtpwmxlnoyLXH1H3ROeyfJyMrweLGMxIL8VWKs +FM03tnwQFt60m0oL6qxFPbtu9NnGcLqc0uuQdif4IW9FMDp7aIIrABfX/YZQ7F83 +HySehJ7aJYKAyDhbOj3l3p3Er+DytaTH4kuV+6D6c2gMoE2aVqnSy6in3ky4xN8i +K+3BBuKuRRda8Z5EQWTEyiWj+2fglLehhVP3DTMDHw0pOf/jieTdXD1eHJmMeLYw +w8jLNcFGGhK2if/eBLKWBfJBc/Ernwbi/e99PN40TtxsBDYuInnP/SmWQCfys+1Y +mCtb9IIMiqReKwl0L97Mune6hImw2/LyJvqIpZR2veN1DK7vvdIBGU/KHhkUTjZJ +30Xdw64MBcM/s95qwzYn2qrmOZz7+si428Hxx5uXfkM9ylwFyvgwTqo0/xmh8Av0 +wmQYWJbP+bMSyXuHm1GVmSFfJo4aCA31JTEV2Azhap5+EAxQkWQcIY2sFRHqG6uX +xx3/2EMmtHpOPlbw3A3Pgvs1z0P0un7mxxTLBggfsnWeyWmB2sPquzk/37bXys39 +0S9AeBocaPsStJ5sPCUWGuQHAe/bhI6AwerxEKLGo/cBOo7G8+km8VK+WMx44QXr -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 index 203d57a65..f57762f26 100644 --- a/tests/data_files/keyfile_4096.aes192 +++ b/tests/data_files/keyfile_4096.aes192 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,8AD7089E60B2EF8FE869EC60E0F3B161 +DEK-Info: AES-192-CBC,FD96F730C10A4F9DC895B3C06D91C5A2 -F0RA2bY0ofjsvKaTHKhWzLvrDBPB/mZY7R5bfOU9Mk/OKtFxWo09uzQgTLsbG5Z3 -7esNgfAmB0Awm5np3OAfxb9dqprhSOoSSzBzd2TPy9AE3U6NwNPmv2DC+r312+M/ -QwGStdM4k8qAoi5c+GF6S8gqwZzTxInFd6AnoTvUJOZEmctMgGXz4xpW9ys7W2rR -ThumSKL6++oXPFjOsvBbVzMxscRIS/yEWnZvkxyzGpoN6+ewcXQYwbmIZpn2yYCm -M6liobqp5QweJZVANYPHWa6i+Xa8BsYAy311BQ8kVLiitoH8ok2tyrX4zkFqtX/J -MND3G17tOs2sDEtVfJHzxDau0G1zsbL6iQuwSg8fBDmk797iiT+7YYI7M5QhfmSd -oqrRoje8knwCbBZWfDb0mdHv0D1Z4dNqVcoO+YbndUf6mKLDvOCcnSZivSB2tcFZ -K4BoJJa6vGeWhIZ5i98WIfa/G1k7TNDEl/WJIcegTJMkT1YIeOtzodgnihKhAhUS -wyKmpmTvUNvaro5jFXJ1IYTpveyi6TpT2SM9/W/qJ07ih1ZqWynD7A4cEf1Q080v -hRxccwsVNkzQfA3DBigvrwmcm5xxNx4A/YrcqWbHIaudvQpsinTQTnE8A9c4SWti -SzfTLxkgxio8DADk+gTmh/kFx7AEaK0Wjyx3irLki+BmqcwzY0lYa9JECUktw9+F -jmakvBLHylkuFmnQzYhG2Km1+o83YkPpa7tXxQbuhw1YdLN0+PZRhZVz17FxZlv3 -824STsOCs4hhnOD4bqFaVgnj35SRa22K6BjkdSGHV2ZndLmKNbABg+qQmttS+rPV -WbgroCF54qM4ZciMlLBxlvIxJI8pIXkTwSRdBqMUFN/QNGFzWNFyYyIXKTz+T8ns -8LWy/Udvx6WQMAWHHEhzp+GbBOWnY2a+C0gENq80HK6n7d0tKWzRYy0dhUpki50A -yu1G2HvpDUboZQtlzBwXi9PXUZH7T9UPrymYchJrdW22Wz8oN4hyp6KQdrVSJ8YA -QpURkWaJfnWAdp+cQrRKl1x5mpDGShcRg6+hbpd7NGks1vNIFALb6/lTWmYQCZiR -ZjtGHubdUJIVqQovfJXL1fpOheR5k/N4UsqCc9Aal7cbcpIqGuWdDNL4caeI1SF0 -u3oYwK/58CBZQI09e+nQT4UHZb1+L9jr2EAgN45PU2XZ//Mz/+1/5MEZvMP0/lGq -ppUqwRRhBnDaueOrXmoh4XGTSYia3wsd8Zr5ElgvuYBjiUe49MwixI1UA8mmx6WG -JdgD3DE6W4soft3NuGYhQi3JzqlrqCux0KakYYORdrrdwXLszJf3euG1oqpmYhho -fIwH95eRygWBh+/kgN5CcVx50d0WZB4lteSEHQj8CZdlkEHwBGStVo7FtKRHQ2Uq -6eLB6VjxbpX2GxaS422xs/xGOoY7rnblB/9CKjdHYJ7xt/HPgOpkJxQv/6gcQqO/ -lIwxEj91hS7Hye+HCjGgK0XMG9so3ijT4UwLUvlVuePgdu3nwlAdVEXXBpRodsPA -fyZyYQbU4Rl0SVfwiZAZQ64rSvgjbHzb6vcu/hIzsSyuFLSk9CwFdPFqsLR+WRTH -JniyFGR/x4MM5OqStUbbNyFTIJgSN5KKgQ4Xd3BcK97hDX8cPhyaNxQ9y8HQSjqz -qfnq4t7VoNCIPqBdQ1en40Q76nYtq/9+1ENXZEJAgoiyZfKZm2Zw8HPYqLluhzzr -D7H+fmBAwngY8be1J3nphNM/m/oSzU3qbiKun2vORCkCPIrg5Hp9JQ1Ns4bQLVKn -7mAjgHCaB9kVzpNVokoMX8xlj5aaslke6y1NyA0T5RPb6oaD+KGmvQP6kZ2kP9z+ -uuKLwBkUFKlo+sqm4bV5DPg6bOJ8+xwd/yDv4NbY8qNWxKFXHmsgDjZZ/tOh/BP6 -RWXjFdSYD/R64wiXkJEylpBlEMvgCVPjm/+nHuNaLW0gV610kSd/jZhYkjzEYICH -O4qOTs014X53NjvnHBFwCoQSKmL0GqKIXnvJbpn6aOnN6UMsFxAbZyjytM/1C3w1 -lXbqTRI+dgA5Q5uxAa0QpA2HL2CqHuYfpLOsbT7dd+5wpaqffcUF3YyFyl4eCh5z -70CpqR3DOn47FbapjWGCbkYtIuLBo0TqlHWnX9k1XBsYdNSli7llyeAiY3w2k3Ho -HlXjaY1tuUjdmuJzB0MZ1G0ZUoW5mM9sVx1euab++rxDAMwR+qiOji+k3U6Qz2pM -d3waK8bSAmweFdfRZpeXh10ai4WVEJai30BXoiVEmnMTVTUp7pIjGX+q+x45wW1w -uoFPcjaTKLlNYNyBhPYOFtSymxJlHLvKnHaCp/DTCHHB/4knrX9We3mnSN2L6JuY -LNjbhtLFl646jYUsXanpLJHMQtgA30W4ddDMG8fUxKa4VcskrewBxbXb6+zS/Mql -EhYsdcTirrC4M7cknFI83z3wenvLdwSJicl4KRaCrJo33ayOCvU4qO9Whr2m3GZo -lxf6pcD082DhN+vw7oCQ9KvTEMDP1Hb+7Or1yD7aQrY2ZLv4kNicVMwAaaDHsuHj -fk9n05irX/1+fph2foJ5JJHP3Noh7rAIGH4qSIQY/w6MJ2IygEeS+JJt9z5q5GTI -VbwZ7XlFNZO83hG8XqcdXlOIl03utxhXYXu5bWqdWOfPdNyHDaF091jexC9ZfMGP -jc/Wv0Ig6lIGAgBhhBYIXV6E3i//+T3MJgvVIXgV6YmvZwOSWUw03JrHX4Fx6v0z -dP+LFD/xlwwBWgj9UN61Okzup0u5TE9vMy0P9mOkxlPzyo1bDnzqZYH+Eth7ZpF4 -04rodTycoTF63sFeX2LDzAgbtD1VdbLY9P9SlEEN3S3ZvjQOVnChaUXi4dU8riUj -GIw7VjIzlPdlq8WPvqueYVZK/t1OitNUHo6qUscFm2HMstR6dtpC2B/3wzr/3ECs -ChNTAcBibelDLRSFVgVTmHQK5e7cRVNK/uesIU75aICbNXjTMdLLZz1uOrHhpQUY -CcQOmOhM5Vc9I3EbglbQzVJkOACXV9w2Ak0EEXyFEiXmIuVRnSaiG13PqvpZWrdU -LVqnzUcsICEDZWQNbYVz3D9lV6Ox/hTsMv0lKDfrTepI2AXeTJ68uy4os/RG080c +QDAO7lDXzLmdM6VPdNkh6tQpnIACwT0f8rLd2RW7HlJEjdyd0e6Eamqxaluxc0wc +zWP/uchPuvWvJ+OAZjX/+Bj+SKWnnbG5kiK0NnavDFU5BhdlCwOE0RxMpAXQtf1o +5YNxSlY0u+k970/KQq1QJGR2osEdy7yA1GaXN3DNsDFOODFniATl0jctIDEg9lAN +fBCKJmI4xy2u//3FXN9FF6QkN9+Cryec0HtkwMVoEFv8If+AIGVKqjJLtQnuAq8q +VKiswT/Lc809zO6xf2wZr7KXzAbm9w8nYBBm3NaViNuBQZH9NMxw1Wss32SI1co8 +BHu7XZlBNCumjvJPewgdwkd8pggMJGw3r8oADPSKd7VmfxG3FwUpXL/JmJFs0DOO +A8aJE0yJrYHVPIJOMBgJM5ZC7iNHNyzSa09jzt7gctUV0zBW5xUVqU0ldiZvt00h +XCtIaz5wZdxt1S0hnqi13Z71rrJuzJg9/lpB4rGlhKqNiWNlvgdpw32FBpicowxo +LLd8Ly6nECj1wAL7TrEeS1j2J4wT+/PSQFGCJoxKQZWMfrqDFLGXaPiZJNiEtJxU +ISJGUV47WqUEmwUCZVE86zj5JUVaSrdcbcc6FPlkIIced9otJJFzeG0Ypg/J8f5f +Myr2bHHkDfIwigGurY7WK4vnWuj3tf5V6lVYrMaetPW9UZbxQOV7v1/vZiiYQj4a +FfLGKvlas03/IA8q+Egqi8I2wPXTl2Rtzv2bj91tsnxZ5Svm2+8UXiMKE9pKfP+C +twpNUr8LFBPvSUnMf7tWNo63pUiqfW81y846HtkWo6idwflkRc+jHRU9l64Nrq8i +YrkN+CPypW7IJhagzvniBXe//wfU3Cc4X7oNE5Ml6zbnVc6UTf8Ab1HiOnJ3xVF0 +xZsN40UE7s0+i4BgqcTAmNZUUzcNj8LEfGs7TwlhzpTZSGp9CfX9j73I1nqekJm4 +J5ENS0QlSh/UMGcE0vpqdfSWrgdIvVw5ArA9DSBg2yoR2twnUuH+D64SawGyPRqU ++pk3ZUAKBRadnreUH1wNS1p8WdBRCJDg2gE4ZcKGi7qBGtt+jZfj712FFgm60WyQ +kAZe3rsAeJuAmJVkFDmaBR2mA7Fdkzg5idlavjuTmV4nHKcBltNbOMKlrzgRkca6 +GmzR9ICeiHWp1Jr3bjqWejvb0qrEsBAkMHTmBKp9SNDeoiFahKwBzxk4NSNJPG+D +XlXIZF6gTfgwTWf7KbvAfonSqAHtdBiZSDOSbloSVyBmTseF8SQHL1eVvWAfBQaG +qwFdhjHKRQdJZbj7hrfUL57GVivuR4xOkPFopsRJOVi79jhTstnVbXbwrQBP79Gv +/ABHXlEz5ZmRTeCjCCXGXY91JZGCSksDSPVb++J2Ox4B1pfT69G0exdHYM2kKO6i +jtrmcM2t/o3+4NH9GapBcHRYPA/SFu4sVLvnuWi+xrKJCUjxfsStyEIMoYPJVeld +hv4Ra3uYqzw+bcVTfZ79cUDHqXwt28xkro82VPesCZhE/YpPYP3gxiKRV37EGedf +iczeQgWD3+90LhHsynOmR/i3J582/koEbjCBM4lKwBYjsRpYzM1NHiJ39BAx4CKx +0JRHbW/OfClnvG/6cg9RVm5hHV9JQCWgkzHGAQw09zP1PaVIS71nlPJhHzEBl2zw +yWFTksRP9Bhuh5BSItZLeZu79m6l5Dx3OYP9H5Dkyz7p8TLYoC7cg5UqIpWBgaM5 +ZSJA+TMwHQlijS/FthvR4yxAVvoK4vwmbsdkkorWpZxV/oQyjyVAl4onRiaDOR7N +/c4VG5iW7qoRukNOkHriFhPiWcF5cTLJDWYiLnxvOGY4qT5QZmQ2gc/QdKD5V5vR +34rV2m/iEmKc+a7SN5n3FsQ9Sst779Dyc+Tbne6YmaWqwWsJfQmUnhxU0RerKoIN +XMtFTx2M0NP26Atz3bYC65trqoqgTx7vnnnh9BxACggCcJYNrk7pCqr/ucitTQl+ +fzPmuKV8fIKd7RggwUnhjzZxYasEBIqusS3g8GYK6pfeMWViWOsh5k3w7/M3ewGF +KxtQ39cn7HlsuCamL0UchKjE/iV3W9Tm2s7TSNiDPDGYYfyQIcohqN4OtNBoOMwA +fuxSecUpLP8W02f9k2l8OQP0wXivP0BT58eLPT4edwdKFC6R0rihkDIUdHXmZJ87 +PgQxPyse4WnL8pEiQ6dfjwYzRKtZaJDpjxNYJYIdqW9Cc4K6WHsgVKPnS/I2S+Md +T99RyjWgMCJ/qwY8JhyMENYrla1m+utW9Hxhi4P59y8QKX/SPj4gdLZftF7hjkoW +CoPp5K7oWKNdxGOOzM57e2ssBUgot4jHGurcMSaIpqW5J1qsodlbJ87Yajd6MTuO +fAT/KXir2m0q1sIiLtPT3o6App+LPmbu8lOpHNFezhUI5YbznexDfaStY3hb0jyf +Vp1aUM1YrGbxNU1bL2wwYH90GD/2yjFK+BlitQpQwkhL2nOuCuzlvxq7cSOkvt3D +AnrP31zytlVMQbrjyufa3CG3mH7skYwssWSwbv1WfY45LdSWoT8msgLhb1jPVswa ++kICBKFzX3k8+NmdwEgEJT/8gUG90jlcmQO8+r3L9F9cjvUD4NHFHyLswK8CHYKi +auZaHf4eU/Il9I26pOba7TyvkFY7m/BtvyytP+uHG44X1jUSZuqf9FT2+PCiFqi2 +L6cKQ7MIi3A88BPoHVJrrmEr1AbeYWdZB5ydBq4fZYPtD1zgxmSGAPzWfRj5l6wa +3DzFFaRBPaq0z0fclCGED43qo4tDGZJLcnAnlZEfJckwITeyis06mwWZmBelokP2 +9eB7Z5ho36y1nKCuHw9i2DrSGMqi4WjG0/TsdfkXuOMZHDwYm9Rf6QTiAdlSvcR7 +GDrHbx2HPetA353OQ4QM4fgJ9GmaWt5SC4UtVs9IszvP774d94OWGSz35keHhDKk +JD6P4DcLwQxJbMrCH4U5UqtoZYaKumjpap4AxuDbt2daXHDa6ylJtplOiAHA3FGj +UXzBw53fX9WQ3E9cuaKJVVs8JPvNEQG74om5ykxkZcJOvF3IwuRCMcWWkC7BsTNl +yDIZ3HrQgq85243A9Y4N5IF1m00zNrZJEaNTqoM8wfeYgHBCYRz7rtCGpAmJDzZ+ -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 index 062986035..2659f17ed 100644 --- a/tests/data_files/keyfile_4096.aes256 +++ b/tests/data_files/keyfile_4096.aes256 @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,B3D9724EA29BBCF46A5040D3B872750B +DEK-Info: AES-256-CBC,57D8E4C458F2FF1E5EED4FE0E81F987B -DgCxMRNHyW13QuP0pGqEhke/+HP0/3HEKVZ0DLRAKhVYpKF1sHrPYD02dI6+6916 -b4Ny+LG0qEY7Lsv0NOAZq9alCMqKntUuXvRM5FeBDl4o0WKbR9y5i4c2LCutHIjx -AtYAP9gkvwfPolz8sM6GdWO2DLZLp3W/pQOrDKXdtU1wD9xcv/V0yfakSWMw2VPc -o8Lv1VkukXeP0aV5ZauaMYg6ZRebVIXtryt5BdXeR4IpZx/nbwrajalhcswYxGv6 -J+p2R67kbxED6XseD5darr9zZHV6I+m9vesetvnxFWYLR/j5nmGzuSi+8EAieuuC -vl+YaehTumHRsWWqQmr+4DBTh9dI5gxkP589Esy3Gim95oV/YxvTpWNOLEkbxTPr -Rq1tythoitFQ8sSNtpH9x56wC6mtOj4NOxyPIOb0+keYmzGFuLOhT6/TtJjMLYKj -1P+74kaYBAhlI7CVbnXiwyNR8nZxvaonXuixJvfJnERK6OyhfUoU7HaUjBrVCv3S -hEE4CqIkdlYjBl4UOcehKd8fPf79OSmFk58bUYZ1Bv2rf8SbLB0WUovnfL9Kdiat -uSW10c/ImG1y8NEF0uG6el71KpZX/fwZn+Ek7NJdc+fQxAfJniWIdAxalv5C1FBj -J6Rx1VWfSOUH+qbUkI3lkPmqAKK9SuIbh6B5tf43XYlWijeJUbMkH5CRHaS944Cj -2rcW23oWNmltKtXbfmjSRZiCN+nhQeRFEUuiUSMB5Qv3k0hPNLwVphSpDUFvclLc -UIzuDJCdYViTTgAGzVsM1Ob1zjBmtGc/gHZMOCHqXPZr7TFBhicXhAXzF40TX4ml -qBc3/Qn/2pM3yKM7+W8GgSN/kyU7E1R1bL2QhiXIXdhB0La9yhZKB702z7zVXa8k -QxJxiaS56cskCkIzb+/iW8JK2BW7A2q4gj45FDV7ITGsFT3rT0qF2pvxjfzClwwH -czxv/M25q3syT+P2H0b0EyJznkU5kpqBwL3dxLejybTQWMxEDElCF7YZS4LhRg7N -8sfIW8k13ko6/Jmkyb9zzsKTfoRMi2rAJQPaFbAqLHDiQJmo1HB4Wr3iYvHVnazl -WADVY1eSB6nMbGwZxNZDRU6Ul96nW5CoRUJCq2Y7ctN7wjomqKGZhhsp2fx1a2hQ -vrsYooqCM1EEVp+F2y9mJsuCl43EFPV7YJlGHbPUNF2s2hpBi0sWwWIWLMSnflh4 -eB+Jopij9C4plAPVF5LdcWxzDaZU//URaGoWeCPbAzLdKCXezVEGaQgm8PIcmLZU -XL09+4kIhptqw8GCjbjwArrceRhXrTuDsajv+uTfEthK5j7V963tWYF4DLYOtt9o -ecqQuCrVeeusnI7iSpiIwod1mYxNb7UoXui7yb9QcJemlBr/Ez3BfyAy9yQSXjGW -cM9ArsTG+n+IsPxNROQ/W2V7HJKfmVRjBcBgJnfl8sj3jxosLGxFtfnP8slzVAVi -KHaYSOOjR7KSiW91/7yvTMxXRuVGtARYalN+HrMssszpFFSCS1ubgYO+dKWmKGLl -VtgPiAwj7jghGvYUBg1EXoihi5j1HYIU5mPBEIuT9YVokHgg5eT+Wm5BG5SkVNIt -2Y8Z0zWXgnO0iDIHyxCNAajQXbQnBnx01QY3/PVowksQG/KhSFa/PLiGgxwNC+z0 -bTZiEbtHBe5O7kfoIvazYmuSOgyCfPkukEszxAivwcmZ7uIWwHlC74oXILvzJVuH -lvLXBEtnsfDEwjEnMevssUhnFgJ8hihwODF71L+2VBwjDqRkndjAVYBhON34Vg/R -0LGhtUSYMFfOfk0yrltNxD5iaMMIeds1Jktkn6Xz70rFy0Ykt59iTjrza6bDhGgY -h4ZSG9jO4Xknb/meoOacYb/3xX1pA9JQbb3G/R7haC5l9wmtMGFy2G3NPqtAtwKZ -2gDBrqu9MOp7a2Mxm3brQXE/rhlJB0AjyyioyOsGZKV/okY8bhGyGhx/1bgrDcob -LCP6XykjvFGOAU2RWAYkbvl4CKW9Bo1x1XrF9+QpPAXUg4lCLW6Fwoom3QVo/oIr -sZstrV4d7ajfbU8KeKz3+sG6O5xO49NXNtptYml7zMUFXsVsFbnVwLOqcTbtg68A -ICLYa0iFRTSgidqd7coY3yee5xwf8LkPGVnoUrtog6GWE4lLLamKF3+mPrtB+KAH -BWy42+yLrV07IDLVcAQdSNhKT1ppXxIE+ZnWQgPu3GJOmWxiRbygD9N7HbiaByDA -QAFVtsPdqQX05LVGoWE/EZsOQbxoXm8WQ2GxTUZQyMWFTOmRuxKa3tIwQOCPlQlX -xOdGIof2a7aAXIUAl91f+64uU09WXxt9UgPgV3WYLrsV0xHPLqMISYGkOJ13CpJi -TalaKQpm03W7nymKPST7QV5c21xZ1Q5DW5r/zOBF0+WbMJaHrqoZANvg2dzKUKWx -lbmCmclpWnTXl5LhIupCW8S2ft0Gpcypzj91du4LJoyTGi6mpqtGT/ZyrB3TpjYp -MtreLfl5R91IKBj7rW7/qUNRfBAsbhic6L/JXLNDIpqWBlk6vyU/dOwnt8GNa/xV -SELIaZZyofmRabnMISWPj48LoqqVUpWO+LhHDtqOo4f9Kp7cRfMJ1cVzMAL2fg18 -dQ7Gu4Kfv/CSQvl7YUZEMGFAAI264Nn8vnbhzsv+a5RDB4MYZQwCHUIIAczx+iEg -7PX/83vn/oZO/bmtJ+g2KDp1oBg3fab/rBOGsFucF3Pe+kBTZy23PpL1oX6xxqA3 -D0gN79PTLiOSV432aIIuCIm0LexCxAUW3c9CES9faNA2W0uyprVDPF+ML4sx8b1z -GRdVnsUcdJQzfG+JqJKeNb6lVVjOJIaG2/jtBvAzL3d0sNX2oSPJk0ruITRCsPfx -ZrPwjhZIZA/CjQ5PhzmLeL7P0Ker9E8HGI6UUdX5/Gh4DsfCwRfqP4hsc0TkjBum -bwFa5y9Bag/sTNzEOHVjWm5A1YhYGK8zl+NB109HYmAh5pryqWLwckREIB2uL7Bl -c8n8Z3wGeaC6Y6KEnrZlAdQyoTeBG2qQtW8iS4T17VF0JbCm8Crp9CbpkodksXZ2 -WyV//WE3Qgur3e+EYmZLyR3FwPym/zGTChoPFdsR+g8nDEJDSxJtmM/e0xMcJIJN +3thXhfEmF8+g8k4jTlpQ/xPGCBqofqx3PIYwUT/I8vKen90oF01fRyc1kJhTH0Es +NtzvSHFobm2THHZis1W9zmHIOupkTNpGgaMtiZPcgPIAOFiDH+jP9JRA30MhDs5b +qAgZzZ7sZy/pqVRD+Zf1AYEtmOi9toD+DFrDMffQ3tf6/DTMqAXR4S013c19i+hT +lDwr5pgeWYvtojoQh3uA60OtCmqWdR1h5Khkc/FfTK1TOLKNf7TPfQRSDlPjlBg1 +2vcMkhn/ETdB0a/poKAynRW8ZLJHXcWuIEYDXMhBEfDD/JhLqNAbpQ6V38X9UJmC +vOrsmAiXKtzY4Uw9DEBGOp8OgpickVybmpLDHWpJZzJ4BPoSQuhSqhfXT8c1xJDT +19l0+ysR6h+fy+fiiYoHz99M1SuW7Du99fDkzXzPtGR8HRoeGY09OMPd7AzvFp09 +5BBKXNXEmNeeqOiQcVgdWVhZx/9AhT41pNScWg2vJ4jrdAIFEy05tYU9H/e6138B +2VZVXy+cj7bRQiVXWy3T9ax3gC0Su/5sJbdfJBtC7kqx2FVhCcty4r9PhO5HlYNC +6T36JKoSsCz+ggmWntyxyi46iAxkdERzpFRnVHeDvT/dvUYQ6FOQs+LoYavPRAqE +/OTU3rzbzL0bMQtk9ovd6zgOHTUDrBOx2c1ahkaoefvF+7WhwluQ1L68bgYZITp/ +d3Cd3TEdL8cT+jhu7MaAvlp99IurByrtjAnZnLJ23AqGty/4o3bAfiCOSQZTjxif +K9+fCR+RjStAGuz0GtAjFXKsYp0L+nyL7ZIuqJCnRT1a+sqkX0xpf+jubQTnJE9t +lESqcDHFHcM11r9I4ktNM2HZHzGSjtBsuDEKwIo6NplAc1OU0UJ+Hytco826cZuO +ta0/9WmTAtE7xSY7kutK8MU1jpE3QA0xKS6gGyLeYY8vu1dMVU9rk0DHv6ZPfUQ1 +BB4lPHvSNflm+KjrOIAzY2b3ETKskJJtrBQ9Y/FPoMp3znIuas6MZupKNTbUXMzy +HUyoWL25kSt4F7TY8/PHlVWwdSXN9L+ql0or8WMa/QKUqGytENsYNh9Jl26ZFThW +uz0sWmAbZL4E9Vxz84W7Mzc3U1fMRmMwcSxixwxvENfapxVvbC31yrCTuK3D3mML +XXQSPELUqiHTvjO2m2ya78pE1roXCGCElEyZ/YF4MWSb08ovD7SgMI8vvGq8mrGz +sQgAG1yQnGI4NgLQKpoqYoHpTVXhjXpd61RLxgNbGiJdaV8yWp/WAtwiM7V4+BQD +KhboOnjyVcp79MiACv9QD0uuqI4PYmQJa1Y3swsiGPDRxxYYbzE40oPeUwC8ihYZ +yItNScHYEn49iF0jPYm1BtxH8IPGMk0o2w6s7Fz3MQAdvgrHrudFIPYh7wn7cRfJ +Wgha1pDmc72qorPOpzzSQwCAnAd9CrfYs69+V3DBA41X/GscziduUFfIe2AkNOjW +I296Zc+uJJ6Y2RdsZCUSLRjqbKqu5RQZa839uPfsUT0vmRI42k6qndFHMEbDzZy1 +2fntlBtggN2QO0khyoU5CiWKxhCS0vkXdcYqfyrk84xefWEWJItmLgIiJgbCsl5u +Tejsj6V6oJUWbQyZEnjFsKrDsobwQBO9x848COUseTb4cBP6jkyh5xItyxfxm9e7 +Gx4h0yfgZSBsVynofZMvMecZezQynjDOTm0FKUOiQglG4Z/R/ozbsfoiHVOzovH3 +cX+XT74TGjqBIoMYvShXpA8SVA/YvGL5HIPw9Gdh7FD70R+92Z2J1PHAiAPLLS5V +0X8dGPWSb27EGd6iDqZ3REN8fqWw00Wrss5cXTdLIW8eLRVTdTJb7Pu23yEnp4Er +sR3erVaThvaDG8S9dI8jr91zmHRT/BPXB8kbSRwDu35rskrCiWZG8koa4DiS9Ik6 +ssKA13CuW7gx/KNq7ambCryRf/X8ACspggtDUn9fCcF3yFrWkoGlGN2zrnhZOhtD +U6Y8HQf4PP2H1Gai8PoMe/NUK+/iOEHHZgv5UTXRTU1MM9sNPiFKv37zgmMOnSng +EXpUTs+R0WYi5/Zqa/gFzb00yDYf/FRrdMdVntSg2iQoEXOBwYj8mm3R8m6TjX8i +o9dFBVSQmBVTYrAHeNtubl+KDfWLyCSVr8nDXEg3TzUpIAEfaXJaIOjkMRdRJL8x +FPkKAe18iWf5g3AjRFdUWiF6K2h8/h8WFKN7GZc9P0m4eyR+k4ym43+Px9HOnzNJ +hVeIiW7GQ+KfsbIfC88kEwvzt4+AKXil1dzzADIi/tH+APXuugSgrE2k3d6ZtnkR +4fO20OaIDEENUaE63mtctB1wTCBmDZtjBffIKbXinpO92+GFsU45jHKhQpquaxMT +Ipy9Enev8oEn+iCxksZMvkYltN4dJ2FajoKTPjLHR7Kqn3NS9BqrXpguLovlB2Pk +MZpZ2QnLdA134kMsu2wApJQkr2jAjDujfp2bGddEhaLJY+opCto6KZ/qd/OSCbfv +Nw33F3JE1ZWnU4eeR7tcvo8J3y2Gnb7IIJK71Hyc+94IC9SrerewhC4Yiy0Hzfw6 +XG0iJD15eILOLt8sqMJujAkhSxHTOq+/0DVrVT0KD848VZ+Nu+lTSHp2/PiRz1Fy +WAOzz8FdrK+4BiLyvXet+APd5af8gOvb3PkWeMlh5PGsG2JS75BwiwNcwodbgPvR +LSzS0uB8SGgQhb3OU0uJGHna7GSlFYalk8QDiYec6iFcJ9OGpcCtplyyJaRYczsL +5ZKDi1830GzBS7X54v6GvTvUr83Z7FpW81hDXFy4hSbON4Vk9///9D9NjH0r4VE4 +2riSBlrVSY+vuBhmbsGnbMDRNB1tWWNDVVRJQPaZdanXc7m5Gdf9cjTxQrOvyMyz +jdLYLlSFVCo41C2JclmrcQWSu+5eBa27v6oKbOYqazASBtvlsPJZW9tngNJGvwq/ +Jq5U2v2XAzxulJd8hihb7uCLEf2rHQT70RPV7125JhI/6y0nEGqJX4WpuqTdAbx0 +VLwTgzvI8OVWFbGCPFWnMsJsFNFPYqlDRxy1idqfy0T6gk7vwtmcfLtTVQxptyoS +MF1RIXifjmMNBrWLmka3wUeJMSlB1i+MafihGQdwapQbZRh8Zx1P1+eH1sQo9C0p -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des index 59d67719f..fe98803d8 100644 --- a/tests/data_files/keyfile_4096.des +++ b/tests/data_files/keyfile_4096.des @@ -1,54 +1,54 @@ -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,2E1F86610218C7B3 +DEK-Info: DES-CBC,D6688446CC64F13B -+MJCE88fZkQQVdfI30MO09vUhc7VYoC5g0/idfl9dpNVV2mqy/M2lmH1NeTiGB3V -DY6zf05uSMj+IQBduchbmhlbRmDH41di917QJaysH0D/GbG57tHJW+Qet9dD4FPv -YuTnYvy1nyceFJ8n23kuVQoRIBKKRc9GOe06BEpUQGd/dPEuCyy/Am7jK4IZBWup -QcurBNyzsCqSiIYobIrymnUb62yS0eWabcD5L1ATxc90jL23HTivUfXHHD6D5ENO -n/ARuBvasopR7ZQPExokOjTD7e9mHJ5vnfK5JHd4VYLAs+IEYfTfMhOPheEIHas7 -ODOBtn4cLuNupP0m3BNKHbTg8t3iEu6/in0BcHkPyVCeDX/19Ga2T8inDAT7wC/U -OdYo71PTmRLrb9Ak8msGgsR1mzziBcz7ZNjQCoU+MuNJ82zFMQuw7A/TB7zRFoyR -qyP55Gu8yTM8K13wBvnvH7o9ttJNB3lwqo88po5foN8Tu8Q4T8M+2CEmxgYhZS7d -8LY1B3xmtpyyfuXXI/ten4s/aZ6vO1hnTCFq5sgwHH69JnvYxMAqPmEj1s6K6x/0 -OFzL0RPRXFPAKoJgd8gtSj7PEZ0MmrQxkmVFRU6EdO9waRxNDTN9aCqrTratrSJp -jUHLb72Xw98XEoVmTKWRTEodB4zuV+OjlGu6op7GhqroQPSQmwkVKg3wXIRJhDHg -61yj8m6Ph8qDUOn6WqixbBmyshyETIO4dDP7k2dsaRnduLtkicbeFIU8Q5sfkiVg -mDB67gGKJMGWNWthtwjVLtgE1y7Cpgj+tEWwZQkgnPKi9lT9dJodgysXMLIgaDS1 -XUUk0Ynt29jqAAvOUoikpQzf8DZqmYDpkhKnf8M2ATxsybrNnnb7/2W2kQe9wNsP -fq/z0iK/LM6sf+7y5sIifYlP80XRHJ/3K9T7sDZkK03xp0ok2+dZxAILjkuHGkJt -ANLTXuwgslPKusNgZNMVlpk0wJQCET2pRQNKUOjnRjo1T94gt5eBHUqX8qIlEHEn -9ANHy5AdKkI3Ay4G7qqAigz2+c2yXeF/8+HBHKX0F70VOiYvmKouufuntJ6FP9FN -i0QBIRKT/MgslD/WrAAjhjoTwoSLhnz50iQiim/UaIc7LkgqMypSsi29UQcNfQKg -4p0jPTJ11YE54IawbXVt5IEihhSNJBwuJEIa7ENDp8MAQXTe/9CXaj6rRNeqKLp7 -Oz1D6zHe7lYxFMSXi3jWsmqq48r7Kxc/hnn/WjHupGXjrszoTlc9/Vu+Q64wr9iV -bWq8nsz3IXCjJISOblO7CLVvuv5O46U0mADmxlftcjfbnTYuylixmZMtIncC8vgf -4GTi6bMub6hCuV0UWtMrjSNnIgatNdVoxq3kjKxwPjF1Vd27Pu6wnJgbDdMRhx87 -tJdcuPE8xDpAPW8U+zGyhhuvdbWTCXzlR64uJFpCS3TnGqQ3vE3uYsg4Bnpbw4So -A6dTvhw5Q/4+DDzpNXZkHY21zNtaDHs3Mbbr1ma+RrFlIU0PwgjjryogdGP9REoK -5XN5hvITGhzf0Hj3YwkWzU78Fmv87FQC7mtA9ag2Bfjc93axeOqKP7Gzel/iX4DR -dRZyUQ9E1Jthl+XgfRR7iQoZYI81plJjIj9xr0P2jG8ShjzKBdldsYD+sKQF8jfD -4obHk+gw9STV2u6EjFC26WfD4Ux11IL4sMRUXyVQng4DWameIiYHWesiR1ryIX5U -QGdEfUpTRiO+HTuLgOxc6eh801cvfbR7CU6WM4p0EBHbWcDnHRZHO3cM18W7JtO2 -J9g/F5ZInU2iji8v86fFtr1e8l1Mly7Njo7VTYJgqCT5G5bQ6C44y1ttwvSW9486 -T2AqshbmFIIhExA/inRzWPbPyQydj51TH0llWP1ZgQbBYjVX+Q8Nd2AdcJd/L5dq -/bfHbl3U2bTqZ1iT2HvS1wcwEOa+zlQgecmWg5VhEE5RGlhfLZNFYa08bYBIX4Yg -QOa+iHbwT5YOnPf9V1wGL+wZryzTXIT35lGa4GtqcZYvUz++gzlzv+LJnscTZJDx -zYSmeRI0jgjeJv6gIDRJiz9TBAr8Yug6ZGXLFGy8oTdhY80MQAlcS7UA21jQe2eN -tW5PW67ezVaoK5TnSIcMp3v8fsb8xNr9iK8sAvVaSLbtKQaj+8oOCnPfpjhgYYOy -VhPVRg6b2ZWNuFL+kSn+fEdaenWv5jNk/lfHnRuINjkjAXPiY2oBNLsoQPs/5/zA -aAIgO7507k2RI0Lhfeof+9XgJXbZBjTpvnxLWs8I1vY2SsycCXo6I6PwhFEYzTkX -hiWrHwPG6XqfVQspptIvCT2NmxDE73/ODuJgGrLx2Ok/gDOch85x6EyhTBklp83i -PBY6/vnoHj/evPwZl/wlSm8rTsLZhEj77teLiSul4sEpAttjEpjszBm0PBWR/RW8 -DyIQHjt2tZ6+9riPqXP0OBTyIluMuGR8XzGDhGI9lH6ndQFnl+rOfKt8j70cuDTp -wUHDHWwXm96yy2DxdIx2uMu19NI+FpHpGWaQgxW/AIUymtw+2NS+ihj5rsJ7xMF9 -EPIfUr3SUqnIqJ6lJNAN+hHFQgv/N1zhzNtkd4kftrzwWGdQHuVdu6CNnDzOUFKT -TWaq2BFkV76kl1L0DWFMefDPVXpD8vSqb99MGmdtlsqT6Czl98Q4+RPqk3QVFUJz -/2ClpgJriqeTJnZt25jjKUYEAATPjdBTDoaFFinkJo7802SRpOjaUGaR6ICatmdl -2pgTPHYGjz+YxucUbRQfeYj/gXRb7srOI/MlkCUinppTzJESCcVbnurWNsBJo+yD -2YgKoMZk0ARmYHw+sJ44fUmTU3/g9z+xHx97bqZCkqa+vNBeT7VmqRTrlHEzFnJI -UeqlyKtBq7P0z80OENkViVgnvzVakn9cd/4R/rQfy7jysGqLbXIt88fvFmcjLHdQ -+tcIjb68uxFo1W9KDVvj7iHrQpOaA9fKb42/AD5B1ditj4BvnbW+kma7IRGeG2FM -csj9KdGZNcwi+/X8lV9eoRN5U6F4NaGRI47P2wrICFY3WpYjvvM2bc2TNiwGOJmj -WA+fa9+a/l1UUjthsfMtLROPUJ6XBxLAAE0HWFmhx9Us3+Wm4pNu948ljecr21d5 +fE4BXR367Zorqu39EfKNXmZtCI6KflkwdYEkhIng1S67XwAawKYAnWIVAYWma1EZ +aVAa8/9B9B1C66hx21lFeBSFiGOZcjoB+Mf2rZyxdKOkiS0zHTIS5RAydP4Wysox +MLGRPaUVcc+5ZLjtqJBQVCQ1+CcqGjomqJo1VkTlWTw3P25WlFwHGGU86aIoKf3J +5PnEwes6cLXhetB3UXVcI3NhFCGzWSF29qQ2lmxNxXYv9z49kuJ/xPqYsJ0noa6x +eWep5pqJswyV0EaJCNHgsRB9RPOEL6QKHSEh7J7tRiImDVu+gAr3ewUC0pikmwWF +fcCcaMGr+kuQTgdX6plwaxxSmS4bQDmHDJuFeRkN/cXaAwk0/PZbfBbR7rO/waeO +HgcKXnvPFHDxkvhav0LCXbQp1RYN1O3U6KaMHP9MrXjmih2Alse+V7ZA5iNq7nCL +d/RIzOJEqPZFa1K1WohoPmcwX2X/aRLWabnCzx5VRrrptpWKZkHH22niX6mU3zqh +vfrdZ4o0NOmbKTTezqgU4WPX4rVzbzaxcrt/u+ukqubgg42v+KJIS5qiroASt/vL +nvdyQDmtOMBhuypTTXCu/uQRAN5N3dVWH3T0rioCFOPTaHZIU4+VBDSBFVrZiTCn +aS67ukj+U4sYffReO5IVanh3cZSW5P3FEUOgogmcq4Uv69G8MjGmbRCX2qtophxr +dQbXE5OqXopEgZlUu4YZeqHbIlfpKmN11/jOcnRMpo/Rm8fammL5gYda1uXbmjDg +8xQVdJ1kBWnWIYkdvoxfPwQ3XQeKxXJKvftu/HP2IKKlEvvP26wGadfD6q8N7dwz +l+ZpEHpbi+Idi8m77daKyEAMvYTCo69EfhkxsxNXlcn4MfJ4+JRRyAUTWZMc13gW +skRBsXi1AtszINDT6W18MrCXvfJlgxKl2zGFi5J922kI5NUG1kstqNWDqwiXK4IY +YKOa1HiP0Wk8CeZWceASL/hvgNGvp6uNkii+Vd8CP04JVLC37pvEtdxo7BI1HS+h +I4lR10LbNxyNaTq8QD/uFyziYq1HBkkWNzwNLPTVw+V06mqyioAByX5Uhmd+X/K2 +1Z3vmKtidC3CjhYhLDjwaT1xbPwh3BFRrKrnK0mkICHFrnTQKTw1UfR+Lf5mE97G +4DZYcaCwB91UhuYKnbeoSYt2ZzZV+/jKQZC+h8OevhggNP+n1bjxU8AZOBFt+UT+ +JRKlqEE3jn3u4b0v++j6dRqjACgH9EKZ3yUDcfWa51n1p+VPIQ0jXmjBKn25v+ks +p86J0Gs/Y5u+DuouYuJ1h4UJRY3iuYKWaY1KX17CK3lHlh6mPDi3tu6uFgLu+mvD +oud3LjanxqDPHAlGpZikaN9KHGdrG7AefaNMZc9TGdgehJ18e3pP3IKJ53o32n9q +NzqNs7q/zD4/rFKThpT6N27Zr3GgTqx1HkD11RiKsUCz7tSaWwVfFjJyrw6X7ua/ +UoDQaf8i93lEpPutubjQ1Z+QgfIX2wAz9nPRzxUnW8cyw90ghPiG/KulXLXgI4hd +J+67FnYU15xxQ7qBEw5SOk20iAjpAJBjqphUEsmrjKmg1Ffwb1dUEUVq7cBv3A6n +LBcR5BhEInerwLklPCFwZzNe8IhVQ4FOc5uWGHV+P0qsaN5A6UyaEe5pZjRBaM6Y +CRtRpblR29rP+a+CC578NSjY975T38lSN/lMQN7bnaTUkxZIl49ihuTv7R1wS9d1 +aksi/NVtoZzHVpciN6J4Or8JTqip7uebh3FE/cbaGf0b6H5DMOGOv5TEJpE7HlY/ +xoKC9oAHxomG8wuE2O9DNlol9v0W0MOTNInXX6D/g7A/DcmxzfuVKQOPKLQMUMKT +mCFgIBGPUUhAmwzh9ZTwq7cjLs4uxd3cJJSE2+TC4Er9AZdz8EMIlsan6JvfXW1v +DpUd7Ww0cCI1PlJWyrTmx0q/peBE5gqv9oUH/EwEBHrRv1JyhwpcY6gVN+EcP9QB +q+sIK7p7m3ioyub9D2jZyiDp8ZhhmiJsu1Q4LbfjZ8OHIdut57oCtJ2kxyQ8u6NC +DIbSB2wklzju9EVKkwjsq0OObOA21IaAk1eOGRX1AWo1jsdzUTUf56IJD2+z0vfg +ElKWS9oaoFqgYKX7bShk1u2kYR3cP2IDYGCMH2VoNVEsi5o1OP/LLGarF6uqSOHx +eZAJ6uq8LJYsU7+pRXu8T40gchtq8r7anx8Su48+qfky8+Y+GVUfGrZbuNxa6Qyx +ga7NysGzhFeFYHxUGFDxOW0OcUFkCawOtxO7VqqxceEnwQm5XmUVED0qQsrQmUXL +3dJOgWYLfmIJw/I3JRSgNAM6Q+DVRe0owFW2Qe7cZoJDsaRznsGj5d91kg84A4Np +Wod5Idn03QYQCKociIbW/2Sqf9wcpKnz9rHxYEW5ukoHCDtSM/4FeytOj3WB2KGB +q2lB4tTLcVIEI9dGSXrKb6Z15cKtkWAk3QDXJKF4t2bOgPb03QX8syMyrllqjFyV +3Jwzkx5qO1Xg99R0Ts/okvayLCFq9IsJ54453otPW/j9rlWefc3YL3x6TMRqd0hd +r93cUEM5dNP4IVqfsqfMaOhaULENQVUgUSoZUHB6dyElMbwGDYdiD7AqqG1YultV +K8rnkmKjbOzl04k7d2mhIF91pEa+TcHzJZDJpxZ08Im6C+iXWy8iTPr2hBaI6fiH +VvS77aubeTQapKJMieKYcC3XKCfp6S8A16YdIILKiKCRnXIGqlL9/8pqV5uKfv1K +m+I7f41Qa8XSuopKsK2FZyycODk5/LWbQi4t1t65i2NykOFsRok2y0AZ3xhLVSa+ ++/vViIHaqVHFINQ2ehgjqV4yDR4acCdtBoIS8+Fy0q5zGQ/KgHnq6qVxGxoFTR5a +h/6jOq+xiDevppRmgaVoeBixJtnfkPS6SFNbrw9vDzrQpJldnpCz/W+ImU0fl/J5 +VG9f9CFOptSCd6hxm6k4SyIL/L+i0KvfmP8OVLI9qIY/BhN4kH/Dj8/RgemsnZbV +g3T20lgnqsAEnfINdkULeH88zopFN04/0dT4NMO1au4gyWYIVgW5LX3gJLaGQrAh +7wpowgliu2u+6VvOaOBOrCFz1sc4tdiiAa0ElbwnyXPmXJY7Lx4/94u/6Z8aHqIg -----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.der b/tests/data_files/pkcs8_pbe_sha1_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..0fc0d2b90481b5c0e62ea75ef8ebc8c184d22094 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2zQaM(xgl$qXGg500e>pfMt9ju7L}T zmtneRcm;EU!J9NXPvMcIQ{<}blnRJ3sG5O?Yj7%Y`z6a5Uo)-FDsNFul8H0sG2wf( z)7)`b_LE?zf$pbdbs;a*2G-$B*H3>8h!LQeA`@7m>`Zhpdh5OZNIG|-*A`qkiSdp7 zDKt0cFbB|L4w-{d?mC@H*B=py?buqmc_u%074g& zavsY`#N1e{ES)s(AOiNENlY`2rl*oxCi6I~i8ygmc9n2+o;3Wh8vb)cCajBP>pMjd zV!>`R7Eeeo$t?X8KJf8Flk32^)ot%h_opLhcRZcV%4f>eNwo^dLldl|+9)Q5Jo)8R zT2Vn58w(E}&~FKA8ECTDNsGr1_9ds1lYzAF#QRX}tWSuj$9^Gs@Vb!NAuRb0d1$!a z$XaI(<44JTA;dT_0O-!fMNO94qMW$xJpzhG6ev@BdX#)(bcLApXH%JTw%1@HbD+or zkk?iXL%ZG)XNfjjEp@ojtRmKEh|y^1umk#{&UyKyP_`;0^7l->y<#BM)SkLUwu90G ztJ8J#f-!*9ZIy4^#I_+D1blg7E8@r~_7YgoK{nnVN?rOQ555#bVS9Aq%l+K1Xa_R~ z49q_zx2=yAT&Hq--iK*am8oi~Ra#+#u!j8|(gbjIBL9SR?UP6CEXRRtguaDV3^fo^ M97$(nDZz9e{}~oYE&u=k literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key index 4ae7aec79..e0489332f 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECJUO+jJnTjpKAgIIAASCBMi9QFFLgKGYOSDR -0zyRMc87RkrvSlyRi8BibyKvTNEDq77jTr6ZEuOF1OeZ9fvdZwJeI4GkTeKkWqTw -XDjWATXHbgTX82I3T8R2iBnv6Za9uaFDtDH5gbUYSrSNzMaoyS90hc9PTJ2+TG/Y -xUe99kSvzbhAatVQE+0TWpgH+8oACRvGelnHWofw4/CKJXJctUO8l6LdhLht1kwd -YXNX0xjxpY/eLGlsUaiDBdb0D9WFjdi4fcZ46IHspqTfBUhYbpDj8IQT1vjH6yjm -cPNPstEeyfFnirvgFuHg9LXTH0cf0mJgLzgiclgRVEOel87Lei5icEFI4hDAzWna -s3YiTijc926mD5AqQ55QXPN9v6b/uAV1QyKenoYzIWC3Y4phTTeApCyV44f9oMMD -wzcYWMZoHzEIiZj/iiCF1uOSamIjunCmpiBXTI7OGXbxXvSSJ3aU9nJHqVT88/ke -nj//EzWVYAjMdNYl0bOsWoIONl3eEEnLaUrOYOTVMxGac6yy/oIKR7GP0R26N4V2 -c434y0aQpn6opT+JYa83N1RwES2/NxwrHs4pcx2WShbTjg1Cw1XMHk8nQYNnM4oJ -kXWyns/k1Bay/SXgpl2NRsoWzxCR7BavB2mRcyMz3djbOYscuT4QwpB/Wf6kr6pN -gszegRtwLmVBehwvGJwL2SEx2CDHvJNhvoD7vbNiWeTFo1wW1wF4aE7p/Ee7gSRX -z14OC8NSbuYV660ntNQ9LB+Z7NDT2d6JTjSnhQHxxLBwy3OnM2/vu0eCd/5+MGjN -C4svgFsAH9qnT1VQTzmpwGBJAbD29CVvUUeBF3+up+Mr+IQU9OWWEtUZ2Fm29gs4 -j4azYJUI4+RLw75yNLVgxS5r4Cc4cKGB/P7qVqdH2CmjrEk0jxyTFT/PE3Df1cz9 -F8eEprdml2ktrlQ3gCD9fw0kXBsp5vwecpQDS3r2v980vnMxb5Cm7kMTMFb4/hMY -z1yaDkarkSHQk3qFYtO5DkEUXhF6fwATyqOgJYwcy/9ynzItqgbsCIYMjpXF7Yww -FNa/GQlqIbYRCd4KT64Ahus7I00vVS3b3glcC+KlDkwCJJ0M+glzHrJs3L+PiJMi -gm+YT/5FuSqJZ/JI5QP7VMovqSLEw6y6QQHSBCOxh/CGhAL/BZ9A9afvPTRiI9OF -fyxAaf8KH1YPI3uKIuDcms0d0gJqQoDmLafdfggd6dwuLF3iQpDORgx80oPbjfl1 -FEbU8M5DqiH+eOxgEvIL0AhMnPa4mv1brVdlxS3CyojnqxPfecXyEXrhEYJWJdsF -aYKR5bU1bY990aN6T3EDRblmHs25Fc328xS2ZJkHNxcJDruwi4EFpQVT+fukOz00 -hOW2BEMFJLRflE+372LNIgSRVNI536YhF8r4r7O1jrw9McX3hzbJGAtcsXqyIO/k -hxC3x5ViqgZbDYgHz/CJJfP2RC8spp2RbZ/uDJu2YI8z8s9OXvcYv0EQmBAJxdt/ -lyfkzEr/n8oRtDIkrq7lR3rjMUz7AbCfNJpqrEBFol9+qH8+jnmowL8LWBlh0v/A -pc3qWIulXOR1pbwXyAELo8wGhnJWL4WmY252S3i0Jn8Gf2kXewMRJsixStairjWD -1m0wWUVGSm5CO8Rfon8= +MIICojAcBgoqhkiG9w0BDAEEMA4ECDJys7xIpJvWAgIIAASCAoBGe62XG03s7twB +Y3Snr5eshEg5kWSshUlP0VRX8Aer46fHK8cZwWJeADjOHREFzN5zLoQGdQWWAyAU +wuc1v8HNq7kv9/oAsq1dDCcZ0mCVNI4q1udtgItK42YD0SgxVcnGXdgldIcAgonG +BRkimrdKnQjvIfYvI7Jx5E8s+5zo2UbjhXfsnzB1AFL4D4aCVotOz1GBhqFeP09W +O5LCjUfQ4Tt/fk5oc34GZqUcguFnul2Ho1XzbY2DY+i24VG27sUf9A6OkLle5iIJ +zfZfqonJxunLSukJSryw7+b+LXCKYnNVgCAkkLjKrLsQ0xQy2tyndpLGZ4n2q28D +p6vXaVi2VJ5FusjzLDC5IIvWVB3f000E8YJDFf94OAKD0+zxhI1D/aU/K8lKbVjO +yboZrc7KYBav0Qq4ROJOkbv6qJLIdvfMns1Mn0F214fp9DqylSLMgNcR173gYVuT +bcd5Oi474xHHMX6zg8v33s3DEsQRzO6l8WwUKJswCdYMlOZBWHQ4TxRrHn5LglE6 +3xsdMf01FlKTPjGaoO3DZ6JivHnzqUuOLfHU4ioWC9cxCOySBh8cCk0tEPzgkzjs +siwLcpb721jmGSEjD5A75sCN4yruplNLgNUkkrY9PjjJO7MyqENpGk1qbNUSEkZ6 +jUQdxeaS0CPCDMtCQ/mYZAZ1obkpMQy4BSiJlWdf8wqiVo9LGjU1E81wPYpjkJgK +5i60QFSYJKMf/JzMDnz2IoyeUzre9vpRhah314PsnoEjPKUvpze6i9AoZjya0ONp +QOAIH5Dyz+NAq06L/hBwN4SDH1d1Ik5PkTc8mMRb83rCzFPFBaYTMSaTFoxMsuXS +SYtieZvn -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der index 935d9fa7014a4c4a97fa0a31f66f62f4f957dc60..cf13703ec61624d88cc0d4b0d91f537ccc1b3579 100644 GIT binary patch delta 1256 zcmVL8k%&2ml0v1jzmBg%TNpxk6VE1`vcvw>@ozCRE+R z%nEt=RP&fLc+@Uu1bw$rKk1H0>yE2`9yNs@A-So4A_D?IXsR^0yt3AxY0b{>3`T=K zP;t$+(UC!h(xq)hb-2H{Ev?no4mJjz>|b@5Md5PL{`_|6I)749e6lk>bIybnMD}-- z``NM=&5?@Tqkm=B;EE!m7jns!|i#BqQBkVg&Ly(k!2jEg&*?ztM#+`j#^X$9ZaHOhfz(ws8|ECCkG zPqf11Vl~2?V}H%}68K$?!Ke4hTLg=6zad(4uiVz(&k4BzM-80~*a0aieJukJkA$xH zbmITRGs& zy|+PiW?}`rE7v7CTO+`yfXk1HJ2#dI;ADK$fGNk(et-X^Qc$v3haaiBU#kF(9|v1* z-_!$)4{I)EM#nb1k)h%JXK0d!rrep8ZFei~Bibg`;V`;N%8)n*srrU!&7yuPe6LLE zCh>H>#rkB$xyQnqf_86~m(-Ee`Kw#^x%!kMjBeB*hoTsIAT5FyHXMfqDnXVoa*xn) z{oPep#edV`CE3sQ-$Q~@R0?3j1=t-^uZg~FGM%A!BFcMZE(mT<){O)xD;5IC)&h&; zEvWkEVON-?ZO!j3JIengm#1ZK^3g4so4<{P4d#gnH0;O`GG_cuGO8LLtMCFsI4qd) zBYkcMtl&Ag(H|3`!qnZ#HAWnTS4+vXppD-;fBPTFugoBE}8_lp=m>Zup9 z6n_O(JtS4@@%St17D})Ao~u+?Hmh3ET$!Ev6w68D>_B!^DA;SRVg!&bAJMFE)M1y< zN=VN;W(&S={D;Y~NJnb_qAe?Kal@?%>UQzUt!KDLv+s?=#t^I{k+jy)I7Q10#(wyz zaSpN@+tsWF48jlG!OfC>4n$<5`OuWrRHrCJqW&l zd1qSO$|}DCa6G8+QvsR3oWnyC-bK+qE<1Cj2W;|;ITx*8VkMSjs6j*0iSyh5jelxx zSU=QOlWCtyXzI0Xnuqloo-6B#=B}0itoUqyv~s%kVG&k8Z|H7*G(d~lKY5>A@>MwW!x;etZ-j;!&4^kJ|G1-RlWlSZxHrVc1Ay{BV~TVl{Oil^+{r5qW}<lVA{hsC82;NI85V6!2u~}`u1f9foQUw-7bA4*bdXCI?yul+~P0^d71p>We z%?}|E1nGakfUGS3>E<)V_x#w1w%ypWlDiv==|iHg6epnoT*@>n~&`*;=VwmEY)5Aa7H*N`cu6N%$!emPjUWKqFRrsnfaI$OJ& zQm3NqjW==S{$l6F`BIx`VQr@dk>jk%x8t7A1qvGAAWUZM-#+@EDa(`)VrBT9?#|j6 zsO2&q!-Fq=N}$WIJ#5Y-jVvq$AOLs((EG>U;P*6c*ng|~j@&CpV#k7?Gf3%iGADdK z`FZd~$i}2SzaR9hhGZ(EIyxtkN!E{-3wd1sLE;6xvYP%Hvnk6adCCo9Po|q-Fp` zp7GB5XDhFxg2z9YgURpVr*-G~BGv?j>IR3#$xDJ_+JSYTR=;GVASltb-~$W^xcWsd zUj$7Fcy+r`5$oERi|DHQVX({Jb|>OXRAArRWq&tV)C!wOxhOJownvMdb+{jX7>t`h}M7q7XfP(GNh#|27mcO&AG-_CmIXEtb~OGX0&{JYzVU-AS9YcT1_Of!B9F8KUanJ!xuMr zS2@6BELYW1@GN9##t*3bpKNt&2*iRtzDm=S z`U8R)pup~GL-cIM9P1PAop_p2!Y|6X;TXVx-=br12j`1lAlj$oVhV{BRIqt(>VI05 zg^+X+hG8sD{slzMXCyN$uQ+g5HgW}mFi0T*?h34aLFLSk2~>Y;CJEd(c^B?r4Zj_G z-2#64MMHuIq!n4TKIzl?)JO9C84CdT>jQa?N4pv6<%ZHB5f7C_KsHg5(8C|F9&cm5 zXK}nRh#tB~3fhLI5tE=uZfP8)gkgXDjmI`ufd>8K1gvJXLl^j5eD4=n<6uz2q#g#X zhP!8YB`v%fE%D}TzorEKD6WO?J{FC<6W3OZN7w0+8^}0B@JE$Ob)gW?;Mfdn%4!g( SfbDP7A{{uUK`fvLnvNS?+HO_= diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key index e05f22cdc..49ab9d13b 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECC0AvA+c58vLAgIIAASCBMh9ku9CbE1W63cd -HGEVS7iodjHFNt2Vsjh8B7GSQ5lyAy3wozXJYYvgtw/N4EZ8Jdmdklj+ck+s48Tr -3giAn8huTBx4HAU70AR5T0Wjbgks+bTnRyHPxs0uZkwgQIlMFfFh/ZnhayXsyxRP -03kTimiJ1m3Kwch495it9eBmZmEAiHRlBwspAfT3UXjpVd/8qECbuYNn/uyme2et -BatTFTK3vKsV3msEl5/bmzc45Qga7n0bNqoNi22tI2jaqrH1ybxueoD0E+52RQXD -ViZdEQXS7YhtLYj02Rlbmlp72Y9tww9MF+uXO1xWtSJsthNQFN9g46mLlXAOPUf2 -xWiDIrcCsh72d7sEhKRF4AXQEpDb34XziB0046yUSi1zilRswStINEIL2F/ssqme -SMmEyphL2k8iwarQsYmUnoS4bDcWcKXkMmY2j2eZs0YMIgc4sRSnzKmwRGqvLXrF -NQNcJqJCnJgrhTTxrKlrC3ptbjtQpazv4hblqjdOtUOc5yXgm4jPZVsf82NZlH1i -HzUa4UT/Ne30diLxy8UAWZkPFup4Gn+bXFONEWywiYqvvpunkCXMCX9/6tpCn2s/ -K8m3+HE+eZW2RX239NYCwpFKazlQKySw4tc4CiN0LDO8rkxCyaSODej8hVqEj3TK -YviNS847cULC0dz3UrWkBv/YBY1MzvEty9yx7TNRc9c/X/NwSUH3YFWIhATBdufp -moTh8j0aRTC3jy2Steconay3qbdLP5zK2riGEqP9fbrNr9R1gfGNJQ9J+Yg5rYJF -fuxJ8bmgh9mtmqgdYkhe9vaLgBmMcLjTFo9GNHLKrpHMHfboim7avQskg9leLX0k -GAkY3vRvJqbC2M9rUVtSxNYbvbA4n1VJ9gSoLhVIXz0UpPi2YV6f3c0H7mpWQ1ZY -fBxgUVy9hoV7q3FwbcgoUU/BGxQ19BTrSAinnRn2n4UkbnYeYnjv89SB0yBFZfQB -u6VVXmHALMqCoc4H8EEfyk+5R4eLKm5Ww1rar6DmK3TIhANvcsrOpftZ8AoNj10h -CzDvzhMODRwPNM994D6zo6GJh7UGF5ksZvtFreZSHCmW5YtGgiikvKWYYrwQTLyq -HR+ytVmJhSoIpQsHMG961hZ/Qd8Tdg7/feDo+DaDidASbg3+4pZGOHCcmtrBSuup -gRncAbxFy3C0684xbHYENbq75ikegx7VXrlYC4sDYKtw/Qu+z7cOsEKzJ4WbXqMn -Bez5QaKKBBODEuCVOu5gfYoxcWNnUBBxmGF2LFlBU8SzHooZN/rBzIXv2I420dUo -XxyB/7dyyZuN3+/FDDwDcWhnS6oKtuhBW2/AwlnLmexICSIkRLzko8HqvdTav8ow -xShAP4plrwIPNlxirRtesWaDVIEcv1GxdKe+sOJOFEiAFGf+5xECeK79vq+A3Fuc -/ih4wKFYAXK2T5dBTrg3aHs8I4qg7l2Le2i0/ODFUAjMD2/wbSBnPlJj8brdabQe -lMmiz2iLK/HN0JGSq2CMBuF4zgPMbG2Tji1qSuKN4iSE3IJET+iGsH4zQ8SBETIK -bbKUkNL0BhFL9R1uSOPRBnI8wu58aDLEJ+KphlHpIouBohz+b82SfFPbrUQ9zIkG -PiknJ5EvALgdG+nOQqI= +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA89psSqndTZAgIIAASCBMgl69v6yJiZx5nv +sqKgaDdqe03S7YQK81v90fxRjkVE7Que6V2n3DpVDSB7xONi8prK/TlHC2gR/1Nr +DA25wB7kNgpjT1D2S+o1j6Wwv1DMWWH+7+eAvJuTt9y2lmqSLKenW9hT500tYsom +FzG9m+h14Aj5ELbilOJWci8ENLiS5y2cT7G6iin+udnN+9E/K1mIBfxmVTm96mma +P+71CkGQU7vCwyK1loXh8ZaNNyuWaMG6qLkTFEGEWCfR737I02jFQzme7PLMi8s9 +bNWFTNSBMA9CL2II6tHVHsp3BLKd1s1F1gj1/D7zyV+MqyCzgnogweRFlCKqy2xL +0fx/KzArjCIHNlgxm+6o4EJuMSBXQfDyqPgDNzpYg5t/Pob7PbnJ2AfJ4k8zk6ml +QRe9OmWhrdCNJmBzz18SmDInlLq0/IGXQj+c+sIcghtZowu+t+VcxTvhE4FKsKpy +lErsymCwSgpDMf+rp1U07HM48VaqiGthV3JsJpuXkA9CQAntbxviUTxXbiw4RyIp +mGqWdL0956b5z2m7ypyIabBXjGrc3GVaBtD+9QWSl4eRNqt8rQRKBN1aWf+KflQn +HRsnkynT3ZgQv2odn7RwGwm9iz4iNHcBlU1G+1OCPZJ6uTMi4DjVgI8MTxLD9JoO +QbNy0ZTYhkgu9Bwr9effrr0Uu2GN9jgh/IvtCwH/iYJC3dg+f5V4MGqBQTScKvOj +/H7gtpsdoSdlXAeUDRbMD1CHwK/xDSlO+xiLkfnW11WZhPyAcuZg0kFtkDdt3K9X +lh5YSyL/cqGt0WbCDLNzvOuRlRD3N7aV6J8IktM6aZ3WO56YeWQzsCEh88xuXt+E +TGJOO8SPFu1rITvbjIxJIwxjbwJY9cUXJXZrqjEzjq+tkcoF4/x8PNM/wJdxDz5u +tbVg4lJ8BDYwfkxQL3LQbjDIwvyx5OH76gCzvILJBrO8FhcqbnHzlX41S29sWRmj +JQ26H26SKmXks3Ty3XCla8khw8BYGXRvPnE37teffVsVZlAg9aYlXLKRadtp0duz +WWQ7ZKT9YpXsvGmkESrWFyb8hFUqwRkiTT134fYy6ySAuYRoK3av2Y/WYJqj44j9 +eY0z0gY7uPOH0Kmb5gQYJz0hj5IOVeC2MVe3vlIuugaOFzaevQzKy6ypJcb++75V +cHlZcVuVr2Cu/z0QuoloSoxI7K01sreTOHuN2UgN0MSQAr2O6qpT2lpWtiKjTKGY +N/di4Fhe5Fg8axUM7R63Q058LfJw2kDfWUiL2zwWqB3NoBMCZWqX7NhofekL4a1e +2ecGR1m/HS5+UFmC60MsNlr9Uv3SCd2MAgUAKzCZ8MkorjSNhOE32PX8+5+jtT8Q +B6vcZbyO8IR20pxSFrJILSSR4jA1cfwKPstKnjR5LXq2U24gZ4gauR89oJetAzE6 +pcesXaxD5Q+p3FQIrUTlijDH+cTesamY8SVHATgJBJYIN3p7P5r/JoDBy2c53gfK +7fNWEbj1hT8x4d1APvfTZI8qELtkd620CsURtsuzMO4jh4798zlvlkvIbJPWPHYo +RNvdUxQXR5xMonks8VIznmPzcTLGxsFNNH16/ZiJeZqVFp7CqjNY2/nLszp4CzJd +/hOagJdV7sfSJ4eosX4= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der index a73a21201b58fcf5b91df5fe87f8363b409edddd..38cecb0cbb3b241a4f066dfde1b2a112bdb07517 100644 GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R1TYQ+2!d%{!t%}7S^@$H00e>wNP|}2Pk(7+ z?Da781K!?*xM0$O`!UK>tnrP}&f@pES(Wnhj8UTb6Z{_EMid0Hdr=wVNTZITx>m%N za|}N5P>I$pJWk|{%2t5J1ooNFi_V@x1mOM696`X`?i6l;__B!I|3^E`8y#2o((r(d zhv5i$`m>wL%)aCwrf+(^)a%;Aq-;3==4RbW4x5;(yP3@E6GBP}xNWCPEnzN0?3AF8 z^-y`{c!f%HDA+uhWT+ZGS@lz@g4ZL04PUQr1px8s8 zsI+8ebbz5=s|~jVV~;fMf58AkhxzgtTH=_A8f=DH>>5s~i|%0km8z08oxVBu4b7bd zFx{#KfI@p`J-Xt%VffOi9Uj9wjWfmDs;l7?AureyQ{*-ZQErnZlK8WsYJ;uFh{$-3 z&62!JW724ReYmU*en%pYN0+PdW!{g0a`Mig7f5Dzcxl1R3UF^%r|wc++d$;?*2pO( z6tZODiy)04D?J|AI&rNl4U1FPP%#{};wZxCZR6PdpbDHOBGSlCrNaGZ2B;E$Q4>%; zm(AsqoC4pAk3t#%LQD4;s=Tkj6BiC4s`ZS%<4r`!#&n?Hx62Nl$6-cbTyn*15!!;8 zpi0t&&lDWObNtrp_2X8YzLp8!Nq>I=>bKH4bjvroYxw#5ECGR?H9>>v`8{jLplw;> zBU_1cRA?pKVlhJT?8htiVN;X0a!9yuYFTK2UkMA3xLPNLQE-hjwzg{y1nl>R1j(y} zyvq9a0W;k%$%>|zQ9Yef`SNa&g;3hdvspYJWSyFR15A+~WJLu*5#9Jh=o=koR9$OP zXHx7g_#dc_3H8&iDPB~Zx7Ye-tN7`klqpcfZItcH=!081@r;llB7GO;iaun=KubE8 z7DW{yUP75VN3bS+)&*w?thUF=tPfy_o{Zdmh)^yeo zXn(ZX6f-v5jz{ghiMV29u9LvJ0|Xk8@pWId9U{J<;06pBzg>ZamXqMiA(z+P_+)^g zId3U*9wFDApzD<({UbCWPgZDV7=~H!5_{8=0^7Z$cL^ZW-_g6ann#BAxfaG<3w=Os zsIj&8L=$7lM}BG<>AqiTBB$LZ(_on;8kvvC64pGKQEv*{ALUB0fbB#Ggx`TsZfW(F zt1H4<8jad!ez)?@Tew_KH)vvhSXq0*&|MoM(QvM46WEX&PBWR=p+nNQ)=Y*IG!=)R z$(AQ~k?b-Z<0s1vq}W;b#xr)ee~}EG$lUXZi`Ghved`+Z+y$uho3PHUXEq@~7wFQVE+5R?e1VF?|Ccc6puDSh|v7n(^RQCz($v_|)vZ@D%S-(u2C; zvpTf5-} zjH)!h8wHd4O3MWmuJwj~AmLh`HGD=Fk&?G{kcMBb<<-ax&g1NxyMSS`n>cSDu*Yo$ zs%Lfs1G_u`TD5k5vR25 zsLO5M<%tOffW}Z)6m$8>GSh^Z)@g=JK`Qd=XO&-Grr;#N(Jp?nTd&wiuQE2Bc4~0<&d3 zhPeyKiTK!pnI4}X9@kgx7iqD)ztx@Wi0O4zVYmM-U*>(YbcV6T8^DlE-cJVd4alN% zE#=4u4d}y|DJd&uB7w*u$V_{o4|$tRAJQ6{AltF203By90K~)&wj@rQ{Zf#m7z$SN zj#(aQBD($NK|bTx&B-gKg}l{jTQsS^JQvT~hMd|W>^jLp>R6rWm;%Qpm!%&3ggBk- z$|8&QB13!<+_k8?6tlk4sT43%cVI{S>O^}M&+iDO+NpAIFHzl{7)$ZtuV z-F;k<#!-t7dCh5TnfWx=sH|26ZL=l@Au0Bvq0W)FKy3_bNhEjoo$yy4}Eije3rQJiu zMgfoP4hU%U@aCpHmI=r gsf*IEcYk2GJi5@Y6F_H-NpZeq{E2MD`cF{Jx#yP3)Bpeg literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R1TYQ+2%)y?zFwE_CjtTp00e>wP^rqkV*(^Zgx7jn0tF> z|B|o|4@_;u2zGgpk^(!?7hyHg&K0Zu)(#r5R zAYj2rDyw2@fUAoGOy)*BuLOmc#MURCg0 zWM9xyjBD%y0ahWdhgvnG6JK$IAtPrzoC`U4M*VCZzyLQYi9iBhdwMq;U$VS=!EqXa zpaS3FSiL3YAtp5Ml()(G;sBE)ptu9pYGLE@>PyY_bvFQ5dI4=5mTyhBF7IN7i}-lb z0=olq;Vfl6NARb)S>lcylBW>EEn?6=PMtRFh(Rdqb3&rfKvP6n6w5c)x>VvdCMA}9|lOJ)L zJa^=~I}1;c`C(nRV(Tn64{f;(&}&PwRpaai)))iOJd|if$)fYEa<|u}BcE zwiOZ8Zq(xt`?6<@>0&$!L?)ip?==`V4fk|rfi;t!agc(>cv!i3o8=1EpAyHNT!S|w zs(tVurmGwP2_x!0A?{rQQjuKPZMKtn=EPCCiUP$|<#bVPW)7wZ zT4GnLS4ZkX>@KSY2{CtcPa}j_Zs-eS;dgb2aMa98YZkSdkc>=~@v5bUL#0Y*6tpjfP(tsIV;nMgFOORUY1WDH(u-Ic-A7oMoJjv#83F;*{QPrL%)MI> zt~ay)8ychT*-c+0m-W{GSQXcL2s{a|mS~(4ynhfad1@F)ry+v`&IC*tc zg`kvMcb(raN)hI=yYVDvhbj0?>Da9q{RFhNU;NfExW5Ef?p4!d?0CmOZ}&h#szJ!) zWZ;o_;*^s-O}zZ6Taf05)b8wzH+V6))W@3m70^kctBi@jcI^!HG}EB9gM`Tw0D&5- z>$+!}H2fR%XdZIFJacj5r^Igp!wy!H8o?K0=-!Xx{J0nVCRM=hy$ENc&@)xbx*(0k zLi5ms4ScGCcMG_1uiAxFG4TgnzKVdK%4-Q0pk;F9O)9gt%G9SB!wle0YcopR>%Ui8 z$Gr>$Z?MbJ7aeJyR3w%=if`5z2C17UgkZSJ3@A|8JOh92D!oq8;?Mst+t`bY7w0=7 z5Z>B_V?9MY9F=0uZyi-Uihj$nU-G-qH(Y*yGxKBiAOmBRCyOX|9CuS(@SMx>p>!N) zZ=8;vJ?H3Y;t{jilh$ssrXd8_>FM?q=Qj8RAwqXFTKNv_{OC1e_Z^}P!z4(FyheE2 zuP1U=X@3#8t2DvRX_Q65XT{3pthg)YUa;&>Y_8H%QZt(qTECE}O&Xx42s-QUYDu`( zTQYB?X5ETbA*=;)->NYLNp()JhG*q+e*C(K-Pr=Wt>kkXNo0*bWnu3I0+NDTtdo3!T-xc7dw#ktc)84Y3buC+Ig;d8msT0zhOb z(Op0Hdd^dzD!wIp&s$XKkS1LGPD&jKw&*Ca@Dx!FdWuxg5q>dpc;!w^4xo0U&6y!; zmhBV)eXjB4#d`7EWGquERdj6NNZ2Q#qB}*IW11;?!2sZUX<&>k^MRj2M`t{qzS@Rv z32TB7{6ik-GYAMe68fn?Kh3KSt%ahIWUg1tZ@g;qq8WjDQlOEHfL~YZ1q4a1Z-x^A z|1lF6(^-J%>n0T}czf7_!YBN!@Gp2#? zH!xr@Jc`eQ1*)s8XbEhZsMQU7cY1yCcM`c+@N#`Uvt@d#v6A{Mu{n1E6_oJHNi1T6 z-2j9q=_C$IEo%DG{mGZ03%dQYkUwWB({N8Y_E(>p%5TAZs}wvukzSq`nh0=zJ`Ynb zUMUuNf*v5>^;@a_sbdOAIKCsaaAJLz?YtmDgCk8~WOyA*q+JY+|L-3_rIBw6tD@d(YYlspYT{p60#-Yc=Z2TuJ3;Y@k%>VzXk zU?6f+I7+0pi05JZn}ggrhr{Vid|^C*^hWNThO5ee1TAG|piDrIPuVryT)KLkO_(MJ z>_)N9T)!f%pI4S&za@U;qTYv|24GdE;O=v%K7v<{Gv{DSm^X6Nc<_Huu!(b#Z5>|@4i+9rd~qinmH6#iYs41w*ei2&jK zQO)nU1|<3&0G-ffS>{cLXEAAe@Q}E zG~jOPptjtrJ4Y)DF6Tf diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key index 2ca214a24..f3f7fe35e 100644 --- a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key +++ b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJcjAcBgoqhkiG9w0BDAEEMA4ECIpgp+ssMIzDAgIIAASCCVBDJHT4FOJ+26Sd -3kuSYQDyknBs7j+ylhQNFD9E8Du9RM+TVKQbt1FuJ6cjAwRhiZrx3zfyAhPvMWBA -v0sJuO0F7aNibKWc3iMNaL9d0bm8vPrTL5Lz6fhCbejgFJG3DecVMYRLCLjchUFZ -BS1acSyRN+7v+f/T11i6+PfOVdPga4innQOvYkr8AocduLbrlWJCWtnaVIh8e90S -VfTJgqKYYG2ez31SR+V+pzWJSHI7bQZraZ/YpIE7eeMrfJlHW7eDtc0jK4TTlP8r -YFt5TNl8nGnM/NE7RYcJfTVnddmFGGaHshYA5RK8L+A7rjmEv8wS6l/CJxRooex7 -zKvRwQLQsBgUsYzffpJz/fI2lPQrNDrAtNdK+haz4SiSLdK2GVNHoS/HkCH6wN7F -caaKkVxj4aldmDtI7zpOWBl/GlSZ7d2/0BwjQeAaaduA47WZ7u0ljgykeBJd1eI/ -t1dWeFvHnO3iOvQ1E1hagCWFufrA79Dkxc2sADwxofR3gZiVa8jDue+sHu1HA0P8 -ekhy/Jf/aKH0fSD1oddCHz+aUHFedwZmZdSdEY1y4fO8VJod6Uwqu6iVPsvJ4qLE -W9sArxJ0nTz7uELk84ij6Yz0ZRWlTb6PM2KRnj3TMne0ff6BmTBpfOjOjxKOdVzQ -HA8YNHZ5ZfJLQR3my2mt1CUGT5Tw5+0/7bsIveSgV1+LKC6llpZRstJt0c8CmUl8 -Yg+YvLFUDN8bHQD8OAa92gmmZvWbqr55vz+NV6/F5CfvhnghwWelaQ7NOE/3rGyd -K5RRJTjtYGZfjuCXt3Ve0m6mWS4XqE0jszIAiC0xxGCaYIoQww5tFxj9MBwA1nVK -o6HjdcDLuqry9qdzvwemw9vDRF9NPd995g0AFO6CwAG+gyOiWbO0usd195CG+Taq -kOiT/THcHtk8Gq5tFWxcJ0zkuIoEX4LTJ1EOsCbcY4cien7G6jZ7BTakZqAB6JBl -4fnh7BXPPuBcrqrDiKyBoHNW1J6cB+J0zakKT+F47R6cu31DNgzq9BbCExu9l1JN -7Rb+K07Na8pQgLNbaGOSOATYczhcqWIPKt3qUllEBTCalTLK0ho8foO9ctqZsJ5+ -MM2/gYO/WsnSJ/JbqHnqg9Ng5xG71iahs5r+2R+9hwuzVHNo8Oe0JnT0eoElQNQx -Xk1iNrOb+/0xzMTCTYoAT/i7SdlpLnDAMvPNaF0KfYJoPxKwmhMSD1J0C8PJKx3J -CLhvBpJbdyY2utAv81DqEYAskzfxlka8h+i0gjVNoCT/a9keEPhu/dn4SmAiPHYa -h0l9aKXnUSm8JgHCohwhUlKPpUyRo4GBsBJSoXvNtYS2jzHKofbAyjWoQ8UFarCL -HVYeLLUmROTSDux39ULkmL7rL1mVkIecRBYqYV7Fl9+t7hF2Tz64D3OdQ74D7wct -BmRhBAJczFFcic64n1CdYNSxVdto9qa9wVnyKjFEeQAw7pfxU/3Hxen0hkZG51y9 -U4WSVLohunyuHWqpcopV91Rr5P8N5b33FVgl8HF44vcnn+KTmIwzzZ1qSgoHN63+ -kOAv5HU/aY12/ZCNCiyMs1EY3t7mTE19CNR6gIuXoD6MsBKiAm+XaCpSUnTbPv04 -m1bPS30nqTWpcZMSHaGoWx7cuSijmBX80imC9n2VsDE0O3P/I7WcM6OGwv7pQx7u -/aJkbk8wDjJcc10DYlmLdcBr093lBc0lKfuKEDLPJGo+eJt5JxWi7rGKNgLoaa/V -lRHWr1sJGhLXPZl4Y+CJM4TdMerZwHPFIndgZChs8OLHpgQsr2SCkPy+cjF10Q9u -QQEuh5DiOexB/auRiE0c7SHlLYWVeADlf1ImIW6fX5SAjyjWWjT8KP3cHq3mdSX8 -y6rxL9myDGHp7I/z5x7ZvqM/4RWTUhL4bKFnX9goiLJ0Tcpo5NdRR1nKLeTZrTiF -z5O0Zt6r0rYPXCqesecSwHhDVPpDhS1UDGNiUSk1QVNCdorvgU5B9X3ugC/nUVRx -b8DPbE+5i+GWms0RjPBlKy3M0TVhOUltFnyPwiADs3CRZ/l8HrokYLOpSiJJ5RuT -I7aVPeubvPgm4efW0h7o0r5NwMAth1L0ABZRlKeShyx5Bqz7g7umvTRH80VTB36j -wvWPM93SOAbccq4A5rBNtZkH+vJe8KshJEQezBdr3PtxCspKmBjHEXvppx2WDMBh -RdJXlCowoAgwzs4+dp8GhABYdEvJ+xCTYmcDX3wM296iWpV+wfgDCV3/mpGDpa2u -gOtZl0+kPAbjbj9fOkunQlyEGMy3HUfhxXsKcK4n94aY9rCYuTOohimuSdLFqEX/ -s77SA+e+q5Mnfw2axLlNKa8WzpT0W6M2Kw+pFf7uk6qXVYtypUJyvPDDoh64zpDM -G81Wr98g9iDTbAvzslAoO+z11g382Jdt+UPq9BDQtUgHwIhUGubcgs0N7Cu8m4JM -mVFu2JyKeBigekzyVvceKnvV8k7VUHu7hPt/zSnUinLKXGC5UGfVJSBwA9VyOA0v -O/6SNcFsnx0vDb+g2hqTX773/avq/LIoHlw/b3oKtNOnw0SAjocJJW444Yh/FnES -nGKUX/9bHEiAcWglqXEnRfQWQChHYjvGN8fMWgDMOGh46PvBf1v/HQtdBfacEFZ2 -98Eh0rUWvjp9YfjaiCI90XLBLb9iavUeDNg5ks77KBllqrZlKJJxZXVBXbrosVe/ -O/Rf3Izluo8Sc3J3QftDOe1huQA92b5vQcH386esZs7E6gtILUMIML24h9VfTTvQ -31Y2auKpN5uFl0QVVlnY0JQ5G0fue7XNHLyrKif2VOExDYzcBwLP/IFmDgRi2dAV -gBm8WASp1eCZSDYGf6aTWA0ouHG7WfV4kPI2njIUWk7enbsUbbqdfvWGE+taweFX -A7XFbpeCAVwZpP5C3iK7aPV6Zf7ctvrS1/qutfKIQEiBAO4FaAlxVSvLjVdIZlAx -3ZD0pYH//GJwjvzAmRUN/laSRj7GVePfIkJdpSzeU3RtFb8ekChbamQIx7ZbMNgU -r28PfKxO1xwLswMY95XgFJjl7cgDNxyCgrqiAihSc0kIeD3HCaXq1l4SqpBRIyBs -qacV1cWIVfLQP9nvDFuS/sVMFBhzSXSmjAnJQ6IHTvcQUSbADf2X3PkQTFTlnSUe -LF6ihYqh9JYWVY1SHkFU1hxgKgz9Gg== +MIIJajAcBgoqhkiG9w0BDAEEMA4ECPxYSkeFhfn5AgIIAASCCUj5M4r1OJopnVtB +kyYUjmtJv3x6ricsKg6xfG8RsdP29gkrnRcFUvqA/QsZsrHAFlymyvdu68245/1f +Gwine+PDLBmIOmfhJJ32K6Ag2BTBqnld5mXaV3ykXcgD9oyxTPDU2CJguRncTFtY +CYT5bQvWG+dd41mblHt3cs63CaUePimzjIX9n90tPzAZcHFErYvgDzVdgZ1WQf45 +JwZelQ6JiMFCO6Kd2TMUM3ctcA8uFxoxlBCSw2C5pxnCYOskh5FJ0uFJ2TSP6kOP +USErm4radP2ERKNucsbzD3nL72Gl1nvVFr1UVEyvCLHfez7+If8X4/Ix/VaqgEJm +2b2znEK/UKnZk0jPrFG9NJ9dEgIyha3Y5NX28rfEeHLaH0A9CJLBGdKdrH0FIiA3 +GiO9ayiA1W3g5ujkGu2awPFvCMk0J5CffXumMs9BAmBMllJpVBJsf96l5lI2Q3BY +9+xDGxNf0yYV/mi6pKufIsU9GHt7MhQv0IUA7l9WmjP1jWUkh3rFeDtXow626UGS +qSHmZa7HRxiXuEmDX83AAdMhJpm4o67vmmhVnCALIdYSjEJ0lcCz+qK6XgSRpwvJ ++qmAF+W1ObkWI74d+w0XbHPLvlY7v14ZMB+8eCC9ANIyABqOgdhmmrD20mKphYXZ +ZgPOg99e77ijM4bRfWKL8NdFwRv83YUoi1HvZN9iltMaCbWsT3y3OnZmuFuYCPLj +oeQQ3r5bvuSThlTXWgbuH3YkYI/CW1Gnrevgbu0h0SuO7wxVWg62ZOAPbU3cYBkF +5/PACrRdwOaI7HViz+IPbzzsIArYGe81E/JXXqXfGkwfTqXzsa3resZqivlTVHtr +Rk2g8q253SEbL9zy4nNtoSFWgMmrGdbeL4iczQR2aKmwRKyL6DwylrCijwPEONjO +yik9P1b86jmGCZhh6VFugqXSyNDSUXxiAGW0w0uFhL8cr9n+WWfb2j/Zimsyv+wo +EbP5zMbYAK9gFQ1sOEKC9Isbvsgl1uSfaIxwYx63LuvrIxMCy7w7t6v3YHwQ8Gcf +fNf/VBjR+F764nqSo5XgXv1MX7ctWOQzj/Km5ix8cPuPszWGOvHxAHj6IJljSG51 +arq6NKrA33Y4bm6XxhU9BBSZL90CTU4lguqhznSl+I0VS02lqt4m5uce6ikyHFgq +Tv8hoJlW6E6CqvBJZWFrItoNIwBIJeGtKsrlyKyRvYhCdlDTteQmPNtFvvEjIkKp +AKofFUmiPTjMJ3ZBxydVnxUmdkIwGjZKUU0I+D80ENAHDLpYjKkgRC66/kGjqKei +pEzrTBXZ63B2qKitfShltE/d/Q5LpZXThQWYziktXsfxzaZdkKzb/Yvo9GnA4ix5 +jUDQBIIsKmtH0t/yZar31CGRqOaraq7UOYLN6+tXqTcW1e+uGzY/phQip8PQiSb1 +nbY5xekZcnxN7T+TYJ4FNCOQzsocskOYPpdXy/40h6aHvJ5A/PZM/6MbATRo10Vr +6bqlmPAcy9OZtlu8HEEkctVpER7P6wlvNGzzFIg9ASZhLqEFH5bKcjZtoWG3bJLH +va6U7pH1mt4Lyn3V1t7ZHkXLyBUbnE+Z5OxPown7QNT44/DG/91/SOy4Ugl+nAuD +1qH3QAs8aGMJM40LOH6Cw0ZOOio4S8TNrmzMFEVtEtpnGuLK0Gj5+fjm7q5ZEE3Y +cdkHFnIyTE62VuyPWFVkFlZKVmCRrVH9spfkPRjZMBRaGHqk38V34T6IXaO5u6fT +4jYqYN7dLcQ3xmGG7tDDkqFMAYWweYhUNPZtAYacQwptgBPPn5/iaUirx6T/OsSx +YoWIhtPsQoKn2lWosxlGFmoCyKlMvl7WuyMys2uavh5tPHw9wzzDcOH4MKxtDKgE +5/c+GE/DoAiLxPoZFx+qLNI3kAtq2FMJLbY2r9cQf/VXWnGHZD0b8UmHhXYR6UvF +FYpo1OF73zfx8+zJFRbwI1iSeEYHaGRXp8xEPWvB61wvojbGoZJhp5V1rPtO4hI7 +hwIU64WMn7WSPEcUN+Y3eUMZFipMSp9UQ02g2R8hvD9LJ44f995DuOEwT7w59NPP +MEBXL7hs/LIoSmKAgpvV8QUvbehMMh7/FWq1DUW+Ixf9uinwlxoIKFh/vaw7Hl1w +/YJWZvlw2PGGle9B5lQSGz3qyfxNdE9jP8V4Egl7xPar9B7vhANTCivpxpk18tYX +JiIFVizxfglZyaEHqvuymTfU6K3MkF8+34l09ZqyI26JxtptwwfEjyO12CJS618C +L183TGh/j0xDpahCu0j2bCHU/HjPIVtJ7M2EVyV1jXtDggK/MLAQAxM9nW8cPcFs +i357JmYQdSylL55umrj+l4FDYCGAk1HgHN8c3QseR0mLP7rleKC8YcE0OkA1I+2Z +kYxLuq1XQx5mSTA/BDtwmLunZjBSxThD6/LO8pThK4s4m1d1hNqCJBTseQeJX2Am +fF5oCO/+pu0qIif7qPXEdPZn5ZeT6Qonlf7oSGCY3Ov3GNZuzclyr2qYyARTvFfP +HX8nUZO3vWfAm2i7fKYVwKc9mqavpdx/LI5qEbIhZN0QzynZA1WjDmG8+jsL/2tG +J+DCKOIfhD4YyCVN1yPv8rCLDQELqdx/n533S7fDXH7L/NfTJe63M2o3Fv4eiDqP +jqOhr/fHx8apCwNC4q68zWoFAthCflCqSp3MFGhvwekcO8hXh4KTE4RCk2G0i6CL +oJUTDYULCUb7xUix5scX6SMF4YBUqINV/nffziE9SfaadSYp9krgNwvcJYG02tnz +O81Y4rWCK5JlIyx6t9r1vKoxm/tu1sXZgbU/J+e1sth3O50Ege6WP9Ec7Vj/MYIC +d8TD1Kd8sm1m4DZPpqUG0OxFvSEZqVfmBSwVsLDB2wr9D1nCfn9WMTj2lSvkhObt +I88hpO4EJ/kjH06TejhgRnuqJbpULpCr8YG4QQRCQxuMw301yohhU+D91aI/N+j5 +oHVx8kQX88vqSpzsrq8PokyxCqztjIInEPuu3FSmzAxd9vyMvAOWZzUn146N3nvy +PHrsZOiNUIoOuLAWVwm3QQupyt88dfqX/RGqbajFJdoVDt0ULwQSiBWYUQPouBmL +hAfrm+jtdorAFDG9WjAUEdsWQSvOk9ccZeNB97BLxmSPZbTXm006tarrUPNV2ycG +1Qs6LGLS17QGzDwCa3Q= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der index f2ce0290e61200ed7b6056ca6dc74d0cd2223cae..7b36c36a18da5312cbad74d501e5e6b4a5147f6b 100644 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2zUpjnz~bvpaKF200e>pfaKLah#+)f z+{WahJb2oQln4AUNerQ{lty6Eq(?oXC<6kAxSxSc*mw@VRFRZ+SNPrWTilA}4?s$~ z93Dt0AQuBKA}#`Mz*ShV?`Ft_J9OV1@6jPM2UuVh2+1~Cb3{c4D`2qL#7p9ON{T6f?Mmp&<`OXaZ|a3{(egNFX?3^27bDig`V~7 zckc*-eZ(u=YUj15DMp|qtMsTp-$}}0y%#lEq2ZX|O)jMA09M}`feQo~ucj>mVbWiw zNXd+jPa{*tO3}uAc7LmOL`6n%`E>ua=*+xyRjwak_Dck_FunNBCzyyq_yg(xKZv@V zhsG${b)#JT0c=n;n^aJ$%%jSozf7jXRAZg>Sn%(%v z#gMX2f9m%nnC{wOCfR zd8hs)CI-5C7P;NlzjLLJ_)8_JB=bRF@bDA`FaW=${LkaDos9ttjt_P5`EG#)RceMx z`F;>MAsS7=Wq;EzB_ZG`>b2RgB4qdlkq9$AKhvXv_KDp-RnlPu-fwb)BxiBr6 zNW`rb7D`vJospnq5w>GPvrk*Ndtba+CJ(82uYMh_Yj(^USqnW3=0A9k5SgD$t$mye MR|PByR9$n&uP6IOkpKVy literal 1262 zcmVr$Ol*ibawGg zen~7`U;#En6>sf>)343^;$$m$07tsW~JP}Ye*E!A(aC9Vr`-5S%wc^9IS&OEk=JVowdU(u!NU{gp@rwVRDG++ij zJO0@Ty4L`JS$N%C{BCDw7$B~TFbmHahy3jkXjSLQ2)j|5Da`OzAwjBxQ0UY5T^ylv z(okG3irfr^_4Zg$)>e1++U9Dz%nAGg@TFt=KQBm4sO6PXJCvd=f}d7{`le_EVjq;n z@d1?r*Ix?3m}%;N&U;b&?cR%@Z1*b>=xZ(l0Ug}BM#!x<>Z@LFqK0Obgkk|T@}G`3 z3U`|AgX4E|GZZ``qF=KxIn5$erisgm$HEq$`fD8Y&o@k*F^|LmIgLR;w9w4%GC)jd zQ|U=X4JnYv%5^a3Fw=)_zuqSce5g`r=S36NpKZrz3Sh5Vd+{7lWlbl&mT&oI!TLWta6zm=p&ExgJU?d-sc*UJVJ} zj+-|XBb`WB$R4siNF1Rc0vRn@GPl+Bmv1<( zt9(4cZ^I<;aI`g7LRt%WedT3YuGrr6aLQQv!F75J@6Yit&ZG)9p-t$OZot$8s2GOl zK&=%{h{>>DLu2%%WCb8``3a_g6WvM zQx(9raRuWuOzh{V%u0D_L?Od1e_Do{1g>pKBL48Z2+-F{Q`Lb|2=Ux6d?y@ZFF)KF z_=4xIiSiUzb`wm=o-+B4(^!IM&3<|gH?s_JyAoZehDk~pR`DW-qBeNnNfrB%pm@T> z(Q=F@mQJx0%GsFX)Lox*+~NVv81IQPqgU+xTSzvI$*hooidoMD(Yy$9xA;BuW#_?S4YXAyBusdqer^ARm2REh!@P zg=vMf$}J1HPT3f7tdFwJnZ(dyJ=}eC&(3}^bAQBZ!-H}+NUj3~VB1t4)yY7}L7!B# zvQ2%>wopn}AAuA~c)41|uR`~bxHE2JT~iDxkoN2*+Pk?)plnlJ6qZSK0+v``QM0p~D>{ z6=gF|U^9yjn4`a?3eY_Oz8I-4q2JD}c*9`QVR-Lc;L9x=*}Avjk((@F@r+!Fji8YybcN diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key index f9c11ade0..07b47f74c 100644 --- a/tests/data_files/pkcs8_pbe_sha1_3des.key +++ b/tests/data_files/pkcs8_pbe_sha1_3des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEDMA4ECGhNuQogiktrAgIIAASCBMhfcb+Jt0YOgGni -IWnwmmtYT6Nvina/j3FCGzcHCDyUQDqh1rPUtZnmUdM3fyEGlUJdX9wmHh3gUkWx -JE00QMzYDQsUbGrt8H3rCQ+aXegCicXAyBgDh0YUhO7bWmgJNSvZOduIeCJ81mnb -xtl3CGgaYVOWspr458crtvn1Hlhq0EGs54EUHWBE89PHNxokGHqkFQcdp7QHO9Zm -ZvjTn+kR0K5KQbeQwMf3LcboueDV71ueUZsHlTSZ5Qs7WZORRzMBoo2SWV+Mh7U/ -yAQv4i6CMauVifVqTMbLtfdTyZCts3N57sGstyqIruE1Jwg8m3i+cV/QIh9Fcgo8 -R+snSlbOZMzCpUIvcuVkEMBP8+89/BtIabXL8SoTsD6v/f/YJfcw9qpOH+AoA3JG -UZT+0VxfIk0JUkX8QvM2qMQYY9efX+Dq+N0ODS1vsdP43pKxowOQlQUPKOsqoDch -IXW9qDD3uV+clg5L6BqDbX1O98oegcg6L24ZK1yKVzotiTj/eaZVpzTtrNYzWB0+ -qO9FTwLqOmIRcduKKu5zctC7QlpFY3U2ikbkYpPsam/9GSXVe0LuMRLleiMPQUdU -ZJlkZr221OGq5TVhyJ6zEwud26wExB16tLU26ZvEFwExoUPboH/UQwX8L9vd8BKp -a32u35n5MOn+54Rfa4qfpU+uLB056CCKL8PwVLN9Xzeg+gJLfWqwEalPmSsylakO -7+suOGaUKy1a/uszD97dKk3Abwfoyb0qvbdF131GR04NYIzkQl72CBlxuWqVUt9o -pmwsUDAzwoJWi0sKy0dTm3KZHLJ+3OMIydod3beS9uS6Yro6NJBN5EPw3PoByBF5 -DUkOfW6tV0dlHyXOuwU+JzBd4iwJgO53GVPAap8a/eOGgNCiw72gYM4lcHnwShL0 -/v969VqntPXb7YF1hMs6ef3zTmLEB4xaXcARynnNkZnpQppxSPeHeXU+KxZCjkLE -brzHFnUMr8UJOyra3C/iXfi/OKJcBIURc3oY29Q45GBcV0s/W3n8TVF4qEqtbv3c -NbEmgcdzLGA28XiuyUH+pLxK3qP54jlqhd22q5qoN/gz4MKG+hJMMcO00Hj7+4Fb -fnxxGE5far3zjHLaxfnRKIfseU9DrQVh6gTg8ibe0kdoUXrptIb51eRcukE7s/yc -01Play8GYik4x+kcNAmQT29EslB/3RcrWH3tZExJjjDaC+Ty2atCMmlLGxt7VHOa -C3k0QHYSE/TULBldB64S1vVFrZgzLFTlXKGm38mOGCG3t/lQQDTo3IAp0YE+atM3 -VG6ON3SSU0QRP1aEkZY8t9rf3+/J8Nl8oF4kF9ISzLNhlR/KJlNkmDvG/ic0skJK -KYezuuYH8/eEr9ZFfBsb9mRsFCM9iBZl/XqebCCC5/kfXzL/Hpp4f0L7DH4C0f6L -LbMCFhvsCNGh+1pdIjN9hbAkv/r2NN8+MaY2xFk0ukLfKgpLp0EfpkkcM0EZcvFn -j1JpB7rshCLj4PzM77fLh99H4cffL2qyzXqFF2Y7iW28bW/RQFxYwpyEnowrcRH/ -11Qi525SdKWRkb9QlTJqFI6wsWe5kmYO/kDqGUpGPGK8+XTRTFjTci7NPLqN+s0w -Z4/b5SMVucBKq9sUm6g= +MIICojAcBgoqhkiG9w0BDAEDMA4ECNw/X4edWXVbAgIIAASCAoBDmCn+YmkXDXuo +6tdZqaPmpj9cCeBl4FOaID62I/6Xfh5if2Vyb3NVqyK2c4pYVc1yQpFOKK5dJuN+ +EyKz1L3Ey+IwHfXGHz/VjWrxuZGvrxy1ssM72v3Ev9zQKO/+LT+hKfkAxrD6jjCA +heiKJqFaDeV3vkBJIN/L+wyG2pfUzYu1ZJTa0s3BSquiS4MF7L33nuTQ6+VEvVBH +OfufPVD2eqCAYtc4FJz5329kOf54ul7shdsIp0EII7bjmGSwbwG235Wk4jOkIkMg +EKV1UgeMXQ2yMFwOH+02xVFj9iHlMq9gVkWVxzAEv92FNqysageyvwV+LiBQu3rz +hahAqoI7uL1aIRmOyNs1xlSN46Ztr9/giE6NZ3lMoivnSncxXbyUsrwp2EepEjLq +3szsV04DOBAF1CxBlg0AI/PXGDe5pyFrlWj0aaU5YgQR+v2DT8BPheZASbk8Mo3d +WP+GKahSJRBUI2C28rV/aQWsforW7Ml6Sj/iqWBQbkNEow6FICeusFY7gxYjJdPq +QsM5Ncu9kxXPJCwfwPuguh9BbIUJdFl6J1lW97RF5M+XvfXm3naBu2PVQbPDAwde +G4DpEIP3ckOrnJrNL9Ewjk6upuaTO/SzL5EDrK8jygpmkPe5YpLRmwmpr3lLlanV +Nmqv0HC/6Mxjh0E87/wyAD68/Sv4CYFvWBE9WD3mFc1ZHadJmu++W3q0X1SOJpOJ +z+Tz20bYdbwo9glyeyh9rHqTukpAtyLpJ4RnWw0BqO4CTH33AJas82VxHKOWGuhy +QXKiPBronsVP8omv0+HRPk/O8fkff90NZ7wivihuZYYqewBVzJOtSwDFBp+pTf/b +kL4GqBE3 -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.der b/tests/data_files/pkcs8_pbe_sha1_3des_2048.der index 582bcf324bc2c53bf677a06a49c6a487c1be0d3a..1cd196cfffb390c555c5d531ef6ab81af95c2c47 100644 GIT binary patch delta 1256 zcmV`rli-jI_?4j2ml0v1jwFuw^2T`@U?9Zhkj11keXs%WkTr- z$mhB3(ay4?P{@orsdgFv8DtFtZ0o zoDL3>>L)Cl>5RkM=n5{T?gJZ8G%{4rPXtP{4%QmRKQb$%%73~Y5H;{0Ybtu@nLRxt zCqJ*uZ%k>qF)rIG!o!3UZ8-UZk}&CcIfK!D7X=4CC-CdCNhsBkl@#j+%mShs~zXcoZ!RI>nsitmet1c8m;BTF61 z%==j8fW_TCWPdkd$srkYIGk<;*p0J8ln5Yk25)#|IL?80xd@nOH8fh<#^qO*^G((? zOcq|a3|#@MZY;#TpiBfQx#of@<;GTFzk)>Lbw>i+>M|*@YM|q{3z{Njr!*vOO{E z3H4Z{8$d~eK3AsG)!zgmc&rp=?Z12fq?P z0m4R^WE($1c{`}^cP4aIuvH>{0|?nqIB#e*TxyN<2)lVJ!#6mP@KkRC*L64)Ku`P1 z;ZVum5q~@t(n?q;e(l_-0qc>i-WRt67-yee5*4dU8uYR(DsNll^=<@4_AdkVhQXpY zcDj}4Ora{z5Nhf!s-a8kF>3UXIJkg>-=A-zQ5~dmmq7^_RX2ewGq&S=7y}=lzo!-B zn%PC*(aY=XTgJo`!7XQ)uv^7+XEmvAhS@g7&wss37X7;jT`RvBPEX8@i_82*UT@qQ zCqBQ1UFE!hGytCgkT~e6nnr|4rknjnaB}9~?+hg$$#FuQC?yq16ME4$gCvp`#}1Fk z`o*?4mWLig)~!&+Emlef$5g~Le+C)f*O_!mqQ6R~DP%W}XW0u3%|}Kx?DPx7IiH1Y$-~%?&smO*L7|@_$7B zR;McQM}L=yi{zdwTI1NTFu-}|c%_AsXOQwdc+@f&at~@Y(@a^DBNx&`iC2P*1(@GE z!8I+zR4N|pu{yoJkO1DCHZCu-9%(U+j^13b006Z+J9!|<9q8%LBq=I-S5JE+XFVg$ zi~s=%O<+ZN4g~OS+1Y{h8+kD^K4Eg{g_+VT5$TGHI2GfJ$j};#vZ5m|nN;A)NEr`c z;$twmYS^kC1-?@bv{hZ3fCTq+o!rx;VgcSTkS(B&QX>cgX2v}#y;fcT}4aDzbB`GFs&Ux&y-SRNbitPnBtd19nY4U#|G4{PM) z9dS1_@M*>Qgn5gE`RddRZVD^|!hI*a*=*~looQPKd$H+ITYn@@RSPP_+YFOuSO+VS zKF%WAi8hq3#~ z2)-asY+6>wI>>@=x`HFnm&AiTZmgK=a;)z*N@uZsI({u1^SBe@&HEU?E!tu_@sh?{({#dG=I$5H3P(W6;O(%^fyGW9Enr*Y)qzDT%TOQT5ha8*rr zpT9q3kY6{b<_(ICZYZlCNkLIfea1`B9O4VeM<5~90DFEF?gu1#+I|o3@;sEZp}+Vs z4{)6@t$#7;HT>%kMpMG&&+MASyV4sTvvWc0dZCy&Z3}nHLt8F%r=0$rZ}eCc>vU2S z5@X{Db>)sCy$R)WK{8FmFY4wc3>t%GK_}vut_Alse!X4zxN@b!(+CqUyz)J$}V^x~mqtXdxwkzu#UOlorJAd?4&TV>R@yXNgD~>0`>d>Nv>B8tP zr={0q@p{}~6xb}{!9DS?1rV3&wXA&du;R|(g^5R72cp;QnPCZ~SbAzV9h^t|-V6@T zvgms}`Xw}{djn@{DT0%|W9FMhv;}yL_1w z(0>qhp(F9b4$JzZeJU3I1y(*l1_Dn!IHz#YT`Sb28;|CtY=>s?`Vz3>_yPSLV4J+G z>J8;)7+eFiwsmJ>J8)(we%|><_MJA(xgwh`8^9PGYB+jVG~o=}YIc{WEV!M}ak&{a zf*`MG+RYyEVy5y^fN!f5uWul$oM(i66MtA9Qu8cMYo;wxfVkNYgaKsol`EJkZX?%- zn!`lvhB|=#XhlyPgyKx2NHfRS*wz$5a<*LKAaf9lY zt~UaJ6~htmrBf~;lQrZ875bF4i+P&4uUo4O3P{c}4EBEDjAY$8#@*}GVrC1OiTdV# zPAD1CGw!+2B{F<|Sds&KDnvvfqCw; zQgLvF30B3qtgiEq+2MtT58NxLh+%rU&M2;nck@&H2)RYI$U5{RrB3ce_{I)#Lj+S& z#-fWgm}fs?7wNJZW^GTkDb)U~xT=V7TFJ3VB zK@X}+ipwrqaNK4d2=Q8>r|9?L$Y$M>NH3Kt0pUc&qsx)W1o{%Q*m9h!)9pNS2BgoF zxkRgz+AdER={n|Kpve39UDr)CgYa1oRN55)#z!y6rF*uN>+B(+Gh87Q?LLmH$dkR( zGH;ibs;iW9=6MRhr^(2`)_2r2QSk;H4ozR(;G3JIlLBy!FRg#_^W!9uwzc8k;Ywa8 zK?%6{dZwlcAyx*{WZbEC3u&>goi?q~`7!J9uXg}@vXJ315t_x4VTC9o>kC1THMNi5 zM~o=k1C!|^gV$v((uSo@oJ{r^aywDQNbcS++{e8=-vd%xUyWg+g&dWekX9Rijx7&p6H} zpLSpW;|jR5_(GZM_RGt#ssQt@QkrCy$w)AX2QJ5sOsD zf&4x?keb=H;9T86aOaCd3-#Dpj=8_T)u!z!uYmpI&6+4pdH(YXB$YY?*-kiZ>cap zx|qZ`M(hN(qHLqX3QCmLZsV%O?*oq?+W?5dU$H`E!r}4Y&gdMQ55Q_!nm^5j;;;dO zd}MWeW8Ks^u|g9Fm11y4gI514hr7&gbM(#_qB8YzU?zIzQDYK2jkt`Du401QB+uNh zjFkjFCpt+?)E2e{nLeIfkr&G*XZv|))&%cr&joQ3+402Dg0?_UdLMV?W{Yh%W&?D( z=KLO(l(}h`IXox6L^0Ubhr=Or*p^2`lJuMI*zMSJ`fAEiJ|5e~{EpQttO%>4&)gOglfRJOf@1XLhMqtO^#sP5+0o~}0K~e4D)uEgWa%4lSXyZ5s(c zsLeeZ$)Sk^SlGL19+t+GpeHP;Ka~QpajnuURANl0LuzQoa%HsBX4VJqwy$xJ5Pslb zoRC>;Z2EKq3`2DTYn?7}R$jj0zhrj}O31CZPHpnrMP{K5^s`ZwkQR)z?$EK6fd9&h z5B;ShLBBnvMk$B1ESFeQsr>=&3av)cR%wL3hX5Z1>$c>92Pt;g9Ob=nCPwv=%dQ^ejxgm6|dME-; zL41p96Bo9kHBee99AL;sV1```&Oq^tkocRlXI}Q~5oP>^?K8kIJqaAMLrvKXS2wW} zG%n#-C*g;u>;GX+lL8R&v+qPT(h*%Q7~Yr7`1M`saU@H zdr@)pYwhdC#!B=H8Nwc#j&nqL;_+{P*n@ZI<93r?ASz8L>Ba{N(xZXeWZ09b{?5&; zcSEL^nE#vop%F`FI*g0E#5cZb0k82bc*ga$?lZUUuY+`{zd)m zM7KJlv;d*@567cC+s;8GahwG_EQ8&wo|la>#9Yca0~lqy-+1FFTS%`Uj$MXQqg0zo zgS1w)`6EOf{C4HOJiugU)hnvg$^Cvau%KTJn+MocfgE{n@Ya;>2BsqeSz~ zdFi7nAl#x19olee$pIq*!=J}va7K~juK8pMnQn3JJ-=3uHYBddClUe}^MZLTe-LC_ ztW16_3J2YZpK`jlg8B)q=OWXY%nRO90p1W~m9BN?c zHr)YxM<6GK3>Lf#A}xVemGx^Iec!pf$OD_Eea=p{ASD4$G+{`j7g+M%g{&qxRCH4{ gJiKI;Cx_ZO)m~%j27CHCN+2dofaLDCp0R72yF4zsFaQ7m literal 2422 zcmV-+35oVFf(ddk90m$1hDe6@4FL=R127H*2qge9tRl7kd;$Up00e>wPy!COLlv)DfT9VWR9b!g<2#4Ik>qQ*)!0s6lh;Vd>h|nm8Zw4XUc0vN#e&`C*40eTJ&1EvI~K-jYKs01%b2 z&yNyR0SX2V1hHPDDiPC9Otqq1u{i%{kD384~0D@Cmdhi6qMZ30Dur$+y+WwS7n9KFe ztl-zenBe8jH*{SFU)9thPurxO@3)L?O4eyPj@xG#2hvLeQHR?*I|OFZP| zsX0vy{=72z^2~L!Tsp&>wJ_6`9^U06i+v*jS0hL zJYsSYk#97KZbT52;D)b=Xc5&SKrIXB65^&!k%K@-D&Tp+*_xW824}I^-NG zx}Y{m16~$IrOWQBndW55F66D2c$B!95{eSkb(tgCGVab6)o&AkWBWyjK3=g70lsA~ zioVAomd72e7GvX5RsJ=WTL8M)GrQwv)g+GEE3xE?TR(luG)rD-t9I``ZUZwNzpwEK zMhCa=dI#3?U>9WMy)Ba@=n5SC*lC{)LSu-9`M1Ww&_TiQ$18vzue;U0&i+Zpa7ieB zKefD(LjJsRWhyYpwqiV&g;Rj2`Yee^S&d5(0kPlRxg=K<)xExjYknbmDs;**gBqh$ z&Wy88UR=@#1!O<6o**Qkg@#`U5Eo@%JW+__DLUAS8C;!G`7e^@KYY){CC^HLb4-P<=~wsN*K!1lNrTk>HXMuk1Pi#V&?2O!%!ocWk`Ax_(={T_`*i?%L$oJmWjE%at9xo#XG1aJBDDAxUB* zjY9#aqNr9grwIyGQ z1#ZUtE$T^6MwK{8`gL}sV{a=kiZf6oFTDMEWS1WK^@)?$*xE*%DhY+FGY`NWArIE7 zVWIuJzB`K{hnYM_2AAc`%RuF~6MRixKrc}_11x1+T^#%y&NjF0OLq`Uk<-7`clnb6 zW&oI2E_Gwoj7c$CtWZGKLUOoX0ZyWM1RZ+cE}(U8%sY64{!rC|C&n3n+E!2It^OHMy0yq1*k-1nzGJR%MDPgqcf zduI&yx46D;O4ystNZe_Z{$c*`U~`%5`oS_;BYLD0QKkuT-WW&*X4@2154UY|*7hdk zA60p+tBHc~zC4XN`H_2R~>CL3o<#keW{pRL$`#hmW1xK9_pD)V9GZ_v6)moco6ZtDxvUq zQ-Qh6Y|}R{2Uo+aZvRR{6FgpO&>beu$xgX>EjtodpBd#s0~F)T&84}&C;jQMw6L>a z0)B?yE~>r?(Q1IJciRK)_!X=@5*NQI6XSlne=5!hSaqk!h9~SDsTh_&gU7()c~hnb z`kIMt<-TvsS@u@0kfkbaPF~9%F4{P!y#}bHGCKPZ@PdLuOlPr|V)>tPx5;Qb(Phrc zqi61G7VRF{E3&-qUW;8&zG&d62{A0lxb002!6%X~DBwt{byRrs>JbFN=%|}4+y%#D zE9N{3n1jisQP2htAvB)CO$-{<)Cl0Pidl?~#iz@3FwEZj#^b|+xB0KH!W?cq(S>%* zjDRTn{b9PH@`u#M%}N)K8r3g@4Ljy`RkC9U1lZ!RP01*>d?3iaLs76JkY00e>peVtNbKLdYh zwYZjeWMHk`ZI!o$6FqsMnW-XUG;!EeA7eT{Efx73vQgQj+@>=g?H?LypF_NAkP625 zSZ7AViY&dQ%Pu|Ar|m(y_QiZLRtPxQrdC`CYKsL;tU>*ne~BP~2U$Y9N&&3kITa2{ z{=!>8jE#GieHhITZj&LGDobTS2Ioz;+GI7V9d`sZYVTJUDjw^rR#0A=dt|wHX}=v{ zIaVX8?HcB7T^{>f1TUjP3iW`cxtoz1PuS38xFmQA*zC;Q`HT;I*o)MhrXeov_g&YP z4-h?5YZ&`n)|hQoJU0Qy5(Cbw9lI}_)6@%Pa!wES<&0dtf~;garoqfXLu=|Ztl;ZX zsTA*ze;@O=q@7pztS6SXy>>;mm6GV|(eQjgD7b9`6UOW-vZZm#fMJ^EX#L!4S%R%xB!>|C4u^Kbhmc?NU=ojabnzQ8~KM$t;S!&RTR&bk+_^2KMS(@>J04x?8|+DNFPR zV9AGFWj6*!$pK$aQczgDyga;!=#d4+NV?M;Ck_d$ADY>~{UMW2a2yR+tjvt)rQAu&9Z3vEoYcHKHk=xdO&4Z1f1OUe!XIJHN1@34oRs2E3(YdIJ;Ny1(iL6wDi+hSm+IC!?YsZF?WhSO?~ Jsc~{h*tt33K*s<8 literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key index d475ef481..c8fbd7e33 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE4zAcBgoqhkiG9w0BDAEBMA4ECCLhzdwnOXIZAgIIAASCBMG8Wgfn++CFRl37 -FdQZ90pI+u37yj8v0kFd3rDaDMurEftf10gWwTbm8R8J0eK1edIAHQabkgsF83gD -yrxKFp1zhHI1t65gPKHcirhx0t9XuClxAOzEme//iMaw/yf/IKYo9NRqyvA6BKHW -2h3J4+JSGLSaCsRUyzhoL6xOzF+VX8zE8PI11TcqfJe7TGs/9G0Pv2XxFpfrG7pz -nz5mkAYdckYHcu7+CQGJ09ZUkblV3MYKEEbq5xXEo4Kku/n1YNrh6BEWMLo5XgOU -YIAkzhSfnbTt6QrxM+90b4qwk5amrC4w1jUu73ZzaBQs7fhx01pR2y3zTPBD2Dpk -G3iLprgEFqsoGCCOqqqEiEF/xDREZEPW0es2RruQ9Tn14LbgTj5XVFI/wBcvp9uZ -pjS5chC0/CRbGcRi47A9vx9bjgwiGCDpxx0/Kn68uFCaCeGOAQ687XxAn1UHmBD3 -esjjb7S16ld9rSKV0oXWugUZKFdoq87AHY8Njhin++biuAEfySu3iH5ajzZV9dEj -6JHVwotuL2diVu7NU8mIsfr1kCJoUxIAbWFvoglWNmTtaIBkc5ch+kUTsz9rDtSp -lL9fT+wzjN7Q7lyRfIhNOheg2xF9huwF6mqnSlDfvwvEJ8NsQI9+CeooI2c1Zc0a -Bh/vDvCzov8TE+1Ma8CnrbaM/aSZ0FIq6PcpWSBLXSDXbLwabEEOLoXQXogOZsc5 -0sz71l5c8jJPlzXxFYYW8CNuxTsUP+hN2oWvbmL5YLq8P+1tw68jcdbqhTqoqrW1 -pGEXd2iMRUfCTDuCM6Bn4iIN80qUqqBAuoTC+zCVHnI7+ygmovhf/ykfVzNaDSIW -BkDsmZoH6bq3F9HpvOWggh0yK/l1b1E4PDQ6hq7qWNyJMyjYBJEbEdd9O3GW2qev -3ARhb0yGulxYH/h3yp2mIfxL+UTfRMcUZD2SobL+phLR/9TMUi6IaHnBAF85snAb -rbtAKCp9myFLwG1BujaQ18fKQFgcMjbJY3gLIz+3AC72irLSdgGti2drjP2hDGKp -RITAEydZXIwf67JMKkvyuknVWMf9ri9tMOZEvohnU3bW4g9vkv89CUtCLWF8iejM -fKIP5hjHOcKRLvvACFbgjYCPt8iPCcQckYe+FZI5T7zYsyQQ47fygS1f7MWZblPJ -UKAm8jxWUyySvEzIMHkoZaHtC72OS/L3iCjJ7mkKSZKeCDAzSEJeeQcOl0klVCQ8 -0P+mXq5wtGakW9MKLhmsOjUIsyN2f3gCO0nESYhWD+3EKFLSW7ZsHbDmwqSDh6bn -blFvlQd7cpfYFtlmbxZFcv/l2ijQWPHi93G/0VIhFHxI6LegKt00bIL5iwyF3NpW -dNzuE69hweTSKvOPqRsRnWyGv9dVLIaQPwUS+eEfsGGNzM9rbty0j5Bw6KY/uDgt -blTfN3yZBcyEsdPwyiVLdi65zMzN8g4VVQBHFhXWPa2N4gJQVq+6q9hQkgFFU7y3 -f8MX4BrKq8ifwWxsjL2FawcAoDcHUdCZjt/HZ+9/rL3iQvKeHbDbqu4kxlrE1FJn -0LHIB21qZIo+6r3fdNMUFkuDRBT9eEh3Wxlg8G35FYCIiOuIwB2ED/Hdnqtnemxj -kjRXU176HQ== +MIICnzAcBgoqhkiG9w0BDAEBMA4ECHQhpmYrGd0CAgIIAASCAn2hV4Jz28YdWGFK +0gLJr9d41Dgsa4BgBAD+dVf1D8prnkR5I9VoPMY8Fl2EZFVIgBCfKTehR2d5jMjg +EszFKDnSh6Oc1Rk2Xfp8zOy5lFBXbr7sGfHPFTBaN6lnFwRlxsDOdXHNpMVJkqnt +sli1A4Myjhf+y7G7jz7t5cavMxSkVf9NiNQ+4YwdzJTDuFOHPvHfTk+4x/QMw2Gw +IjKPyWZVYXk9biEad81eWO0waV6+wexmB6adIo7FkNFC7Mu3Yjxg+2DRnEnKRuuT +X0+Lt7vzHSUV5+yYwLQhQSGQvuci6U9zin8hcJ7tkJEQ3kJzQu9yL5ozRI/kAXRW +LhS4A6wGaQFSNYf4LzUxkqb/VvNnQ/EBT+BXKv/N83ja4KX6iD4X93uKlUGifsi6 +8/z3mI4e6FhO2XM5PdNE1iCdJtkw5vQZYPACVdX5LIpY+202hl/+qrzJkW09OZfE +TbNJRq89AvpB+Z1RVpIdvnFLuNZCk7GJyfpQCDWmK2msL0XTohlf5jUB49SwchKQ +NJ1NQM4K1JDz/yI+N39CCB7MyUEoA2bwRIpNRFDpNC/rE8ruqtPs5mhDfHqYCEUv +DfU1Aix0oQpFKICNlxqXgmszlzthTGUvNzT7zPsePfhReIBfiOG3hmqNzmq5N7bV +hhBzpqKIS59htjKZ1EDGCr7RdYdO/wzy1LCVyXyWZ1QCYPyyK2C04fGrDAxnOOqM +vpPoQPswK5WbfEbVqj1z9Y6MjcYdtr92x1ZDhTbM7BAdeBEhjzfMvrKPVuZO4+rZ +aC6TidEeAneJablTGz/uIGDFz1Nmtjb76cgUZHW0IRsFTNXVAPDRcxz3P1F5hujb +uWK+ -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der index 97319e9f13ca21f0766d2989ff236efcc51f3927..760187edeff89353b6a15652f8fa1a56b4d6db24 100644 GIT binary patch literal 1256 zcmVr!n}}iz_}bu z4p~?S_bQrByk$#0Zwt@P>2VRLYF_F57ziGZCbYol^Uw3LXX1-Bge)ZJ`7xO+3`w#v zFkta}y)Mi5$hcLyAcbulQfHn{rzp(~7h{6$;2S|bmt?VP%pBG{1MNyT`#G(*o?;M0 z7n&zzZcfF$K9tqPp(15n4ViR53#C|>S>&iDJo)!#BqKton@N)5-t?%DeN0_1Dqec4rSqTzV`Uzuab}TyO>}z~e#T}hH zS}RbaWEvG;#`2asOxKbVGrZdsG(a9Zl$`ULyr!ZWQ9=GP1NS5UvL3{K!;~l@tHhNg zm@AJ)nAfaQ_mTv+*$RnHFHt9ZJ%nTJ1w%1qW1fWh@}JG5pAZ=zW0j1pgMO5Pw=NoK zGCT|e!)*aL@TU1+#{`ou7MBXr?+=4+exD4APOVa9ic{@xSfTtZ}~C(TV?X=az&zoKsR>j zaEp8Xwb`=lvdYO4`i0Il`erlg%4ZUS%AYxqlGjNek1wbdI<{p_hHP*KDMXYzbOV*s z@i(x@$(PVr58FzJsn*gO9?QN*_9Mq2JEK+~;#=beT49$I_(JQDS6FVr315_GM@raH zNj+=V6+|^{^ft5_b+lxDeca7JgI3SBpeap|+!+`o2-mEFlfa%`Z1d9IQTBtAZqoiR z)tzZ$UcfiBo^qzrH1xW3??%5rNQUgh#m1LmOb@$zSm%(!nofXf+bNH)YBE&WVMwFr z)#SElkeVHUTDU#-2$pvvsQj#dRS)qGza&7%>u|m-I$fU~;7JpX2Z-VGhz7f>U;xom zlndF55?B%XGVl+(W<7vLE-RE-wt0cD8^G^uWqJa)=^fp3m2T12r8_Z@ekplev9+2R z6u|KHX!_p9m#{0L{{{hu=~!+#bg0xOp!-cK;m@u3@i-l0U+%LKKNer6BH8GJ?Z?GfJkM`D|(@2nZngI zPteiAxydZfoPiR+mOf&l5JJ#;qYYDB8fPPN{}28%LIK=XKL^6y70pLLM$3}1ox?=0 zmFJkBUs$j3DP}rQjh`|U_0p1xc_vP`BTZCR? S#tWaa9S`kWp%Ax>aCSXj&s;J9 literal 1254 zcmVrz`Bi#)9@hD zX&bO7vI>-GCKK=Q%hI2YkA-aSTCH9GSs!B&V1FR{)LN{A2!MT_ru=UAH%2|gX}Q%^ zM#7F!`I5=3p{v!Q$1h9`iA7?epN3KrU^SNu59$M4rMzVQgXc-ncQzY2*E8EJSNJRtbPyA zzMy^hV3Bjsiv}ekM0=auQyw+zL{VMZAE{#ht%@?4T%LxG$xg%@A^;PF^;lt07>u#9 zBGO0b9W0bW&XLtanO|F(YW!{km8S22+(y|oQ1^#axFPaA=mYQ)F~yp58bNt$hUZkK z_u6Qx4FX#l;OUN@p7I>BTVYAv_Edm_YB<_rzy+JWx>tT6DJO{OkaL-L8xUx|CX%16 ze{bL$r0+T-Z57L=&@^PI2}1qLI}sjwBr>s>8?@gAdAv|2yT+U7%S5GIF=n3KMV?Fb zjf-Cd{GmS% z8Ki_wzWRgTnZ6y*_%BiYJmEQ#2Z#gCg#U#C> z)8v?65EYJ4LbHkTwIMTUfO9nG!aP6llrpNli-;!fJ~UgKQNKD z;jGAoNyLt+z=>eFO`wG(`&p|CW)}0NX)mg5F%oKQRrW#Un@ngbuYtT@ol^ns46_S5 zt2wH$%Q#;4Biy3+=&{Wq!(qPn==t@R)H_0URh{bdjZQgWFq(mMWsJ7EBvI~1-qyVo zI3k*4%?Z;W#rOm##fZyL8g-0vZz8k90;C<^41`{2ehmWfq#)3}R1 z?B`o4rAL*p_G?r2y|-(wtQaC;WFx@p+}WR0e#Oit)pgMDO5?><)u?eE*K0w2`pqmYW~7Oh`+)7R2mjf_9pT&FcO?>x&QzG diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key index 21ad4166c..f3be991e9 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIE4jAcBgoqhkiG9w0BDAEBMA4ECLhM7LCVyIdRAgIIAASCBMC1LBF5f+s/Y4/l -ttdYBasNsmSdbAHr7uKFELCvdAZJrcBNjMfO/lyS+KeH4N7hG9CX+qJ5ydK5yKog -rcjUdVixRfP0HwhUyqVDwe8L7gwzf0VDq2ObUkM6a55Gw0rcTWfz86kM0PSBgNlc -Z1pAdMhjXMYBwSo3eH+yVbcyemWP1KyYFD4xan/RMdZJNrTIOaG/9ccFrQXsnXpH -C42JC8cqufj3WEvRzbuNYsdlAqD7aEvSPDsHIe1SAXUUmyFBvkJtRo5xatqQ0lBo -VDxpgx38EP6mUQ2pE4gPY+YFbn/PTajNrBv9IlDO42yPC90QAxo4OVd2NF1hH/Hx -zoIuEKvOefr8wZjZhwosFt2MvPWr0B1tNPNdIyyihp+ZdZn8yQxWDdBgiwGAdhdz -Misp9XphHmnRl2rpsWtThnZ9o+00UovchtQ+wFEZO59Xp8b4eM9acEk0Ktqkohg8 -4qQSYoAQkSZbPAqVB9nYTMhqolY7X9vL1/O7AsWACGlQzQUBZyUJBeT+UB5dlNNI -ncdBQa/HmZXoF+SKmikchJnBJ3wBAcHBddw4Yw48adYvuhB9XQn3cl2YHyZENyzB -b9jlQ5TcqiFzuZnPPwvOAOst05lYt3s08ewuPHCCb2tGiaLmIakQ9lvx8C/W67b5 -nH+E2verRjsRR2/Yj+aJBdvTuTSSKcCnEFey5wOVF0iWx5AuPdSEFf82LTeF2Dlw -bWiAaGIJFKUcotGUHnUB3Dp8s4rLPVgEoy2wyYJzYK1NyFD736Yn0vbi5l0WuAEp -HBTxrL28TxH6LDkSlb840bV5zPFVpKHH7Jb+jkya7iW1SGFU5bIHZrEJCa2rRiR9 -RUXvSJ7WuzaZmJa3OIsgsC8PB07zcoHdwERuVLYMoBZcMkI+/ThM4hEg/KMJ8BI7 -9A6VZ411tkTx+Vh7Qm2/t3OECeG28fogoDq5IR/qOMA8XstYGt3aJrUbMh47Znr5 -HtYmu0xFsmBGMTwZGnI0CPCyiMIwL0X3u41xP89x7+2VSAnSf9pzQWAJ2wYFWy/O -6VrBGfK5AqLK0Him+qfPqNT2663LjzSKy9MxCqte8BpVhJS1Lq6NS0FfvLnfBwSJ -TVrB2ERnKwgrxk2wIOAmzvsyLTpkM3OX1+rEEkjDTzcP1bDN4DseEzDgsXQythML -quS1cDEJvtMglw5ha3dnAawRnhHSTw8U4I750ZJhcgisryCP7NDecQp4gdXKOcI8 -f3Kpew6Iw9g2uBGzySebxJ4EPLygLYzn4n5Qm1BxMx0Rtxigmz7kNVx2LSma6v6g -ldBdUM/1wsk/wsfchNPKjzn/15sxdqE/i6CGO4BRZLY+f8TCh7T557AHVa+h/Tf2 -k0/pSyA5FSlfHaqAG7ythmvlGTgpe/ypeYsKsZzslmFEM9jYkfWbnD88sYgmZwhK -Bbg5p67BTPad6fRzp+M2JSGTz4zID2/78zttGF9+760OOqbazTN82SVdt2Hc5kPj -aHCFl5ZeFpaCuMojv/RbNdsHAryYpgaEwK91lh1Da6MPrq7Pc8J0df2Ns095kx5S -XinqwOUvRMCD8310j9fISt9mBiH2BG+69pz0CTMWL3Gje78oKEVaFfaFa/r4SjXD -01/LrZRT +MIIE5DAcBgoqhkiG9w0BDAEBMA4ECANod10o/6XyAgIIAASCBMIhYRF0ehbnMC+T +q8Mh/0vGvpn2rn6L++Vam+jle/aTKct49cIfHemIcWpmewwbtyAcY7b01hpbKL3D +T60jbR6Jsf1AFkk9SliC/zS9sOlshwoNrb306ZEU3NA19zw0ezvnCZNReY50ABbr +X6zV1zfJKsKZ+jvA7EQyAUQgVAeN6L5XpPwYxb6+CJfuM0iuolavZLVUFrIobQQE +aI7TUnXngQARK047nCU3t4dfSnL5NmVf7uHbhffEwjvBYaHhDSECSotOCkDydzdt +LJdtasuApmvX/c4qey/f9yIuMhDKPiIjqEVqqAriLVMs3pD9g/qxpqyrcfwQ93pZ +ARj48cvyS0AZTeYsc3DQ0a7rOe+JnPzzIaEAeeQUW2cffa1/h71e5PoniB/imcTt +QpYNCk2xqxJ7jLlCtfzwso1ZNeXxlLqK3jfpsMmBjAzuPdhYZFegbFyCTl+hK1DW +CYTTo/vL+VJOcJ8o+v2vQTMA9vJYNwfwEyUN0CxXZL8IsEONSJpIg4OobgNH00aY +yXVkSar+HHOBv0XvyfruiupNsvb0fS+U9lyLq7R8fnuApjzCas0gBgP4X1DWFmm8 +uRkdxFTdAnyo5BEDKb4SzYS0c0wxPNTKU/KLI17DPZC3+UDZEyqug18QMXl5kZce +Kl3ofBYuVEbcQDPhzwRJ69iJ+DJZ5Jy0mpp3FYdhVBty3g+fzEqQm3DSFYiXSWz+ +W+NlmiJAZ00kk0Wwi/nfKfXpdoQ1gcUOHdcEnYEEKF5wcBJs6uLuVQALPS1tAU/B +S04PLALo/AR28D/MdAjxkV90mCKWQahks8M4IVqXeuECE9AuXd8yJ3geF1STeN7S +f9xkdyB9n5So9zwaaNBauMq6F6Or8bPdAYN3CnQuoodqFFzRiEwGrqGZX5ht5n9U +ROMmkBiqGfPcQ+LISvKnzFrf0n4/+Tcn1Q6H2vpHDwaXAh4/nnQL334lG7NVsDzk +j2alocZInPZBpb7ehL0OJlWOVzkxUs2n412Qdew61/hhed1T2u8XPT1GZTgzv3fp +1HdBNxSv/B5m6ZIM9Qc74Ibe52XtIBrOTD9jETrCIxVEi52ClFTQuVZ7PwHq21WZ +FfmJ3c5FxNPN6VmM++F9IeStSRTtohtds531jORKsiXiX27CYru9zaX3DzZksWFk +e9PVbccTcw4wYOJtiYA9kIu1qNVHDs4+0xCNvZeS+92deI+TKqP98Sk1+k90TtFo +ARwkOnCgFVhQhpumT/CmX/s6gtFq2MSpwely6kxV6n9rsVm+Eqm4GNkI0tBLwQOv +OwZQ8zTGyZ9wqcVfU0Oij2/475C8EoRmnkTE0JhcCcdei1CUPmUwiQTAhcXiqvii +f+W21AysbugJ1lww2bBuEvG9HOaunIYq3kCFJbrmY/NZaEOLuZXKbh4cvtGUjFlr +BrBEc3+rmjZXXKcNL8PVLs+ENvBsgKUOcf0lj4DGI0ZDgPKgcMyLGbDDsNPtUKUc +A9gKH1pMlIiS5gKXp+O81eOihSExTrxxnDPqE32hqMXEeS5rVoDHIBEGzLE1CTbR +9tVNuUQHtv+5V79ie5hNweqOIcHFxM3FuwbOSDGVW54e8awj6YFQpY1pIt0n0rYw +t0oJTQDl0KU= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der index 496d602aebc1a479aa2860457774cd4a920fd837..8b538fdd54007c7185a26a29304e749b51eb8a7d 100644 GIT binary patch literal 2413 zcmV-z36l0Of(dCb90m$1hDe6@4FL=R0Wb~(2%syRM82?XeF6dq00e>wN7m2eFZ!${ zjfk|Ov53+6gmseahAGjU`L+PR<;&I9UyXcBm5pNzy5G$S8#x|VYHfmkA>I?aZ5vM1 zVZGsHe~v7M0?P^_D>t`EC|+ucuF*l|J56h~;H}p8K8_c^x`_9P!To%8(Th-91A4vi z2}ZMa#rReGFg3Z_9&+iA8S&R@v^rXt-E|u5@eHJTE8JtOfpv&{wim7(6=*72xa_(g zDoE?~Sw*xb`(ZKQ*RQ)7qr>T!$HaF=<{d z!P-nN%v~HkglRTJ)PB#q#TyB@F^VBNGwE8I5kbzCE6M$An3+43om=Ic1>Gn0_)W4b z&j>29@x5$q$}xvVn+?}_E%`0l?A#Ju*PGw8mKJo#Cgl zb?@C*xyo>OloQ^`=d58%G&oL}x6_;&Y^r@7r<4pzZi+wojoZ8M#LIhZ#$^Xf(a`N2 zkHwl1k^|B|N>1ik^gi6zTF8kxklJYRClc-9%+#aEB zs182<_X2#A@IGIV5a*f$MUVyv;9~NjOcElK2Y)I=y^}4y;lC%UDdY;aM6647#^a(8j_0NNiQz$Ur}t~hJ~R^_mPDeD{ddlCwU@sV0%1P8cWuD zDdmh@Vg+<(AN;8V1tGJkhG1j#2j-P#F+kR*Z%TeheO7GjYJrl+Y25eXnktG0x=>!o zIlkOZ$@C%V{O@FYWW-<2Hdf!Qng7X7OUGsu_%rp+LTda7`uY~j!6@qlt1Aw6*_Z<0 zym%GJ94J;*Fm?^BU}%(Af{G@&Y73!4+h!*!U>;HL*bnZ!6IW^nqKF!Mju7g*%$46e z-suXG?;}B6eFq~0oep>B!o9taij;;P)n8&ue~K%Z+6{aAs@T4~QF7nF3-QP2{q!nd zcqJ!DI!7=)iS8*EfiTh`f^aPuFR0B;Vxy?wKNp;NdQP`dmZ4&9lC!F{B?`3j6-3{a za(XR~v7JxJ<&D5%O*fKyEI12|g>_rY%lu%nOtm!2FT>@hVL?jt>55R3JgRDPW@gas zE`>zygzkV<1VX+O$rCC^rZYjI1Ys?&D|^3TiCrtFo@)0f3O_z4>kMsuEhs)>{bl+_ z*O@Z%?T6_8qSrV*Ap{xlM{Twu^YYZ0h3AIRqEAE3O1h@(H7z{p)#)LS{_=P7+0o|7 zxY8RgflkOQiXyhp#m`JACm2Ok9lLH;eB*Eo63TacXeik^eed;(Vp|&2JB#s^wnz+UEa;RM{;wIX%|ebi!4g^6pk)Ooydq)g??zWM~ey-GqgmS-%( z*Yr*<(BC;VSfqEK#KGh{n2zNy@WarueE)^e0x`S2qI2SU9%8~UWcs8>gsgJ+-{7M} z>RQ%n#o+tQliq8gc?m{cUv|^?n8y$d?R802lkzhGX+v?$8PWW{0b0dx)JFZV`wb%@ z+-)U-@$n>34@*ohYsv2-E5EekvK8m?fpM6$s48ie!E7btsyGE?4s%WWDnIFygy%VH z;8vQd;9c3L+UEz}qDK>Ich6l9eP@kOVYaR!NjfqPqTUH4q`qKbskf{ z2_|X#!!KEk7g@vRjak(c3qtGXwrq4)SN@+6ntd@RSX{$70nUvI0PkWl6qy7kdLHk?=?cC_Kt-e4}f(4xV zEi!9T^Bp5Ev1@qU7@>skVw7)@-Q#932w9~JZPwNh@*WzJhx+d=Z7gI(b+uj=q~p-5 ztj4E&CfM#%*x=tzV+Z2zj2gH(|Z=WkZlq zxJ=HyDM;rWlT8CGk=~A&xp-@g^cu?-a<++Y%pRT*N5T&S)9xk#ouI zPcJ|Z-t$`L-nM~XkOc+flY-G-$X(f$Ubb${hd;ptARPl2Fvj#BQ1A*IotAxNH}BWs zN0WWv4n_n6)X2l>oJo~3ES-Yrr0zP88S#d8R1kp@R+V2UabD@GjeX`87jET4tJ8#ppTZ(s6kMO$<; z@7U?VWYv`Dibg}M8RLcY_U`G{Z=-Kn#=yTn?p`h&zYnyFbVilJegqUB~Pw*m*VEVP#X*_ecS;)L?8I fY)6BFMwNKTh*ngTgF z81c8uS3%57HW6slfS`~>Hl`bouo)So+(rq7E5TVJLIQcj`*%NQ3e1Tmhb0wz)ri~J z7khNK!hG!UPRPFjqgRuSNc|}M6qzSW6Y`J{$g8ZjI%eFLX~mKZilN3VX@v-`FZb}Z z)WDufq&3Wz$P9DJu4saPqQQOlw9sl?<(Qk%BBq}8!>>pe0k{?|wC8p5YHP|rr-_mZ zH7q2z8yUlb9%{LOS%_tVY#dhdLW%3(bW$;EXb>s_`?vV`cJg1u;2l{gtsrgb{& zO-9iCK5?ByuO7(K+IOHA;s-RWsNr;!8OWo1zrE{k4Yc&cD|c{BnAp&MN_LU{*i6b! z+Rv2BiTA)m0XF>vCNv33Ayl1i*ffCuugmG=uYNi14w*SP5fxZ|a|Zv_4|ou$I`+li zNh%@3!E0D^=)oQ&%jJ@iFZH8rElKfzNQyIPHS(rb6ETa2KrC?59-{AP-hsLgiD`si zrBu(adlFwhcVSNsMh;;Y7&!_(Jc1`wbo6xO`0v>Y)-B_t_@C(*f?7l%X6Myrw!H7E zoi`%KK9i1T5FLU6t8iY7PT+||y($ZK@~7GXq}5x7%D>xsx0!yCjS}8ta6oNG@bcbBSv0qqo#kqBM zvkWuEgbe^Mc)a8_7i+oK02c}yT3qCnVaN(GQja=i1rSB6yX&H?cXqlPpYXh@&E`^! zFbCrs+y+evhWRE)A`#abagd{s>{Y0`f|Qxija=6s*RnUZy5o7+j)>$Mo)I3PK~M+X z4Rh#8E2F$3fFrC5D`1|QHw8Po?j~STMfz=m{bLF8VJirHVfyy<+OcoHWPe-<-BMJL z{+OXrHQ9v^I>Os9>8#&Di$aNrMyirhj-)Wkxv32S;pjiSExR+POCZEE>vEyGq+Ryj z?2?K*&u>)Fdp_e~koP=TmYb6Z5Mvia!GRM{B^?8b<|K>8NGRks&WpCNmU!UiNJqao zH6N`fQ)++I&mY|kPt72WU#58#$Z;pes6v?Q~&G&jtKAOz;8U(k})c`=$tAK z4mSdV6WzDsr{&CI&3EI%PuuvU{z8`Df2T5!klq0u(8xG2?IE*rZN6!0$tr{;D=Ig2 z#@mgei#cYLhjArO;asWu^oa+X zWCUHr%+aRM=hc*NxeKZn=eOGT*c8ZXSgLByHOQ~CPKoi9yBGhX|1`X!Y_|<8BNZaC zN!vmNaXKy;H33+uYo-YM4Jif7+U+q1N;bDKXCnPm=i5tGsr4_6p+S%2@BA1(^30@N zPL_l~n?v{%*)ncd4pr(L7P{pu5V~H*)&G?`+f{0%RkW31yWdzM`DA{~V@0sA%Md}< zzQt*NO4mW$HBa(Ow9EG=@m+)tUfw+Xoj|<5h?Iawdp#t$TR{=Aw$Qf_1GQmL9a8jM z&&;czK7V+1cZmKANq{xrpcVV=_&%>E+kc)II6{eb6ZS_)=s+cR8|Qq!qPY&xUd0JO zUkMdi=P1Wp3Gayo$Dh6Z3A&Iy4t-R*)OS+GeK$2LBI-%lG%FR-&*>mB7$oF*Rdh;@~cH!S+o zBPXv`d2jy&*3yb4gtKF!a=%8X#3=8&6f7P6<`6aqFxx=2mKN-YPNNXl4e;*vWjjETvl zI*!jgs)ogFXtXL}W<&vqM0_z2cMB$}L|M1)SJtK3Z1_q51|Jwc}?8&S;Z z;t%VYQ5;ffHIXrGmC4mDTVasj7pPta62n2(u|9rIE#B68nVI_NE~79JhAT99nSama&>(*2kls;$ z^l}(4*HH6VHp9n`f|Qrp+(h?>mi;HC2J3W zCdMd#4$*lcI{%C9b)emYZ!s@Z>giL#5v&eUo0}Afkq8T`0IGYV0p?*v3l*|$#i0v@ z+qyC=G^?lCRFZ(9u`G2hr#qTB1)`BhioOKf`1d0=3gsOWDv*%&PLg&N!JYQvfom`= z{EO;g*}RmMC@lH`4w#@F-R!ykcAu(kO1DhuhzBK(5Szq%ti$Va9OILJ%9xrU_68aG z6XO4syUry92F)j(>x~B|E>!BUlJ3D*A>UYWm+l!}y-w*0o&T(WXyCaa gVrO8do{%DRas6zCD?Hc(qtG=eQ1%Bc@VSV4XQ2SJ6951J diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key index 92e0e1561..1591f8cf8 100644 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key @@ -1,53 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEBMA4ECHvTDAvIXz7AAgIIAASCCUjmBX8AmQpI9qj9 -Eo6lmEmiUx+lObs/dCZP7u5PPftqIRtvg3O+170z+r7uYglA8RqbYFg/JmK0CT+S -/A10tdB60Oz5hDC6KramdtnyeeH0H/KR+GkBaWQdY/7MLmC2YAtQV8toKVbuFfoX -StBmlMTPiEtANXoJqD2l+wpIDSD/TPNRmiMTh74oU466Stxah85wUbbSoi5QlqUm -td/cTP3A7BumyUl/PYWHx26TO+dvdvg6bCT/IJyVZt3Xp5pjQCIH/HOr6i1+IUtF -JSPcfRVfvmWD46RjhOHTTWFUPx8gUDoMkabOD2iivmSiAYJNY8wZtqIO19EAjsxG -RuleRANfaNIFjkz8mU1QQzct98GDX7+OKCWBLSDzzNQFWvMZ8p1UIh7PcIdEpEdF -gSqHjLmDYk4IVNtBHg2hChjrZ+F/4chSMykehuyDwsn1BhUtRST/Atml6XoryBnE -2imMAvq6Guu8BOUfOYJHU+FBojKox2K9tadY/DvFRXNMOw7TSVY+v/t9ZGlwTrX0 -6e3dSKBjQHN7P1a9TinOgY7nwGMowYaEv+xyJ89h8a4H04SG+N4WqbHf2+B5KpNN -gwMlps+hT6V2/9LfJpJCb0GpB73Mxkc+RAFZVOUZlEtSyMbOgoRjF0S0IRSvP1/3 -auHEr1z62LTXsh+kAIvOOH+2zN91S5wn3xjFLepI6jq5QYk0jfyIRDcLzX5dpPSf -Q0QJmG4Pzx7ScAUfYh30Ga9FjQSWQjGbeHwTQ2V0QbqweNfdLEaYm7mSzNAtuaGD -y34Bta2mIQ3eWo6c/ipdViLzsCh5wBUuMXA+bWGHTPbyYae7jalnK6k6sfCe7teC -fC+im8v2tiO/eTl+82/NquFKyRfTHWCFC2AbgAJNqV0BxBeHAKYVNCYRXXhPD0Ag -0D7afVUFrsnL0DvLEdQ93YRV4Ykrcw8wl/bnGTRqfmAaiXkdP+gScxlWJH97r4Sq -sYN5S+M9653ETiZlQLsELtVf9LNbGja5qK2kdr6CdYts4fQS2sxjwADGjdaP4ANR -RwVvRsIX1uxfFI6kSwnOf6NxIkSz58i925e2w6bSv0/IDp+Ofu0fyGLECzVLNhoj -79tzEA3dXZr7jRzf00itVYcaPxzMJMROZWgdWvKPVJAPrSEiCCvmTfC+LMAHSHqB -6ajEO6Vkft60cfC7qRgpjKquaVkwPqSr9Wu75WTVG+cqEulZ+nJqFVUhFM6CqPyW -ER5d3M793S7dinii8E4BiqgFtnw3DtAt4WJh8cj5R64SxoddIyXmGQY8gPunjzF3 -62frHXLeuRx18AYRCyBL0emL+AEmPiUdEM3ltKv/YA+GEZcmCI11ZXLASkvb2HEp -MjiPH4OACqN50fb82qXurRCxNLteocd+BUO2ESyQDhFjHhH4zgWmBmSnMTUYCTm2 -KP19HV53QlMv4rwNLU1ASle5F6dUgnYTYpdQ/0UslKCSyesrfWOCscXvYYrVCqSm -6QN3/FoUcWwGLWX51LsaBfxIzrf2hIjHbmXlYwujcWMtrSPillPZP+w381xSTPVv -S/HEn8BKifMD2zLxF4w2MLHYO562lVGpkxdGlrufPUfKZrZ7AB6BDUBbj36GIFfN -s7vpIcboXmaycv2FhmUlvmhyYBudB+g4pfVSUdQyqg+dQQqyrrisZXyaIQKl+RIv -1RKb1rij6I5Ay1TCPuWRMhBK9yAEkQ0quC7Xd/1O/vVKpMSWkj5fMKNHA2XZfaUA -NJCkap0bQyEEi5qG5HGDTD5+NVRfj4v6U0fzBsuya35hHdSsjPHbzMic7IvUesDb -QwjQLxIpibWd2g2QHwY2eLCjLf9Sgo7rnOH/4lbFVWPiB46yrYACatnSRZu95nZT -C3MDgYKqxzjkcl+qohpRODnR8iDosl0GgeOAn/7de/RRVhjRs7RtYg+94fJCOOkr -LGgL8kdB/k1cVzn42z9+A6sVtKuduo5tTOAheEN59+440wO2P0CAy86kjrOCEsxc -tcm6FLxJrtQfUG/jp3uqoWpe7WjyD2P9YilJO85QrFzfFX2VLhssQlr+cThnyc82 -iRJp/idj6dpda1A75sg14sfk7tiEs1mo1gn5LQV+/9JQjEp6hJag3JJuUqJsNoVG -45P0Pbv/LAZ84h9E8TMfLauSZ+r5AY8heiWHahg+MiCOPdsp7TbhYF3fichCB/0/ -7dHuxP0Mu/4725kLDxFfkn/M5jtRnT0jXlzcZoVramqWPhagkvSjcpJy/csLjWJN -VisGc6GbTUe2XvEeUQb8/Fx6MS477PZsLEHu/gtkH2jBMnbXhRtbBjVPsRQjG0mc -g24itQD7FE3ZCwrB0m6kv2hrQfYDrK2F46oK83DwqnNlRHjMIgmIekBIwAz5AmzH -2tnMw8F2ISZE+PaQ110RuBCTrCKG0sQPfF/7RIbeaq/aHjvmBTDxYZS2Co5Un8RM -pxENTFdtTB+yXs8iUoeFXRrNcdXQXvME7PymTP9768le3JjtOIwq6f4dnRdlvUEq -SnwPWChWK26c9/1G7Zml+m5Ya++Ya5RZThvDBPCMIOlu7k04IkNOBFV83AsVT5lo -vkLlcLz8OPv/OpWCc1FcxsmXQHD3fKFI+mSM/JMyGA+VKcXedjXJwuRAVz2ZgHk1 -n3LZAfVF9IEZPgt1qFuHsc2j2YUwf4T330R9dNc5N2LzwyxLp1Q0Qer57UCI9IQR -K3k6PszIYyHLISqniGdiokjiXidiAeDCB0Kll2sK/GFmezEefQrte3nlLaV+Wh7Q -qo0pwTxkW96OzDIVj4sHqheb5y8Rifhf6E8NSBlrswgWCOC0DfNnbDn50GxlpCpy -8axIY9JbPNpNlcG9Iik0bIHRHRYF6h1M54QsKXQwX12DGRYVfm/Y37l3IMYSXp4o -sj/EpBwht3mMh8BYFz7Z9pcSGRpzUCu0Eos9v2vchwkcQJuWLztmLy8LCnWU3mB1 -ACZ00ce3SuBfbPp79ZMXVZIjz6r6fUX1nFrVh9s01Q29VFb5oatb+Mk8PHflebvi -i/z0Ku2K5tcyl8wzIVUwHyr9DlzSXRHePT9CI0JmWnVOy/jiB0LVWN7mlEuEjmsk -fh9h/67/JvVfpU3opyBu9mR5D0y3NSWUdvGkaFJ/my1I/jPDclQ02TgUIcuJyQGo -V8gMphCDNGFehLwnptI= +MIIJaTAcBgoqhkiG9w0BDAEBMA4ECC23dQvmIVYFAgIIAASCCUd7yonOxMs1L12X +N4v+TfBMtNhB7J/61yj7oI6SuBAzM0/H8jMA5bPRTCvDuLcIwN/3J8FoivUK7esN +HwzKN3z6n0sbtqm4pOK5MC0fYCt5iLYbibgAoLWlqJ+yFcr6pfjJ3SO5/KYuHI3F +WpfO3HqhSnxe9W4kV5qouxb4P0/+mGmBfJ0luR6OGsFlgpmUbOpA24o8Ul1UaIEY +p503Urm/GAzeAY36RYghHGKiA67CkwPCJJcAF+kIRhiFkGthZDvycl0PvJfRCeLD +IBfLxVgW46/Uj93iXo10aIasPtEGIcsZQ8fw8yDQ6Rq+Ca7V9vUKwOphSf9j1xTY +pzVku9JOdncrMNduj7BYYYQlbrpMkQskIE78UxazeBew24AkyPLYKaNuvyFUt30B +mIWzMTkXGxDdqyst6hhVPynouclr2lXRCfqi3yHMBjphpL2n+6/BOEN3eY0h2xdI +R9+KEBUFSauuGn02+XUqXRuB5U7HV21xLx4Uktwd+83jngzynOfsciu8L1MpyDFt +EjQ810h/w5wg1YzlFXEH5+B7RAdEpHIZsjc0u87rn9u5QuDMgmo1XbTN7vOAyw3e +0+EEO0kJyoQzEGR50yBe2hxZL3QJJkyd3Gg89DfEqniEv3AMiKtpcUC1Ycgz3nhc +1OjzHrWWz+iGA2dZXYMpEZ2Mb5atbrp2E0oEsAGzCFMRVSAxC4EQWRMEVmd+R/Wp +ZhOWT8KPTtmisualtraPVEg2oLWb1vEVt7Dpxk5p5sFtdKoxbtZ1VjYwS2Rr7NRU +adCD/FCcwp+a3drDCWsUfYnos3oEvwVJT539Q6ZLbQpQnfBhSpPkaPvdOO1/jNYM +F6MkLJzIxIXeX0nzpLpAUITbxKkGmYYW5za7zNaU6h5reQgXjcwMRkvlQ6KLOl9M +Z3m48xvtmPBNZrMba940JUNx/H+FYw5+A7Cx3jLhO1P9GpScFzt8Mxk2tGGSiv9o +wtumcWRqXK3H6jVlarWzXcqkyOV+vyfIwMKPDOd2olZg1RvskvsGSdXX0fgYnCgd +vL66InHFCzh3ZkQRonkqSb6m4nUaRMmJ6cY7IneDgUAdyEInpS37Vucjchw6NW+V +XlRywmoku5gyGv9oErnj1Ab9W5apVaGEizQl3hhoMFtv1qRB9Par7azKFUMTXBx4 +DHRzPIzkuHlrhgq4b16WD6QlXQHyuPZdBOMFYd8bciNuknZFxFazZlycuW1VzCca +HYpp17p3lxuMmE/8P240qcEzIM1aQF2eUpoI5kySnOytmiae4yA8HCxmVg74exbJ +VoQy9zGLo823EDcEwcxE0vP59GsNYdbs4h9CWDxfwXSaNCMt1q8yRkvMLO3T7EVq +AG56XXewemK3rVNROg14nLnhIw/U4E9ZMn+SbKBf1QudnNk9F4PG9eeQHZfdP7Qu +j3tCeSkPXOk0hpYvglVw/JlZJoMoRUbv1St+kDCx+JQsTcYJjm3Qk0MGmAc9JSaA +CedQa5TZHS2wId2cLGRs1i2HGQkDp+TLBm2Rug/T0I7LI1Jz9o6Ov71TL/3sctYi +lxgbvCPvNAGJVAnISDj/0VUAiN5t31ym1cEsJ2qfITS1t57ZlWPcRoxu0Zc0H0lq +M+mnvDoHn490AdF7iGCV+1xSQJOYggtAD8Tkzoiwfn/tZDA6GF2hUYqEggAoxum+ +Mr1I61em5A5UABtOyrooVhSb43zxzZrcORTGuvlO4+xOO9OvJv82xyYr57zScUx6 +myPRPEBhpDFUUPwsWJseksawUpg+QmLb5L3sOJjec0vTBixOdgZOrN1en4FJPjfD +i04uZx4ecbaYfPEVUKjPDl3M1qdgW/OSguMi4T9zFZrmg5PgjCyZsGSUEt8RxY8Y +KV91LhM2xf9TFtZFunnl1ji42ojtMdwBuO8XyhkXGNUTOExCX2gtfIfnQDkKdsUQ +cBcknKtjIS6plFdMyQkSbSU2hBNnB11a0MMWbL2TOgi6iSHTdOTuP3JjVOcxEfNI +f+zEUkRT1Vhht90Spm7T0wTRYobnjc2/y4EgeWH8ljoCfZnZJd8WOph2O+wXEp6b +ddgjLyEhZV6NX+7R34pojJxGYCA1u9MX61xX885nZcUuWah9eFlzOXDQCqwQkcUB +Gzcwg51zlMC9YmR1QciNgzq25ZVzIPNm7qrTPORpEGRitAd0D/FGzumNYpE3Bj5J +YvStKju3VlwVfy/wet5ZF9nM4foFjLGIwI47wTjGtIfUA8tCL1awLH3F0ajfHQgG +V9k9S27DQ7/EMuK+O1x4AsU+bpRsE2aq/at6TgoQV39qYDvslFWsSlhk5ktsZSgg +LM7/hzcPzGbtxbQn1tkQFFkaoJZ3ZUXqcO/rlLrNrBo5U4Z2mFFR3p1g7aiM3X3f +iqZYYkOfk+h13EZAf1F0WgEu/CCODRdPMwfuArHHOs/nod8F5MAtLj3bEMIWBlvN +TsIL3LrwC+01rEh78PHzd9Io2AzJsG9k+tgeO4AQkKjP2lb6O+d/IPOEI292v62F +xHymfEyvBzVAVLw5U2OfJqCZmu7IFtJM/O0JXR3dhmt4F9s36yIWiYKKctZeJNDl +8gM4rt66kS2HtbQ5r7pXcocpC/1F/sLPO6/t+QnyPNunjX2xkoHbJxU5ln+LtmlF +Bw1R70zVEmyj9sz93I1fSSzoZ7PdyTaFcZdllLQf6peIKi6l+RRdURYrtc3H7Cnr +cXN6CULlFy4F5q60Bcbq1LLHA/GYU6WgD4WuYi+MY78JQWDyDm0WPCX2NJtvk3Ve +3ReTJokrFBHB3+JOKSS1Dpb2jlll3fmjuCA+c5p6OHZOq0r+hri3/Kx0uO/HD1HR +fdqOMgmYCQtWN8WZBef2adGON2TtpqYByck0n+DL0TO74ep+B3sKNn1Lji9vTUm8 +72uxKMJiUKtfq2lfBESZlpmHO7D+Al2QIhyDkJwFmvJM1+vprTgrUQQajgxwobC/ +pYYfJyFAtsAhYPqzWyQmZdxyt/XLlbcz3ETmHp+3bnVVcvUiLgvKLEnBIZB5j2ai +mKjMmaPCPdcpo3r2GCgSC1lbODicbF/AxmAp1PQ3XYBBIm5zxqfki6eg0DemSBcn +kd6dFQpZf53jCwzbpbL4ABBq9+twFiI0rwPwNZIqzqItJOH1bwXbIZYBdcYlbE0h +VEr3ANKx3AmSsoHvhQ== -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der index 75c573443b45403476840b15f8f4e54128963415..420a29614d14ee8732ce48fe5f5fa3e31fadab23 100644 GIT binary patch delta 696 zcmV;p0!RIl3d#ipFoFWckpv)rTodH*NLB&z0s;sCFcby|Duzgg_YDIF1PDF2uMjR9 zI`Ra90)Qa4pK>jX9nDrjZYHa$&JN*FNY*}bkDC5;QY6K>fF+)68E}O&-{rp4OZV6x zUi>M)2~p)O!SJ(2-%9vAonG$L3(DLY_@IdB?g`wOj%bn-y*$!xJrCP|dEtZ-6%E=7 z7Su|@A3{5uKCD}e_QiW3Q;%Q2F=CFz>-DX&E*(w}*@!B)WyyIoAVX~#Yto?f(nkPeNv_7&$)1G|l3c=N&0pf(1O`owykX#N# zhpYqqeNow|C>;CB8kO9C;#%!cLj+Al1Pp@B<&DeqC}aBfVxkZ>QSgl<@V(OI<6r_E z^MrW|4CJ!cYCwjchP9HC#=*8@h|qBf78#CY^=cD=k(<{^qFq9`2z&A_%lkr(L$k?E z%}%RWaGR2|vLFBfPW{pLChd5*BXcr47L2t>X6srpXA^thGAQ+bNuW}K!Kl<;x&463 zH`+_>auj5G;xwcGR^;x%P4l=WfQXueaJ8$|hpWa=`-2XN3qARL9?Th&O?ytNN@qzX znN9uTp=g#Z@1UluI9<-4EM=)W%f+z_5+f9OiYtal4wvWglpH(}81%grOyR1m^wNNkFU=8ts56nR{u zO@R9D-I^X4lC4QEMQxorI$}=Ut#eSi@o;k%-iJqsdxbr>=5Rr)_0T~{nruIxIxCqL zxict*ZhQOg4&|y}fws;*5?^0dPm6}1ksconHf_L+2%rEf9LN7uKTBDZs+Cx-tA`T} ef>Alyeah~)VKph6kGaNUeS`h7hi=MPu1qs<+)?)c delta 1284 zcmV+f1^fES1(FH`FoFdRkpv)r|Dq`#@R}=s0s;sCFcby|Duzgg_YDIF1PISmlH+{) zk+%eb1jw5uPw@cE z1@ci4L7XswHdF@UmAFWumpkT=o|GA+Q_a|Ip24}#Y4LWzP&f><5+=?6aZq)U*aC`r z6iE@FkL#K&YW0HyX9r%Ib3hS)y`+_cOkKtOo5OYk;zm8ro5qpn4@DcrV4FfkOJ6Lw zx^j{*>_IN;hn9flMKHmC#yUy~4FD6)F=BSrH|#TFv>~1D6M1qk%wL|Q0FOZ6wNhYs z>EZru8?OKidA~Bv2w_68(qwnT5M?lt!RTITe_sHB&$vc%+I9w~L|(TIpVG5|+5Z8P zRt^K*v3~*n;+pA5aQX(O)%HBUuk(BQ>Je841A73?J~UzrAjI5%{xo9olII_kE7+cm zcz>7?9WXn|w7v;U)Yb{$IVa@Cm{2oJtFW(-KC?pCg+mQLdej;ziDV#&U>k{*&EiE7 zjw=xwinLw?wwAJ}V?=AsBJ)QzlIT>au>*Ew^U1>1vo`GC*F)M+kxAzbiuR5g!FFpM zU2%wdRdBw+4WzMudWj5mq+6u}`+!326Uf$t`Zy(J>+ce^-`W^P<8-1_=~ayD>=<|Q z%iZj_-&?OAT1N=wk#MZ*iTD0AFyQt0DysYQ9!x@>qP`3qda^D-HaUN^= zj(;VJxlqQ9Yla=eJ*@5&xrOeSq1SS`jj=H9XO&En}5;h6=4_>gE;TsF41aeXKC1=fy|wk z3b_p3hcOnuo}0$H5b{&fMf&r)t)^)*mjuu1q~rI0qTTRdF$2%HFIMMJCm67@d{k-O z_a$+7=HH4C{TW7d6}04=OD68u!6QP z_NRt_3Q`zk>Z0Zsb(EtkmN<_@?A*E~@MRr}xjzu*^Dh>lez58l{lq=F(#S@WXjs{9 zie+`Tjch0^7AF#V?6qPi*hA~Yt1=0~APRL?e%97e+747?1o(d{d5THq=eS3mnh^WV z`Pb%r8;7x|a^&tzUc@9?|)$%tnF diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key index a303daac3..f5d8ed6ee 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.key @@ -1,30 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI4W7G1sVqHJMCAggA -MBQGCCqGSIb3DQMHBAjXOQ/kHb9EVASCBMg68SwrdD/DLeKcPtCkE36wHvrK6wi7 -CjwFv2U/gIfNCUNXBZPI4G7voL1XOLJ8h0WWqlEraHo7zYWI5Ky98SI6wOpDGDzo -URvavOVT3Ry/QfLtt0GZvELmJb6qO2AcL1qIDULx4xXqb3rI29xR/xVaCkB8CGSe -JxU+1TbJJG0UdVDm28dhO8J4qgBpj9N6M/e8K1TIu8ty6IkFPFumTN9zMV9VXRIo -Ajr1RDIiFXCZ4ayEnja2RIZwi89rn/iC/QzfsqQFr5axw58wz+0/EfD/i79gKoOX -jKBEwWN44LsxJW/ucy3pm7xRurwZvOQZIeZcecVVecAaHmCRFfq+VpSnU5iDZEDL -0GU+CKXW+zDnuIfUc/lx7LWjFyqR12OviS2CdrkaTKSVBAEYCFQdGPCp51WoZMnE -uaKkLp0y58e5J0mHx4kmk2saAacdO/YolHjkh5zNe1Z+sORwPEo4ruZY/+wem/TG -KFQsVjH/jAsyQFsyXaOrQ4QyOwxw52Vz6b7vrffaTdnKlyvJTvebEbhNiNmt2Ni+ -wac/1VcedkMpUrNmpJyal6lzWrVQmW1Q9qBinxHeGnNHk2QWTGZCQCClxDTfPoE1 -HC85cD4h91eBV4fiQm/ML/WmaGAQGUiTlX5vESJG1pKYXGqv1cr1pj+MTjqfjApl -KOj93yAvx4ss42onWe9DPOBojSMuIzEVZOeq7mt7QeNpN9unjsDVrvq/fmsvIBb0 -t5HFVX4JlZoF2sfrwP0jEkyHxlk0pZZc5rbwtVI601MolDzjTNBcYbUB0IUlIj9f -mM35IAFWZtrXXv3k5ZRFQU2jB7DFP9zHWsai7quhhduvt498rNxiWu7YlAQfhaU/ -wVK+3Fca7AGrlQ8YmzV0uOwoTMvKbLNwiiIG6QsgWRhmOIwHdNlRvhaZl6ybRLty -ppMaqlOgDu88/8SMCce8yBderXW/0QxCZjQ3gEDufqxjC2IelOfEbChMLIs6p+9B -qaPtji3TxOscQZMD9g4jYXUawHSq55B/MegD5sfvTl3ql+qsQnleXDUz2gJ+MBlH -Qp6HZMs2woAbvFyxAXSUeKAOZrnW1TmRNmj6SwtE9aPmMwSYxZtTukesl+CpzEqi -BdBZia3Yxu9Z5694Cg1eXoPIir6u6svZA5OIpEIUDIUPnMmG9pjxQ1xK40vyjdMZ -+9uAVdGX118nuwZ6Al4bfrPOOmwII2X1xmfFGG3rbVHVD9dIGJ1HGWPZio4F/eai -kfSYHr0410JRAOvd9G4vrH6rq/zE5QcLCmXyH5W9vF3RJDAK4ArcaLF5RPY8slEJ -NcZ7XTcKUc/Tg6VCMo3agozuzrxKCX5x6rvn0COYgdU3ozTO72dJlFQY2KpJP0n2 -RWWjdl2r7XYVRoQJd5XaZ3/mgJ7FtL42Rh6+vjEJLezWgUTo3B4Z0WG8WIp4wfAw -d4qbAa4lVWtP++HZvIqOPaL+nZgFS22ygtoIVyYDj7lcqH9cdMsaMrZFAxisVQK2 -z2DnysfLg4dkdDuJjFUI07QUPwqjfRVKC8Mec45j9zrpuzu82zQ8Fub7ldtECsby -oq0smBG1vd+ozMPnr3yvU7X7jaaM4toW+dG3OQxnUO2GyB/BAEamOB4CWWbKSfy1 -tfM= +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI10unvSnMKS4CAggA +MBQGCCqGSIb3DQMHBAi/YThgINTMtASCAoBsHdTnbfIzYHiLDUfMA9NESRL7/xww +em6vTiJMGhJxIxNykVuzuxeglZPEj487sbFAsHTQrD/2VAm2lXmkoD83EQOP4uYr +xYRVvsdYGXtBCCxFKEyn5iU7YZs5xY4v8u9nfn/Zq95mT69V2CJFre6JYfnqDlR2 +bIcqJhD6r5gF4GhOvdGj1Q9ykC45ZEAci3Vxr6Eu+3Z4fokRwb4FUhUojt4rjqwf +HdwsMU6gMElop6EzymHL5FQKkN5Dy+uFEjx1BqLamglBgfZrZ+HnU0zlEQ++GGVW +NPn4XpqR6ZH1sLcBOzdg09Xzw2qnJrN795S1nAlnhQmFv+0TpBW+vDnTjCO4og+f +hmdRq7pV25swctIX8bkKibywZiSDmm5u6LXOpOvcKOGe3b1WBq1ipenhz5IAMDjE +/Gma6DSmWpceAeJWjLZWknuOTqJWpIN9IrJNmLF1GuU3Gq217hhAd456vZSnyGi4 +MtpqdhtxgO28xpzgQ6ojOsYtGjWRa1ML26G5KK17YnVCHGo38FCAgkxmDRxFvTOc +BbxsFOjfi3SUb4rwOI1MjddsLSomd3gYb6eaXEmAzCxeuMg8eSDWA9Af7XBS+hch +dM5H+6jpdpAwEr4vI25v9Rc/OA3tOZSgedr1dDeJWhEouL6a9JjjOGLknkbvelJf +2SJD+fodD82eM3g52ZVHhkh936gWKntE98gwTejONgK0l9q3FnBplUU2b7WNwWg0 +3lnihHVcHe/TJ+oRlbKttRnwQ6Ys9kXBzxAi3555V5VRKwWka76FhtihXKwcIK5d +Ej+DW19j2JHD1v9Y/YWUcLgz5d3XA8Jsjb+8BSzk/hYwNLY0fit1ep26 -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der index 9a1eb403186a69fe60d074baa6e69c9c499abc63..b9da065a6ecd6d259f505c69d60099c80c9ad07f 100644 GIT binary patch delta 1278 zcmVx(sd!z1cC&} zr=-0fHsgy3zMn|?Yb~rG)m62OwpwG^Mj1Rt2GKa~voaKbzn*Xfw1Vkw+XNEtc9O2c zAncA6BB6~Tz9IQL=*~`0>ZHqd^{lkNBxR75RXCErx&{m0Hh*SD!OhqBy+UmIm(T?8 zJeG4n(ccv#YP)1R)(bA+ZqF#l{#vV+U z*M9GsIa{B7qPJa!au}`S3-iRI#egDbjLNMm67r7##Tid^q5nuvoA=-)b|FldE1PA5 zx=GdnifwPTpUu}-b?;yNcfRbK8}l6CBf-BiKAL<(zJHTa@hc-uk)aWhC}4Dk#*GK+ z^6ad?vCEiWZ>{ozR6P$uz-X90eiLH6XGDA#UBdPv_BDSy0>t8eC|Zu3GK}++2O+c* zE30UFdrs2gTb7dG!R=Sk@X+UQS&biQCUb^RI_H9=(_gf1aW^nZJ1P$8g|f(2>-2cn zwsefZWPh9s^_IhKaAJQ9qcdqpOm$Y(_$NkCTsqRZ+eW3GdE(DZ46pAP;>vn-fEidn zIzdw)M?{2@_Y9?h3Q1(cwu5I0 zdRdL^?$e`u(^Fq#-BP>Fl1CiS%bo?wSAVPn2WLu+RFn`RB~8>k^Z^j&T>a>|;E$t0 z-@nS~^uTYo+$PzwYoQK+#$L;{;xFVJt`;G+no!4hGPdtmg@#eP_UgkezXjUWc)=e$ zbZ+3X+&MXa0!M!U@q$Va2o-a%G<3=HuV zioQ`YM~H$(F-GIdGbld1aa1aop1-!4=0%OYK$OkucBAfXHO*YweU(lqZIE<-f5MxQ8cBcr|7@B7m oC!Z^{xe%%(@aoqR;Wi+M=ZxYh_@G8%%Zk76PSNo~_i`e`H=luh8UO$Q delta 1278 zcmVm7?sBK;ax z?IS;5DNda9`0&`&tfAsArYg6JW%3ik<}@cA+* zGAL0Y{ZAJ5eq;e~SAausAs^Ek-i_A912cXYs|Z$X+p6Y04+S=gh`#ht zj~*fSYm@&OzI!v&n;f8`NsSl~A^NZqrBq>f_7gx0;=HCB*FhHwFkK>&))lSqQnW5Y#PPr|?ZVhAR zr2Cl$7k?@ zkwy9_1d)~GRz$amBn&@#c^j@X9gf>U@%V@eHu{8i&apc@!DaH1=Mt;g2Np^FBa@8p z9Di!x%^ew}DXJh_fHKPk$%EGn$Kp*vlStifRc|Tk_e4re1~Xi?NQ_EN)!~uc-gEGs zp)rTJUvbme<;=IFD9W^d1cz(OnzsftdEi2%cq+cf6rl`!gau%LB$pjPjy`#BlZ=Vu z6fqVYCQw%He|0EL?#g6@XDZ~$%A9d71%F)(j|u}z-9Cnb8CmRcm}jm#JQ=0P&OJbu$0@_c^SZq9hME-%H<_Su^k??&{xI8JD7qX#mDJd&^Sv5XcQ0bcw{1A^LNcw6{x>p>TW-1XMoBCWWc4{=ypq#|_y(+S5 zly|bwmz7OeoR`O_xQ08rhG4sRS<%3I-C_0dKP458Jc)9Fh$tun)ozNpQ1{%QNxRcl84Au}N1-3*C zU&-Q?va;V4F)nJ-Ij@e^>Z!7GV1wdpbRu-)Bpeg diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key index d595fc724..113ff43c9 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key @@ -1,30 +1,30 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIP6oIwSIapDICAggA -MBQGCCqGSIb3DQMHBAgsTKISyhpWuQSCBMjQoazTeTtrgdDa+phkGwSDgcgxSUHf -E8DmqX5hUNU4uX+hcqHbaRZIVGUs+GXw8iySarVbswbXakNVQCgp4HX8w46mhes/ -BlcJ0ALGf5jD4wluHNWZgEei3pMW7yJxXitoEoa9Hyshjeq//HLSNxmkWWTrrSAg -cUBLStsUHeSxXEXWpcRPin6LuZEGV0spb30BHi4vohIOYN6DDtxugbvwxzUChgDu -RyyhlA4F3ZjZW37BMTiZDyKSBODgj7nfPzzHfZnSC16ekiXYWbo7h3MihQmMkjOm -YLNBhOHRzZtXlmgFtY1yRfiREyk9zGcGYv14PB8sUOwotN8pktnwd2UgINaX+ccO -6/PHAoU/MiqJ0cpZH8SZlFalqGSsF+LI/bf/qs14YwXI4DeCTyvoOJdobU16Lg9W -Ole229Tg4eV96X82MbQ7cCx1QGWwAGR8spmrls5b1OAGbEXBFWZXK666SQMpOE27 -1qVKiwg7PIdzyDwPGj4UoJbhg+9APRNfIh6ihxALmy1N5qprY/B4I60QJzACgXb7 -wixSFbpDBqztCI0BkS3K4CgZnnrf7OTbOdZKVIcESen9P3xn3dfn1+7unZzGRm8M -nHQzTrlCW2z77AX8HGvP7AjETxG2JQxefER1+AyZFTbWp/zkv5ApYy/u/24MXRH3 -lYVBxaX2iZ/R9TRCDkr13VhQMpSCCPY0M3yphbUWAmk2OjjqKccw6IMMG8Xb/4u0 -IwtFeFzk567WQ4NL3WlyFjjeTww6LjXaI6IYvFMHvRrOBJt0OYLtVa8vACYWF5PF -XpE+xYDYt0RE9+c6j83c5UOriuo7KEsZ1d0JmHy4cck+17GR1TlNiciKyoY7Gvf3 -/8vm/kziEWJVcstgFdsIC1eZmRSJwCSmK3yXs+bejnmWmxHEpUaSDotfFH+U9Te6 -TfBoQFfOZfLYxhYFOPTcvAgo3ru1wxxMyaADZ0e40hPKbpOJrM0fA+GSkTf+kKUF -oHwZi3SZ39SLYTR/GoOKgkARtS1NjQDDjwLUTnKq118Uzma7ZFAkAmwMCF0eyY0o -ZI7NItEFTGH9QGEZosF4n+R4iHpQj8bkZWSt92K+j9PxqNSVesAi/uluj11F42mt -yGhSdFVG5ogemvS/5Uad797V4QVg4mepAx61dr8s8utEJkx1x78XP2bHpV5JxH3t -8zndRtHC7HD235BVjfgkU4Fwq5GElTXbhrVVsgivrerJsgvQGxpMI2rL84geFt83 -/ceWgA40BxkifJgaDLxSeSgt+7d8jWuDBRE/pHpFPI3Ey/0TuO85/D18mSS4YFr+ -66mB5Fr5cNJHC/NvJCgCRPncN4At/UgXhl9e/r/j8ENYaw4jZmiMo8GncmE1J6jc -Ze3V9q//pAb1rQoI1X6Buvp+a9vyFMn1MJ8CO56rwWnv5MK8m9Nx9uLO4Ufstv7x -/fYWGCoHBHsueiASMzZ8bL0hJe2ytIJawKxngUtWfYEO4N5W8H3TqtY1KY3lRqAx -0gTmt0e6a8veJkUFG1JCjr27A0GUaVJZ2gXC8A+QeW5DveMfYLkje6pyg+Opw+qv -5gz4twbCOAFuG+wvraNvHE3HVuqdcdTGlpBaYOyblwlWBzEAVVvsKNtWyXQDlV9Q -0JA= +MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/AHrzeKeap4CAggA +MBQGCCqGSIb3DQMHBAh7ILIFfzuMngSCBMgo7osY2jE3UGsryC0M1mpOLcr88oSp +OjyCBLdVgX6t7jz+EAWM18tcStBEVYpJfhKaMxyvn+qoif30K7BnTSHHL+J4q16Q +VuAnoTpCq/13SDidX2062BsjSYlsgAe/933hq9vUXstlq69FoRDbVgE9NFQib44G +TkJDsMJLfOXdJdLNcnzAEvZAEbvzhuuqeYPNm5PN9msIlo/kf+tX++rtZATArbhF +KYBunm/wEsNKrL4YrdqErj2SDGob8h0V4YFAIYjCHjn5z4kkOlfc8qwgCLZnn4hG +TaJhn4x8A/ahaYeWJKaDf1s5xe9iyp4VOwFBIXVTvDqR05ysc8uKFr+MkMSQuq/w +85ztpSBmOxT7I96O/bCYiQOfHsDdqx9cM2lUbYHk7wl0qF/r22TlO5tR7LEjfkDQ +qYbbe7Dcux5574PPHt8TcKmmXRA/Tm4DuqcHH4DIl7FS5T19Ger1O61YWnPNIEH1 +bvR32y2MjAe67tMzatWM9cUVOLvBrfUhLE409sK2xip4ef4Zfn4UvbxSqQ0c0lg/ +tfy4HR+UiO1lYfqG2e43GtDajXDVWjLlouWAN+oO74kZ2UYVK0bOisdklls3idjs +3Ot6NWyIR5XgyWxxpmYt8Ikqy7L2bUEYahW9+bgY2EAjcoJKdqaS/oWlWqe+wpYH +WpRn+K5Uq+EzXiRfO2HhsyDwEaHQEih6Tc/5ycNJ+CDXy3fOX+cjOZ3C8D/BAJGd +xw00XdBJbnlGEfWFI06r/Dt9tuDOpmOUxdQAk9ZZYNEb2l4jHjSh5pW/V/okOxpT +byy0QQMESnHInMiDpmTAMyhGPqZHy9XXz9BLPr9+WYgJFSbEKIPJYss3vd9V0P2j +DdnCS1eiLYR9jGmOOSrx7GDYqL1TW4KgpN7Nlk7H51R4YHVL34GGToboKdQL4/wb +870Uw8OnEqG/rOiNX8kyJmH9PgyMjrSZNXpb6hjfIyL86BbburI1svne5fku69Dq +DT04cLekL3RwtsyQgWk98C/3amIak1EZGXmAhkPUwGDQ8lxARfdnuJGNYUbF0asz +kvGJ0mXQyGJV9CdSI01gKsv7/qAxTl9ndHBCaP+aPuMRNlAPJuF9LHsLpcbaq/hI +OCPclBU1nEW7RtC6+tSKxmzOKEp0mtM0PPdLJ96QVijv18Dkit77e+rco8VrUUnf +LPdvv26SZViHg3sOyfECS/Oxl6mnkIJvXI1pQVdkWXQu8VtX2aNxTv9+0TtXz4W4 +acAn6kB2BshqLA3m2qZFKFFD4oriO/GcgWEm9K7sogVZ30fDSbxeXI+WEDLXiAuK +fgqgada+nq6S7/6sim37BwIvrnbSLA4s3qwgesPQ3zocH5DTR3r4eCqWFjAXVIOt +r6y7OoZzYAD7hHaFk4Xj/1xYbtFwciQBmXEtRfxRrhlsv/ESDVcN9ynKkUCP4tSN +mk8R4c7Bm8cgysAdFRwYczP2al+jxaV8K6vBV/9xOzVujzhJf9lxcx441mKhENSU +RT2YYgaD4xb1i963nAZ4aK6PEpJAxQPvc0OP/YjBhxF4g2eGEQ4wQ8vBffB/iECl +8E+fAXwGCk7I6XHGqeI3MnI2bCSC/TQIPv2EmHLOFEeHsw0hKp6BmnsouUklijVm +0LI= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der index cd6c52074d5eae29860dcbbf18e92e03e34a0367..565b4a7b1bc6cd52cb48579e8d406913b68f73d6 100644 GIT binary patch delta 2446 zcmV;9332wC6Ot1IFoFq=kpv)rMQbKdH4A-70s;sCFcby|Duzgg_YDIF1PED2Q=u;F zxN-!72}r|~DWQjS_*c}TC_A#Cr}{8DNAqrnoi~QHA+I#1Dp8(UR^T>g%o)!s@SjIi zGvZin<+bMFiykK4@_m`E;R_q<@0icUQy!+|p4XlQS~^OOZPT#~_qry3wUKH@E@sT} zRDVu}rUA--@FWzm#V(kw&izcT)(Z4v;*eV-WAw+bvoh6hjk`#pwk--gn7DmXhE*Eg zX#x~WAyVNOhbvrYPpJ%lBJdvUQ=+@82U6R8F$A5sHVO}J%4O z8h^~-e1Tbl`yO2AC@-7mX)pZ~C4*Gzr#2?pGV)I8_uT;gtXcln2eHhdvAXn?5?#mD zc)^kb*^oHZFHpNA3O+<7hLZFmq^HsN6y`!|)<8v&7fUxxbktLS#*2V>#VM$MW7G0T zU|3hYA=xes@t(hU2&umc0|$Zj8EzExW#263{B#4y7f$!g0F|K()Mo&vyi@&7V5tuF z^>JTLe^l1bERryhJ*=y64NxpICF=`r8fCrh(h|K6LKRQ=z%ri)xIW=kc}0{|3Jyh< z+_gVK95P}gGFhX4qWkTDw;OUzP__JCb08xmiUqnpn+`CyFUPIBC+F~XZ1TBHHYKZ9 zaU=wQ(T$*KLw3ensgYcd8)-0V953$^a|P!b@{k3Rv}-?+VvrzdLmanusf`>mBZ8YZ zvbp&>$J?UdV9YgoJ%W_nrbCCQ5PmRy!R+r-Fx`GCZM)rnU843uyLrBR3qDqHlN)=l zCDLtx$j_^9(3-`dAlbEL*qZFMHbr4~i;;8sLUg z%4#7|5Ee-y5f_kCW2%Uv+KC@xM5VSNoTc@U7&V>8q$G0oJw!2A_x**8qiZ?>QVdM( z?`-TF8y}MCKmS6E;ql1W#1QL!5}}o@6-?`+AR)3tz8)B8wc0f;2Penl7C$Yh~+V3h=frG^TJT z|6ns3q$(ARJ1K8D6P;sLRc(hOhw;H6L^P%Uvzd$3RF>jh5??3-pm=X7BrP}ZVYq4I z2Ucv<4{7&&k7lpWSfXOZM(JDdFX5b>i))D>-uM8zUe-wa$N{vrDS&!FetLVC0kjE! zBZaY&c9V?=5ceA4+UuZtW4Tv`fX~dmShL`ApztqAtK(#iRLSsZ(s0_3KnEc+dz(%H zScRqFp!YJ?2qCl!q+8u-FJlSNJh7*bU^|G&p;Vahm6+~`poYF{o;-~G2%DQKW`@(b z`>rc7H?yLk`~twaAWuFit;@L$@C3 zE-!-nKRiy$5`3f2z7kJ;^#5($a2b;tkdzPJyu6~Pu!IommFS!oZ>mc7pSxavEdRWr z)YYiwj_tF~Kw$3ebn%gGhv`8NPje*xvnUpO3pBl^b%tAhfxGQd_xA{OdjW4jn(TZ{nJA`B5k%j3;9n8zM z*ff*P2xu^cXA1M0D1PtOs|WKTn*;2h+nEg81`4GRy#Z!M->_P_;sr_?s{M|CD92+o z?$4}Dxh%w@EmQ`Tsx9KaD$zRSoUL4+4UxyaIm504{}7TT&88;3uT{B!xD)7=qP4V% z9>ui$I)+#I=2CHNq~pZ0dajjwBXR>?c>h@L(g?X) ziX9{V?Ma-R{*&=c_j}&Bhg}|c*2@T$VJ(bSgaSr79Tz3AL?3r#?VpCyr~@2F_mFmGfJ7C6Vn1alUsd@L&9P37 zo5qYawqPJpb#&ohV3A|Z`sA;zjmmRMK``)OBzR^j8xI=%_PQQavE;qo?HZM{b~WKU z(;m$bM!V%oqq$XFClWqj^b1FAK?=ICdK$y_tkYd>iB(13^h1Sz=RjYG4eVgSV>xar zr$OAE6!i?;h;s5y{I;&R8VG8WE-a$-m2P)L#K0y{J?}w2MJP%DN;``Xwr&4d&a3iW zW#PAUc3@rdW0uZsxj5{ho8P&cD^DV_Fhyiy`|A+N=yqpcdi-$eEK+4xettzf*G}DBTh{^5G9v{jv3!@?Yce z%F?T)R+!THH!ye!C9N5By)!jCczJAQ_U(7QkA4}A&P$YklGRO^EWnLcy7BD^VhA-7 z33HxJL9K_ss|EhQ--*@jr7Qdsd58QM)+$mD-Dp%`9o(EO`0d#JTq_gTA! z8+_)+)JUSU2=n+a delta 2454 zcmV;H32F9{6PgnQFoFq|kpv)rKLcRU1}G%FK%Gd+ zx=cBCJo&+yxg7k6UManc;gNci@hOb3J7A-ZRO=JbIfZPC@z>4zS(xF}J5LV_9k&&$`-Q7ejPMzQbGBy$2Jo0MD^-DxHnwYtOllg$g zqqm?Ouhj#T;t!j!=j;2VctYE?E4bR!3Oh`@e{e`WZ8I`X&z8yRt8BDA6qTf}f>J?? z4;GkVoj1c;FQ12mR~oG& z5AMX%!e{^#4aoUxdqt5cImn(SXws?|0Cx^5j1CQEM}k46K!n?+A&gZrOL@$Y2_-~X zM@2t{(PrV3_?IKEHtn{eon(A)k<8g z1W)$PlV8eZq(m1QL`4FAB67_kA-+J;CSdY@izn+x$%0+0V+&J-RGdo%0qlN{gPqeE zLgEKg{U%xVKwNL<$i8$37K1`{DR)wGE9TjeJ9U}gOt7GTpLhUAg~E9j<1I@LW!g@z z-d*)1WaE&<$%_VZ5puE5wBfJ-IsHyj9Ya`5Zip@R`+b~U>^RrwL(pu0el`mJPlS@Z zYb;b2-%g8-`$tG0%>e4{KF;H&;V0w{npGlk1>4p@*k^5*^^ z;0HOuKY-JJ80*i|9~3E>F!2=)LeU4_;AD%c@30*olO4c9T$xl)@voNf$Y^KcJ;n3r z`vd4Tpoa%?ig1LhFwcv%YoI$oFb)d1m+|7qp@U4ev zWi=%3bD;Z@OKb3IP+Ld0bBnamNit93eGnziCl{txhn%eUjWJa$0JA}YkUyNZto4`= zneK4-Vsp~5&IP|zaG(1t8&fmL79o|n`(Z_hLGJ@6Q;x>XRiG<4!nMW0d=1@p@5?i1 zeX#L=w@@$3Z`ng8*$=A7r03$Yxszs1=%CVFK@9V0C}noQz?uhLCV|^daY5K))Qk?> z%&MNJZ`Jr4Z+0yvIo?nak@t*%bvA=RrwPW!xqdb3tp|O(iaJe$ z5=U|L&oNB!Sl?9tIePuM^xkbte`&CW@;lIf+-~6vYIVu#DKjut2z&qUZlS3~{DuB` zcfSglAnT7wR7bIz2TPG*Ec}of8N7o~kp2;lAx>?j1*;)s=LD6uEoU^iTx~!JF~Kyx z05h0C&>i3}oe)or_|1_)o504!`;@-vcrseK8S-hNLUwiGdzM`?Xc@SU*VPT#$J{A@ zoUuyd1#(0>TKBupz*7^zJmSHhfxE0B%>nwY9sSp zYxeu9Ju(bpu^wvj4Uo@k>{pS|xtB??6fSak;exsuoe9vj`dKOQH>L{QIK z7igMM&`2rqh4Ct;poMIyh!-0I5%^Yr`nd5`hd01}Vy!`LgB*a9SDw{Hm4*~{i6*%u ziv|B{tIzIuf2G#G&SeZ0o@NhuFzMQ{C7v|axP(HneN=t+BF zNMI^z^6yqQU@-A|g55Ci)`>I1d-l^Gsi!x7&tb>K863Md5&EfFOGGoq=@<=vK>9(5 z4y^<%IuJ{t6L`vkUH@Br@@N!;iLanW-IJoP-!DJ6QM*Kvw0`U`WY1ZIVI@Vj1UQzP z8zob@InBGU3^2NO+IRsegaWY3g^w*1bKy4^;9oe*VA%Or%PmQL>esD4bJACZb~tMI5avBoTS*IUb& zCfTF7PNnY-Y2Y@!yo?^uJ!XQN#!WfIZ@@)j8!yrTrs@UB3ER@>j;0$FWWz>-NJ=wC zg)eP3?jDL%qNn{G&B*vIL0$GuZ-wFff;sC)A5BK5o!p%|GjL#?0p|sO>5!asBKp$Qs4ot3m{5l$D^%Jo#W-P40kYpP89#yYtb2lbx*vwM>jPgv3_}nTqu)^XW#Sx6O}&>CS+qE zPclN@0X=FnnzjoX*J%uY2aD(fHy(#geiw^5x9mtlvlqTRwUUabvHn!NUmI+oZF*n; zZ4|g3&gP=9L0mYK>>eJl%iaD*Cf7QP26(e7Jd5;BkXG~?x5#vRPd(uWcXeXWGLIBW z72+%D#gm+r@I-U`KhziusS%l|6jQZLkgeIi?~oH~cxgYLO$0T6WSW}DMU#G02~z$S zoR3`mHqQ%YprP`FW%-E4`X!0s92v8Iauy57Eq443jY&sr4%^cjaxiqWEp@g3G z1HwT{*3Ge>L+Lz(6fW~x8YmVP9x))Ntd7ND*r?kmC0SEwBd@>n9hdOf>al_6b6rEt zb`SceI(~R@2TG@Z=zas@ZNz_%uMS@n5lXiXlJxZuvw--hgcwc6pRftLJ}I)fV8ALe zc>ba0br^cX!51!)4RcCbmCxxPs3e3H^zHv++`$Re_i+2ER(=nUr``&7vj0;OXtjUma=WLc)bAE)B^b{?&-4TO;6=nx;2^w|bRKH=@pf=eXIF?fFw&>utA U%$jY3ha)Np!3TYDXN;1nIa^b-uK)l5 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key index 127063924..44e7683f1 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key @@ -1,54 +1,54 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJljBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIN3IptPsW6XECAggA -MBQGCCqGSIb3DQMHBAiSdikmQa65/ASCCVDEqdceATlCGC0EOz0EKW3M9DRZngbQ -NbbfBhEdZOHDlsjLv8I2r4KeD42cgrV4OPvCxPXKe/iv7XaTQ1yg3LjM8W2vS3pi -fUV8C5ZaWQFn7bJMRjR+7ddS8GLP9CxGWRkM3vCtmq2zqPpTuBIG8deZroTcGXc/ -iJutQCJilzd2ryVyU/2LWC8Bun1r/lStU6vJooauqk5SgP+9DxD+mi1yeIMa322O -Uk9PMYwkAySoYFUnt4G6RdDfBtoLRmaqFRueMrHHL4gw6fCLzizDW2+kx1tHkdSy -zIcH6ALZhKlDlexGTkkd5IWRdd9dQj5JLM++Yng4Mc3koy4AyzrCxwXiV1hz0w/C -47Q7GEUZbabvQVah706s3Gh+R3hyWQMnoV799UA1C6ZWX84hIWA2n0VCaaENGe0+ -eVpM1Q7eSsINBCLs1zS5oqUf0c5yd3JA2nlheZTmF8QXG382+vaWmAeCnPotKeiD -bKJyHPY3UlM7h81bJt1LowGhw56iZSX/tNdlyNHDFwKOB7bwJzgL75K4c06C4ati -5xJpwJF29uXYVaGvAryMbpf2E+FrmJZI8ORkWmXFPmwfyDVRo8SbNkPsLUIFkIDc -ZQ6rN2HmXKUGrJHlZh9DmbcCVO5SYf5IA8vsKfEvQTmUdVFTycF1zdo/ObMtyx8L -1cXo27KTyk9WuJnvh4QQpy6xw71yx/fRlDWBvfTVe7eVy/MorrBvhlSkWw1A1ZDx -Ef1aORbsbAaJCpgjfXZ5rFYKIPbIcXEw8xhNMnyrTC9u19Ki6nDsYj8wGysBiYwF -6x2xgjLRHExdkW8a+VuXmrcPXbJibZrCsG6awdNmTh8x0vCfIiCYqjF4qutp1MW9 -aydAsXpgT4x34Go9KcISv0sy53bh35QnngTuf9+tsxhO4ubJt7oNRq/RbvsQg27t -zcMzJkAIOabImsNaVmjJAhPpXEZGcvBQBi4Qn0L5F/uL8/0IPubOZC3WjLyin5BU -u61tNiF3rPGTdtcMmzE8Uw/gOJW8ircF6L5hLqN2V5cgZKGn0Y0w7dp+wpTzYt7s -mX/YJEXWo1+8dQ/u05dlU0+K2h/czlhV6y6mjdHFuuoUHgKJw0Z2u69uksRemv44 -JMh0A0OriwUFgwvW5N8PEWXBO+Qk/rAvt1gkmlYwY2m4CorBOUzuaJ7vQ/OP+0El -iSIXrNzNDbzIxqqFoRTKFTXmMuXLZ7eJGZz4zDyWpL16wSCTosMSaF37oUvWRgq+ -TVGy8BrTp/GZl70oE31Zat66a/cnZDyBhG6ZBcRSH3OOvnOyO83owU+hG0iq5yIi -5x6RK3u5wMV7ud/uWxi3D4Q4cUrzI6f5w2U5aGD+md5UA1YBh6qBE3drx4v9nz7O -YbbMdf5WU1TekJ4nBwjyttdYeWAaSV+HTTWZN55gWwLBskJR84vRhwaa6OokkcEW -zTKrUGDfu3upGiILWuP72hZUCryKud7Ioav9P76c20LfQ7tyVXT/j4atWbkeVDmq -iUO9XgE2pnP0cQKjaeXPZ7ywmooLWJ0SE7W/OLQ3jUQGcl6krNQM4zLN9rU35c5g -PT2u18npX1BytVx3sS0qvuBGtxUQlKheifOnSq6RtAkVwkAopNaWGpfK7MuKspcT -JNwqfXqtQGogHx9ygX1QlW7W11EcLfyM9YrnhBJ0f3nXZWQs+yDirsdPjff3Sggp -Qw6WX7YZtuPK1AH8lF6oNhrqsth1JEULvLj+gKMWrucN5lFvWigQoWziHBjdV8mN -oTUHAZt9n4G2l4j9hPoExchioOlTGal8Cv2gzwOtFHxeBTL0HjzBce8WicnRM930 -xaSrctLk9tJBN43MabwG8cUtndPggazZs4UVaayc0wQxRTKpg9dVxMPTdFvYjpZl -GMQk26TwFFYo5S8sz/x+OGODnrBLQZkOtDaq608dTYBdqO3z73z1oTzY2ujZICUa -JwOrpVks7K0IcKLPAk0TAQpMc6EoJ5vCYtM/7jlgRaXCgEtBdEX2vnPnJMA36fMd -uXV/aMp2/EFd/qzXCBQ8kYNQT9LHtONwKo4mEHz618NJx/p3XNAGooVyy91TPGFO -dQnk+6MjJ4Ni1ISY3GJzM4tM63Cb3cEKD7r07WmrXo9yneXdds9wKjrutgtBQdN4 -GswkOMUpT4F+tnGOZSuJqYDIdfwS49IFtwxVSlDDYgDlb/PrbSlJm7T9ZePlh+to -d8PCH2SjWkCahgstrnwaNpsE/NbHjl6S7enBhZ8TGe8SQE5dnYQXIiC7vtEJpfYf -NMVv/ucNGV8Qf+Vyikx5WFgzAg0dcJarFjOZ3kfO/CafHJyelCfsUCBnKg7mG9Sd -uzkN5MGDmKsOdBnMNq+CpkGzAm3aiDpruQABS6j5C0JLdneg9hwkgU8EGYCmKrql -bX1Ily1X3LLrbUV3dt4PVkA/E88gsTtgFMLoLlQhgsAtjNQdM0/ueN4eAjNebOjz -EXw3nf3KbtRHX2Jh+ffCua3aPD1PwbEBPaYKC4H5ovMdoFcUz3goQULK84Zf4gMF -tGzeZ+X/TqPiI4ku8YjOZYnw1D2NyACyfn+tp2eh8bHiJsljKJd0bglsdgXz1vOU -emYoj90+rZ4Mq/DKoj74fPf8yBYBApAazNs+VPRqpQeBKwWfIbBJwveSAqgwHVLO -8AZN6WOdxu1F9iaSmS0qvUrxzmuKuc9Q4jTzN2/HocovRiBuWatyoV5Mj8bLbkld -Qrv5PsBjKHrPV61O2IS0CdDkXVDR+13+DsMzXtX4Hd1ZEy9CYTQk2WXJChWFhELB -WviRCuIW+i+ln52f78HZLtf1ChiWCc+H4b3xQoMgdSfPtJDYi4UD9gHPAIkxs1yg -xYaXIygd45tJGQCSuj6vs7uoA4Ol7yAN3CGdKUY4KfXc9AZk2I3UZ84efMirLped -Z7Vp628o98q1yveU3Dh8c+GSuEw9fbzys8szUmqwXRjzHBAAkrf6z0q2CyVGuoob -8V2L0UFF21oK5M/CRVWfqq7O4B20d6iT4jUu7tTLdMH0WPHJnvwceWYG5cYYXsAa -iBpZV7XFDyyxPa535fVxAAAaG+Pj7mv5zAiCVM6KqBHFUhXIop/oUq/sc8SjlMZ1 -3z4XSGW7vi5cRO3aHn+a7jy4mkcDUK32VeLZRA4QhAKlG9dc5VpS1NR6VgMuSr91 -fpRidHHOSWLOQQ== +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQDyAdjE5pE4CAggA +MBQGCCqGSIb3DQMHBAibdWQrC4JIOgSCCUiPoKxTPRfRt9TEaoe1x7+t5hfcqrKp +TZ7NRUDVSBVDqS1Y5Yvg3Ms8VuSf9AoAFxg16zuV+G55Y6Y4aIIU6Wnui6lBk0OG +CEaH5hgRtxZ47Rb8U+0x+34VsC1Ayz5uRp4d00ejlmzKXRKXKzVLMjxzfjFUAQHs +YpnRVD6bJWLQJjML+Yp56lQx6z0LSprdUfmMtxNFs69urmvm1B7dOk4hUMwhUHIK +DQTZDqig1DD7cvCpMxPxB75NJQP/mD05PM/NILiVu9kGQOXwtPvqzklyta0AydOJ +12xFydDKHUuBVDVoV31yEknXqLxClKSEMpPAnDEWtSMMgNQqV5fUP2sOtKldbKFn +LHHYZ2iuOplWS0qBMRKYwOv9MH79yAkMyRlgHt22B/O8m/IO1HPPY7DTvqZ6KkfQ +wT0odkZlZP+AiJoxdCeM92Wl+dsynm1Z7JbVVA9xLC+poGYh5u+oyeAuMCO7nNde +l5ztg/klkikBL/mM0NvF9jRtl+EMJkSAW9cm4A5b83WKkMSuPbKNvI4L79cQKpL7 +sF413/d0Q5lYIkzYZS/gPq8C2AzY6YFMw5yqZtoMdodZz85dbQEu1hWzKTUa2YxV +a3ULf058wKuRbBVCBnCl6SFmtewhQV+SlhBHj+ZXmwwelMe2gIbEJmDrkK9hD2Yq +/R8jqYgmo0Rv89MzFb2AYjaCIFito6/C/he8ysnkP92z4mNQwp6hwH2kkM4mJhP8 +IB2h/oHaKs3D5AjFsdkhLKQUmh3CMVL7FZBzKu8JJEE9qv9xX8OOO/FDDHVLktj0 +ueQW1bV5s+cFBkZC8p7/fisLOe7kwSPZ68xK9uqLSeZNh9aikTscGBMC2Wo02EEp +ALvTrqGVeRW1yM26ShZgNacgoV8McdUGjSt+l0N+a4cZP/uV1J74+khdCFy4l91q +fywuN/toCEX0babPygJ8SUAspRT6v9Mdumt2Vq2XrK5/pwuWlU7sHTuZm57c+ND7 +u9W5YmHceKBNocX++t2advaaND7WP3jk02ozkhf7OvtE8oIsX+RKTkIrKfxXSbao +iYgV2KGHUh1+tsnLnGmaXqv6mBP7phOr5T6aUh2hQOX7nyWekhl1jpG7H3pwhQ/S +CH83ozDqunHYw8sTLm4hj2WyMaqhdDCmaiJUXqLdR9uj1javVHICxOKtbuW0SyId +3tlki39OcrmIwGpCyD2w2gck0EZag+cXMfOTB5z18aDE8z6zl5kYe3QtHOG3jRJt +kFqt0ck4aAv8NNRvdi4LSu1khyubsN/1UeaGENEYqLPDbwv+ZgtfK86TQbjqIHlA +PjysGhXQC4sBSLztCw0r00tORxnsBpe/XEAZYYxwkUHSr54gRxP1gVx2QdVklZaj +DOQ8UGWdUbFdkM+NxVu1G22dMLzJ/SR4iYm9iC2SUwwgrwgnCcr20vTMRk9iygWQ +rhWYkSLuePRyaemyKeNcb0+si/COQQhFlaMpQJZX3IEqIrv4DQdODQHh3Cqa5qpo +maU/rUmdYEdzCQAnDdNQpVbDvrTEAgHCOHBsAtkye6G82DyTc1VVf6RkyO0YhwoE +gZZ+MJ2TV2e2V0M1WtMEH8VvbVMpQI7PahH4Qs5bg2OE8qqab+2EmwztyeqGXNT3 +rByfq3iyVtcS0YDVrtZ1ZxmG+ioKgaF4G1J/ECI4k7KG1zv+009mVJ9W5eJBl7yS +3tq35F9ldSxjLxVQ2ObrX3WYExp9Qr2rWvb1nCwhTQUsmA0Bhjlv9uBdhoC6NOr+ +rKXEnFHAUwFyNbCoVRZyiYhBck2GW7YSxlWtwuR0jqI+bSSLZymbkj84Kq16GRV3 +gs3cgM9coYLN8WNQiOamPOiCl92ctgm3kGVLNQdKMxNOE2I6C7fWt65hlrp6IxmJ +xflnLSzO9igtxTCvcycs6BADbZ3WKd0HsuqXCCy2V0rb4hinpRnWBcUJyMfcVb/4 +0JSJS3/mP+6Yn/rU6VTW4MC1p3xAaSMFYcO5JOkDvk5YOsiPtnw5KZqgtRPOxJAm +R9SAPyWxjPaH0YdNPuafzqiZ/cf0W9lgU9F+eSFivds6puorTHRFb4YgOjZVRfOa +t7ApQCDmonR5VJsV9H6v1oGiy7VVjAbmLWAujXuJOj6iwBj5MDLkfq2yoqpxJBkD +SvesC2PP4B/otRDJDM3Pytkrxqbf7luF9b2r7/G5zgwAj/ppMkSZTggzq54P2NE+ +1cNPUQAeBMXsFwmS5ZeRQ/6AoTcaVIvTC0gL9IRBdl+ZaDtXBPAIF2HQwsSqJLdb +ZkIJzR6P5CdeGwpQL9zbW293ZBvn7twPrgS7hMDqcpsEHxewbMRgmVHLKWo16Iq0 +LCKd1fKtQBrCbVMv6QQBKU2YaJ6HgUTHDmTsGbvqPf5xff4FStBNm/n8zAmvb5LW +o21onYzR0tDBv8uH1sWi3exocJVw380s3m7Pwmjn32JJ9XLOWyE4LixJ4XBrdhZm +dXgTxux33GCMLk6Vc0s5X6MlixGe5HT2v/euqK0shBvz/xLSNAvpFL21L0auwJpW +L6GsahzwUToDFHBe53Z+EW5q7KJZGB5PiuI1puic3SzArsff18w11oy63izKU4LY +6heyJcUhxJrcgD892akFPgjKTJwM3XfouMiwnMhrNn8MVhhqwAOVGn8Z6cFM1AKa ++OM1vUU61bse52eB5SubjxSgJn4dVMK7LBSyeiouHzRhYpXfZF0Ksn6sDgSJO+C0 +YS8yOfEMP9lwoFeWAzJhunYYC0p+sGR95lpcOPXDHEnBXSZ+fyi4FuLce+d6KBf0 +mxHoUPiRyJNycy4/k3jgIEmCZJas/gYzKL7wHp0ptukUnWxwHB4hD9C6SFJCsuB7 +JLkUFlGTXEaIm0rKhdXU0bD5+ocXfpGRBut7yIM4hQslhGNNI0HVEFTsqrYSzCQ3 +Oi12n3l27fFU6J6fBp9JvElPdMiHCm/iIxJpCSyASlbbdTEhcDefEgkdz4UXhwMt +Zv4mj2Srhtdh4jgKzYRdp6BNkQihOfNkv+yncoRvtWrHVGIZZy2F4i2Lps75KMHV +/kha/O39+6lvNEAQCA9sur65oSNlES2abaLvdhfTQ6Kk1AhB+IaiBup5IvHPkpne +f2e7BNEE2AzFeVMpsEMGZ/Xuad3XS77uQEljKmYJ8oMb/z47Q2JeusdsO+WKVvzT +By8= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des.der new file mode 100644 index 0000000000000000000000000000000000000000..c4f1f30e7df8e42cab879e7056c345669426e805 GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?66%&!C_t|H9> z0tf&w5e5Y-4g&%Q1PCU_oMhX!jMxN%0)RgNcsDyo_hQUCJ=D>U#W~PvwZ#m>t=^d* z5bajfIEW!B19Q z-Ft`f1Quw zQ>xld4G!<=#qQLZ8y~lD8^f6*?omg36;f^%04qz3r`q4kzYANLDXu?P*kv@t3Zepb zE1#+HgFrw#{QET41baIiYn-a_b{Dp|8Tjx*lTIzoSD= zS$pDF8e$mclY5?j*q~AV<0p4jH?3tQYFah;Vg7slb}l%Ba>+WVd!o2DdamWa%`qB3 zaV#?Hay^nLMprPBT^66v-mVQ>6-6OY@-bwRt9UtX`e8;jnhyF|?mHpKTvCZG^+BcA za>$+uOI&GX+ty8_W33|c>|V~8aRSdLb;=yCM|fk4H&w_dht3S%L`#Ef0lkOvu$fgo zDOStkV7s;&5buy~vTP_X^vr4Ks8`g&EOR#0xW{kmo&p%Z^2UW=gRK#gP+(5s>&_V@ z=KbyV>h3|bv$d5pHsIiEgf+V4VG|%T#9>(wPGo+p(|tjd}E?TZsZp1r0%+kLhZ zZI>tEUN^ZM1oY0oijBzTnk-mu8Z1M_N4_HOlcN_TvKBNX&ygH@(L>U}lw+iQeU4*K tfp*=OV`*4oTz6~5Ut(jbC0(5(N4>Ng$NS;ZTgJO+QUWA@C-Y91pr*AcO5gwh literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key index f3a2d0c60..2e1de1a57 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key @@ -1,29 +1,17 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIE+lx5z79hVACAggA -MBEGBSsOAwIHBAjrWP2/SiR7cwSCBMgUgnI4/ZG3jidt8TZShsbKzxQ9bt9D1URm -8FBTFMk8JRowaXZyM2fx1/vEUlvKHIwpytOYO42py0lDf2qdn8iIe+8V2GLpyGcL -ifWGbDt/ctEo2jVgWT01q2PfUEirwTPTUaDR5KBjfMjGM5V5c58fnTQztAFaXFmI -VNkiQCC6AKCbmlblEcjFGBlRGgV8sOWCW+JaR5iJNdT6PhVJzJiQrfR819fGSISj -0N0Wqpj3VA8V9BeATZAjvofBCwRABDNsDqRhjgx7ZEVz8C6pNK7Ck6ZXEjXaWc12 -ZvkzjLuufZ5B7klvgLzfxEtvZbQJmrQddDXZP9ICykP6D8W87EqEgk8yoxeFioOm -0/edj7AVZ3rxbxpUUHJUiYDLNXaZTksfYhL0ZsB3cEL8VofUa1K+66N/0TismNDR -4KSIjuRausXf1WJ1oh5B18zvnl2jkzCpwISf58d7UeOny3/ZR38B71EuaXO4r21e -BrG6fi9VewuUg1DHSYLIJErVcfNnVXHuT0EzPTjr0vdTUguzDUv4/YFcpEDk5jnQ -xJshBegjbt5W5gY3GTVRlyWqGKyOska3e2u4Cf7tZtP0kyy38JHLkQQXgj6dxseT -lCIipBDJX3gU7yJHMiX/OpLcJuEMakRrpWLrB0vezX9oW0weE/dFzZeiYyo2K/DI -TIFiL6FDuLUqpcYjeB1M+wbqs0f5ndXThVYi2/j73z0dwCI1WwKZH/WOdTrjYKxi -0oiLz7pHHaPoMRymWCKTwQhYnqiOXZIpfeOFcUY4JKDzgyKdvU7XLPnbt4yxOlJD -yAzX0i+bJjYjuG45XHTS8too0GFG2h6VFvOYAQsiq1qOnxVqVUvYphZBSz7D8Vql -lHXWp954AhpfUQK4mLJq/exjUIGIZb/QxbNWNv7mTMkBQxGJ6B/1Vjkv9KC04KLe -/JMnEZD+Sw5n+5j8qS6f7YOfVJ+Hqm04M1S8cc7JD4qMufLW/RvuKyBLb3sCn0Ue -D+uiTedxoJR8nm6yI0uZ4d9RpRreca0PPt0o+DhbrDWyqH19kafN7I6SrDSbBNUO -wiGBbgN4Ur9rPbzapATA/X95y+Q3CFLe/wcMLcLHJ3tnRCUo17Fx+APmrAsyBiYd -9ulUq5WcZaw3pEDpTqN+0832UOyjIwpLyVDLU5jgW04vbW41o2SW7fCa7/QxT94p -4PEAYi2MltPYQKRO7EOh+iUOHEsc8UDb6x4i75BcKhuLwZ7nmrwzg8ZO+TWMuzYb -McJ11aZ42hN9U5H65FQzaZhAAcOqxTffQXIdARGlfvr3lTRnO/RQbxyObEqGeMHP -XlDzvIMdB6b0RG4EBfpDFUpWf3Mhx4AG3bGHPjUXXhNICCMDdI49d0lNJ3nkF0nv -JsehmIOY2U6fQBEnZhn5D0rjU+nUlHvgKQKhs9yIym/K+KVUznJW4ygwFiKXysVq -QGqfn7hbBonYqLkGL99O9JyKgz/RhEMC0dKtgu6ELYJJVWnkJGTIMkp5a8ID48qW -RmFJX+v5ryvM9ePSUbLizOUddsXycJpGsu+Am5H20cTPXkwxYtNcu49eLrGoXf7E -/mD/zDqFryMK3oUBHnBJf0k/mMnzwfgHNveXApOSbflvRx39652Wugd7CxcOrIA= +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIBW39lScgIG0CAggA +MBEGBSsOAwIHBAgew0DQx3CQ0wSCAoBj1gYWHNgnbi55zQDcpAwMgh2xHNRTqkKU +AF5K4K2BEy67eXGtXNEmBqo4ftuUCmEJ54XEoIK+6zCKhv9uwc8G7JHxMRMDajkv +W/WfUUzSmS0yoXn0DkhXZnR7FifFDwrZ1E721eRP8eL45qc5ij6Xlr3NwA3Pf92Z +8zbszNSMaw2P6kgk6ZiMZr5vNOS55w7vM1OMfP7FJjNRNENue01Ed3WZ8N+Imd4N +16Nfi0VYVaFcnOoWRt4/aUWHd0cZyJNVsGDYcoE6pEmi3oO/FqS1EaPoibUxldqH +lUc8UW6PGtgAzs+J7Nf1Dgd9ilkPoTvHeMAfc0yWlq4vkwtdYhSwWaC9EjkHy5+c +K8cxYKBrKrseh/tjB+WasrzQjov7+d14MqK6DvqYtUq/y0HCVzw5UGWA+hlkk2km +zByJKHKqrthZeHz3aE7KQyE9G0AUukGN/J6f9EnUeS8ROZVKAB7laQKaY3p6gH7g +tNenTQ8Ng3KJvCBiZ3QZUWxlEzZ7b+DTG4NO+ua+7pD0CfovNtWE8spmNQNRGUL1 +SHkJqRjSTnFWrLLzbz9qph3G/qlOQb1/mzEqcmso2scoeiybv5WE2Zgkkiajr16W +RBz3mYwOmoKJnLrMkwUJtk1PGrJz3d1VAnt/ill6LdOdiq65HC4cKqY36+x7vRYB +A/75UvP1wCadtx1ukFVTLylJG7T9gDZgEkQlaCPkTxthK7FqTYS1dqyy+Q6aNwGn +f3ZS9f3azDK33Ho0V38rYAjdg07ghN1bayKXfmAKz3z7KYIn3gZqRwWMvc9IwvTN +0bBpNCe/6du89S5EWDAGmLZ98oBvAZ56hKcNNmTJewUxHbjQlnJV -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der index b72a4ac3258b615e24c543bc7a3ee97212969c47..e60bbf22ffad3f80fba576e2762d93ce905e1f79 100644 GIT binary patch delta 1275 zcmV&gNG2mmk<1_dh)0|EyG2uK#|H1l6Y)C7VA$Q{w3 z_j#J@bfv(5-8u=~n!-V8Ye_6WG!KV^zl&bP>zXHIikWzG3J6jQllF0DePZZjxR;Qr zZ#{0E_@-&TX}$M_+s=q7z9PJ=^vf;@_2lb683{Ujm4#U*V1N9pJ7*$5{;*IPBziLW z#!1X9Y^z!-UnqzqBDy#WY25+pZQTqlkFA5!9M_X+m183=z9Z#pM?pEJtTq_kfcz z6t0TGqE5y85r4LxlX!^IK-5nf=#*Dog7qxj;ycXqKJ>0ryTp zSr6O_G(6ermdl%|Y!Gj%-MgMpUZkx|uyB?KHJ z5>~T(%`cCQT1W~tx4`Q7z>x*HfwnO<@H})Houcgb2C-&px|XQ*mwQd3Mk%mLfqQ;T zoudcc*10qV|L1v^u%6KA6`>LnvwF^C zPX~FOKYtdN>2~Plv}lorE_49oOYem=jaXDUSQasr8PZm*_f|i>JnU_)#Td*~$ZCqi zYF0b#OKR&GP@-RTn^yGL-yR8X?u={3gQnSoHLM7q@9hWHmy{aC?(yrfkwQ)dAlmz; z@WKu*i|%Tmb%M>uv)7FR!I!{%^~iDOS7Qt?OMe@XH|*aF>GnG-N}e%W-MxPlr~?5( z>Us4%2U(z0!|-=8A>a@e9)MRQSJ-cpigJ|4ZN#5-+ezU4u~4?0{=exI2i3rkT)T{_ z9w2NPov_N;wvZ103P}%c9{Rv{1214ha6dbq{P zSAWXEi5U7>Vwwm3N=^C$$@b3h4UTEOBp5XG zY|Nh7`ot;F-qo(*O5bDyT2Z{BO_jGr8(dsAdnZnV$9ryYx}`$+VW@k1a@Ck?rGM-k z!AC$~1UM5;vT;>sm()%s#i(iA>`^!8&o!UZPx1iPe(Z|#m&ROO+j)^FV%(p-R#ki{ zyE+vA#zhHY?pI31d!n3p;z#Q_7gtNY-U3otV9``F73h}sw>6dA(M_!v;f2mUM(;c! zTV5AkVa4X6Ggmr>X=rq_9E2x(Q*_1}q`;`=$yC1l8Tm2H5i_7Gp;yB%h#)MEU>z*H z^rxL>&JQbR=A-!F!AER)JuKp3t`#tHVts&>!r9g8lsmeWOWsP*JzXLUXdfuQ@_&R} lzp5^@9lTQHTw=mvebmF0JgJG%6GH~*A5I+aqgtg*kybFNY{&or delta 1275 zcmV3Ch`!qSo66zAFMY3iT#I*{Bd>{1YZ*a!Y;r|(n^uh$+!HAhk{TAn}2SeS!Al_o7YYR#3~^I zDEGr6AClJP2MnYBayV5WVFAnPKmeaGqQtY1Y#q+OoqC3zm>5&SIy!?Z+E$4=Hr6%H&MMKd?rPX zhw9h`jV}x_D;VyhMEP4W8yOylOaok5N(+x9tIbc+JiFWylYR`EM}m%~Mav}8)sPlP zX=j?ab_btGDl{G5X~>Rfc!=*5AMWQ6|C>0Ep*e5hOFQa+U~gM9B1Pc~Mqx1mD^y|BI+`-VUDGjbdqp`Y zfpHBjydLLNwT)JCeEDS=GYm|5@P&q`Pf}}T$hS8vvD5*PgDUWW=uwM;qANAADT1w# z&akE3Fn>ydgs?t_)|SMGvzGxeS;Rpg*L9@b6PZUWxOgDpk{a3--rtBcS&x6#S-{OO zkHgsfj-b&fQzfRBC_X9&5zwXQt&jUA+z8=}r;GTtD+8p)t6%HTtLyV+_n2?1S1)7j zbu5Ggyd%!8`1x`%m2rtpIf`E-@P<9J%uyBSV1KH3NBF)SBH+XHEdQ`*1BjUKx+taX zCa{Gq4i`~triyr~>7YUD_t-TLJ^c~3f#$7<`Qx-ghk@~AJ^Ed}`7TaS1&XDD4o_M2 zcKcZjhoGCQ(F8<05a;fJNVS9wY(9HBzK?gN&CghKbcXGUxGnEl0;y(^xws@hg*AJ< zNq;rLlQzut-5bn@cUqcS+$Of==~PK9tgT4ct{~GcyuUDc)3!qRrZP z%GqB(fMg2~Xg)0_TH^ogVQB)choR_9n|`LLRmc8)DQHH>D+Ki%LInz{@qX3B-jqSf zE&hpThWfX4?hneKoA#)FCF7dbbn^Hyr0G7OH88`L$PIf^Yv%DUp%uB3FsUlByR_ce}%N8m?>V219j=L~X zlc~+ODn=`b_g{FxcSsiAOn}~BeQ)d2bc_NU=Wyq;Nt+()&9}DiVNsM6tN;*=nD^;4 zX6)nrXy(Mt;K`SIiVeC1LmMvZ(R808uKb_tn`)3=etB2G=lTJpW-);N9a3|?DNh>~ z91On~gM+YO8)W&q*Sr=g)2zbnLS4E3tw@kEIWg{IiU5{@`}a&39t$qnaHrSJGDP#q l?Vo}aUVF?@itLB!5J8EzuQ19b*)CtUs$Ocz$0Y<7_i6pab`$^r diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key index ca7cff402..8484bb87e 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key @@ -1,29 +1,29 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIEDYe4aq4yfMCAggA -MBEGBSsOAwIHBAgp0IpjLtyryASCBMitqsiyjPiiJ6ci5kNUZdGr7xH5+81sTFxC -Zhbf56sBQnE48C8HY65UlxJGxHUClT6bgybYu6VMgcQGInOW4DjdV7u+vDfNhCii -uidpEDyfS3aQMLByHkUcMpZiGl5KDwf46fQvrvXlBSOzbc7fCPxam0x4Ix8M50qd -3vNA9Eh8X3ReRBtDLma3bUKU+Y6Kk0yyrvZE8H0+UFj71UaHPFUvmi3a+v7MUC7R -4HQScJGprzSVcZLz42/83bGqjgDAdD0ryi5U4akMBf1eMjGUjoy2wOjQtQf1Px+s -8e9Ub8JmGEU5t2h9i4oHj67nvw+8suF9q9zRYgqDXodCnRltpyuvZz8916FM+kG1 -RR2/9xKEKbEfpNDaBmTbVjnwyrOAULyVz1BSeMEh6Tfg8I/fSU9VPtKk0Wr+bS6Y -rd9GLkAEhiML1ZN3O8OnuB+e8UhJB/qZudqCFsD39IrCEp048yYMJrhPS5wHUI1D -rUJWw3J5ziwClSse0Y4ppTOvfLfA4yOFPgp8nB9aJcBZ8fhkGtz48yTHDoY5RQiQ -RTIpdYqsGXJXnDdJvGOHjsME+4C5dN1V2+3EPtu6j413Ctc6Z8D3K8/MYPhRrMYQ -40WpQbWqUjQToJcnLrrgn1F5oAP+mnmd+nVCkX0XEaoUhIm0VXOHN8ABuq2CGf8N -Hw0+MPSE9C/PxZsDhvKHdMOUm9SN7SFSyrUv/61NXNPhy2Z2RgOcuLJ4hw4969tg -T0TgdXgb5sgEUq7ln3D14RIabR3WBdMB2502IM+j5cDFK+lNR0RtdCiaXI45tBol -+V77k5BZ2fkdtKjAxoRKztIbIUpaX2kkXXBQkpQ1pGItskIBKCAbTy9AF9h4Zr9l -Kelod0A7Ekut9gVngxnlJPAtjqHl1oNqAjGMIPoG4WSvkun6/Bz5xSii7GOlXYQ9 -xnYfQfEV0qFNmLoSEAy6mzpeY69pxWzAfnsf8AZiqCy8gW2ggx78HikxW8opXDiY -KdKpUxc/LhAKln/QwEqLnTl81sqnviCGO2g0lsXE/+h9TXd3Q6sgFR1jjP2+zWAi -XUS4Lz3dE1W7bNWz3DrSzCnoRTWNAZYPjh1GP6R1SEkzzZtM/yLR/r808kcn9jaU -+EisB+kYdzIkOVe2pKAB5JGpjhjkZVN3uDkHbuEGpx5F2g6fAPbIY8cXOjcaipEu -mY9qO4/iVUv/ToILmvG/dXwO3o9vXHT3NFm5OKi+y4nMvniemui3FnwJC7O/3OPk -uy2Z//ODIoE070u3rSR441fIwS2rSyFmHQ1fKkHoYoq0yK6MSh0I6Y+xkAhNn5DR -ojDOP3N9H6Cu6V3+r0PXxsFHmyj2r7lxSS7imFuCtFYHWDbO4ie+W+tzebVHZxpZ -LWtsOypUyJBHLeg5TrnSnvnnnBh90SOi36CEyzkQHK6/wr64cUw2jS1N/DpxbDWt -hGAjmSYj+iNHA0BjhPQYfvKj8xOW7pHOWZWnFFztJ5JLEta2NShBF7RMdgos5MbW -PeX5r0tHAjGnJR0taH5ZJWs1uaJVtSjke720le3v/7e9lDkcgItgef48miGXzHUo -AG9DMQs7/Smv+9/6mXjKMV+34RLqzWEJbkcdGtKvPn2A5BkkRfXScYpjtGhVPhU= +MIIFCzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIWTSfU+sYEeACAggA +MBEGBSsOAwIHBAi4q06qZgfBEgSCBMhk5oT3l/Fyqd1xXEAdeTHxq/NiSgH/E49f +cVsJpXYK+BYuYKvCTBC/X2U3ZHRwY3LDf8dMYoJKZXdoKGdXXqF1jmy+YrI7vPBz +x7clJH/fmBXE5ALVHmyxozBGA6hMrHKAaUNt4Bu4s/pFemf2bXeAti59mHSWYxzt +TQ3EayuwhPhjrKElBcE94QlOnM/8sM0I6ZWZprEM6Z+PYMeIwW5xbzs4GgBuC2PV +IcsoS1OEaCQBlFF43UjQPv0Z1kfw4fEKuxVOKRH5qXaLIKr3JQpi/dic3bT6o8jT +++cwjG4MyG0WehTEvp0AgbvJVmszHwgsRhQuWVvq6XJ7ZGJDsuhmIepNO/SmILBI +BaATz6nbPuMW3Oahpc1zUcoiZqx66HSo9Oyynxgzru7gfE0TaAVtlLX3HftfnU2z +5pDsMMoFZKUc/yhF/5wbkDnhTqFdrj4ocqNFHy4MeIqd++/5X/WPN1Gtja7LeGqm +0R3JYzQwL/y+yEsO+6KdtAwx542NzzbhYZ99mUHbmDDxbUZDB2YoaPvu90/sy3Mt +jb3au+3y3vRV+pIvzkKuEc0geqY9zUEiNld59Wf3rbj5HrRh0a8fob/wblG5g2P6 +a+76czk5QTHEoNaGL+bf/swjYKVa/qW6Eo83Gc0ClO2cBRdHzPHGKsrxobIT04S3 +HiABCrRcMZ3+JCILbMUa8hqJWS/UiW4Blwwqe1g1Zc/VaLTiHMwdo4i3+8ZpYgGk +ZTTgVfRd8GFqxe9JK1wrLPClUCS2RBhkGO6yHNB/C7MQ6ciC27KumkdxpQUx88Su +nQJ57Cv3mNhPyzh+n6rlEUx4XOqbqcGXsODhapM1cJUGMfH0AeYq21fXbltpugyO +5g7ov8qqpV/iNuKiKZHAg8t7FvaG572i85W/CsugkYTiT6XoUzYMA8nyiA6BOGSk +uDl7hDzYnwqBVMB4vopYOx5o7YAG0kAL+FOxiv2gfpbmKHvz0LOC8vRqzNAi1N3l +8Ib5eWtXGDEzaOMajua51K0b4JrQtK8ph1MJJFm5Mu9F3Jk9D2ySd70aQ7IYW/ud +loWnnRnX/mETe3gmgADEi385BrLBD0veQL0im5OiSkhE98yilIFgtFGolq5++e4q +VAdatHWNnexY4XdVjW+y/T/wfzakWFGBG1K9LQHCStzrz34L02tSS3A3sJbP+1mx +k6rV6CJlVOmKfrPUw74RuMq4yAWJPFgn9GPdjrL8cvRmYiPFbVCtPR0w+yd+EOyc +llGwqxz04yDoOoY6In6++HatoFFocgIHq3iVhE0zfXE5CU1zFdDZfqWjJTgYCoig +nt6GjLwV7mdAjcVtu01w4dtPyK/9bbh5VNzmG2TfKFdVKvQFUvvEUO8hQpcU32jH +gTuOsYVFGAUAT8mbBxAtXFgHPQTNDx4BcIpbqzI3/O8ZjW1PUQOumG6NAD5GnrWY +yPIRrcUfyinYuD1S4yc8H/XSvm7Cvx4AuUlIEhw08c4EmCm4KxVDlMMkxz9eO0TA +ruxB88WazH1ytFCpntZYFC4doT+XzhoV7Xjbn2FxT0KTv+oBdER6CMcrAexBIoNy +SUvRiTPxKhkWRKCbrwrET8p6RnI2y3ZMe4LRVn6MrS9ktZsRSMqy6R5B+xhHbHw= -----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der index d9561e489ae179da513d3ef483bd10bc29edfad5..22e157f35eeb33fec781b80ff72970dc311f13c0 100644 GIT binary patch delta 2442 zcmV;533c|D6OR)FFoFq-kpv)r_KJXPVMCOk0s;sCFcAg?D-Ht!2LuQej&jZTec4n5 zf(c0WPn%HdwQQ?|4DavGrh26yDBkV@kqavFd-Z&({DUm>y3(dyo_S9ayD7}!IPgQ( zWShrFPViIn6RMx+6(yq`sf`9nbRteFGPGV(&%o3s6AZ!wmWiqvDHz*-G~Sqp3dLmB zVRCvHZ~P4iU^!i(#+X-u8C8x?7F><-ghnLEEJI{ht&2@^geKP0chg4hRZ?qJBp!RAF>^7y5fZtb6FI&}Mbk50!&)NqEc<*e^CX3bmv? zitUblb5ZD_Qw#+}`ePD*Pgq-`(#XnH4AylqYxo>31a2{`83niNHd;fqTV>+b0L2x$ zL#KkvnMYhTp+W%Abxa%`G*&i1Woc}2E510=3l}pC^ zwA3gD2N^&Wg9(_!H={yWw@%rgrNnM$OS4d=LOWUAPI|@SG|I8NaY6dEhmXuzMK7G> zwE*4}ph@0!VfCplj|SN`NOEG(yKhgrXnRB4c9wFxe{S|Azbs=0$#RIi;sPZ{3JIK3 zO9Yu2nGUnBnKu7_V6ui13pjGHhr8To#M1O$7y2OdK_sE^t?;g+%#plWruQ{eIAxkQ zn*2<@DaeL$NdP+1%<}+K6KhSl?|PyEe%5m@6I3 z;}KYT34*G}(Xe*?(KQd*dN}y-_x6tpP_kZJuhxZF&&`uhOhEH`_yzIYA8OFF% zg%Df(O39COwOYEnIha6E)WztmMWdI~pXsh{C(83_ptVCm!990P-VnUcbnTXGszC~d zagyf`Vy8*0DxSll2ozTLeKH;fLk>rN%r`V?nHbD;wxBDChdt%;)s0)a+CaNjTpyn% z1jnX-VD}UVlxytUcf40;IxfEcdDZGv5={F{O_a*-mMIJc8ZZcjqnr5|1tY;HdAC2XDA_mHh+HtJX@O=d+h%gT$EPjy%^gf-QPy5 zW?lyyETM8M;qt@u)4Pp=ED#qA7Y<&fBZW>!ahk~2iZrMiOz{&@bzY6si#E19ebI<{ zl)53`GF7|~xOv8A=r>1YhJp@q6IFqje3|YZN0ZBl71!u6L}Y}r)QCTV#WL}X$KS<& zK%ay=w@?J81oaH+04=pE5gmI}?T21%@h@YH;muMqF=RMH`A;bgmUY86eo1Z95eDF% z@{_hgDa}|tE$Ik5^@VhXWhPUfc4gV?gT0w&)@YOzlrFj0H zx{r0;9Dp{VH|Q>~7~7x5G1(PZ_qae)YPuYR_V*bjX?MenmOo0bOjR$aT$F#$sz{l- z?;K4t0X@C|>?&-dfs>#5NJ6vuSI;nXR53EbU$J)Xwx+;#X)vKN-1uk}LoLS+&s0vp5OA;-5}gUDL!?faK* zU9w;d7Jxm}C`S)uJI{Lbeg%#~7qu>WJ~7lRnR8`HgedlYd-n5x6zoeIDpKFM_=(m{ zBnjYyi$&>(V;?`4cr|ARu>GVs&&!c4FyFh=kYv{8c++Rmn~`%BTA8QQ`O_HD^F?gV z`(dxaoia>Q*%647^<{p*x5r4WGDm11S0H`62JLzih2>1X#>Wm zzUqphj4QkjweWmnPLC|AIv;v$*NQoCoHE^>QwIXbxg`XBAm?l193|>nNuQ{d-tQL0 z1=n|Adg`#xD5lITGs+R_#DbuUFP&UQe$gR2M8DWlNuw6Ac%Wf9#A~7*|5GYLM#XKI zpX-#y(P>+%#f3WKpZ*MU#ALP-PeBbn}mg2!T IVE0Ln73F24=Kufz delta 2451 zcmV;E32gR{6PFVNFoFq_kpv)rPcC&G9GQ#+0s;sCFcAg?D-Ht!2LuR%DLN8BE*&2P zf(cOgzWxOOqTs&}u~yp%-92vD72KadjkgiykJ5gs4+J^t>#5+e&dn%IN5NZjdj^&K z)skF}ODG>pEo8qz;rCl_#OE+B7L;{gXHO@nKg(vU6HgR&+G*uq6bpBM1LY7EA4i~= z{UTIbSH*djI|k{E$memyR>#?*ac1gruB3HN(vv<*-N?smXNp@BWMVy0u+~(1YVw-p zp3(if80$JzDl3P{XhDm@VOyTxRwB`PLNA%)$u$?Q|Eu$Ql-T4Gx=YUblVrf~^h>!9 zyq@r%kW$2lLi|#3>ZBBZ-~xQ(E-kn%dTCe}T)j0VRi`;{;Oqv`TP28MNFC?{53b#P zPbH~Bs5au^F|8>ih^e6pKxSUpaJ7=DIS2P_uiqUR0IIIh4f6xgTUmu6@dlF zb@fCli~dE$cOB9tr`~BW9^vz%lRLmRsq<2;@VU@pslU>LpoAWOuwugZczo`dz+!D? z)Zd`FMSl)=yn>SrtwDiY9_@1acheyR<3e?pz(^@pl*W;a;ff>s3?X%G!O=Izm&8=^ z?O8o)+*Wgfcon@;L&|)-a!^G?fluS+<0Tr4f?!Z@Rn(La%CCH0@&DJgEz;DLqk_mR z7wG4801@@d;%rcVT@DXgdR}tg$^I8M-Vvvt6e^_0of}}4LiTsIL^14Cuu|u>OB#^| zhgn}*`N=uXA_)FniY=sU>fSvGeFO2+5{O2=pI|Y2ox!kUga~ZU1{%-a_l!SYb^Ec_ zx8NG!@#;#zf>JI(Cj9oz*a+!msEom$ndG}f3hOzkQOd}F)UN<$ltMJm^75a_3M-a* zhl{;dLON}WQo`CCay-yrr|L>VkASloosx_Bf6>!{bhn`ENU*x2!50DW5a$mCDi&9X zS5-(>^!OKt?9s`j>L^EP&B#1>KM=W}4>DHvIw<9bjt4l&GLo*Mly5{{AV0*6!O7+> zEB^eyYIU4{*YfLO+=s6`Yx?m7^vvwCyK|$({!2e)yH+Lbw!UM{O`;VU;s&$V%y|@w5Um~wZ159WBqtP`bctWTM8wnaOKXvSN7`w4BDa_ zTO?)C*kg`pOQ3=rYSwm`wt02i%_KJ`#jpvWNl&W*a5}Tq5o@x^^#eGj^Ms8)*Glc0 zZT~c;?j{t;i6co%$hex?-X(Yw6vaSN=f@R)|Lfomx(vHlNI?kHBs$4%y(_3A*fQK` z!bUK#2~7+l-@BcZKGevLtz@od8QIg0FYUgAxBChWBjbTKy_mp41GWh26Q>&Em2l~ zy;8`fcpbk=k*tUOvtAk~{;rXNzpj{q^CknaJ1T)vwnkzD2Zd=VpNc$4-`X`;Hxj=s zhaK$F#@5~xA4vGw5`1nxpo@!#n`pwAP2nm6<(piFz6>tr+tHB^!c1rAC!ZtQIwZ3} zSVUYaI2(DBED!9O_k1a?aL?$ODpZDl{Rc+QdED_RW*(`(Z?Dod$2^*Ew?=pvGb~{L zYX>0^`Jf8bP~AK>{+Jqq=K-7iXJ187myDh1C2qekj*?2IgM8esLUaN01AU<}*iRZbI3J^^vAx zpD;c|sd=l^;vX0j$PJlnGa{@}enfoqJ=73wx9Z9{my?VtW=6GnzJ<{e07*DQ1X`-I zA0-(JIW^QheEbNXchvn^(msNJ`~9y*qw@^UXB*+z0*H(-0JqfVN>LS#n$$7Q*9Z`X zl(*|48hZI@W-dI%4A^JAorN_U70V4MNECINIt!2%-^ z^u13MpkdK1HTi3tqFdg@uVH7Zuel+a06i+Ad~XSj;@m}H{`T`a6l|sQK!(_fwh2unvAyYyO0}y5zqtW0%LgCywbf& zQoz5E&p7edQmD8=GZ!XO8dRsBK(L}`i&c`K4i6H$_fR=^l2Myn9Cb_xXd?u`638!* zP63vAIPRRMIhv&^R%^~VlF-*!^Tb6KQ@`>Yt7$h_UpoZ+JeV1WYayfKe|;3VFnYMQ z%Evu}zagA#keaQ30PHM?pjOVYHLEerLp91;@s=wwHUYZB8pgeO+ejMu&&*f6-#5sl z=8H8+yl4JXZ`&gD;NSB4xdJ=1e%Z6XoW5KVD_u7i9^0Ev9?NOE)EV-NI*ste@u?Nr zH$fCO@0P2(C4U--@3z&oGOp!G#7>Y3LY7Vrn?OvJ0MAURSMM7)2Q686VWR|3z zHsYR7MR6b6Zi_B0fNs!WlVKIdQHILoa-&*{6`!e#a4U~{7Bu~hEhC8%3l(S=@GH>p Rn&rI=wm#ACt{o7yw!;7b diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key index 079fe6c64..37a17d95e 100644 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key @@ -1,54 +1,53 @@ -----BEGIN ENCRYPTED PRIVATE KEY----- -MIIJkzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIobaoQ/A8YEkCAggA -MBEGBSsOAwIHBAhUPSpMYSSWAQSCCVAXo8r2SGAy4/4jdEBHXy84rAFScWCoqHWc -eJuWACopakL4h4G5JOIWphhPJ9JIWIWlq8r+KcUwOqIuaREb4wseR9oIEWW7aHyP -0zKKHEnRPdU9kfEHTcV4TFR0yEWTSp9I65GViT1ZlHxEUIjhsY9PVhhBoHVXz+YJ -oXQzKfuqh3xeGCGp8k1hfVZp0SXQZGVqmupp7kIyEsiTGwey8ASoTQOjOzGBuGzm -nzrhxvOa+fcz+WRi4M+N+SZNDT1BMlVPOsLEFgPyLxfZKWjgTYQJTipbxWuVAv/s -DyOt/m8riB8fJQbMpXndcVWe0oavXvQTdsrTkccWHGkbrlKKSZIkGYDZgzJHP3lF -klH34TMOdx23auahcpF6C9MiyuNYmGr11VVoy9vIhz0o84R7biruaA4Js0t2tdzo -kE+e0rff6HDP8YKaQmaqmJdmKYkGlNSNhur/rBYDfsTqUqG1p+B9RdTaE/vNDHXj -d3lyHC2h+UdPWX7UZ2FUhCaW/Sot8lXXRngy683s7vk2YabB3qEEBHUyrH34/cvN -+mrf0h5w5K0JoBj9T/gXeih1X+wrnEanhnYzOnCEgAfFGZhrZdUcIApT6XdCcz6o -u5vaX6uyH7HG7E27Jt7AMxbceg7RLhpX8/KQ50Q4neoRrJjG38xRwnbl2G3Lz/yZ -+2+1jV2UZZ/mSrdmjPoqtDsuDY4KftUniHKupmvTNQOENYOZADYAXyTBPl/JLX4C -Ry8JgyrfZuci1SQYUv7nFBkLy9rTaVruXyOojsTa/vtG2wY/qBbRabNbNuljBPWj -1dyYXTnx6y6FAXdOJ79Wqnf3jwLUMIsQPYBBLEG9YOthIQM/vFBXhmm2e1J0ujt4 -NKsTOxd/nA998kVH2K3JXVWsXh0OoyzXZnfDBXD1gi5UsvmGJnxOk2MAYKZbZF9k -5uAxNBAGxcjmc1rYFDfawfjzMi7JHc/9fyNT3Y6f/xIXvXIsqbTA/8GLP4n155qx -5+TVUYmv2K81u8+07i97mDKSwrvmfjVW/AWjhXaIUohdXekJnu+8CcaYYH+IGzx8 -DCWtjKc/N2PMYfz+XlQiHaFd2CMHQLcYr0vpVRSJkiWHcQ+3CEbiOtoGLPSthfGi -SeXKQKdTn/vfI1Z4h7/QWbyBNV+MLKRJZRbcWSm3wrhThTrjyZoxsO8ubcvQlX6m -QkwjadXHCppiGWULSHTgGtoO8LF8ocBpzexKFm/axiPELsUkCbaCCMkuVLF8SxCF -eqp87H3kQe1ZN4pnNrI0TWWl24036ssW2+hVVlXBNRdea2FOjBRESHAbzycbv3xR -UL2I1Cy1IeNqTDSUn+uKpTakUNHhNLE5mBMkLEkKOJRHR1fT1+9AZUXDQhFQxRsQ -AYIgHxYr0iVlngAs8hYfK6sMFQVIgri0rZIAFkjp+0q/S1ujL1TwUJbF5SKc51yr -rFNvbSfV32JJGdqWQ2nPSCVKG5eD5XZZfkbeDkX+5lKzL4X+fjnYQ4Lx1rlkaYPT -TZtixGPS9877AoD6TQ2mkPyst+0Y9nkyuC1GkhvmHj/1q4+2rXu+eJTKlNz+rDH0 -i4fLymluGrNmZQAsGuNLAD1UCEB6B2r6HmJjL7GoCmhT6W5n0fp73ZtSRAmb0e9N -xXt5xFWCxEveHL6OTjLCgH2HW4mzp30S3CcRsbs0pa7DLFCIpbnb++EYZUd3I2j/ -7kqJfv7P/0bVFevpEH/nWhRiZcrsvGOU6fynVWbpGpNq7Z7jwRsmDGtYy2Ry2QWb -MRDoh5k2Ybn86D7C930KgkStt7QLVB31PMfCkwdeu59rjX2T28raH3G7CISrinEv -aN/YsbeGB7CoMbbJYtu0StWzle2TiU6fxTdaOM0m6WTzGVJpp1xGuRGHVlU2eIA/ -j2+ijZLKM8K04GxEnJEhdRlB8jJP0MvVfJF2P6fEiffzaKzHwHEgSOFy3vXuZnfA -XTSM+swPgG8x3Yof5Rcb+ESfgxYCLsucR38psOcIGyDgy/yRlBgtCtP+goFeGiQ0 -jomlPDuwz46JX1y4yenqVN0ALjuSm2itEWDN8ywteoCosNZY2WRlrY1M5UcaiM30 -Ke/4CNlyw4jO2nV3ocD9Qr5EkTB6n+6XVs7e7HVYHo+oXOOXzAoEcGNYtuGoDOir -ll13tD4ON31r9uWQ6xGARaMqKjdx3bcNNjzoH23YWdweUyXK5E1VDHvr6/2an2eG -c7vGCwfB0gcrCEY0mxgmJdvSEROokA4KdQeIadQ0A2oHVYa/V91Z9Gimg+1sU7Bn -vrjfO5KtGTd4UjX8h782SE82mZl6gekdZbGhB/ZJCstyuhndF6qH+bqS22quVa60 -duG+pwJDeQpGGx15PCsKBzBP/HShgIf+qWUDteFnmwe+9UYFJdFB/OxIRiguYWZv -xZVKL3V2orktiwYJoP0grTfyZcNP61lUiKIuZVpydNT/DsIzCZQEnh/BLGVXrD/2 -AN5d81PiVA0v1bIHXsAOmdUOO3JUR41SCPezoYPGzSATmkDOjrzDa96QD3EaPkyV -p1MhPHDmK6miCEiUGFlUDGWmpF11eZtJH0a8qy4Rn8hUMCNpzhIyqv+7mMSngH18 -GxrWc1AA6K0A4+PvDZtHTKWUGQOE4sQdh14boUe1z11Zo3s79qQhcJODZFTGygNN -w/E69o2aLu+gray3znK44S2dDVwuJbi4Xy+GPWCbRfcArg4KG5J6O0JyRS5tRdNz -+0n19pmh/1nOp0miBPzrLix+RsVkmjzgzXlwGtoU7ZaOuk69hoWh/LqxtICHadSP -p503j9AgEBIXCUF6C+FAviaItKvaLxk9DzNOO8Wf1HhVs9WfWLVk+rXNZIV1RmE0 -Nh2/2+hbTdDYpZxz1PVWGxPp5lCfPIH5a5qQ+3up3LxDhRCSPy39LDTis+rNUwmz -7EdCCZOlUiU9pK6p4W7nSP/umGA96/Ki1w7zPDBEQiMiwpqdO+X4bKuA8yXaJ/6Y -1H1pkLcxqQ3J5OdaROhMbFo1jr9Qagt/4jeLLDF91Uiy7EXvtv3FtXXSqTbxZdju -8drZOzUFktvyoo6hrK35yNPaQvtzBMUufCdC/ZXlq3i01nkyiesQw+FCKgzCcfRv -qqoo38Y2Ad4DtiPV2Mhg9CzW+9B+LyL2hQ2PvFc9b0ETkzY4XOQgzMcWBaSORLOQ -R6KAae9ygQ== +MIIJizA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn0fSErzBMncCAggA +MBEGBSsOAwIHBAjURz9xO7NuugSCCUhHm1keaRDkjToYahCjveDzt0G2e8p/0mvw +SXO/F9Pb3qcAKNozzpVSHua/ViCrzWjs5fjwIY/vlxfPfI4JukcQG0vfR89ScXMu +j/xQCTAyOW3xO8hUIybNO3Xtvr9VEsXlp6waWWk9VFjDr8Cr+ZoKx/LiDKqEORV8 +e+eDo1wVOmww14kJxnCQ9pxBc7y4QKRx2tuJIQ8EPzyn5ZKAcvVLZzirnkAjyWJi +hb0V16tR+6CYM9E+akaTWsjUBQuxqA89JT1Yh0IaA2pPDt2OA+1DFa6/p9GfGnAx +DAyQBkyt/vjusykKibJzSOVybre1tpIDdjR7ld4w0v0BZRFvNDuHSL22pFfSdqGD +IPnwJ/QcyhG4S+CcvMls8qGpSGuel4lGH3PNWHg7eife2KKb9NRAXan/c6SJlhEr +kJF0vi+cWRaOPWWCEms6st+X2LeYwn8R3G4h9mWHryRAUe898LmPcGNg5e0j/xJk +UG+GtnZFfJHOEtDHMmBKIOWvEieEaJOakjkIVS4wWDddDBPbpkNmVF7Ea/Sz6azb +lRSuObR2YSevWwvfpE0c5J/4QAPxlhmx8uQY/p/+USBo+7GY9H3htsKrZDseqZe3 +dpi0jVGsaKjqZDFMg/GZmSk+wVnF2U2skKy/VM9hgIsNmw1GLqJ9uEbaFaWmxqiB +ylYPJKkKnyWBv5AW73AOZXElJZCXTsRaO1j8OMrxG82z5rXmNIJp/FxAO3qjg0Ev +o0Tz4nqVAm7lVpdrM9lwT7D0+zNKo8YCPZkBPo4PUWmkgVdKEsCKUUXT+jl5Y4PQ +fsXgyLw8lwzwaM2NuphHErJs0cbRH6Kd0cr2TNzMMDbX2lhN9G1FoMh2Uk7KcOXw +/oGoP2oAXd97UxUVTx6J8WGB8+dDKHZDf8jki9LLsNjVaF/iom62J6L/wcxc7GZY +QJLoQJVgTfA01o/FSxuTjuTORA88NrfZdNoA8zZhEHY7TvVDMIZrz4klVPt1BS+g +5IvwDriG/ePO46XtkA6ZGjKNRXVBubPuJMa73ARdcWPcUaOPaOvvR3EuTHl7oCyi +79XAscPuCR9RvBc/JKZF0IB/b0ut4STCmzU1KGAufCR9QasazIzaTN/+MjnNREZo +3DsOsXtBvSs2zOOPdj4AEW+8bRuikQ7UApaajLm2K8LmeySZoAkeSka++XrUbg1m +55yHWcREW0j/Z3YCDnNGHCHPYhiSXQpWW+eLlwQ79VHKSMvunwyu67j/eCadfQ6p +QbNaQG5N3Q3IFG26AaAGlyM+7AuDS958wIyyLl7n4a6Nf3wJILHleZ2MlkxyFv38 +wHJgXmfoVpwhjnJegvzNJpYTauZ6nhsdo8CmuC8t4CwNFYfDORQj34IzUNHhqaEt +PzAdKSD6+E2nSNA4ri9MJ7HfXJ0AqJKNPCAByBhcZYsiuAwMAQWdCxgQ0Vkov6qo +28ZOemMk87mNa1m85mtCwrR69uBdoy/CR87bbjOmt9l2QatqILZ5dAT7WnM5CRDy +9gt4Rzr46EDVdkZiMCM1KgbaMKqfFQeaIk9bXBwjs2YTbfzHps8tACAEHruaddbf +XwAIJBEWMPyCbOsstvOrEFGm5lkQUoKqi1rRPHm7wlhvx8Aj+Y2VEmUGXdeve7J7 +NzrFgvC0yOnYOtYIgTpXjMfM98ZG2kic7jqdES2BdclNfiinxJkh0ZgpFhfTMe34 +GV60u/HfMxfssayyrTTjWrQ8zOvN8zjNjJ/cTllHZDOV9NAdQrNGTTfUh8LuPq8w +AR6xjbIcy0GM5EEoMIFCjXfJLw8N2xzhxjQb34lbPmxyaJaBudfB4SIXTtZYHSKt +b+NJ8NMQgxWbmimijZmpaorS46K6eiBXubgNG9q/IE1OdDWoNM1Yt7XH4G4VKPXH +z+zdE86uWxY6vO+jloLC5PnfzgACHmsKpUvAFWOW45I5etpOZY3KAG/aRg94eW4+ +vOFp4Z0bF6IPQ9hmFR1AN6XsZ2rIAQCiDiTkMsWXy7NHqrg8QANzE0njGUd0w+k7 +KOaK2rXjGq8WADGumwwy0Y9IUDYLQKBDLOatOQM77tHBtJkc+wewNCH+SqPQAeUs +pbcYo6aAIaQVWd5a4AAt+rlZYNaAgLBzUqC5MiEI1SPUlyoypTpnsQUoWx2b4VTn +2H2zt2MZrh34K+Q7tKnJATDY+8azqiH+FAS8+O5SL0zWX5S0GO4CNVD1rf00f14y +HNKlItpshutoa/aG5bmkyUKOgcu5SmARcqbvU1+0B1LO4TM6g2JSeI1eiFl57pkA +RmqqC337UfW+huIsxiMHTVxV2WiFd7jxdy22kNJZwP1/HwWsHXYEwKh3UeNJIqZI +3kwyWyK4j1hp7XuvDald3qVnGoVwMwyOsBxpKlqNO/3RstZw3SaeCXh0qUGLxY72 +Fwb9zaGY+Luxx5OGhslcsa9Lc3oV0yCQGGbJIewwgvBduzK+xPlDqEWnaklpDiYN +u8Py3vAvOpOFURgupoP3NiRv4wcm8MK73a5X58EF5Dpo83oq3C3pELkh5EAGqNrP +rdDxzWHOIH45dB4s2g6/rDMJNKZ98CnkHIAKSWkXwfbNtI0dgPRflp6ZE5k8zNtP +uquYi91fQft1KQNkS2LqNrVixWOq7QJZRNKPB8VTiTl1sIhmn1kb6//lHvo69s0j +WZ+H3MjtVh9z2Q3aSuVQfQl4jL7gUKF8fwxicbDF1uf9rJiDtN7ThA4p/g7T0FEh +3TFCVS874wh7n+FL/JvuQ6Cko844NMAecPx9PMgFmG4VnrsFxgzDzZvXH9m9lmER +fFlzFIsTV3tMYT5YNe7Nc8j/VplG4HII75Ot4EDcEIdyN4GodbiwOhOUnPHE837P +yI49T8sQFDjp/UBPYYLgmREvBIxOxhB7GsPx07Wy7LpYxEmNSoeNCuP/36eTciCV +krz2zKazQzv2ysHe7VzwHkw1hZj9FmyRuMVTGkldnfrySNqDGoj38SKTdEZcte7w +R7bH9Nge/N4ZJ8oskfIxfQ0xHRKJAsBF5KPvRzAzDFYRN4jy7v83IiLoOMr5zbDs +/R/zm1XytGuzCl1tWA+YjmtpTwj30baltzMcJBiYKgoZ7A1YflOM6mgaVduc9KcV +/lU+th8QUgavU16sYUGj8ZJ/3OozJubMqyiVR8csQ4vnGe8YcC7e1CmLnSjKygA= -----END ENCRYPTED PRIVATE KEY----- From 7d108257a45d3e65bf62b2f9e1afe93403948dd5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:33:28 +0100 Subject: [PATCH 248/493] Add further tests for new RSA keys For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present. --- tests/suites/test_suite_pkparse.data | 84 ++++++++++++++++++---------- 1 file changed, 54 insertions(+), 30 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index c0c688b69..f29312263 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -158,123 +158,147 @@ Parse RSA Key #28.2 (PKCS#8 encrypted SHA1-2DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #29 (PKCS#8 encrypted SHA1-RC4-128) +Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.der":"PolarSSLTest":0 + +Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_2048.der":"PolarSSLTest":0 + +Parse RSA Key #31 (PKCS#8 encrypted SHA1-2DES DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.der":"PolarSSLTest":0 + +Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 -Parse RSA Key #29.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) +Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #29.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) +Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #30 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) +Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"PolarSSLTest":0 -Parse RSA Key #30.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW) +Parse RSA Key #33.1 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #30.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW) +Parse RSA Key #33.2 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #31 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit) +Parse RSA Key #34 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"PolarSSLTest":0 -Parse RSA Key #31.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW) +Parse RSA Key #34.1 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #31.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW) +Parse RSA Key #34.2 (PKCS#8 encrypted SHA1-RC4-128, 4096-bit, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #32 (PKCS#8 encrypted v2 PBDFK2 3DES) +Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.der":"PolarSSLTest":0 + +Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_2048.der":"PolarSSLTest":0 + +Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.der":"PolarSSLTest":0 + +Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 -Parse RSA Key #32.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) +Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #32.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) +Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #33 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) +Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"PolarSSLTest":0 -Parse RSA Key #33.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) +Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #33.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) +Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #34 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) +Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"PolarSSLTest":0 -Parse RSA Key #34.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) +Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #34.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) +Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #35 (PKCS#8 encrypted v2 PBDFK2 3DES DER) +Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 -Parse RSA Key #35.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) +Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #35.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) +Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #36 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) +Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"PolarSSLTest":0 -Parse RSA Key #36.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) +Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #36.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) +Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_2048.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #37 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) +Parse RSA Key #43 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"PolarSSLTest":0 -Parse RSA Key #37.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) +Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #37.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) +Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 DES) +Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 -Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) +Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTest":0 -Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) +Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTest":0 From 55b1a0af0c999b3a357dcbef21aca51859124326 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 10:43:20 +0100 Subject: [PATCH 249/493] Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for PKCS8-v2-3DES encrypted RSA keys. --- tests/suites/test_suite_pkparse.data | 60 ++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index f29312263..838930a8e 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -294,14 +294,74 @@ Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 +Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTest":0 +Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTest":0 +Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED + +Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTest":0 + +Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"PolarSSLTest":0 + +Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_2048.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + +Parse RSA Key #49 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"PolarSSLTest":0 + +Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, wrong PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH + +Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, no PW) +depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + Parse Public RSA Key #1 (PKCS#8 wrapped) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C pk_parse_public_keyfile_rsa:"data_files/format_gen.pub":0 From 7268ca95008bf1a881fee881223978449c828b6e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 5 Sep 2017 14:29:20 +0300 Subject: [PATCH 250/493] remove redundant include Remove redunadnat include for platform.h which was acciddently pushed, for debugging purposes --- library/ecdsa.c | 1 - 1 file changed, 1 deletion(-) diff --git a/library/ecdsa.c b/library/ecdsa.c index d95dcae22..8804ca62f 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,7 +37,6 @@ #include "mbedtls/asn1write.h" #include -#include "mbedtls/platform.h" #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif From 2aa80a706faeb97be578d5fbaf87f341ecd53bf1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:28:45 +0100 Subject: [PATCH 251/493] Remove unnecessary cast --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 6db9a5a9e..3fd45cde0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -949,7 +949,7 @@ static int pk_parse_key_pkcs8_encrypted_der( mbedtls_md_type_t md_alg; #endif - p = (unsigned char *) key; + p = key; end = p + keylen; if( pwdlen == 0 ) From b8d165714803a7aa9e5471e6cd68bc3c447d8039 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:29:01 +0100 Subject: [PATCH 252/493] Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der Also fixes a typo. --- library/pkparse.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 3fd45cde0..e28ddbe0c 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -968,6 +968,8 @@ static int pk_parse_key_pkcs8_encrypted_der( * EncryptedData ::= OCTET STRING * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo + * + * To save space, the decryption happens in-place on the given key buffer. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) @@ -986,7 +988,7 @@ static int pk_parse_key_pkcs8_encrypted_der( buf = p; /* - * Decrypt EncryptedData with appropriate PDE + * Decrypt EncryptedData with appropriate PBE */ #if defined(MBEDTLS_PKCS12_C) if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 ) From c8063c58f054c4c60bb9d6745e696c7f3a41ff83 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:30:12 +0100 Subject: [PATCH 253/493] Correct Makefile in tests/data_files The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the .PHONY section. --- tests/data_files/Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index fa7e0b4e8..f14c5e7c6 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -22,7 +22,7 @@ OPENSSL ?= openssl default: all_final all_intermediate := # temporary files -all_final := # files used by tests +all_final := # files or targets used by tests @@ -270,7 +270,7 @@ all_final += keys_rsa_all all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all +.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 # These files should not be committed to the repository. list_intermediate: From 5a4f172522feb265dd0568d9d5d6a330db96daf0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 15:36:53 +0100 Subject: [PATCH 254/493] Add suffix for 1024-bit RSA key files Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original 1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename. --- tests/data_files/Makefile | 46 +++++++------- tests/data_files/keyfile | 15 ----- tests/data_files/keyfile.3des | 18 ------ tests/data_files/keyfile.aes128 | 18 ------ tests/data_files/keyfile.aes192 | 18 ------ tests/data_files/keyfile.aes256 | 18 ------ tests/data_files/keyfile.des | 18 ------ tests/data_files/keyfile_1024 | 15 +++++ tests/data_files/keyfile_1024.3des | 18 ++++++ tests/data_files/keyfile_1024.aes128 | 18 ++++++ tests/data_files/keyfile_1024.aes192 | 18 ++++++ tests/data_files/keyfile_1024.aes256 | 18 ++++++ tests/data_files/keyfile_1024.des | 18 ++++++ tests/data_files/pkcs8_pbe_sha1_2des.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des.key | 17 ----- tests/data_files/pkcs8_pbe_sha1_2des_1024.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_2des_1024.key | 17 +++++ tests/data_files/pkcs8_pbe_sha1_3des.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des.key | 17 ----- tests/data_files/pkcs8_pbe_sha1_3des_1024.der | Bin 0 -> 678 bytes tests/data_files/pkcs8_pbe_sha1_3des_1024.key | 17 +++++ tests/data_files/pkcs8_pbe_sha1_rc4_128.der | Bin 675 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_rc4_128.key | 17 ----- .../pkcs8_pbe_sha1_rc4_128_1024.der | Bin 0 -> 673 bytes .../pkcs8_pbe_sha1_rc4_128_1024.key | 17 +++++ tests/data_files/pkcs8_pbes2_pbkdf2_3des.der | Bin 714 -> 0 bytes tests/data_files/pkcs8_pbes2_pbkdf2_3des.key | 17 ----- .../pkcs8_pbes2_pbkdf2_3des_1024.der | Bin 0 -> 714 bytes .../pkcs8_pbes2_pbkdf2_3des_1024.key | 17 +++++ tests/data_files/pkcs8_pbes2_pbkdf2_des.der | Bin 711 -> 0 bytes tests/data_files/pkcs8_pbes2_pbkdf2_des.key | 17 ----- .../pkcs8_pbes2_pbkdf2_des_1024.der | Bin 0 -> 711 bytes .../pkcs8_pbes2_pbkdf2_des_1024.key | 17 +++++ tests/suites/test_suite_pkparse.data | 58 +++++++++--------- 34 files changed, 242 insertions(+), 242 deletions(-) delete mode 100644 tests/data_files/keyfile delete mode 100644 tests/data_files/keyfile.3des delete mode 100644 tests/data_files/keyfile.aes128 delete mode 100644 tests/data_files/keyfile.aes192 delete mode 100644 tests/data_files/keyfile.aes256 delete mode 100644 tests/data_files/keyfile.des create mode 100644 tests/data_files/keyfile_1024 create mode 100644 tests/data_files/keyfile_1024.3des create mode 100644 tests/data_files/keyfile_1024.aes128 create mode 100644 tests/data_files/keyfile_1024.aes192 create mode 100644 tests/data_files/keyfile_1024.aes256 create mode 100644 tests/data_files/keyfile_1024.des delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128.key create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der create mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des.key create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der create mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f14c5e7c6..630173fe5 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -76,7 +76,7 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which ### all other encrypted RSA keys are derived. -keyfile: +keyfile_1024: $(OPENSSL) genrsa -out $@ 1024 keyfile_2048: $(OPENSSL) genrsa -out $@ 2048 @@ -88,17 +88,17 @@ keyfile_4096: ### ### 1024-bit -keyfile.des: keyfile +keyfile_1024.des: keyfile_1024 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.3des: keyfile +keyfile_1024.3des: keyfile_1024 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes128: keyfile +keyfile_1024.aes128: keyfile_1024 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes192: keyfile +keyfile_1024.aes192: keyfile_1024 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keyfile.aes256: keyfile +keyfile_1024.aes256: keyfile_1024 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -keys_rsa_enc_basic_1024: keyfile.des keyfile.3des keyfile.aes128 keyfile.aes192 keyfile.aes256 +keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 # 2048-bit keyfile_2048.des: keyfile_2048 @@ -131,23 +131,23 @@ keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 ### ### 1024-bit -pkcs8_pbe_sha1_3des.der: keyfile +pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -pkcs8_pbe_sha1_3des.key: keyfile +pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des.key pkcs8_pbe_sha1_3des.der +keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der -pkcs8_pbe_sha1_2des.der: keyfile +pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -pkcs8_pbe_sha1_2des.key: keyfile +pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des.key pkcs8_pbe_sha1_2des.der +keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der -pkcs8_pbe_sha1_rc4_128.der: keyfile +pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -pkcs8_pbe_sha1_rc4_128.key: keyfile +pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128.key pkcs8_pbe_sha1_rc4_128.der +keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 @@ -198,17 +198,17 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### ### 1024-bit -pkcs8_pbes2_pbkdf2_3des.der: keyfile +pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -pkcs8_pbes2_pbkdf2_3des.key: keyfile +pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des.der pkcs8_pbes2_pbkdf2_3des.key +keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key -pkcs8_pbes2_pbkdf2_des.der: keyfile +pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -pkcs8_pbes2_pbkdf2_des.key: keyfile +pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des.der pkcs8_pbes2_pbkdf2_des.key +keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des @@ -247,7 +247,7 @@ keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v ### ### Generate basic unencrypted RSA keys -keys_rsa_unenc: keyfile keyfile_2048 keyfile_4096 +keys_rsa_unenc: keyfile_1024 keyfile_2048 keyfile_4096 ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 diff --git a/tests/data_files/keyfile b/tests/data_files/keyfile deleted file mode 100644 index 771b10ad6..000000000 --- a/tests/data_files/keyfile +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXwIBAAKBgQDvJKjZuDqQ2agQjrRv+p5X62dazZ6YVmDiwExrOOaK5Aw/FZ3Z -Ap1TA757ztYlgZNH/lHg5JLM/dSdkG6Q1I6cTC6hW79LHORjUWjkIoCsw3lPd4Mc -brIBdp3x0PwqgLGnEa/dwFX6hjakG4aorygTzI0OwKkBgKwJOivjRqLqMwIDAQAB -AoGBALoGZmKWcNhkt9vJZosFBU+XCtsTwB74cn1w4QE3Tf8UzoH0Ksm4wvDkpLRi -fSrH1O3X45FxvNBBU7cNtzRqZFOn7VMsZZGqBPQW0StBjsJH5dOIRGkAWXxOFZM+ -2nrQi9TANPA9bkYSziV3GFQJdGyDqa7OO5FEXY3g6ixCrNwBAkEA94vFPuqEWKyy -rW/jDqBF/1wTORJnsUjh7uhMjjMkeURVCZUifkvQdaX3t7s3LC/yxL/nx7fCEnLb -JzT0i1U/swJBAPdPbQGw2g0oafAX7T0frJKe+cSOjEMc2id3c6AeHvDgfSL90zWD -aGMZQkmnRbbo/oBtv/2HvKYhJT5pN726a4ECQQCmQsES9c44BJ3pcRmObEU3Mq9S -iLMOVoYwwOMSKvVXYXa//eNx8hervPH4/AwdaILkdIQHFruJSo048w9AOdyTAkEA -mVBPz2CHjOik5AaxN9dO8IZFaKjGI0TbqOPQdk6197XzXaHlMaOJLwYVpftgqIfA -XnWrM8zWElcx84Le32uWAQJBAN0X2SkMv/MWch+AA2EsY0ALljCmMCTNp6LaZr5h -kudMwxesdaCurkUPFIBm9PCsaXHTWWFD8pCCWUz0FPpg488= ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.3des b/tests/data_files/keyfile.3des deleted file mode 100644 index b2a99e28a..000000000 --- a/tests/data_files/keyfile.3des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,AB136F328DDD2C0F - -3GKW34v4i1BywDddKPMXBIfeM85tay5D8+LrADXsquyBUVqioeqG/Ygz4ZYkNZ9K -5aJUwCa0TOdn0eJkOLzZOUL87hECX15vrPGfUNeVBsh9ReFhCwqCpCc8dWLlnlBb -WyFd5HTqikL5D2/e/MYgyMhOaBkl4ESTEZ1o3G2h1bF24MDbTEVjwK0oZCyoMbKe -GeC/GN/D2lizQ3Yh/hYb0N+d1f0BUtZsUZsx8ml7JCm2zdJnMPviQaboeb++zbfO -nI70ZJ0yuiUcYd0u6uFAWMX+Gnf7tZlk6k/gS3Jjyuf9YyWq2YnFfxZiA3FsglqB -qygFM4IOGe6PF/pGuJe1daF6/AAR5Dn6S0T0sscgK+5GhOUwF2PhsDcbeVT66HSI -BGbuEg79ujmgursuPGUAxsvi6r3yC1D1z+OL1+xlh0sWmFNjmfop0MSkM2fRvNRt -89yVwDHKCxM/cz8dztQFuInszGOhDyJ2HATpmdEiT1h6Q8azP7NjnUCXV0OA3+Uv -idxumV9JpG7JtAqiXcptgHkADYMgxqYoww7mwoo+2lyjbASn79BYZmI+3tB9BuVk -+oczQchP3OouMBI7Y96s1xlsKlDSXZfRCUuGBx4aXinu6OUf72+t7ipM+1x2ynxn -2JYg15XoRV+kEpHvnLR9/cDTuhdlg2rzo5zWRDqabxDm77ALd5SXp6tEkSlIm10r -VsahTDGDVkbaqN5VUzLd30YNVa/G+s1HSuSGPNyIlSaG8+ckf8gyfdhDR8QpCWvM -1682JZ+jwoHWDWXIF0XBV9BMO014qR7VA9iPIzEF/K7dfKiTzxyyZA== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes128 b/tests/data_files/keyfile.aes128 deleted file mode 100644 index 9f516e998..000000000 --- a/tests/data_files/keyfile.aes128 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,F7A9614C20516E29ADB2DC9D079E3018 - -j5v8fB9pDuTc8t0D2iQpndreTtTNCS28H8NK6Pc3ad4I5ERNT8V93QTq5NGf7lHJ -PCjcO8GMPzKodDb70GEB81ObBcHygZutW3Byn9ENZoIQUXxaW3JVI7d8Yg07c5Aa -cKmrhUk8ncv2utbitfzEzTQsargP8Nbm4I8iroFGoOY5GKTBdMaImcmqyL8c64Cf -vU4boaK1+OWBjE6R2POFpZVQCeNZpcsWTO6vEX0Z2+PCnlctgmnO2DAUxSeRr8Ie -J2TDFi1+8z8aY6SNFcsymn37SeNXfi2u97VEE8oWG3snG07iOxCCjQB+dZ8t7f0D -qHcybxcuTffIeq4tPygwX4UgebqoVn/DIq4m2GV72CcNdgFE0mtsPlXXEMUFgIqy -glrxVkMpJbpKFP1gsbWx+ID3gchowkYSxnpJFDk7fPR4H/vGFGIBOk+6ATwUSuy6 -eRqMRQExweGx5lWZbGtt8fbwoEEDhnlxyy0iDgAhiORi4tZmramx/M9N6SLMb9sB -WmdzF3ln6VNw+mrjnpImJJZjQE7Nd+cdgkCzdFoTn7B+paOsrGeJx5RvfOdsL4Yl -Ls9DWvDfOydk/zxr4Sm9xPYX6oqZnhUFrJqvT8ION3IZNpE88YZw/1UFCH88p4/0 -dwNsE5LDkXkBase+bek3bEN0mH0oTIY4PxMiil3tpofUZYE4T/pugMLLWgSEdhkT -2V16w940MdQI8qrGaEzW09b73kqSLBGZOb5CEthftlCts1vAI9KA4CJ2cqcH7x2n -9aYJi9aCNty2PLeuf+MIsksiAQNoj3vhoXVJiBWQSCcAv6TS5b1FjbEWqxHbz6+w ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes192 b/tests/data_files/keyfile.aes192 deleted file mode 100644 index 265570b37..000000000 --- a/tests/data_files/keyfile.aes192 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,9831127EF949CE8891358563737C8475 - -A3uLv2ThHEmFGS7TOmSGiLonOVoA+XNEBTlWBQP+I5OnqwrHsMkTkapzbXRD7eSE -QYB86HPYN+WbJO4TWVnOoDcZtlcUCTfFtjvLst8QkhPbmx/xfmwErvlED2o14fej -BawhMCLeczK14m/Nbe46tTGTqasyjTl7eFvyQ4TokadkyFK3kDX2DvtrU5pHIRbm -flmJAjMC0kfioXzx7TrmrOOvY8pu8qCTkuiO6EeB6HMboy/W3amnsP9KmmBv1NHL -velzzuA37tICJdq+alspf6porlN19qH2DQL5h1lArP0qO5JNMcHQGp2r4b9KRGdo -3wMMbmKztoEUrvAfZcuJQgQ80aYWxpsYb91WT0hqRoX9q6HmyuELq+/dnfpwKZmo -YlZ3aKeUvGFOxdahvNr7ywJ+lMesCxiW0E44t+prM4pJvrQ56JbmXG21q8BDLOBr -nOt22DAOLXTOctBgVSDDPKuo1X+cp5F9epH7PPbE0u0XFXA+8VgeDUGXolXtwfGf -UjtvfPQdrbM8CduT/7TT1umamqYkmI1FkCQ/HMb3LeLXoZBqEBkj8EuVOZPLOIeW -/rVOk9TKxOSdF+bQ5aF6VXbJ+KcrbofCA6PgJMlsIkz3WMwQ9JHgTlyYC+7m+FfA -pXg4/GB6G9Nl/WDJD/xVapOQ3B8a6N0KYHW/yBbEA9jjlUTMBmFM4+ZZagITJnNP -6/yHsF1ut2E5Gv76/35zs+Gcgs+vk4rNRVTX54lPSFwHi99450R7Oj6hi4398lq7 -dKRDezJJt/ROSlzCjVzU53aBnR1rIELa1L9F+M15nhqSb/ynUzB8c9k7UGRUBDp0 ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.aes256 b/tests/data_files/keyfile.aes256 deleted file mode 100644 index 6ec7f94bb..000000000 --- a/tests/data_files/keyfile.aes256 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,858F24A86BA1DC0D1FB4EAFCD5DD9609 - -7kccrTo2XAy79ZZsAhvkOfav9jShAUXiw4BpsII7s+wqvfsLPzJHfAJcKZSO4Rp6 -Wja5xdqAPhGO/kAMkfggB2g0mXnvDxc65Zz/NOcSNQhoJ65uGMmrzdMM1zY1NR7d -bufwqH3jDM669W/LhbKJ5csJIekKwmMjqBX36K+qCrTI6oooZ8ko0BuyW16vVxfK -pxG//gyfMgoiEvyW5k3Z+pgC4zeG579bi7ki8O2U4dtNJQ7i+6boWEfUmtNoRZij -6GFdqoW+vfXRHMcr0uHDoCzTp3MCuon/lI7uzeb3rH/tgMp52JomyLFJ+wG2ichA -ERGFNPzjX9UNEUP/R3Mn40cG3L0f9n5XJmp8N3xp07BWuOcUQMTkZrI4R8s6ZQaj -p6GFIOJ3XKrJg1uw+onV5mwwmaGJ7EVMPsaCsQ+weYyefYyymSqA/lHVg1pMFoWN -k1sSfmioROdyu/s/Ezw/yfwv0+2zNkpg5b4H6r4/gdm6LWIxF1wnMixENkhzPfLz -kwhS/53mVrReLgObYx/+w3VPC7PHGNG1TMVmTY5+5o7Dd979v/nWSUCeG4jttuit -6KjB77SQcBWvF7vVBZUmcS0Z0mkJ+F8OR4VSlALfUmKxfD35Q0oChZlyyDxt3xDk -sbJSlaiYOJyt+gBmIAzywug+1+nBcfD2CVw6Jh0Kp+6m4Ut+p8/8GBjWXn0w4nNF -+rH1Y19HVdWrPMdOrUhVpYdiyebVIRW9w5ml+USAOeFfIfZMha3wtGWVXEmH7NOp -wZGlTdZXZ5j7VXIBYtGDfTkuITtZFCFXIS4sdYaXNUw0golWc/BAVsOkz2cVEI+W ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile.des b/tests/data_files/keyfile.des deleted file mode 100644 index ecd5f0b56..000000000 --- a/tests/data_files/keyfile.des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,A32BD7692C82A0E9 - -sOwd5YFqP90s5t2qqblAwEbDQNmC0HWsNgbV2Fd1gunftZarO/L32SIYEkdEUNk9 -uJuyoImiyiJN769s1pXUIW8QyPzl2Pk+lykB1XvaVvOzcEhqRAKeXmPBvAT5GXJf -kqARjcqVnZZv7pc6pWwQkrGigXFDx3Wy3U02rrBFWiZTqgraiA0EOMZ/CU9bDZBm -nx2inK2rw8G57JxEzn9uDyxVNJdf1xL0Ge1vNOJcnQWu0cNnIgMZCYPx6L7MubcL -BN6wnJkZgHCHfM2tfJTXVaRGGy/0VSICwgUm7UyU6MNa9KeuLDuiD8Cy9t68he+e -9XVfoz41D81+2Q6YKOsc+xws4WXnvMsXLzDr1lCxK0B6VP/G30Mav+DZ9HQQOE4a -CcPCM9ep2Fx77ihkXhbuurbUsqZq0b2httFJUJ7KXzwHKi8fzN86VlEnx/yMtVKD -Y7zEMo+HsOQGHSN35kJvZyrrve3kW8IZVJhr2si52KLKCwUdObHNsMbKbRsiHGy7 -ukwEnObbrgAzI1rme0Xkkz5ayRZT/fH5BVIYEBvlRGBPE2mreoMU0BP0cUXjZPio -KcYla15Ay2pa3RoaoVSicuxe4TmW9rY2oqMEkGqLwuGmWl6H/qnpakR5MX/edpky -qIo51fHolYpPqGlo0Q+3uomI/l+rILu+nl++9v63uENeP8YYPFfYFOww75i4Zi4T -P5ABY/dWZkEPU5Yah3pcOznbDZzkDhorWZtXTMNvolb88D3zUY6W0TDfA91w3tze -jz977r1ERLuXD7cHjtNK/6QsdnZGZx5pAIx7mIGBJN+5v/HV5tS8YA== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024 b/tests/data_files/keyfile_1024 new file mode 100644 index 000000000..ebbd61c5f --- /dev/null +++ b/tests/data_files/keyfile_1024 @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXQIBAAKBgQCsDcv6br0DRSxBvOuNhnubmZI8bsiNbtXBAajfiJYZpbsuaQuU +aiDBNT2RrEu4j6WPhwEOuu67N7KVkqPILEC2nzRSklzy1SqVq1x7TUNsZkM23Qh2 +XI0DsfWKAOnz50lVfVFVaLeO2Nx/NJ9r9rGYmAaQjDrqW0YiWgIsmIoiwQIDAQAB +AoGBAJU/epwJB6kYjiWQTfz8lakKdJI7v3kAlifQ2r7daudgnpjJwqPB1BwFpR0C +isTUxtdUUxSGD6UT0bRx+eUgjhjwPl1YqtgqNteZqFg5KADDagZEvbelGsoVF2JR +RtglJqBxm2dnXNP4tEYi0h1pdaXM/V8rrj0EXQZxd0oxiAvJAkEA3I+62w5/ihGr +A5M4RkzQ3cOU9oFshUsPpQxQFoyuOut0ha6AhXaLyvuDE7FWgU0zL3IIPEbxsVq9 +D9P7wVLlpwJBAMey0v+5XiIUKYZvxvXsMmFDooS6zdjeJpfxBOuXy/kfafV7+Xee +zhdTQE8vO7pGhqpWf1HGYQiMCOugQVqyEVcCQFuOmo12fkENRoVMZq7gElAMcVjG +rwrB9vOXoeNKcMTqmssnfhho9mzDbU0Ob49rQZUva/XBqXDq7tKUN8yvob8CQQCg +pAJFweiuQ0fQJDSJeTJhuZWPbfHO5Y1oJnLNzbNAOHv1BIB+MFoau1Z9HELQqpED +j0cmEg3WYUd/u8821Q1LAkB5YQyPIPcQTZCok6WhC9xD9NXsDo4Ah6YpOhtD9fcQ +82ZcIaYkZbikTfzyZA4gsHhnVaUHx+DJkPicUSVZ+mKY +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.3des b/tests/data_files/keyfile_1024.3des new file mode 100644 index 000000000..41448c17b --- /dev/null +++ b/tests/data_files/keyfile_1024.3des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,FC303F7A77742B90 + +uTNEmtVgwQVIKnwtTcIal/TOZpwo9bbdVdG8PYGJavk4lfcvBbNyBs/2fRKi4RU3 +lbraw0jiF1XAfT1KDW+XDRJyNXEDQCk1cckvNtLsiytby/znqFg8G7u0phZ7JtOu +gsPUa49Bscu5whTtePfNAguA4LGA0Njmd3regcc54ygC6x4qBLkHtlTqAHQPoRgd +V4baIIY7u7PnE+BG7KObAQRUNhCOkEJ452/3nvnT2LTm0umaNuxcXA6HHSiIVPKr +/cFqpL70XRGS93xBXOBW8+SO9ekr7q11Zq7RA7y7Md0WuzBcA5hBALMPYizsErZn +mhwrJRphxLCFIx8ruSnV2kASgB/RqTJcQq0TfvTrxOaAxFcpvRcRjzUwYoU4fSbq +uJYjrNnfzgOFry/oMt1c9HaA5QDD7S5cCfwZt9w177FwKT7HAiYoPGM6SrS+MFjX +Tf44G7wvhJJ3Afce8ID8x1r7RreENTp4tU6fw3GqFYXAQmk3+PN0GfizRxSWcCrC +2rqeGi/bwuRu+QPEOO2M4oKUxxVZDCbPKjGN5P6AljeF+eTL1YAIOMb2sHTWT+Pj +WOAFxT/if0Ue2mIUIVbPUmymLwNBP3ztU/iF/YqKmZHeoeBt7Em34M6RlY93GEU0 +W5YwEmuGbJ761mORvcjskdXH/RLQ3Zlx6oOjXDy3ZxpzVI/zXk9K0xYO+ise6auA +kMOERq6qXuOgdxa93cWeeJ0dgV5TiWNAQ6krAGV5fGZGt4HOeJUks9VAMpjWzcKw +ONpWMc8mJCMJaklZ7mwZ29ZOTsCY9IeSwoZWS/ybStD6f2Hr2cEHqg== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes128 b/tests/data_files/keyfile_1024.aes128 new file mode 100644 index 000000000..8df642da2 --- /dev/null +++ b/tests/data_files/keyfile_1024.aes128 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,14AAB792276B5CBD7BBAE51C3E070E54 + +FsqYOUb6GINEBjW391wJkgXp/Kn1Rcl57h87u0ImHvnlHwlV2DlbQLGsdxtPne5L +0sNyVBeQ4o2zkcobcMkmsrscmVxyztgD0cvlwG8kDgTwH4059/oC67vfXBHmnSTB +RBuXNcneDZTQksN45TQ+B8TDfbGY7l7wsob27K3g5MW95HaLOKBkG25HgWiREe2c +lHEDymCK6+VDnaUy9YgVsjIOpm+FuS1LkHRXC8vuxf9tlzd1/7MAIquuTbaMsIUF +reD3mWIEiiN9N+y2cwTwGjxoP1ZS7X1knFIlPX+JjG2NLWQclflMCLbiNu+NaRqV +rIUAXjag/GY96xNjyKDxfEJ+RqF7e6oUFU61fUXwmO0k+/Pir/I/M++9WwMOmFpc +UIJpQitaEYGAarz1FoZ5JJDFl2AeYxI8vywwc16efcJYHk8yg11KEfGv7Hje33br +q3+zreLqqKs+ovkENWKgfLjBpLA82pghyunXH0wVGbrNYCzHVBtTZYcJveBTGq1P +4SGkjBGtoSb2ShMM4zxoMFKtk76IzUnlrBpG2n+WxdUNPZDcQrew11TX+R7uk50C +Bk3jXWMKdf3rDYfgka1O8a6OPlImwwAF/NBx9snMKfu3qiUt7IawY3rzdmcBh95X +P2e2IJR9jMrS/kTPc/gZo8hbCSnViBx7csnR9giq5x6kUVM8A1eIOANK2b7VbJxw +PenaoqluxBiy2CnTraxj1AqGWA5qzlzjGYnUS7HUjfLnt/YurpvkQhySSpvUJ6VR +IZWwTftE/XHfsepqfMnyAdkmd4DoUTTlQyUQ0nP07crDLMbiaoee9hLFNcWdwua/ +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes192 b/tests/data_files/keyfile_1024.aes192 new file mode 100644 index 000000000..45b67d44d --- /dev/null +++ b/tests/data_files/keyfile_1024.aes192 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,B2012D182BC0571FC85B23C073DEC75F + +vnSFZy59JLA8GLUUpBvDRFm6XmbgcKbQJ3bFM6yA4DJrJn5JjfHcsTjRcWUkcOGm +OkSXXGmBJk5k20KI38ZXQX6+j/W8nnfFnu0eMCgo/+CtrKdeIzvBzcdmukEHZp9x +K4L5as8xsL0xf1vPXCyY4AyNyJOvsTkFi4P6ih44z7neGQM8sMhCz5BVSK0bzWZg +/vnvEit39faqL6t28B+OZPil1GCRHbi0PX6ns85xpQw1QNeEwlZ9XmltP1KHWeJ7 +jWPK2Dced/ZihN1AW2OPIHZ8xddP+yJJPdI4HKU2VXIcEDFZxLkSOWfdbb0W4jqp +z2iKJ/tJzQ4X4F3Z4zcx3pXWye0HFNMu7b8r6sR9iQj+voYEnOtJEloI2Cm0sRRw +r5ZVLt4iyQm5xTCSU2GMD/yNImiB1Dwv/+1k45xHcUMgTYiTwgTuFQIwilwl5QUY +R161tjGjmUQXYzC9fn9Zr2vfJRkLlh+ygW7ennycgfHzkva5slaOCSAstEC0aj2j +l26VFvzXu9qLoI3bQzfkRi0VU+0qLtI9cVMobwbEwvERwgjb6doyCeIB7R29P9j5 +MmkHYBF6qaXU/ICOnesd/XtBlb2aNNsYZJLOmwSCVZgT+JYUM35lHulhQWy0V6DB +4qFkQs5fRH+apIjAsb7Fk8/yjrjwKQNJmkUu+Um//5hiPcRYxyp046BokNTZFda1 +v8jKkKX2eAhji3x8PS+z1XYpfUJ3uAysSoTPe1YiwbXizZFWhh/Pan1rIOHwdKmy +da3957PnwjmANKUT0EveEe9ASrGgdN5rUpeeXGENbtmS3iX3g3MMepF6Kyb/k2dI +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes256 b/tests/data_files/keyfile_1024.aes256 new file mode 100644 index 000000000..2daaa96b5 --- /dev/null +++ b/tests/data_files/keyfile_1024.aes256 @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,490781FEB3C4375838778AD3D95EDF2A + +ECaTWvExEGV7cT05z1iGIre2LLgVaP8mqfxKQdaNnrAYaZDV9hrVVIvSICl3IMMb +9PVbCrWK5cgMDSqFtPS7y/ZpYN31alFVT/hgX+Gk7pEJp16qZv/arsiXFdGxaWmp +4br+oNiq5QbzDPwoBNKiWUGUk23K/TyxAg3aspDaz8e6EGE/zmhW2qKIXG2t2oxi +Gowb74mXFzZ1jYUfMpQw32nIybG5+lIwpSTY3DWjl1AKhlSvXgnTTNmS3XZwJmKw +FSXXlDZs9OM7n3GiLoA3rmeaqGRblArklykmh9K3uXRXFjGGWOduxybSFndIdYwM +HdV+Syb3eJ9wF15nk53DeDFfU8gaZ2GNUjt4B3nCOBT+iFhEFKguvo9bQ52EUU/p +mzZw/X3b8ui2YL131CI6BWdPZ2MoV2v5i9ZdCj+q9s+3BIGU1EgnU+o38LqYyekF +wdyc+PHMhq4FqzyJYPju4JQ711B4eKKXIVjHx71v2zt1ccB5a2yK6LLv87cZ8d1a +0ubOv84aUGPkA1mBvZHogsxejthraHFL77Fk8JgGfdTwOELpvK1JCOZbm8H19yBO +dxYNQnj64eWm2fgKrcHvIr8wR44RgB0cwucVjQ8LTgcrCDt7NGG6Z/3Vxeu6oVDa +ZDzbI+MvzIJwxNqQyjlYMoK7jJn+FJ+eihv0h5keoY7qKCFwzrE6eQFSZPBM8/KE +B90kVdpooUVkEqvcBSOADVrC696YB2F6pNuEUULiefJpcFsX5a2eGHw8Z1sPc7Pv +9YTRvvu646gX0JCZRMStSIMOtu8qveH0HtyFD9RTpV3DGpzAZmli1uOVW02bfp5y +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.des b/tests/data_files/keyfile_1024.des new file mode 100644 index 000000000..368fc323a --- /dev/null +++ b/tests/data_files/keyfile_1024.des @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,4DE281E021845C67 + +U+/JQ6yKL9vbyfrxM+v06U4aC+2E1QM4zHLtjMxz2wGqlm20H7mYDRaMOzW/RcTm +56Pcj7vplKwPdbgDohRVzvXa7vzV2Cr0/Y8aCdLEyRYJrtHJBk3+gjBD4uoDXhhD +Ht7IA9WfiddMbD6ZKaQgBAJTh+JG6XqE1mmGsCsUB3JarLY333u6M8VDhhvYFNx5 +Gw/c2hPixExnOmrGy5rXnIY3kzTB5xWYVPVrWy5+oIsSVtk6+5NiUOV273aY/t4t +EcsbbHwFKWchg7loEDoFhQzinhjMupTjLhjAP6nb6m1tGqoPDux5oiRBgdmeUTx5 ++8rgjPiaPezrALaG5MLnvR3w4rKCP/2sYzvc8bPvx+kC8T30Cf78J3kCUl6Mbgto +bBiGB3OrXkIebonWSZK3M/MQ07Gi0KYC61ZR0LLesXNpoK4oODFIvEZhXBKYIr6a +3fhOOjNPYD5hY49iw7OFR9kZ2dR0JSQ7YUVMvnS0cm1/rxPEFxZtqgwQVlhK3dHS +m4PvGD5JJJ7051/+H1ri/g0/Y9WE/KQMV9i270TLD891ND3mpJEErA1xeulzBbxo +/1NJaVA8dgrgHiCdEYjzJQLiFif8MU+kE9ZPa7jUON0jQz4aAs7cTA3o5SV26D2R +fyySVFCAk4dZmb5yGNhstN8dRP/DGs5t1Gwrlfd6jT6+hqxNEEmBH02L+jncfLL3 +xk74SVqKMFUE56hQhTeiyC3E1l03LrdNFmPwkD5/evMRK8K39esFxRnT5iOmt6AQ +AiG0zvb7lvkbk8hUnZA8gdTRqUxsSwMjOsF0MzZodaE31bu+DxHn3g== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.der b/tests/data_files/pkcs8_pbe_sha1_2des.der deleted file mode 100644 index 0fc0d2b90481b5c0e62ea75ef8ebc8c184d22094..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2zQaM(xgl$qXGg500e>pfMt9ju7L}T zmtneRcm;EU!J9NXPvMcIQ{<}blnRJ3sG5O?Yj7%Y`z6a5Uo)-FDsNFul8H0sG2wf( z)7)`b_LE?zf$pbdbs;a*2G-$B*H3>8h!LQeA`@7m>`Zhpdh5OZNIG|-*A`qkiSdp7 zDKt0cFbB|L4w-{d?mC@H*B=py?buqmc_u%074g& zavsY`#N1e{ES)s(AOiNENlY`2rl*oxCi6I~i8ygmc9n2+o;3Wh8vb)cCajBP>pMjd zV!>`R7Eeeo$t?X8KJf8Flk32^)ot%h_opLhcRZcV%4f>eNwo^dLldl|+9)Q5Jo)8R zT2Vn58w(E}&~FKA8ECTDNsGr1_9ds1lYzAF#QRX}tWSuj$9^Gs@Vb!NAuRb0d1$!a z$XaI(<44JTA;dT_0O-!fMNO94qMW$xJpzhG6ev@BdX#)(bcLApXH%JTw%1@HbD+or zkk?iXL%ZG)XNfjjEp@ojtRmKEh|y^1umk#{&UyKyP_`;0^7l->y<#BM)SkLUwu90G ztJ8J#f-!*9ZIy4^#I_+D1blg7E8@r~_7YgoK{nnVN?rOQ555#bVS9Aq%l+K1Xa_R~ z49q_zx2=yAT&Hq--iK*am8oi~Ra#+#u!j8|(gbjIBL9SR?UP6CEXRRtguaDV3^fo^ M97$(nDZz9e{}~oYE&u=k diff --git a/tests/data_files/pkcs8_pbe_sha1_2des.key b/tests/data_files/pkcs8_pbe_sha1_2des.key deleted file mode 100644 index e0489332f..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEEMA4ECDJys7xIpJvWAgIIAASCAoBGe62XG03s7twB -Y3Snr5eshEg5kWSshUlP0VRX8Aer46fHK8cZwWJeADjOHREFzN5zLoQGdQWWAyAU -wuc1v8HNq7kv9/oAsq1dDCcZ0mCVNI4q1udtgItK42YD0SgxVcnGXdgldIcAgonG -BRkimrdKnQjvIfYvI7Jx5E8s+5zo2UbjhXfsnzB1AFL4D4aCVotOz1GBhqFeP09W -O5LCjUfQ4Tt/fk5oc34GZqUcguFnul2Ho1XzbY2DY+i24VG27sUf9A6OkLle5iIJ -zfZfqonJxunLSukJSryw7+b+LXCKYnNVgCAkkLjKrLsQ0xQy2tyndpLGZ4n2q28D -p6vXaVi2VJ5FusjzLDC5IIvWVB3f000E8YJDFf94OAKD0+zxhI1D/aU/K8lKbVjO -yboZrc7KYBav0Qq4ROJOkbv6qJLIdvfMns1Mn0F214fp9DqylSLMgNcR173gYVuT -bcd5Oi474xHHMX6zg8v33s3DEsQRzO6l8WwUKJswCdYMlOZBWHQ4TxRrHn5LglE6 -3xsdMf01FlKTPjGaoO3DZ6JivHnzqUuOLfHU4ioWC9cxCOySBh8cCk0tEPzgkzjs -siwLcpb721jmGSEjD5A75sCN4yruplNLgNUkkrY9PjjJO7MyqENpGk1qbNUSEkZ6 -jUQdxeaS0CPCDMtCQ/mYZAZ1obkpMQy4BSiJlWdf8wqiVo9LGjU1E81wPYpjkJgK -5i60QFSYJKMf/JzMDnz2IoyeUzre9vpRhah314PsnoEjPKUvpze6i9AoZjya0ONp -QOAIH5Dyz+NAq06L/hBwN4SDH1d1Ik5PkTc8mMRb83rCzFPFBaYTMSaTFoxMsuXS -SYtieZvn ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.der b/tests/data_files/pkcs8_pbe_sha1_2des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..d0156e991fa695236fb155b39567ba961b883ded GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2qHP*GJ5k()B*ws00e>pfOMx}A=XGM z?X^&}Gs9GHBfhQrQPnTXSX&*&lf!oXgOxXh$gi(cY zN++mU>OHpAU7UFrTPn;Wep@S&?UFfkr4nX~mv#tiA)H|^N zS92fsQdA+=T+VSwPONavPdqJaTrHo7YYq2>JaE>Nbkm@9hT~aSg2gCUXm8D@srNYx zB!9yAWA4STK{;uYW;sJt*_3mYR+Tq1bKWu{lkW~&p3fcqy%{G|Mx*YS9CX4t!Zyl-X1L)bM&~N(_JR)f z%~1du2;h>6!{Cd|bCDa;xbU9kzsS9s{)c0@+iDWI6+01EcOtWeEUDIXaOlE(Vr(=% zHwUgn+mYcWA${5M*v#m7_(8pHmQ<#bhrCrE2}o7>xm*WV)ylXaJve2)f=aN~q}AZ- MHlmZFXyd~eQlLdh?EnA( literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key new file mode 100644 index 000000000..e9cc9233e --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEEMA4ECE/PEGdD1W7AAgIIAASCAoBApn+7s1iR59tk +qRMzsN2aGKS1IoYtJzUWEFhwAeMUzEPFhXkdCvd470VrkQsCXc2Q+7zqBT3uxb5s +oU75OJKamxiruNd8e52sQ2nNOF7gl/g821zy1b7vVhu/++pxgcrcjOIeL8OFf/xA +MSGvA0UfguIMYuy3fbKJTSltpyNR+mIH6PeVj+k8f5VFNKg5hsFcetTYURduybfi +DoqRTIcPKQVnP0gknw+Vacu1OgcKtQUa0823++OvAqF3J18Shu2dDob46mvXSJzL +n1ArkY+E7RV6hDCZ4vRYQU0sogDb8vwOvOPQBJ20f0EE0mY0Q+MCW5I/yiDR8KQf +Z4WG+cpmIpsbRnCwA07kAkO+QiibRYKK4fBIor/D8Y2Gi+xBXENHYIUimaH7O/kf +V1FotY0SvgD929T30gbk2Y3H2PWH1f7ckWzfUllQ8nlj0Ap1w14pwP1+CP0HzSqV +5uVWj4Vj06+vdAuUuzVhOTmyYWd+HdIec5chG323rovRO7yhTokiVu4v90umVMOj +gcnTIKJpJaqjQyFUpHbHonDKA2DpUhbMmBuL5OA83Dm9YRouAEpW/btjnrhFdWFw +DG7OrPzynb0jMyl/R62KRaouN0L59M+MBennECwpvXx8iXkWwA41uZH3fJx0GRIB +5eZtT0u6edJgVkfWHA1YReio7y4rFx5M56BndICDeH4Hy9LFIFSBgDqMzY4Tn4wc +qdTLQS0XptnJFJwfgH7YlNpBspxWvubCotp9PKxqFmx4B2KAKNvg4yCpyTpLcseH +/c8pgJkMFM9IxHSY/ujm74J9FyGj5Qq8qeu6PGY7SkjKxJFWZYERXtubUdSPEx5A +ZIRxGSK0 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.der b/tests/data_files/pkcs8_pbe_sha1_3des.der deleted file mode 100644 index 7b36c36a18da5312cbad74d501e5e6b4a5147f6b..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2zUpjnz~bvpaKF200e>pfaKLah#+)f z+{WahJb2oQln4AUNerQ{lty6Eq(?oXC<6kAxSxSc*mw@VRFRZ+SNPrWTilA}4?s$~ z93Dt0AQuBKA}#`Mz*ShV?`Ft_J9OV1@6jPM2UuVh2+1~Cb3{c4D`2qL#7p9ON{T6f?Mmp&<`OXaZ|a3{(egNFX?3^27bDig`V~7 zckc*-eZ(u=YUj15DMp|qtMsTp-$}}0y%#lEq2ZX|O)jMA09M}`feQo~ucj>mVbWiw zNXd+jPa{*tO3}uAc7LmOL`6n%`E>ua=*+xyRjwak_Dck_FunNBCzyyq_yg(xKZv@V zhsG${b)#JT0c=n;n^aJ$%%jSozf7jXRAZg>Sn%(%v z#gMX2f9m%nnC{wOCfR zd8hs)CI-5C7P;NlzjLLJ_)8_JB=bRF@bDA`FaW=${LkaDos9ttjt_P5`EG#)RceMx z`F;>MAsS7=Wq;EzB_ZG`>b2RgB4qdlkq9$AKhvXv_KDp-RnlPu-fwb)BxiBr6 zNW`rb7D`vJospnq5w>GPvrk*Ndtba+CJ(82uYMh_Yj(^USqnW3=0A9k5SgD$t$mye MR|PByR9$n&uP6IOkpKVy diff --git a/tests/data_files/pkcs8_pbe_sha1_3des.key b/tests/data_files/pkcs8_pbe_sha1_3des.key deleted file mode 100644 index 07b47f74c..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEDMA4ECNw/X4edWXVbAgIIAASCAoBDmCn+YmkXDXuo -6tdZqaPmpj9cCeBl4FOaID62I/6Xfh5if2Vyb3NVqyK2c4pYVc1yQpFOKK5dJuN+ -EyKz1L3Ey+IwHfXGHz/VjWrxuZGvrxy1ssM72v3Ev9zQKO/+LT+hKfkAxrD6jjCA -heiKJqFaDeV3vkBJIN/L+wyG2pfUzYu1ZJTa0s3BSquiS4MF7L33nuTQ6+VEvVBH -OfufPVD2eqCAYtc4FJz5329kOf54ul7shdsIp0EII7bjmGSwbwG235Wk4jOkIkMg -EKV1UgeMXQ2yMFwOH+02xVFj9iHlMq9gVkWVxzAEv92FNqysageyvwV+LiBQu3rz -hahAqoI7uL1aIRmOyNs1xlSN46Ztr9/giE6NZ3lMoivnSncxXbyUsrwp2EepEjLq -3szsV04DOBAF1CxBlg0AI/PXGDe5pyFrlWj0aaU5YgQR+v2DT8BPheZASbk8Mo3d -WP+GKahSJRBUI2C28rV/aQWsforW7Ml6Sj/iqWBQbkNEow6FICeusFY7gxYjJdPq -QsM5Ncu9kxXPJCwfwPuguh9BbIUJdFl6J1lW97RF5M+XvfXm3naBu2PVQbPDAwde -G4DpEIP3ckOrnJrNL9Ewjk6upuaTO/SzL5EDrK8jygpmkPe5YpLRmwmpr3lLlanV -Nmqv0HC/6Mxjh0E87/wyAD68/Sv4CYFvWBE9WD3mFc1ZHadJmu++W3q0X1SOJpOJ -z+Tz20bYdbwo9glyeyh9rHqTukpAtyLpJ4RnWw0BqO4CTH33AJas82VxHKOWGuhy -QXKiPBronsVP8omv0+HRPk/O8fkff90NZ7wivihuZYYqewBVzJOtSwDFBp+pTf/b -kL4GqBE3 ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_1024.der b/tests/data_files/pkcs8_pbe_sha1_3des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..82ff7265ae96b547873e61cb0a6b53f008582691 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2)-{PRevHgR00AB00e>pfbWj9T~1S& zQZEPFCVeAZ`5lUjJWv;o4i~MKV~4IX+4!`+!U3A&6-rgCLQ%~Km8Bv3;FD*6y4SOY zXY>c&f4iW`0s)fLEi2pzDj!KJ!*?CQ!In29U^Rx)s?I^}2Hk*41^TLpdl5Rj+_J;` z=MVNGf&qK^@cML#7!T0zIg-6S$&ez#dx5aGYg_xiUeK51U?IkzAGR39{37U2KL(lD zy(yf|2yxt%k5k9Oog>*LyQQHqpze*k(&(|kf=5(WowQT7u5;2x zN*#Kg&`N|lDrtFeI@sr=>+$Ddw~vAxN?O@)|79~L-uHzJwipQ&Fs>|OZUIh}Lhxb} zh?>s)k_~v{jbfBG2nuGVlawXWa8}wXeN&Y5O4A+S{DCZwZ{O#%DI6A5YJye&=~k84fLpureip}-OChuyvd+2<^!p!yo8 zvadkDzsRf0TcPO2?2?GmSviaLs76JkY00e>peVtNbKLdYh zwYZjeWMHk`ZI!o$6FqsMnW-XUG;!EeA7eT{Efx73vQgQj+@>=g?H?LypF_NAkP625 zSZ7AViY&dQ%Pu|Ar|m(y_QiZLRtPxQrdC`CYKsL;tU>*ne~BP~2U$Y9N&&3kITa2{ z{=!>8jE#GieHhITZj&LGDobTS2Ioz;+GI7V9d`sZYVTJUDjw^rR#0A=dt|wHX}=v{ zIaVX8?HcB7T^{>f1TUjP3iW`cxtoz1PuS38xFmQA*zC;Q`HT;I*o)MhrXeov_g&YP z4-h?5YZ&`n)|hQoJU0Qy5(Cbw9lI}_)6@%Pa!wES<&0dtf~;garoqfXLu=|Ztl;ZX zsTA*ze;@O=q@7pztS6SXy>>;mm6GV|(eQjgD7b9`6UOW-vZZm#fMJ^EX#L!4S%R%xB!>|C4u^Kbhmc?NU=ojabnzQ8~KM$t;S!&RTR&bk+_^2KMS(@>J04x?8|+DNFPR zV9AGFWj6*!$pK$aQczgDyga;!=#d4+NV?M;Ck_d$ADY>~{UMW2a2yR+tjvt)rQAu&9Z3vEoYcHKHk=xdO&4Z1f1OUe!XIJHN1@34oRs2E3(YdIJ;Ny1(iL6wDi+hSm+IC!?YsZF?WhSO?~ Jsc~{h*tt33K*s<8 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128.key deleted file mode 100644 index c8fbd7e33..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICnzAcBgoqhkiG9w0BDAEBMA4ECHQhpmYrGd0CAgIIAASCAn2hV4Jz28YdWGFK -0gLJr9d41Dgsa4BgBAD+dVf1D8prnkR5I9VoPMY8Fl2EZFVIgBCfKTehR2d5jMjg -EszFKDnSh6Oc1Rk2Xfp8zOy5lFBXbr7sGfHPFTBaN6lnFwRlxsDOdXHNpMVJkqnt -sli1A4Myjhf+y7G7jz7t5cavMxSkVf9NiNQ+4YwdzJTDuFOHPvHfTk+4x/QMw2Gw -IjKPyWZVYXk9biEad81eWO0waV6+wexmB6adIo7FkNFC7Mu3Yjxg+2DRnEnKRuuT -X0+Lt7vzHSUV5+yYwLQhQSGQvuci6U9zin8hcJ7tkJEQ3kJzQu9yL5ozRI/kAXRW -LhS4A6wGaQFSNYf4LzUxkqb/VvNnQ/EBT+BXKv/N83ja4KX6iD4X93uKlUGifsi6 -8/z3mI4e6FhO2XM5PdNE1iCdJtkw5vQZYPACVdX5LIpY+202hl/+qrzJkW09OZfE -TbNJRq89AvpB+Z1RVpIdvnFLuNZCk7GJyfpQCDWmK2msL0XTohlf5jUB49SwchKQ -NJ1NQM4K1JDz/yI+N39CCB7MyUEoA2bwRIpNRFDpNC/rE8ruqtPs5mhDfHqYCEUv -DfU1Aix0oQpFKICNlxqXgmszlzthTGUvNzT7zPsePfhReIBfiOG3hmqNzmq5N7bV -hhBzpqKIS59htjKZ1EDGCr7RdYdO/wzy1LCVyXyWZ1QCYPyyK2C04fGrDAxnOOqM -vpPoQPswK5WbfEbVqj1z9Y6MjcYdtr92x1ZDhTbM7BAdeBEhjzfMvrKPVuZO4+rZ -aC6TidEeAneJablTGz/uIGDFz1Nmtjb76cgUZHW0IRsFTNXVAPDRcxz3P1F5hujb -uWK+ ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..39d6572a5e856558765459eb5b6d3b870840a9d4 GIT binary patch literal 673 zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2v6}0^P>&g#R38d00e>pd#5||zcQV+ zs(Zj&E}a$uxtTaZjY1y4)b~I#U%&&9T--*nV^xsVh_=OtCq8(NMJ*FMayn;=IN_5L zokGTkLys5i(E!YVIjq$|3cPbvD`4~`qj({qM&qJibFcv&qEq@bm zJ5xPB?T#}SE)C+BkB;pOAvJ!y%U5`HHo=*+r6g!WF4Kp~}8*KD6!6eQ>D z`L3XV|C8}e+mZ9gL|d9l1>23nZ_Wl$^ix{Sunj4EIigl9%nM(2;j_6qHR(!mmaqlo z-ne~W{ha*!K(0rzRtBF=j`KCHqZ+y6+kjovxXT5PIo}32pnd``AyYGG^~c;iK`6r8 zqvNK&aAhqX8VhZ~i}S|`%2^l@OkG8^OpGtA4&_dn-{m#9ll?J?DX3}eQlN+evlL-M ziP`H`*q+I7bc_v8ML>;h=(9465?)QjbI0}pbjdf3?;CSrp(u@3G#d==1f`>H>Zh9? zpeMx&$BBENnat9>pw%7B_S9CQ07ZVCE-2k)TLLR7!XlXoW#t4-jHiOrT|P&fI_#V0 H#7@qniJ3rs literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key new file mode 100644 index 000000000..94a4df4ba --- /dev/null +++ b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICnTAcBgoqhkiG9w0BDAEBMA4ECNbmP7UF8CbfAgIIAASCAnuA63P9lQDRpOUH +RTWs/TL/H7tTBxLZpCiewFAadKpCre1TBDObhwYuWB41lgLUF1BXMv9ljbNF0MiC +Gnau2x+nzAtc9RsoaRTazz0y0OxYRoSXyDgLajyyAKo64aF+2gKofPjb9M6rgkXM +3kGBbH/sQ9KFoXnW8B/gNgxI34Uwfxn1SqCF+K1qW2ZVkW2kyMrUSAvTrBpgLCjN +/YGxt/JvmceDxSzIPLzegPaA9fCpzNldDn64P7csNGc4fbp+CJ76hJKtFqlMCtSw +7o8XtaQOALPbzh5hNaHycDpwbu7R6IJP4k3fgPBzB+ZmLa8kO5lnPDgTIRyTgDh+ +J55hnPdoNqekcVSAziA7NOy+MG/cz+eElZ6bkrNSRfmhmhc6GDi8hfzHObS1DJSc +BqAYSu471EI328kSVkQ6zZQUKBJbpGe/PK/CpvXxjp+8fYMfv2hCqAgQj560oR27 +YFAEZ16cZZL2o+JmffSIvZBuY/M/shYHOwukz6iGatcpgQQgl8k/3tAQ80nzP7SP +q4XXCY3HP9AL1YrMQohyuO2Y+i9uO1yak9gFaVM3i49d6iNs/Ujw/oI982ZHlCBF +Ls6sP6FnbWXxlI1UAkKGuMyh3rfcEa0qbkNqD6RErtlefKVtYwcJOeUT5axR2ahj +Nhe3VHMky0Aq9dgsCMDxI8Usca2v3xrPt9utGhvG89PmgG0YaMmPBADVwfA+L3Sy +n/z4GumLLG/mC/3ZwGzLN4TsIVhQcOthLXf07e6qsSodLMjCIEmSrcNiU9c7hCl/ +s42+lywTdTw9G4gxLmiwxNdPlWd/W7o4c9YpukXlIXrTguTJkTyXX2kaCY+SvNsp +9g== +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des.der deleted file mode 100644 index 420a29614d14ee8732ce48fe5f5fa3e31fadab23..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 714 zcmV;*0yX_Gf&#`cKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5X6XftnRsr$? z0tf&w6b1+?hDe6@4Fd-R2tBy35H1@!@&tkcfFQP?axIJ<%~nBfCabE>4&hKp);@BN zn*MZBB*nRaC7x^YTst+Fm1 zP7mY1YMm`)q*_cGv|Fcc{s`^xr$hCU@KwgJ?uqf*Gs?WO!i9rJ{F3k>A4*J?n9pN6%PlE%TdV~Egk2^JZSWc6wj zfsvcnNupgsxCndlF3bBujzhD_P0dcLSa6$?v$7xn0Z#qV_9pFkxFd5iI~I(!NM`F= zF=rEd-!drmNuW}K!Kl<;x&463H`+_>auj5G;xwcGR^;x%P4l=WfQXueaJ8$|hpWa= z`-2XN3qARL9?Th&O?ytNN@qzXnN9uTp=g#Z@1UluI9<-4EM=)W%f+z_5+f9OiJ8Ik95Qod0eASfcoy;njRREtw}FMZJjzgVou$yb5OeRaB~*khewEe zg*~_Ca6zl}&_PL>Y(JkmE14F#Gbn{_d;9JV<*HwSw$45hUtd;Fi-w<(9v=-hZNQ8O wpa2}l|5QIqS(K`kSgxyw6Agk&LNQU&4g?67mzy4?FbgaK z0tf&w6b1+?hDe6@4Fd-R2o03VaOt2`D+Gc9fVIUQ8hM(XeFOWPZ5);oASzYIwrhlBa zu$XT_UM{=AT0P{G!}H^P>RquV)n5U$vcc_;hyv8wCcInJ(}%6s7G>eSW9vcoA$`K{ zKd#i}#wQiAeQEVddH!!PRQi~O+ZFU^^uWGy~mEF?m`bpI6@2jAF_R&ENP z<{f}g{fBQPNqa_+K3m&w2|LYFKBy!@JVah*Y$O*2Uogu0auiNnp*!miUU)q~ZhCsrx zXA*?+*o?BJfc6I)%07LOBnVR*#Bsrp4EwIDxW^uW$ii!Tw*Ls-iZ-5!sS&^7s?q&? wb$_N_PqZAj43-?a122>&HhOajNh$EQx2zdFra&965+kSb-np@jm`cStCP=(l8UO$Q literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key new file mode 100644 index 000000000..5e43a56d1 --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH84hnyJLdCQCAggA +MBQGCCqGSIb3DQMHBAiOq5X43zb6zQSCAoCbPjReKG+eKwVvc/0YBcNz62jtO2vd +KizRjLbGyQoQ80zEeeSZSkyFsSc026vI3w1TWq6f0+R2YovRyyetyb766fC6CPey +0xvP4MTBlWMrB+O235A/tLOV0C0iEHyh3a6YV67KLRh2fa8Y44RysdQj8MP557LZ +ckc5JZM06U9Hh0iLWdO/BdXg3jw4gZ59r0V3gcyZhy4m+AsTEswCeHpu+wXYBkQ5 +Kw2HhK7GPd1uiuJvOh5aVwgA/RZZsHnu13LiWAOtbPrkvM/HzHop8bGFJ46uv0mu +Yd6tgPxYlSR0ymMBFFarZXiA9+uoR5tAznpMFv5FOzcaquNkWFgZCW+2iIjWPsqi +t+AlQVlzZDjr3/+rETrANGVPdOKrGtBd0F2rXlo3x/JjbB1TYNF1xeUDgJGkkcxm +djvy7Hp49npauDcWTofMaquQGapHX0COPUNbKAzwAfTqGiwG87CuCGmer5dWeaAK +9qtwdCyPCyA5wncVBjVatYQqAWDMERYuGm4X5K51s/QMCA0xCgTGeHiRDJa/EXOv +6IobgRIcD0FXTtp4FB7Qc68yUN9PHh1OKtAHyvvURkYb5EwY/nibL7+P8pDXjiYe +EMzAtw1SOCnOCfFwXuCASXnsLh7k5d+GpfL4b139gYgzy1RRCOkJkoTvCjN1XgLX +fUnTa/GKtxJatQOfBKZG/k5QT5tpP2FdaHR1S5G+B+SAa4F4LQsOAx6nwpRr4wez +A1+HjDrfDGZytuaEwXpMmJBFeEPylccVGtD2S7BqNYuM3Lev0pwjKvMgQEvMZ0qC +EbiT3CssZm8Qretil8jdB/mkcyTvqcP4jna0+QkZaCwq6QS1N/wXPpQq +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des.der deleted file mode 100644 index c4f1f30e7df8e42cab879e7056c345669426e805..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?66%&!C_t|H9> z0tf&w5e5Y-4g&%Q1PCU_oMhX!jMxN%0)RgNcsDyo_hQUCJ=D>U#W~PvwZ#m>t=^d* z5bajfIEW!B19Q z-Ft`f1Quw zQ>xld4G!<=#qQLZ8y~lD8^f6*?omg36;f^%04qz3r`q4kzYANLDXu?P*kv@t3Zepb zE1#+HgFrw#{QET41baIiYn-a_b{Dp|8Tjx*lTIzoSD= zS$pDF8e$mclY5?j*q~AV<0p4jH?3tQYFah;Vg7slb}l%Ba>+WVd!o2DdamWa%`qB3 zaV#?Hay^nLMprPBT^66v-mVQ>6-6OY@-bwRt9UtX`e8;jnhyF|?mHpKTvCZG^+BcA za>$+uOI&GX+ty8_W33|c>|V~8aRSdLb;=yCM|fk4H&w_dht3S%L`#Ef0lkOvu$fgo zDOStkV7s;&5buy~vTP_X^vr4Ks8`g&EOR#0xW{kmo&p%Z^2UW=gRK#gP+(5s>&_V@ z=KbyV>h3|bv$d5pHsIiEgf+V4VG|%T#9>(wPGo+p(|tjd}E?TZsZp1r0%+kLhZ zZI>tEUN^ZM1oY0oijBzTnk-mu8Z1M_N4_HOlcN_TvKBNX&ygH@(L>U}lw+iQeU4*K tfp*=OV`*4oTz6~5Ut(jbC0(5(N4>Ng$NS;ZTgJO+QUWA@C-Y91pr*AcO5gwh diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des.key deleted file mode 100644 index 2e1de1a57..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIBW39lScgIG0CAggA -MBEGBSsOAwIHBAgew0DQx3CQ0wSCAoBj1gYWHNgnbi55zQDcpAwMgh2xHNRTqkKU -AF5K4K2BEy67eXGtXNEmBqo4ftuUCmEJ54XEoIK+6zCKhv9uwc8G7JHxMRMDajkv -W/WfUUzSmS0yoXn0DkhXZnR7FifFDwrZ1E721eRP8eL45qc5ij6Xlr3NwA3Pf92Z -8zbszNSMaw2P6kgk6ZiMZr5vNOS55w7vM1OMfP7FJjNRNENue01Ed3WZ8N+Imd4N -16Nfi0VYVaFcnOoWRt4/aUWHd0cZyJNVsGDYcoE6pEmi3oO/FqS1EaPoibUxldqH -lUc8UW6PGtgAzs+J7Nf1Dgd9ilkPoTvHeMAfc0yWlq4vkwtdYhSwWaC9EjkHy5+c -K8cxYKBrKrseh/tjB+WasrzQjov7+d14MqK6DvqYtUq/y0HCVzw5UGWA+hlkk2km -zByJKHKqrthZeHz3aE7KQyE9G0AUukGN/J6f9EnUeS8ROZVKAB7laQKaY3p6gH7g -tNenTQ8Ng3KJvCBiZ3QZUWxlEzZ7b+DTG4NO+ua+7pD0CfovNtWE8spmNQNRGUL1 -SHkJqRjSTnFWrLLzbz9qph3G/qlOQb1/mzEqcmso2scoeiybv5WE2Zgkkiajr16W -RBz3mYwOmoKJnLrMkwUJtk1PGrJz3d1VAnt/ill6LdOdiq65HC4cKqY36+x7vRYB -A/75UvP1wCadtx1ukFVTLylJG7T9gDZgEkQlaCPkTxthK7FqTYS1dqyy+Q6aNwGn -f3ZS9f3azDK33Ho0V38rYAjdg07ghN1bayKXfmAKz3z7KYIn3gZqRwWMvc9IwvTN -0bBpNCe/6du89S5EWDAGmLZ98oBvAZ56hKcNNmTJewUxHbjQlnJV ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der new file mode 100644 index 0000000000000000000000000000000000000000..02a26fe43c36a6061765a55880d342891034cb42 GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?6?Q0o=^KEA60 z0tf&w5e5Y-4g&%Q1PBdGg#Fw^-uMK90)Tb4Vh~8GCHjTt+qq7J!?5`nf9$eqIM1O~ zc%T6yVs)k$V`e z2)M9nTE7H#R5+5buItaML)i8EmG(IdP^C>J&XWt&D9DivNOlB5QnlUAmLj<0GKj49 zt(P)ozrCn>I9{+&!YK@~K0R&}fAA^s4<6BRkC5vmm>&E*A)DO#u$96`6JM#JqJMjb zV`V??kfdhB%9F0)j*KzLSQgF%n%5?c6PPg)Zto1H8H$r{6`NlXnQh)4!Ok^>JF^f* z=4=;5P?3*s2vpuene=V%`a#iB3SoWzHFzl%7RndFRr)W-T=P6gE-jZDT}kQwO|=`? zTS9d5;RDzfR7f$Nsz7--RSfAbCSOQ35;IBa;l=C5`EF;LRb5U5UEJK~DBBzQ)~IlW zxAKj5KP>pZd^8c*Oe}07n=H zPxdr?h23S$JjYgx+!-Ve_M}t~w$PG-DaW&f0Ho0fv>J^|t8hX!rB81j%2$Up>1SJcMEST~V@Bb(Lcm*#f!z3*th^QmPcXhvhkr|Va( zIzTy^A+w?aV1>(mhR);>o#qH@4u^-_H|!b1T$D#2{TB`Ugb<7QQhW4AOzSoqy)!Cm zP|3yn+K82(7Z-Yvb}KAEB3Zoj5vP8woDlBOgFDVsNHLqqs+N@~OgD{$i_))ImOo-L t=BPTU$-DCG9nRrtdTMQ{Dla8~@{nDahgN5?i|K30@5Yn{3zpfQF}0@?Q9b|w literal 0 HcmV?d00001 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key new file mode 100644 index 000000000..9ea8a463f --- /dev/null +++ b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIw+0X32U89PgCAggA +MBEGBSsOAwIHBAg0VpB6xQJjVQSCAoCi3hEr5Di1Db4Xfvdavg8wCqQ7rHCBCdsb +YeUo+WLcUKFPyuJO4Zh2Fu1vqnDRnaTNG5c9SVkJpXACqL3gvoY12gg5UHQNyfO1 +iQWvzvSpg/vOlWsxraP5SiK7C18RKGbj77BTCtlVvraL1RUaWe/ssrATR/4nFpLr +qmzXLz7GCydDRT0QUQs1TIy+tYIuI2rxgg7QQdHT2c40djaUCN5RaEe7i10ZitIp +Aj4LXGBkCJ8PBoPrG+Cw62+piuCzg33VIHq5AngZ/CLFNV6+70ZXlrWmJb3eukAj +RiQiWeRTAFgxtaMjsXC40VREeZplB/avnNUNWdeBe3GJBtwqBWh4plKXr2m+IloT +uastY+ndPgvDBCjq4reticn4SkIbjaCGhugtO8CmAUunzmU18z8AEB9AY+yGITnb +8lAickxhPo/4w7IIX9NCfZpwiJ2AfJnKFNk9JMQ5PpjTo8IM/lOW7WrO9sf/9JzU +Kfn19Gv/TtaYxiFtYwVJLM8UWl9EbVwobSOeVsIqCYOVfRA68qdms9/uztDNeiy2 +Kb11+l2Nb7BhUNnzYSkrPGftjQEy2dvABDk2IV4G/GvFsTviir55KSI/2qitradV +CZPiKKOLw7sy48VCLpiARnqC7e9TZI/HSQnMp9nGKD5O5jM0qb4nTto4Tj3dHNYA +TPeeuDxEThZ1pb4SwhrTvULrNogp9V5R5d9qFf/4hhkfMBBaJn1rlc82KMWq8THi +LdnVv9U2txkpmybtKySBrbEVhNfH6V7Xgu53kopg/Um9FwL+rarKC0bli83QmKyn +M5K981CM1/PlCj7Js4/pNMXbT221GXZaeX5qX5aEhOtcF4YI6xMx +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 838930a8e..46a7ebcd4 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -12,23 +12,23 @@ pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PAS Parse RSA Key #4 (DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.des":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.des":"testkey":0 Parse RSA Key #5 (3DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.3des":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.3des":"testkey":0 Parse RSA Key #6 (AES-128 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes128":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes128":"testkey":0 Parse RSA Key #7 (AES-192 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes192":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes192":"testkey":0 Parse RSA Key #8 (AES-256 Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_AES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/keyfile.aes256":"testkey":0 +pk_parse_keyfile_rsa:"data_files/keyfile_1024.aes256":"testkey":0 Parse RSA Key #9 (2048-bit, DES Encrypted) depends_on:MBEDTLS_MD5_C:MBEDTLS_DES_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC @@ -76,15 +76,15 @@ pk_parse_keyfile_rsa:"data_files/format_gen.key":"":0 Parse RSA Key #20 (PKCS#8 encrypted SHA1-3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"PolarSSLTest":0 Parse RSA Key #20.1 (PKCS#8 encrypted SHA1-3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #20.2 (PKCS#8 encrypted SHA1-3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #21 (PKCS#8 encrypted SHA1-3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -112,7 +112,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_4096.key":"":MBEDTLS_ERR_PK Parse RSA Key #23 (PKCS#8 encrypted SHA1-3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_1024.der":"PolarSSLTest":0 Parse RSA Key #24 (PKCS#8 encrypted SHA1-3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -124,15 +124,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_3des_4096.der":"PolarSSLTest":0 Parse RSA Key #26 (PKCS#8 encrypted SHA1-2DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"PolarSSLTest":0 Parse RSA Key #26.1 (PKCS#8 encrypted SHA1-2DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"PolarSLTest":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #26.2 (PKCS#8 encrypted SHA1-2DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #27 (PKCS#8 encrypted SHA1-2DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -160,7 +160,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.key":"":MBEDTLS_ERR_PK Parse RSA Key #29 (PKCS#8 encrypted SHA1-2DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_1024.der":"PolarSSLTest":0 Parse RSA Key #30 (PKCS#8 encrypted SHA1-2DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -172,15 +172,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_2des_4096.der":"PolarSSLTest":0 Parse RSA Key #32 (PKCS#8 encrypted SHA1-RC4-128) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"PolarSSLTest":0 Parse RSA Key #32.1 (PKCS#8 encrypted SHA1-RC4-128, wrong PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"PolarSSLTe":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #32.2 (PKCS#8 encrypted SHA1-RC4-128, no PW) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #33 (PKCS#8 encrypted SHA1-RC4-128, 2048-bit) depends_on:MBEDTLS_ARC4_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS12_C @@ -208,7 +208,7 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.key":"":MBEDTLS_ERR Parse RSA Key #35 (PKCS#8 encrypted SHA1-RC4-128 DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_1024.der":"PolarSSLTest":0 Parse RSA Key #36 (PKCS#8 encrypted SHA1-RC4-128 DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC @@ -220,15 +220,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbe_sha1_rc4_128_4096.der":"PolarSSLTest" Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"PolarSSLTest":0 Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -256,15 +256,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.key":"":MBEDTLS_ER Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"PolarSSLTest":0 Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_1024.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -292,15 +292,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_3des_4096.der":"":MBEDTLS_ER Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"PolarSSLTest":0 Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.key":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC @@ -328,15 +328,15 @@ pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_4096.key":"":MBEDTLS_ERR Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTest":0 +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"PolarSSLTest":0 Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C -pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_keyfile_rsa:"data_files/pkcs8_pbes2_pbkdf2_des_1024.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC From 66a0f83d58312bf711d7c4debad437bb44223b45 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 8 Sep 2017 12:39:21 +0100 Subject: [PATCH 255/493] Remove unreachable branches in pkparse.c --- library/pkparse.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index e28ddbe0c..a7d2c8bbb 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1080,12 +1080,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - { - mbedtls_pem_free( &pem ); - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - } - + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), pem.buf, pem.buflen ) ) != 0 ) @@ -1115,11 +1110,7 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, key, pwd, pwdlen, &len ); if( ret == 0 ) { - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) - { - mbedtls_pem_free( &pem ); - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); - } + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), From 9be1926b699847f74cc68871f09207e05c7acc49 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 8 Sep 2017 12:39:44 +0100 Subject: [PATCH 256/493] Correct parsing checks in `mbedtls_pk_parse_key` Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`. --- library/pkparse.c | 22 ++++++++++++++-------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index a7d2c8bbb..a06d952a9 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1222,29 +1222,35 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk, mbedtls_pk_free( pk ); #if defined(MBEDTLS_RSA_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 ) + ( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), + key, keylen ) ) != 0 ) + { + mbedtls_pk_free( pk ); + } + else { return( 0 ); } - mbedtls_pk_free( pk ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_ECP_C) - if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL ) - return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); + pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ); if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 || - ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 ) + ( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), + key, keylen ) ) != 0 ) + { + mbedtls_pk_free( pk ); + } + else { return( 0 ); } - mbedtls_pk_free( pk ); #endif /* MBEDTLS_ECP_C */ return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); From 6c13d37961288dbd5b3e8627ec5cf1b367635f4c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 12:49:22 +0100 Subject: [PATCH 257/493] Extend cert_write example program by multiple cmd line options This commit adds the following command line options to programs/x509/cert_write: - version (val 1, 2, 3): Set the certificate's version (v1, v2, v3) - authority_identifier (val 0, 1): Enable or disable the addition of the authority identifier extension. - subject_identifier (val 0, 1): Enable or disable the addition of the subject identifier extension. - basic_constraints (val 0, 1): Enable or disable the addition of the basic constraints extension. - md (val MD5, SHA1, SHA256, SHA512): Set the hash function used when creating the CRT. --- programs/x509/cert_write.c | 161 +++++++++++++++++++++++++++++-------- 1 file changed, 127 insertions(+), 34 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 66e5f1dab..45fd059b0 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -51,6 +51,7 @@ int main( void ) #include "mbedtls/x509_csr.h" #include "mbedtls/entropy.h" #include "mbedtls/ctr_drbg.h" +#include "mbedtls/md.h" #include "mbedtls/error.h" #include @@ -83,6 +84,11 @@ int main( void ) #define DFL_MAX_PATHLEN -1 #define DFL_KEY_USAGE 0 #define DFL_NS_CERT_TYPE 0 +#define DFL_VERSION 3 +#define DFL_AUTH_IDENT 1 +#define DFL_SUBJ_IDENT 1 +#define DFL_CONSTRAINTS 1 +#define DFL_DIGEST MBEDTLS_MD_SHA256 #define USAGE \ "\n usage: cert_write param=<>...\n" \ @@ -109,6 +115,20 @@ int main( void ) " not_after=%%s default: 20301231235959\n"\ " is_ca=%%d default: 0 (disabled)\n" \ " max_pathlen=%%d default: -1 (none)\n" \ + " md=%%s default: SHA256\n" \ + " Supported values:\n" \ + " MD5, SHA1, SHA256, SHA512\n"\ + " version=%%d default: 3\n" \ + " Possible values: 1, 2, 3\n"\ + " subject_identifier default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " authority_identifier default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " basic_constraints default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ " key_usage=%%s default: (empty)\n" \ " Comma-separated-list of values:\n" \ " digital_signature\n" \ @@ -118,6 +138,7 @@ int main( void ) " key_agreement\n" \ " key_cert_sign\n" \ " crl_sign\n" \ + " (Considered for v3 only)\n"\ " ns_cert_type=%%s default: (empty)\n" \ " Comma-separated-list of values:\n" \ " ssl_client\n" \ @@ -149,6 +170,11 @@ struct options int selfsign; /* selfsign the certificate */ int is_ca; /* is a CA certificate */ int max_pathlen; /* maximum CA path length */ + int authority_identifier; /* add authority identifier id to CRT */ + int subject_identifier; /* add subject identifier id to CRT */ + int basic_constraints; /* add basic constraints ext to CRT */ + int version; /* CRT version */ + mbedtls_md_type_t md; /* Hash used for signing */ unsigned char key_usage; /* key usage flags */ unsigned char ns_cert_type; /* NS cert type */ } opt; @@ -207,7 +233,6 @@ int main( int argc, char *argv[] ) * Set to sane values */ mbedtls_x509write_crt_init( &crt ); - mbedtls_x509write_crt_set_md_alg( &crt, MBEDTLS_MD_SHA256 ); mbedtls_pk_init( &loaded_issuer_key ); mbedtls_pk_init( &loaded_subject_key ); mbedtls_mpi_init( &serial ); @@ -243,6 +268,11 @@ int main( int argc, char *argv[] ) opt.max_pathlen = DFL_MAX_PATHLEN; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; + opt.version = DFL_VERSION; + opt.md = DFL_DIGEST; + opt.subject_identifier = DFL_SUBJ_IDENT; + opt.authority_identifier = DFL_AUTH_IDENT; + opt.basic_constraints = DFL_CONSTRAINTS; for( i = 1; i < argc; i++ ) { @@ -286,6 +316,52 @@ int main( int argc, char *argv[] ) { opt.serial = q; } + else if( strcmp( p, "authority_identifier" ) == 0 ) + { + opt.authority_identifier = atoi( q ); + if( opt.authority_identifier != 0 && + opt.authority_identifier != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "subject_identifier" ) == 0 ) + { + opt.subject_identifier = atoi( q ); + if( opt.subject_identifier != 0 && + opt.subject_identifier != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "basic_constraints" ) == 0 ) + { + opt.basic_constraints = atoi( q ); + if( opt.basic_constraints != 0 && + opt.basic_constraints != 1 ) + { + goto usage; + } + } + else if( strcmp( p, "md" ) == 0 ) + { + if( strcmp( q, "SHA1" ) == 0 ) + opt.md = MBEDTLS_MD_SHA1; + else if( strcmp( q, "SHA256" ) == 0 ) + opt.md = MBEDTLS_MD_SHA256; + else if( strcmp( q, "SHA512" ) == 0 ) + opt.md = MBEDTLS_MD_SHA512; + else if( strcmp( q, "MD5" ) == 0 ) + opt.md = MBEDTLS_MD_MD5; + else + goto usage; + } + else if( strcmp( p, "version" ) == 0 ) + { + opt.version = atoi( q ); + if( opt.version < 1 || opt.version > 3 ) + goto usage; + } else if( strcmp( p, "selfsign" ) == 0 ) { opt.selfsign = atoi( q ); @@ -540,6 +616,9 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting certificate values ..." ); fflush( stdout ); + mbedtls_x509write_crt_set_version( &crt, opt.version - 1 ); + mbedtls_x509write_crt_set_md_alg( &crt, opt.md ); + ret = mbedtls_x509write_crt_set_serial( &crt, &serial ); if( ret != 0 ) { @@ -558,49 +637,63 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); - mbedtls_printf( " . Adding the Basic Constraints extension ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca, - opt.max_pathlen ); - if( ret != 0 ) + if( opt.version == 3 && opt.basic_constraints ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; - } + mbedtls_printf( " . Adding the Basic Constraints extension ..." ); + fflush( stdout ); - mbedtls_printf( " ok\n" ); + ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca, + opt.max_pathlen ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " + "returned -0x%02x - %s\n\n", -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } #if defined(MBEDTLS_SHA1_C) - mbedtls_printf( " . Adding the Subject Key Identifier ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt ); - if( ret != 0 ) + if( opt.version == 3 && opt.subject_identifier ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; + mbedtls_printf( " . Adding the Subject Key Identifier ..." ); + fflush( stdout ); + + ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" + "_key_identifier returned -0x%02x - %s\n\n", + -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); } - mbedtls_printf( " ok\n" ); - - mbedtls_printf( " . Adding the Authority Key Identifier ..." ); - fflush( stdout ); - - ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt ); - if( ret != 0 ) + if( opt.version == 3 && opt.authority_identifier ) { - mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf ); - goto exit; - } + mbedtls_printf( " . Adding the Authority Key Identifier ..." ); + fflush( stdout ); - mbedtls_printf( " ok\n" ); + ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt ); + if( ret != 0 ) + { + mbedtls_strerror( ret, buf, 1024 ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" + "key_identifier returned -0x%02x - %s\n\n", + -ret, buf ); + goto exit; + } + + mbedtls_printf( " ok\n" ); + } #endif /* MBEDTLS_SHA1_C */ - if( opt.key_usage ) + if( opt.version == 3 && opt.key_usage ) { mbedtls_printf( " . Adding the Key Usage extension ..." ); fflush( stdout ); @@ -616,7 +709,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.ns_cert_type ) + if( opt.version == 3 && opt.ns_cert_type ) { mbedtls_printf( " . Adding the NS Cert Type extension ..." ); fflush( stdout ); From 418a62242b57248846d9136de89e34ac84a38cad Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 14 Sep 2017 07:51:28 +0100 Subject: [PATCH 258/493] Extend tests/data_files/Makefile to include CRT's for CRT write test --- tests/data_files/Makefile | 74 ++++++++++++++++++- .../server1.cert_type.crt.openssl.v3_ext | 5 ++ .../data_files/server1.cert_type_noauthid.crt | 20 +++++ tests/data_files/server1.crt.openssl.v3_ext | 4 + tests/data_files/server1.csr | 16 ++++ .../server1.key_usage.crt.openssl.v3_ext | 5 ++ .../data_files/server1.key_usage_noauthid.crt | 20 +++++ tests/data_files/server1.noauthid.crt | 19 +++++ tests/data_files/server1_csr.opensslconf | 10 +++ tests/data_files/test-ca.server1.opensslconf | 18 +++++ tests/suites/test_suite_x509write.data | 24 +++++- tests/suites/test_suite_x509write.function | 63 ++++++++++++++-- 12 files changed, 265 insertions(+), 13 deletions(-) create mode 100644 tests/data_files/server1.cert_type.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.cert_type_noauthid.crt create mode 100644 tests/data_files/server1.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.csr create mode 100644 tests/data_files/server1.key_usage.crt.openssl.v3_ext create mode 100644 tests/data_files/server1.key_usage_noauthid.crt create mode 100644 tests/data_files/server1.noauthid.crt create mode 100644 tests/data_files/server1_csr.opensslconf create mode 100644 tests/data_files/test-ca.server1.opensslconf diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f7826d435..f90654574 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -12,6 +12,7 @@ ## Tools OPENSSL ?= openssl +MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a @@ -30,6 +31,7 @@ all_final := # files used by tests #### Generate certificates from existing keys ################################################################ +test_ca_crt = test-ca.crt test_ca_key_file_rsa = test-ca.key test_ca_pwd_rsa = PolarSSLTest test_ca_config_file = test-ca.opensslconf @@ -64,7 +66,77 @@ server2-sha256.crt: server2-rsa.csr $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@ all_final += server2-sha256.crt +### Generate certificates for CRT write check tests +### The test files use the Mbed TLS generated certificates server1*.crt, +### but for comparison with OpenSSL also rules for OpenSSL-generated +### certificates server1*.crt.openssl are offered. +### +### Known differences: +### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension +### as unused bits, while Mbed TLS doesn't. +test_ca_server1_db = test-ca.server1.db +test_ca_server1_serial = test-ca.server1.serial +test_ca_server1_config_file = test-ca.server1.opensslconf + +server1.csr: server1.key server1_csr.opensslconf + $(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new +all_final += server1.csr + +server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ +server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ +server1.der: server1.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.crt server1.noauthid.crt server1.der + +server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ +server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@ +server1.key_usage.der: server1.key_usage.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der + +server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@ +server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@ +server1.cert_type.der: server1.cert_type.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der + +server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) + $(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@ +server1.v1.der: server1.v1.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server1.v1.crt server1.v1.der + +# OpenSSL-generated certificates for comparison +# Also provide certificates to DER format to allow +# direct binary comparison using e.g. dumpasn1 +server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) + echo "01" > $(test_ca_server1_serial) + rm -f $(test_ca_server1_db) + touch $(test_ca_server1_db) + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@ +server1.der.openssl: server1.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +server1.key_usage.der.openssl: server1.key_usage.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +server1.cert_type.der.openssl: server1.cert_type.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ + +server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) + echo "01" > $(test_ca_server1_serial) + rm -f $(test_ca_server1_db) + touch $(test_ca_server1_db) + $(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@ +server1.v1.der.openssl: server1.v1.crt.openssl + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ + +server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl ################################################################ #### Meta targets @@ -73,7 +145,7 @@ all_final += server2-sha256.crt all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all +.PHONY: default all_final all server1_all # These files should not be committed to the repository. list_intermediate: diff --git a/tests/data_files/server1.cert_type.crt.openssl.v3_ext b/tests/data_files/server1.cert_type.crt.openssl.v3_ext new file mode 100644 index 000000000..bd225ff74 --- /dev/null +++ b/tests/data_files/server1.cert_type.crt.openssl.v3_ext @@ -0,0 +1,5 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +nsCertType=server diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt new file mode 100644 index 000000000..ed8b80baa --- /dev/null +++ b/tests/data_files/server1.cert_type_noauthid.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDMTCCAhmgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR +BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBABNT+r+6vvlpjtyz +mewrGOKPt5iwb8w2aReJ0AWuyQzTiduN26MhXq93cXHV0pHj2rD7MfiBEwBSWnf9 +FcxkE0g77GVyM9Vs9Uy/MspIqOce7JD0c36G4EI8lYce2TYwQLE9CGNl+LDxqkLy +prijXBl/FaD+IO/SNMr3VVnfFEZqPUxg+BSTaGgD+52Z7B4nPP0xGPjlW367RGDv +9dIkr1thve2WOeC9ixxl9K/864I7/0GdbgKSf77xl3/5vnQUOY7kugRvkvxWIgHS +HNVnmEN2I2Nb0M8lQNF1sFDbpFwVbh9CkBF5LJNesy0VWd67Ho6EntPEb7vBFF/x +jz0b2l4= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt.openssl.v3_ext b/tests/data_files/server1.crt.openssl.v3_ext new file mode 100644 index 000000000..239d56ac2 --- /dev/null +++ b/tests/data_files/server1.crt.openssl.v3_ext @@ -0,0 +1,4 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid diff --git a/tests/data_files/server1.csr b/tests/data_files/server1.csr new file mode 100644 index 000000000..804c4a551 --- /dev/null +++ b/tests/data_files/server1.csr @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb ++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr +eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 +3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm +TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF +ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.key_usage.crt.openssl.v3_ext b/tests/data_files/server1.key_usage.crt.openssl.v3_ext new file mode 100644 index 000000000..e255027ee --- /dev/null +++ b/tests/data_files/server1.key_usage.crt.openssl.v3_ext @@ -0,0 +1,5 @@ +[v3_ext] +basicConstraints = CA:false +subjectKeyIdentifier=hash +authorityKeyIdentifier=keyid +keyUsage=critical, digitalSignature, nonRepudiation, keyEncipherment diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt new file mode 100644 index 000000000..d66e51535 --- /dev/null +++ b/tests/data_files/server1.key_usage_noauthid.crt @@ -0,0 +1,20 @@ +-----BEGIN CERTIFICATE----- +MIIDLjCCAhagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO +BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBAJZRIISo4+rDvHXXaS43 +shfSkyJyur588mNJFzty1WVfhaIkwjMIGHeGlHS29fwgPsBUgelZ3Qv3J7wsm42+ +3BwQet0l36FIBIJtFhcrTGlaCFUo/5bZJUPGgiOFB9ec/8lOszVlX8cH34UimWqg +q2wXRGoXWPbuRnUWlJhI2bAv5ri9Mt7Rs4nK4wyS1ZjC8ByXMn4tk3yMjkUEqu0o +37zoQiF+FJApu0eTKK5goA2hisyfCX9eJMppAbcyvJwoj/AmiBkXW8J3kEMJtLmZ +VoxXYknnXumxBLxUrGuamR/3cmbaJHIHE1Dqox7hB+9miyp4lue1/uXHCocGAIeF +JTo= +-----END CERTIFICATE----- diff --git a/tests/data_files/server1.noauthid.crt b/tests/data_files/server1.noauthid.crt new file mode 100644 index 000000000..99c004f62 --- /dev/null +++ b/tests/data_files/server1.noauthid.crt @@ -0,0 +1,19 @@ +-----BEGIN CERTIFICATE----- +MIIDHjCCAgagAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER +MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G +A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ +uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD +d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf +CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr +lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w +bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB +oywwKjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAN +BgkqhkiG9w0BAQUFAAOCAQEAUMDKviuchRc4ICoVwi9LFyfQjxFQLgjnX1UYSqc5 +UptiJsDpbJ+TMbOhNBs7YRV7ju61J33ax1fqgcFWkc2M2Vsqzz9+3zJlQoQuOLxH +5C6v5/rhUEV9HMy3K5SIa/BVem9osWvMwDnB8g5k3wCZAnOuFcT6ttvzRqz6Oh9d +avozrYHsATzPXBal41Gf95cNVcJ1pn/JgE4EOijMqmAPldVbCqfXLl6TB0nJS6dm +q9z73DGrVQlOwmCVI+qD2POJI67LuQ0g6Y0WVMxsWilMppt+UrEknMzk4O4qOaUs +1B20vI/bN4XPDnw58psazdoBxFL+fAk5MbTNKETNHjBsIg== +-----END CERTIFICATE----- diff --git a/tests/data_files/server1_csr.opensslconf b/tests/data_files/server1_csr.opensslconf new file mode 100644 index 000000000..6e7075ea6 --- /dev/null +++ b/tests/data_files/server1_csr.opensslconf @@ -0,0 +1,10 @@ +[ req ] +distinguished_name = req_distinguished_name +prompt = no +# Restrict to non-UTF8 PrintableStrings. +string_mask = nombstr + +[ req_distinguished_name ] +C = NL +O = PolarSSL +CN = PolarSSL Server 1 diff --git a/tests/data_files/test-ca.server1.opensslconf b/tests/data_files/test-ca.server1.opensslconf new file mode 100644 index 000000000..4a5072eae --- /dev/null +++ b/tests/data_files/test-ca.server1.opensslconf @@ -0,0 +1,18 @@ + [ ca ] + default_ca = test-ca + + [ test-ca ] + certificate = test-ca.crt + private_key = test-ca.key + serial = test-ca.server1.serial + default_md = sha1 + default_startdate = 110212144406Z + default_enddate = 210212144406Z + new_certs_dir = ./ + database = ./test-ca.server1.db + policy = policy_match + + [policy_match] + countryName = supplied + organizationName = supplied + commonName = supplied diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index d4d2a98ce..5b54d8588 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -44,19 +44,35 @@ x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS Certificate write check Server1 SHA1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:-1:"data_files/server1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0 Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0 Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt" +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0 + +Certificate write check Server1 SHA1, RSA_ALT +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, key_usage +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1 + +Certificate write check Server1 SHA1, RSA_ALT, version 1 +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 89be31f9a..0b6e60220 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -3,6 +3,30 @@ #include "mbedtls/x509_csr.h" #include "mbedtls/pem.h" #include "mbedtls/oid.h" +#include "mbedtls/rsa.h" + +#if defined(MBEDTLS_RSA_C) +int mbedtls_rsa_decrypt_func( void *ctx, int mode, size_t *olen, + const unsigned char *input, unsigned char *output, + size_t output_max_len ) +{ + return( mbedtls_rsa_pkcs1_decrypt( (mbedtls_rsa_context *) ctx, NULL, NULL, mode, olen, + input, output, output_max_len ) ); +} +int mbedtls_rsa_sign_func( void *ctx, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, + int mode, mbedtls_md_type_t md_alg, unsigned int hashlen, + const unsigned char *hash, unsigned char *sig ) +{ + return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, mode, + md_alg, hashlen, hash, sig ) ); +} +size_t mbedtls_rsa_key_len_func( void *ctx ) +{ + return( ((const mbedtls_rsa_context *) ctx)->len ); +} +#endif /* MBEDTLS_RSA_C */ + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -75,10 +99,12 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, - int md_type, int key_usage, int cert_type, int ver, - char *cert_check_file ) + int md_type, int key_usage, int cert_type, int auth_ident, + int ver, char *cert_check_file, int rsa_alt ) { - mbedtls_pk_context subject_key, issuer_key; + mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; + mbedtls_pk_context *key = &issuer_key; + mbedtls_x509write_cert crt; unsigned char buf[4096]; unsigned char check_buf[5000]; @@ -91,18 +117,36 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, memset( &rnd_info, 0x2a, sizeof( rnd_pseudo_info ) ); mbedtls_mpi_init( &serial ); + mbedtls_pk_init( &subject_key ); - mbedtls_pk_init( &issuer_key ); + mbedtls_pk_init( &issuer_key ); + mbedtls_pk_init( &issuer_key_alt ); + + mbedtls_x509write_crt_init( &crt ); TEST_ASSERT( mbedtls_pk_parse_keyfile( &subject_key, subject_key_file, subject_pwd ) == 0 ); + TEST_ASSERT( mbedtls_pk_parse_keyfile( &issuer_key, issuer_key_file, issuer_pwd ) == 0 ); + + /* For RSA PK contexts, create a copy as an alternative RSA context. */ + if( rsa_alt == 1 && mbedtls_pk_get_type( &issuer_key ) == MBEDTLS_PK_RSA ) + { + TEST_ASSERT( mbedtls_pk_setup_rsa_alt( &issuer_key_alt, + mbedtls_pk_rsa( issuer_key ), + mbedtls_rsa_decrypt_func, + mbedtls_rsa_sign_func, + mbedtls_rsa_key_len_func ) == 0 ); + + key = &issuer_key_alt; + } + TEST_ASSERT( mbedtls_mpi_read_string( &serial, 10, serial_str ) == 0 ); - mbedtls_x509write_crt_init( &crt ); if( ver != -1 ) mbedtls_x509write_crt_set_version( &crt, ver ); + TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, not_after ) == 0 ); @@ -110,13 +154,15 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); mbedtls_x509write_crt_set_subject_key( &crt, &subject_key ); - mbedtls_x509write_crt_set_issuer_key( &crt, &issuer_key ); + + mbedtls_x509write_crt_set_issuer_key( &crt, key ); if( crt.version >= MBEDTLS_X509_CRT_VERSION_3 ) { TEST_ASSERT( mbedtls_x509write_crt_set_basic_constraints( &crt, 0, 0 ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 ); - TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); + if( auth_ident ) + TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); if( key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); if( cert_type != 0 ) @@ -151,8 +197,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, exit: mbedtls_x509write_crt_free( &crt ); - mbedtls_pk_free( &issuer_key ); + mbedtls_pk_free( &issuer_key_alt ); mbedtls_pk_free( &subject_key ); + mbedtls_pk_free( &issuer_key ); mbedtls_mpi_free( &serial ); } /* END_CASE */ From fc7714480207fa19b3b7e4161e89dd6028e50b52 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 08:45:48 +0100 Subject: [PATCH 259/493] Fix extraction of signature-type from PK context instance --- library/x509write_crt.c | 10 ++++++++-- library/x509write_csr.c | 21 ++++++++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 4d674abcf..0e5827e85 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -313,9 +313,15 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, c = tmp_buf + sizeof( tmp_buf ); /* Signature algorithm needed in TBS, and later for actual signature */ - pk_alg = mbedtls_pk_get_type( ctx->issuer_key ); - if( pk_alg == MBEDTLS_PK_ECKEY ) + + /* There's no direct way of extracting a signature algorithm + * (represented as an element of mbedtls_pk_type_t) from a PK instance. */ + if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) ) + pk_alg = MBEDTLS_PK_RSA; + else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; + else + pk_alg = MBEDTLS_PK_NONE; if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index 8fd856b2a..fd22c2890 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -194,14 +194,21 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s */ mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash ); - pk_alg = mbedtls_pk_get_type( ctx->key ); - if( pk_alg == MBEDTLS_PK_ECKEY ) - pk_alg = MBEDTLS_PK_ECDSA; - if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len, - f_rng, p_rng ) ) != 0 || - ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + f_rng, p_rng ) ) != 0 ) + { + return( ret ); + } + + if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) ) + pk_alg = MBEDTLS_PK_RSA; + else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) + pk_alg = MBEDTLS_PK_ECDSA; + else + pk_alg = MBEDTLS_PK_NONE; + + if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } From d7f3520360d37080dc3a44ec4b7c0a370aea8a3b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 12:00:15 +0100 Subject: [PATCH 260/493] Don't add extensions for X.509 non-v3 certificates This commit removes extension-writing code for X.509 non-v3 certificates from mbedtls_x509write_crt_der. Previously, even if no extensions were present an empty sequence would have been added. --- library/x509write_crt.c | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 0e5827e85..c970b6ff0 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -332,13 +332,18 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension */ - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + + /* Only for v3 */ + if( ctx->version == 2 ) + { + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | + MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 3 ) ); + } /* * SubjectPublicKeyInfo From 476986547b5658657749017be6b0754220f66130 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 11:59:26 +0100 Subject: [PATCH 261/493] Omit version from X.509 v1 certificates The version field in an X.509 certificate is optional and defaults to v1, so it may be omitted in this case. --- library/x509write_crt.c | 19 ++++++++++++------- tests/data_files/server1.v1.crt | 32 ++++++++++++++++---------------- 2 files changed, 28 insertions(+), 23 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index c970b6ff0..8e4bc35b4 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -395,16 +395,21 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, /* * Version ::= INTEGER { v1(0), v2(1), v3(2) } */ - sub_len = 0; - MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); - len += sub_len; - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); - MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | - MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + + /* Can be omitted for v1 */ + if( ctx->version > 0 ) + { + sub_len = 0; + MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); + len += sub_len; + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) ); + MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC | + MBEDTLS_ASN1_CONSTRUCTED | 0 ) ); + } MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED | - MBEDTLS_ASN1_SEQUENCE ) ); + MBEDTLS_ASN1_SEQUENCE ) ); /* * Make signature diff --git a/tests/data_files/server1.v1.crt b/tests/data_files/server1.v1.crt index 0a4b2a5cc..b13be4351 100644 --- a/tests/data_files/server1.v1.crt +++ b/tests/data_files/server1.v1.crt @@ -1,18 +1,18 @@ -----BEGIN CERTIFICATE----- -MIIC9DCCAdygAwIBAAIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/ -uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD -d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf -CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr -lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w -bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB -owIwADANBgkqhkiG9w0BAQUFAAOCAQEAoZVuVi7bIslKgMJhejSFXiO+ICMz1fmK -b0tPN68mRYhI/gsjRT0cmX6GUNrg+U5mcBWhMwHgyvx1CARU4YToKZxcXGNL0DPd -Z1hF8nCrJCZBQvNuWE7s0ufw92xz5ZfuKkVxi94RYR529F6gzgl4rpX8UQVu2ym/ -9pTlHKr4MKi9LNppyJMS89uRcb2FJFMdhAKbhNtbIjI9qGZ7x//0belAaWhq389u -6XWFnZt35PU6Zz6YbAQ5pjZYsTaohuufgrpOlFPUuc4uR+RfGHIQ6id12lZaQC2m -OFIBDcU0x1cFfPfMgVdBLf6klPt/v/tD77mwx0eztSp28NIf+ACw8A== +MIIC6zCCAdMCAQEwDQYJKoZIhvcNAQEFBQAwOzELMAkGA1UEBhMCTkwxETAPBgNV +BAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4XDTExMDIx +MjE0NDQwNloXDTIxMDIxMjE0NDQwNlowPDELMAkGA1UEBhMCTkwxETAPBgNVBAoT +CFBvbGFyU1NMMRowGAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZI +hvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb +7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJ +BEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8Yw +fhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5B +Xhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1Y +ieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAATANBgkq +hkiG9w0BAQUFAAOCAQEAPMRfR9ql7b06b5DdNyJhD96lBzuVSUOW2MgVHT2Vs7NB +tk5L1htpA5N4uaIeyt6YM0xU0nHdHUKaywNcDiXcnzvRoctGWiWdpcEvdA0rYRF5 +T4MGPpjEuLJcG3aTU8mV8wUEbrY6IEnSpC1G9iasjhkwAF7pb/Ic8+/riwmPD/Fh +zBrRfBCgi5VXbX9IvY+yQHRVRal8y+n4eh9/hFxBKDbvuidFropGzcuparEwCIRi +U7L/7aZ3A5wsQp9GPDliSjpeYCf5tok/bvjG4xU041pGQ7yVNpu2mEIoqDz9v+Ay +IKqsWradEnFG/1ov78a2RB+2+iIPE4iCDtmKUkgPjQ== -----END CERTIFICATE----- From 81535d00115cbe3d8474c85cdaf71ec1e61cd267 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Sep 2017 15:39:59 +0100 Subject: [PATCH 262/493] Minor style and typo corrections --- library/x509write_crt.c | 14 +- library/x509write_csr.c | 4 +- programs/x509/cert_write.c | 161 ++++++++++++--------- tests/data_files/Makefile | 2 +- tests/suites/test_suite_x509write.function | 16 +- 5 files changed, 107 insertions(+), 90 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 8e4bc35b4..0611cc847 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -51,7 +51,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx ) { - memset( ctx, 0, sizeof(mbedtls_x509write_cert) ); + memset( ctx, 0, sizeof( mbedtls_x509write_cert ) ); mbedtls_mpi_init( &ctx->serial ); ctx->version = MBEDTLS_X509_CRT_VERSION_3; @@ -65,7 +65,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx ) mbedtls_asn1_free_named_data_list( &ctx->issuer ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) ); } void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version ) @@ -193,14 +193,14 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * { int ret; unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */ - unsigned char *c = buf + sizeof(buf); + unsigned char *c = buf + sizeof( buf ); size_t len = 0; memset( buf, 0, sizeof(buf) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) ); - mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 ); - c = buf + sizeof(buf) - 20; + mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 ); + c = buf + sizeof( buf ) - 20; len = 20; MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) ); @@ -212,7 +212,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert * return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER, MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ), - 0, buf + sizeof(buf) - len, len ); + 0, buf + sizeof( buf ) - len, len ); } #endif /* MBEDTLS_SHA1_C */ @@ -324,7 +324,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, pk_alg = MBEDTLS_PK_NONE; if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, - &sig_oid, &sig_oid_len ) ) != 0 ) + &sig_oid, &sig_oid_len ) ) != 0 ) { return( ret ); } diff --git a/library/x509write_csr.c b/library/x509write_csr.c index fd22c2890..da40eb5c1 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -50,7 +50,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx ) { - memset( ctx, 0, sizeof(mbedtls_x509write_csr) ); + memset( ctx, 0, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) @@ -58,7 +58,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx ) mbedtls_asn1_free_named_data_list( &ctx->subject ); mbedtls_asn1_free_named_data_list( &ctx->extensions ); - mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) ); + mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) ); } void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg ) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 45fd059b0..6504dcd62 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -60,9 +60,9 @@ int main( void ) #if defined(MBEDTLS_X509_CSR_PARSE_C) #define USAGE_CSR \ - " request_file=%%s default: (empty)\n" \ - " If request_file is specified, subject_key,\n" \ - " subject_pwd and subject_name are ignored!\n" + " request_file=%%s default: (empty)\n" \ + " If request_file is specified, subject_key,\n" \ + " subject_pwd and subject_name are ignored!\n" #else #define USAGE_CSR "" #endif /* MBEDTLS_X509_CSR_PARSE_C */ @@ -94,60 +94,60 @@ int main( void ) "\n usage: cert_write param=<>...\n" \ "\n acceptable parameters:\n" \ USAGE_CSR \ - " subject_key=%%s default: subject.key\n" \ - " subject_pwd=%%s default: (empty)\n" \ - " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ + " subject_key=%%s default: subject.key\n" \ + " subject_pwd=%%s default: (empty)\n" \ + " subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \ "\n" \ - " issuer_crt=%%s default: (empty)\n" \ - " If issuer_crt is specified, issuer_name is\n" \ - " ignored!\n" \ - " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ + " issuer_crt=%%s default: (empty)\n" \ + " If issuer_crt is specified, issuer_name is\n" \ + " ignored!\n" \ + " issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \ "\n" \ - " selfsign=%%d default: 0 (false)\n" \ - " If selfsign is enabled, issuer_name and\n" \ - " issuer_key are required (issuer_crt and\n" \ - " subject_* are ignored\n" \ - " issuer_key=%%s default: ca.key\n" \ - " issuer_pwd=%%s default: (empty)\n" \ - " output_file=%%s default: cert.crt\n" \ - " serial=%%s default: 1\n" \ - " not_before=%%s default: 20010101000000\n"\ - " not_after=%%s default: 20301231235959\n"\ - " is_ca=%%d default: 0 (disabled)\n" \ - " max_pathlen=%%d default: -1 (none)\n" \ - " md=%%s default: SHA256\n" \ - " Supported values:\n" \ - " MD5, SHA1, SHA256, SHA512\n"\ - " version=%%d default: 3\n" \ - " Possible values: 1, 2, 3\n"\ - " subject_identifier default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " authority_identifier default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " basic_constraints default: 1\n" \ - " Possible values: 0, 1\n" \ - " (Considered for v3 only)\n"\ - " key_usage=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " digital_signature\n" \ - " non_repudiation\n" \ - " key_encipherment\n" \ - " data_encipherment\n" \ - " key_agreement\n" \ - " key_cert_sign\n" \ - " crl_sign\n" \ - " (Considered for v3 only)\n"\ - " ns_cert_type=%%s default: (empty)\n" \ - " Comma-separated-list of values:\n" \ - " ssl_client\n" \ - " ssl_server\n" \ - " email\n" \ - " object_signing\n" \ - " ssl_ca\n" \ - " email_ca\n" \ - " object_signing_ca\n" \ + " selfsign=%%d default: 0 (false)\n" \ + " If selfsign is enabled, issuer_name and\n" \ + " issuer_key are required (issuer_crt and\n" \ + " subject_* are ignored\n" \ + " issuer_key=%%s default: ca.key\n" \ + " issuer_pwd=%%s default: (empty)\n" \ + " output_file=%%s default: cert.crt\n" \ + " serial=%%s default: 1\n" \ + " not_before=%%s default: 20010101000000\n"\ + " not_after=%%s default: 20301231235959\n"\ + " is_ca=%%d default: 0 (disabled)\n" \ + " max_pathlen=%%d default: -1 (none)\n" \ + " md=%%s default: SHA256\n" \ + " Supported values:\n" \ + " MD5, SHA1, SHA256, SHA512\n"\ + " version=%%d default: 3\n" \ + " Possible values: 1, 2, 3\n"\ + " subject_identifier=%%s default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " authority_identifier=%%s default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " basic_constraints=%%d default: 1\n" \ + " Possible values: 0, 1\n" \ + " (Considered for v3 only)\n"\ + " key_usage=%%s default: (empty)\n" \ + " Comma-separated-list of values:\n" \ + " digital_signature\n" \ + " non_repudiation\n" \ + " key_encipherment\n" \ + " data_encipherment\n" \ + " key_agreement\n" \ + " key_cert_sign\n" \ + " crl_sign\n" \ + " (Considered for v3 only)\n"\ + " ns_cert_type=%%s default: (empty)\n" \ + " Comma-separated-list of values:\n" \ + " ssl_client\n" \ + " ssl_server\n" \ + " email\n" \ + " object_signing\n" \ + " ssl_ca\n" \ + " email_ca\n" \ + " object_signing_ca\n" \ "\n" /* @@ -189,7 +189,8 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file, size_t len = 0; memset( output_buf, 0, 4096 ); - if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 ) + if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, + f_rng, p_rng ) ) < 0 ) return( ret ); len = strlen( (char *) output_buf ); @@ -452,7 +453,8 @@ int main( int argc, char *argv[] ) strlen( pers ) ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", + ret, buf ); goto exit; } @@ -466,7 +468,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -485,7 +488,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -494,7 +498,8 @@ int main( int argc, char *argv[] ) if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -517,7 +522,8 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -526,7 +532,8 @@ int main( int argc, char *argv[] ) if( ret < 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -550,7 +557,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -565,7 +573,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " + "returned -x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -579,7 +588,8 @@ int main( int argc, char *argv[] ) mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E, &mbedtls_pk_rsa( *issuer_key )->E ) != 0 ) { - mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" ); + mbedtls_printf( " failed\n ! issuer_key does not match " + "issuer certificate\n\n" ); ret = -1; goto exit; } @@ -602,14 +612,16 @@ int main( int argc, char *argv[] ) if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -623,7 +635,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -631,7 +644,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -702,7 +716,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -718,7 +733,8 @@ int main( int argc, char *argv[] ) if( ret != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " + "returned -0x%02x - %s\n\n", -ret, buf ); goto exit; } @@ -735,7 +751,8 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf ); + mbedtls_printf( " failed\n ! write_certificate -0x%02x - %s\n\n", + -ret, buf ); goto exit; } diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index f90654574..3bd2c3591 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -114,7 +114,7 @@ server1.v1.der: server1.v1.crt all_final += server1.v1.crt server1.v1.der # OpenSSL-generated certificates for comparison -# Also provide certificates to DER format to allow +# Also provide certificates in DER format to allow # direct binary comparison using e.g. dumpasn1 server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file) echo "01" > $(test_ca_server1_serial) diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index 0b6e60220..ca76e861d 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -63,7 +63,7 @@ void x509_csr_check( char *key_file, char *cert_req_check_file, if( cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); - ret = mbedtls_x509write_csr_pem( &req, buf, sizeof(buf), + ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); @@ -149,7 +149,7 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_serial( &crt, &serial ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_validity( &crt, not_before, - not_after ) == 0 ); + not_after ) == 0 ); mbedtls_x509write_crt_set_md_alg( &crt, md_type ); TEST_ASSERT( mbedtls_x509write_crt_set_issuer_name( &crt, issuer_name ) == 0 ); TEST_ASSERT( mbedtls_x509write_crt_set_subject_name( &crt, subject_name ) == 0 ); @@ -169,30 +169,30 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); } - ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof(buf), - rnd_pseudo_rand, &rnd_info ); + ret = mbedtls_x509write_crt_pem( &crt, buf, sizeof( buf ), + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == 0 ); pem_len = strlen( (char *) buf ); f = fopen( cert_check_file, "r" ); TEST_ASSERT( f != NULL ); - olen = fread( check_buf, 1, sizeof(check_buf), f ); + olen = fread( check_buf, 1, sizeof( check_buf ), f ); fclose( f ); - TEST_ASSERT( olen < sizeof(check_buf) ); + TEST_ASSERT( olen < sizeof( check_buf ) ); TEST_ASSERT( olen >= pem_len - 1 ); TEST_ASSERT( memcmp( buf, check_buf, pem_len - 1 ) == 0 ); der_len = mbedtls_x509write_crt_der( &crt, buf, sizeof( buf ), - rnd_pseudo_rand, &rnd_info ); + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( der_len >= 0 ); if( der_len == 0 ) goto exit; ret = mbedtls_x509write_crt_der( &crt, buf, (size_t)( der_len - 1 ), - rnd_pseudo_rand, &rnd_info ); + rnd_pseudo_rand, &rnd_info ); TEST_ASSERT( ret == MBEDTLS_ERR_ASN1_BUF_TOO_SMALL ); exit: From 45037ceac5b8c17f279f4e5e2e737abbc187b5d6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 25 Aug 2017 11:03:34 +0100 Subject: [PATCH 263/493] Add check for presence of relevant parameters in mbedtls_rsa_private If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is not used, check for N, P, Q, D, E only. --- library/rsa.c | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 903a57ca3..3dde6edbf 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1202,14 +1202,28 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - /* Make sure we have private key info, prevent possible misuse */ - if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL ) + /* Sanity-check that all relevant fields are at least set, + * but don't perform a full keycheck. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#if !defined(MBEDTLS_RSA_NO_CRT) + if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); - if( f_rng != NULL ) { #if defined(MBEDTLS_RSA_NO_CRT) From d4a872ee678ece252f052087564eb69c62871782 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 7 Sep 2017 08:09:33 +0100 Subject: [PATCH 264/493] Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained about the macro occurring in a comment in `entropy.c` without being defined in a library file. --- library/entropy.c | 2 +- tests/suites/helpers.function | 2 +- tests/suites/test_suite_entropy.function | 6 +++--- tests/suites/test_suite_rsa.function | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/library/entropy.c b/library/entropy.c index 10449b8d0..7c0915676 100644 --- a/library/entropy.c +++ b/library/entropy.c @@ -83,7 +83,7 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx ) mbedtls_havege_init( &ctx->havege_data ); #endif - /* Reminder: Update MBEDTLS_ENTROPY_HAVE_STRONG in the test files + /* Reminder: Update ENTROPY_HAVE_STRONG in the test files * when adding more strong entropy sources here. */ #if defined(MBEDTLS_TEST_NULL_ENTROPY) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 39cd3c768..d36746789 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -113,7 +113,7 @@ static int test_errors = 0; defined(MBEDTLS_HAVEGE_C) || \ defined(MBEDTLS_ENTROPY_HARDWARE_ALT) || \ defined(ENTROPY_NV_SEED) ) ) -#define MBEDTLS_ENTROPY_HAVE_STRONG +#define ENTROPY_HAVE_STRONG #endif diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function index 7983c767e..2bab796d1 100644 --- a/tests/suites/test_suite_entropy.function +++ b/tests/suites/test_suite_entropy.function @@ -163,7 +163,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */ void entropy_func_len( int len, int ret ) { mbedtls_entropy_context ctx; @@ -224,7 +224,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG */ void entropy_threshold( int threshold, int chunk_size, int result ) { mbedtls_entropy_context ctx; @@ -377,7 +377,7 @@ void entropy_nv_seed( char *read_seed_str ) } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ +/* BEGIN_CASE depends_on:ENTROPY_HAVE_STRONG:MBEDTLS_SELF_TEST */ void entropy_selftest( int result ) { TEST_ASSERT( mbedtls_entropy_self_test( 1 ) == result ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f41b14cc3..270e2d989 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -659,7 +659,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_HAVE_STRONG */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) { mbedtls_rsa_context ctx; From 2fad94b1931dfb3a86f257bda10a1edc1e3d364d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 15:11:59 +0100 Subject: [PATCH 265/493] Dont send alert on invalid DTLS record type Do not send fatal alerts when receiving a record with an invalid header while running DTLS as this is not compliant behaviour. --- library/ssl_tls.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..7dd55bf4b 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3493,8 +3493,13 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); - mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, - MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) +#endif /* MBEDTLS_SSL_PROTO_DTLS */ + mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, + MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE ); + return( MBEDTLS_ERR_SSL_INVALID_RECORD ); } From 06fc6650f455669e8daf27af0e393717cbef8397 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 26 Jun 2017 15:19:26 +0100 Subject: [PATCH 266/493] Add ChangeLog entry --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..802e30c24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x released xxxx-xx-xx + +Bugfix + * Fix ssl_parse_record_header() to not send a fatal alert message upon + receiving an invalid record when running DTLS as this is not compliant + behaviour. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From f569f701c225770688041c114f81dd3f09be5404 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 09:25:10 +0100 Subject: [PATCH 267/493] Fix ChangeLog entry --- ChangeLog | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 802e30c24..e199682ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,8 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x released xxxx-xx-xx Bugfix - * Fix ssl_parse_record_header() to not send a fatal alert message upon - receiving an invalid record when running DTLS as this is not compliant - behaviour. + * Fix ssl_parse_record_header() to silently discard invalid DTLS records + as recommended in RFC 6347 Section 4.1.2.7. = mbed TLS 2.6.0 branch released 2017-08-10 From 01692531c6c624524aa9736c2b174a84c4873ef7 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 28 Jun 2017 09:26:46 +0100 Subject: [PATCH 268/493] Document code silently discarding invalid records --- library/ssl_tls.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 7dd55bf4b..b388156df 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -3495,6 +3495,8 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl ) MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) ); #if defined(MBEDTLS_SSL_PROTO_DTLS) + /* Silently ignore invalid DTLS records as recommended by RFC 6347 + * Section 4.1.2.7 */ if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM ) #endif /* MBEDTLS_SSL_PROTO_DTLS */ mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL, From 5175ac6e133ad9569959bd18001337a46c946c15 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:36:25 +0100 Subject: [PATCH 269/493] Add tests for disabled MFL-extension to all.sh This commit adds a build with default config except MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related tests in ssl-opt.sh. --- tests/scripts/all.sh | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4..258141dff 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -413,6 +413,16 @@ scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib +msg "build: default config except MFL extension (ASan build)" # ~ 30s +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: ssl-opt.sh, MFL-related tests" +tests/ssl-opt.sh -f "Max fragment length" + msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -628,4 +638,3 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup - From e4ad3e880309a6d52dc7e8733ee002b6bff4aacc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:05:46 +0100 Subject: [PATCH 270/493] Allow requests of size larger than 16384 in ssl_client2 --- programs/ssl/ssl_client2.c | 26 +++++++++++++++++++------- 1 file changed, 19 insertions(+), 7 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5032a9f3d..8e2feb1a1 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -63,6 +63,9 @@ int main( void ) #include #include +#define MAX_REQUEST_SIZE 20000 +#define MAX_REQUEST_SIZE_STR "20000" + #define DFL_SERVER_NAME "localhost" #define DFL_SERVER_ADDR NULL #define DFL_SERVER_PORT "4433" @@ -242,8 +245,8 @@ int main( void ) " server_addr=%%s default: given by name\n" \ " server_port=%%d default: 4433\n" \ " request_page=%%s default: \".\"\n" \ - " request_size=%%d default: about 34 (basic request)\n" \ - " (minimum: 0, max: 16384)\n" \ + " request_size=%%d default: about 34 (basic request)\n" \ + " (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ " options: 1 (non-blocking), 2 (added delays)\n" \ @@ -437,7 +440,9 @@ int main( int argc, char *argv[] ) { int ret = 0, len, tail_len, i, written, frags, retry_left; mbedtls_net_context server_fd; - unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1]; + + unsigned char buf[MAX_REQUEST_SIZE + 1]; + #if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED) unsigned char psk[MBEDTLS_PSK_MAX_LEN]; size_t psk_len = 0; @@ -602,7 +607,8 @@ int main( int argc, char *argv[] ) else if( strcmp( p, "request_size" ) == 0 ) { opt.request_size = atoi( q ); - if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN ) + if( opt.request_size < 0 || + opt.request_size > MAX_REQUEST_SIZE ) goto usage; } else if( strcmp( p, "ca_file" ) == 0 ) @@ -1494,8 +1500,8 @@ send_request: mbedtls_printf( " > Write to server:" ); fflush( stdout ); - len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST, - opt.request_page ); + len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST, + opt.request_page ); tail_len = (int) strlen( GET_REQUEST_END ); /* Add padding to GET request to reach opt.request_size in length */ @@ -1506,7 +1512,7 @@ send_request: len += opt.request_size - len - tail_len; } - strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 ); + strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 ); len += tail_len; /* Truncate if request size is smaller than the "natural" size */ @@ -1550,6 +1556,12 @@ send_request: frags = 1; written = ret; + + if( written < len ) + { + mbedtls_printf( " warning\n ! request didn't fit into single datagram and " + "was truncated to size %u", (unsigned) written ); + } } buf[written] = '\0'; From 4aed27e469172a05ae38a98e6492aabbc4898923 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:00:34 +0100 Subject: [PATCH 271/493] Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH The tests for the maximum fragment length extension were lacking a dependency on MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config. --- tests/ssl-opt.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc6348..2ea8f9503 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1293,6 +1293,7 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension run_test "Max fragment length: not used, reference" \ +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1303,6 +1304,7 @@ run_test "Max fragment length: not used, reference" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=4096" \ @@ -1314,6 +1316,7 @@ run_test "Max fragment length: used by client" \ -s "server hello, max_fragment_length extension" \ -c "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by server" \ "$P_SRV debug_level=3 max_frag_len=4096" \ "$P_CLI debug_level=3" \ @@ -1325,6 +1328,7 @@ run_test "Max fragment length: used by server" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH requires_gnutls run_test "Max fragment length: gnutls server" \ "$G_SRV" \ @@ -1334,6 +1338,7 @@ run_test "Max fragment length: gnutls server" \ -c "client hello, adding max_fragment_length extension" \ -c "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, message just fits" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2048" \ @@ -1347,6 +1352,7 @@ run_test "Max fragment length: client, message just fits" \ -c "2048 bytes written in 1 fragments" \ -s "2048 bytes read" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: client, larger message" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3 max_frag_len=2048 request_size=2345" \ @@ -1361,6 +1367,7 @@ run_test "Max fragment length: client, larger message" \ -s "2048 bytes read" \ -s "297 bytes read" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: DTLS client, larger message" \ "$P_SRV debug_level=3 dtls=1" \ "$P_CLI debug_level=3 dtls=1 max_frag_len=2048 request_size=2345" \ From c526696c05a7a98b21f8b1aafae268393608e2a2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:01:50 +0100 Subject: [PATCH 272/493] Add tests for messages beyond 16384 bytes to ssl-opt.sh This commit adds four tests to ssl-opt.sh testing the library's behavior when `mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled. --- tests/ssl-opt.sh | 50 +++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 49 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 2ea8f9503..9d476b410 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1292,8 +1292,8 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension -run_test "Max fragment length: not used, reference" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ "$P_CLI debug_level=3" \ 0 \ @@ -1304,6 +1304,54 @@ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: enabled, default, larger message" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 request_size=20000" \ + 0 \ + -c "Maximum fragment length is 16384" \ + -s "Maximum fragment length is 16384" \ + -C "client hello, adding max_fragment_length extension" \ + -S "found max fragment length extension" \ + -S "server hello, max_fragment_length extension" \ + -C "found max_fragment_length extension" \ + -c "20000 bytes written in 2 fragments" \ + -s "16384 bytes read" \ + -s "3616 bytes read" + +requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length, DTLS: enabled, default, larger message" \ + "$P_SRV debug_level=3 dtls=1" \ + "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + 1 \ + -c "Maximum fragment length is 16384" \ + -s "Maximum fragment length is 16384" \ + -C "client hello, adding max_fragment_length extension" \ + -S "found max fragment length extension" \ + -S "server hello, max_fragment_length extension" \ + -C "found max_fragment_length extension" \ + -c "fragment larger than.*maximum " + +requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length: disabled, larger message" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3 request_size=20000" \ + 0 \ + -C "Maximum fragment length is 16384" \ + -S "Maximum fragment length is 16384" \ + -c "20000 bytes written in 2 fragments" \ + -s "16384 bytes read" \ + -s "3616 bytes read" + +requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH +run_test "Max fragment length DTLS: disabled, larger message" \ + "$P_SRV debug_level=3 dtls=1" \ + "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + 1 \ + -C "Maximum fragment length is 16384" \ + -S "Maximum fragment length is 16384" \ + -c "fragment larger than.*maximum " + requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: used by client" \ "$P_SRV debug_level=3" \ From 09930d1f019ded3138087bc1e95d5917c3624629 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 15:04:19 +0100 Subject: [PATCH 273/493] Add expected number of fragments to 16384-byte packet tests --- tests/ssl-opt.sh | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 9d476b410..50b7d1536 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -3382,6 +3382,7 @@ run_test "Large packet SSLv3 BlockCipher" \ "$P_CLI request_size=16384 force_version=ssl3 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 @@ -3390,6 +3391,7 @@ run_test "Large packet SSLv3 StreamCipher" \ "$P_CLI request_size=16384 force_version=ssl3 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 BlockCipher" \ @@ -3397,6 +3399,7 @@ run_test "Large packet TLS 1.0 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1 recsplit=0 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ @@ -3405,6 +3408,7 @@ run_test "Large packet TLS 1.0 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ @@ -3413,6 +3417,7 @@ run_test "Large packet TLS 1.0 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 BlockCipher" \ @@ -3420,6 +3425,7 @@ run_test "Large packet TLS 1.1 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher" \ @@ -3427,6 +3433,7 @@ run_test "Large packet TLS 1.1 StreamCipher" \ "$P_CLI request_size=16384 force_version=tls1_1 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ @@ -3435,6 +3442,7 @@ run_test "Large packet TLS 1.1 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ @@ -3443,6 +3451,7 @@ run_test "Large packet TLS 1.1 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher" \ @@ -3450,6 +3459,7 @@ run_test "Large packet TLS 1.2 BlockCipher" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ @@ -3457,6 +3467,7 @@ run_test "Large packet TLS 1.2 BlockCipher larger MAC" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-ECDHE-RSA-WITH-AES-256-CBC-SHA384" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ @@ -3465,6 +3476,7 @@ run_test "Large packet TLS 1.2 BlockCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-AES-256-CBC-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher" \ @@ -3472,6 +3484,7 @@ run_test "Large packet TLS 1.2 StreamCipher" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ @@ -3480,6 +3493,7 @@ run_test "Large packet TLS 1.2 StreamCipher truncated MAC" \ force_ciphersuite=TLS-RSA-WITH-RC4-128-SHA \ trunc_hmac=1" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 AEAD" \ @@ -3487,6 +3501,7 @@ run_test "Large packet TLS 1.2 AEAD" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" run_test "Large packet TLS 1.2 AEAD shorter tag" \ @@ -3494,6 +3509,7 @@ run_test "Large packet TLS 1.2 AEAD shorter tag" \ "$P_CLI request_size=16384 force_version=tls1_2 \ force_ciphersuite=TLS-RSA-WITH-AES-256-CCM-8" \ 0 \ + -c "16384 bytes written in 1 fragments" \ -s "Read from client: 16384 bytes read" # Tests for DTLS HelloVerifyRequest From 2b187c4d5f02e7ff76015c6d1fc9e9c874ee9353 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 14:58:11 +0100 Subject: [PATCH 274/493] Correct typo --- library/ssl_tls.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..228f97def 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7100,7 +7100,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, * * With non-blocking I/O, ssl_write_real() may return WANT_WRITE, * then the caller will call us again with the same arguments, so - * remember wether we already did the split or not. + * remember whether we already did the split or not. */ #if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING) static int ssl_write_split( mbedtls_ssl_context *ssl, From 0b7b83fd91dfa45c446b41f0dfa3b897b5bc4e16 Mon Sep 17 00:00:00 2001 From: Florin Date: Sat, 22 Jul 2017 09:01:44 +0200 Subject: [PATCH 275/493] Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes Signed-off-by: Florin --- library/ssl_tls.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 228f97def..b6e0eaa82 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -7054,7 +7054,9 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, int ret; #if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH) size_t max_len = mbedtls_ssl_get_max_frag_len( ssl ); - +#else + size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN; +#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ if( len > max_len ) { #if defined(MBEDTLS_SSL_PROTO_DTLS) @@ -7069,7 +7071,6 @@ static int ssl_write_real( mbedtls_ssl_context *ssl, #endif len = max_len; } -#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */ if( ssl->out_left != 0 ) { From 930025da6da15d9989a31a93d47c7e84181e370c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 18 Sep 2017 16:07:19 +0100 Subject: [PATCH 276/493] Adapt ChangeLog --- ChangeLog | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..1154075e0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,17 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Security + * Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by + default enabled) maximum fragment length extension is disabled in the + config and the application data buffer passed to mbedtls_ssl_write + is larger than the internal message buffer (16384 bytes by default), the + latter overflows. The exploitability of this issue depends on whether the + application layer can be forced into sending such large packets. The issue + was independently reported by Tim Nordell via e-mail and by Florin Petriuc + and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From e1b1d0af8ea5049e062f83e0411a5f22e35a81f1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:35:16 +0100 Subject: [PATCH 277/493] Fix senseless comment --- programs/x509/cert_write.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 6504dcd62..bc38be280 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -170,8 +170,8 @@ struct options int selfsign; /* selfsign the certificate */ int is_ca; /* is a CA certificate */ int max_pathlen; /* maximum CA path length */ - int authority_identifier; /* add authority identifier id to CRT */ - int subject_identifier; /* add subject identifier id to CRT */ + int authority_identifier; /* add authority identifier to CRT */ + int subject_identifier; /* add subject identifier to CRT */ int basic_constraints; /* add basic constraints ext to CRT */ int version; /* CRT version */ mbedtls_md_type_t md; /* Hash used for signing */ From 38eff437910eb3a46912478f4993d50870222b19 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:38:20 +0100 Subject: [PATCH 278/493] Use X509 CRT version macros in cert_write program --- programs/x509/cert_write.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index bc38be280..59afb61e6 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -269,7 +269,7 @@ int main( int argc, char *argv[] ) opt.max_pathlen = DFL_MAX_PATHLEN; opt.key_usage = DFL_KEY_USAGE; opt.ns_cert_type = DFL_NS_CERT_TYPE; - opt.version = DFL_VERSION; + opt.version = DFL_VERSION - 1; opt.md = DFL_DIGEST; opt.subject_identifier = DFL_SUBJ_IDENT; opt.authority_identifier = DFL_AUTH_IDENT; @@ -362,6 +362,7 @@ int main( int argc, char *argv[] ) opt.version = atoi( q ); if( opt.version < 1 || opt.version > 3 ) goto usage; + opt.version--; } else if( strcmp( p, "selfsign" ) == 0 ) { @@ -628,7 +629,7 @@ int main( int argc, char *argv[] ) mbedtls_printf( " . Setting certificate values ..." ); fflush( stdout ); - mbedtls_x509write_crt_set_version( &crt, opt.version - 1 ); + mbedtls_x509write_crt_set_version( &crt, opt.version ); mbedtls_x509write_crt_set_md_alg( &crt, opt.md ); ret = mbedtls_x509write_crt_set_serial( &crt, &serial ); @@ -651,7 +652,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); - if( opt.version == 3 && opt.basic_constraints ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.basic_constraints != 0 ) { mbedtls_printf( " . Adding the Basic Constraints extension ..." ); fflush( stdout ); @@ -670,7 +672,8 @@ int main( int argc, char *argv[] ) } #if defined(MBEDTLS_SHA1_C) - if( opt.version == 3 && opt.subject_identifier ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.subject_identifier != 0 ) { mbedtls_printf( " . Adding the Subject Key Identifier ..." ); fflush( stdout ); @@ -688,7 +691,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.version == 3 && opt.authority_identifier ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.authority_identifier != 0 ) { mbedtls_printf( " . Adding the Authority Key Identifier ..." ); fflush( stdout ); @@ -707,7 +711,8 @@ int main( int argc, char *argv[] ) } #endif /* MBEDTLS_SHA1_C */ - if( opt.version == 3 && opt.key_usage ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.key_usage != 0 ) { mbedtls_printf( " . Adding the Key Usage extension ..." ); fflush( stdout ); @@ -724,7 +729,8 @@ int main( int argc, char *argv[] ) mbedtls_printf( " ok\n" ); } - if( opt.version == 3 && opt.ns_cert_type ) + if( opt.version == MBEDTLS_X509_CRT_VERSION_3 && + opt.ns_cert_type != 0 ) { mbedtls_printf( " . Adding the NS Cert Type extension ..." ); fflush( stdout ); From 7f3652ddf1d9598236c5551ec4e74a1c926a8eac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:39:02 +0100 Subject: [PATCH 279/493] Fix error code printing in cert_write Error codes can consume up to two bytes, but only one was printed so far. --- programs/x509/cert_write.c | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index 59afb61e6..d04739389 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -470,7 +470,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_mpi_read_string " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -490,7 +490,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -500,7 +500,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -524,7 +524,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -534,7 +534,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -559,7 +559,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -614,7 +614,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -622,7 +622,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -637,7 +637,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -646,7 +646,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -664,7 +664,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -683,7 +683,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject" - "_key_identifier returned -0x%02x - %s\n\n", + "_key_identifier returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -702,7 +702,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_" - "key_identifier returned -0x%02x - %s\n\n", + "key_identifier returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -722,7 +722,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -740,7 +740,7 @@ int main( int argc, char *argv[] ) { mbedtls_strerror( ret, buf, 1024 ); mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type " - "returned -0x%02x - %s\n\n", -ret, buf ); + "returned -0x%04x - %s\n\n", -ret, buf ); goto exit; } @@ -757,7 +757,7 @@ int main( int argc, char *argv[] ) mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 ) { mbedtls_strerror( ret, buf, 1024 ); - mbedtls_printf( " failed\n ! write_certificate -0x%02x - %s\n\n", + mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n", -ret, buf ); goto exit; } From a20e33ad59193567c4bdedf2b483adcc597d9517 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 15:40:01 +0100 Subject: [PATCH 280/493] Use X509 CRT version macros for version checks in x509write_crt_der --- library/x509write_crt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index 0611cc847..e8d5cbdbf 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -334,7 +334,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, */ /* Only for v3 */ - if( ctx->version == 2 ) + if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 ) { MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) ); MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) ); @@ -397,7 +397,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, */ /* Can be omitted for v1 */ - if( ctx->version > 0 ) + if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 ) { sub_len = 0; MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) ); From d8a6f7cfbe2b506e5c571022bbe620b7a30f6796 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 16:05:43 +0100 Subject: [PATCH 281/493] Clarify code-paths in x509write_csr and x509write_crt --- library/x509write_crt.c | 2 +- library/x509write_csr.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/library/x509write_crt.c b/library/x509write_crt.c index e8d5cbdbf..0af23d7fa 100644 --- a/library/x509write_crt.c +++ b/library/x509write_crt.c @@ -321,7 +321,7 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf, else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; else - pk_alg = MBEDTLS_PK_NONE; + return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) diff --git a/library/x509write_csr.c b/library/x509write_csr.c index da40eb5c1..e80053828 100644 --- a/library/x509write_csr.c +++ b/library/x509write_csr.c @@ -205,7 +205,7 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) ) pk_alg = MBEDTLS_PK_ECDSA; else - pk_alg = MBEDTLS_PK_NONE; + return( MBEDTLS_ERR_X509_INVALID_ALG ); if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg, &sig_oid, &sig_oid_len ) ) != 0 ) From 6428f8d78e620c9c4853dd64b14d75b9ce941972 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Sep 2017 16:58:50 +0100 Subject: [PATCH 282/493] Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384 Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its default value of 16384 to succeed. While ideally such a dependency should not exist, as a short-term remedy this commit adds a small check that will at least lead to graceful exit if that assumption is violated. --- tests/ssl-opt.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 50b7d1536..4865043b2 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1292,6 +1292,21 @@ run_test "Session resume using cache: openssl server" \ # Tests for Max Fragment Length extension +MAX_CONTENT_LEN_EXPECT='16384' +MAX_CONTENT_LEN_CONFIG=$( ../scripts/config.pl get MBEDTLS_SSL_MAX_CONTENT_LEN) + +if [ -n "$MAX_CONTENT_LEN_CONFIG" ] && [ "$MAX_CONTENT_LEN_CONFIG" -ne "$MAX_CONTENT_LEN_EXPECT" ]; then + printf "The ${CONFIG_H} file contains a value for the configuration of\n" + printf "MBEDTLS_SSL_MAX_CONTENT_LEN that is different from the script’s\n" + printf "test value of ${MAX_CONTENT_LEN_EXPECT}. \n" + printf "\n" + printf "The tests assume this value and if it changes, the tests in this\n" + printf "script should also be adjusted.\n" + printf "\n" + + exit 1 +fi + requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: enabled, default" \ "$P_SRV debug_level=3" \ From 152633093112a78ffbb8158eec4d8944c0d7dc25 Mon Sep 17 00:00:00 2001 From: Jaeden Amero Date: Thu, 21 Sep 2017 12:53:48 +0100 Subject: [PATCH 283/493] Allow alternate implementation of GCM Provide the ability to use an alternative implementation of GCM in place of the library-provided implementation. --- ChangeLog | 6 ++++++ include/mbedtls/config.h | 1 + include/mbedtls/gcm.h | 15 +++++++++++++++ library/gcm.c | 4 ++++ library/version_features.c | 3 +++ 5 files changed, 29 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..d3833085b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Add support for alternative implementations of GCM, selected by the + configuration flag MBEDTLS_GCM_ALT in config.h + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c719640..94bf0d120 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -267,6 +267,7 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT +//#define MBEDTLS_GCM_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT diff --git a/include/mbedtls/gcm.h b/include/mbedtls/gcm.h index 1b77aaedd..8f3b56575 100644 --- a/include/mbedtls/gcm.h +++ b/include/mbedtls/gcm.h @@ -33,6 +33,8 @@ #define MBEDTLS_ERR_GCM_AUTH_FAILED -0x0012 /**< Authenticated decryption failed. */ #define MBEDTLS_ERR_GCM_BAD_INPUT -0x0014 /**< Bad input parameters to function. */ +#if !defined(MBEDTLS_GCM_ALT) + #ifdef __cplusplus extern "C" { #endif @@ -206,6 +208,18 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx, */ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ); +#ifdef __cplusplus +} +#endif + +#else /* !MBEDTLS_GCM_ALT */ +#include "gcm_alt.h" +#endif /* !MBEDTLS_GCM_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * @@ -217,4 +231,5 @@ int mbedtls_gcm_self_test( int verbose ); } #endif + #endif /* gcm.h */ diff --git a/library/gcm.c b/library/gcm.c index fccb092bd..2b49fa66c 100644 --- a/library/gcm.c +++ b/library/gcm.c @@ -54,6 +54,8 @@ #endif /* MBEDTLS_PLATFORM_C */ #endif /* MBEDTLS_SELF_TEST && MBEDTLS_AES_C */ +#if !defined(MBEDTLS_GCM_ALT) + /* * 32-bit integer manipulation macros (big endian) */ @@ -508,6 +510,8 @@ void mbedtls_gcm_free( mbedtls_gcm_context *ctx ) mbedtls_zeroize( ctx, sizeof( mbedtls_gcm_context ) ); } +#endif /* !MBEDTLS_GCM_ALT */ + #if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_AES_C) /* * AES-GCM test vectors from: diff --git a/library/version_features.c b/library/version_features.c index 5cbe8aca3..50afe1e24 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -99,6 +99,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ +#if defined(MBEDTLS_GCM_ALT) + "MBEDTLS_GCM_ALT", +#endif /* MBEDTLS_GCM_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ From 2981a0a7402ea331b6eb74599de64d0c825c9e73 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 24 Sep 2017 15:41:09 +0300 Subject: [PATCH 284/493] Address Andres PR comments Address Andres' comments in the PR --- ChangeLog | 5 +++-- library/ecdsa.c | 3 +++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index e9be97bd4..94eba4208 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,8 +38,9 @@ Changes by Jean-Philippe Aumasson. * Add support for alternative implementation for ECDSA, controlled by new configuration flag MBEDTLS_ECDSA_ALT in config.h. - Alternative Ecdsa is supported for implementation of `mbedtls_ecdsa_sign` - and `mbedtls_ecdsa_verify`. + The following functions from the ECDSA module can be replaced + with an alternative implementation: + mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/library/ecdsa.c b/library/ecdsa.c index 8804ca62f..804884bca 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -37,9 +37,11 @@ #include "mbedtls/asn1write.h" #include + #if defined(MBEDTLS_ECDSA_DETERMINISTIC) #include "mbedtls/hmac_drbg.h" #endif + /* * Derive a suitable integer for group grp from a buffer of length len * SEC1 4.1.3 step 5 aka SEC1 4.1.4 step 3 @@ -314,6 +316,7 @@ static int ecdsa_signature_to_asn1( const mbedtls_mpi *r, const mbedtls_mpi *s, return( 0 ); } + /* * Compute and write signature */ From 8b766218a845551f7006a6982750eb3723915633 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 24 Sep 2017 15:44:56 +0300 Subject: [PATCH 285/493] Update ChangeLog Update ChangeLog according to Andres seggestion --- ChangeLog | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index a2a2a366b..23698c233 100644 --- a/ChangeLog +++ b/ChangeLog @@ -38,8 +38,9 @@ Changes by Jean-Philippe Aumasson. * Add support for alternative implementation for ECDH, controlled by new configuration flag MBEDTLS_ECDH_ALT in config.h. - Alternative Ecdh is supported for implementation of `mbedtls_ecdh_gen_public` - and `mbedtls_ecdh_compute_shared`. + The following functions from the ECDH module can be replaced + with an alternative implementation: + mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). = mbed TLS 2.5.0 branch released 2017-05-17 From cc5662811729486ba5f063e97e312f664bb7377c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 26 Sep 2017 16:21:19 +0100 Subject: [PATCH 286/493] Don't use all_final as a target in tests/data_files/Makefile The `neat` target in that Makefile assumes all_final to be a concatenation of file names. --- tests/data_files/Makefile | 57 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 53 insertions(+), 4 deletions(-) diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 630173fe5..3405c7f38 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -22,7 +22,7 @@ OPENSSL ?= openssl default: all_final all_intermediate := # temporary files -all_final := # files or targets used by tests +all_final := # files used by tests @@ -78,10 +78,13 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### all other encrypted RSA keys are derived. keyfile_1024: $(OPENSSL) genrsa -out $@ 1024 +all_final += keyfile_1024 keyfile_2048: $(OPENSSL) genrsa -out $@ 2048 +all_final += keyfile_2048 keyfile_4096: $(OPENSSL) genrsa -out $@ 4096 +all_final += keyfile_4096 ### ### PKCS1-encoded, encrypted RSA keys @@ -90,40 +93,55 @@ keyfile_4096: ### 1024-bit keyfile_1024.des: keyfile_1024 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.des keyfile_1024.3des: keyfile_1024 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.3des keyfile_1024.aes128: keyfile_1024 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes128 keyfile_1024.aes192: keyfile_1024 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes192 keyfile_1024.aes256: keyfile_1024 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_1024.aes256 keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 # 2048-bit keyfile_2048.des: keyfile_2048 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.des keyfile_2048.3des: keyfile_2048 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.3des keyfile_2048.aes128: keyfile_2048 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes128 keyfile_2048.aes192: keyfile_2048 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes192 keyfile_2048.aes256: keyfile_2048 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_2048.aes256 keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 # 4096-bit keyfile_4096.des: keyfile_4096 $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.des keyfile_4096.3des: keyfile_4096 $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.3des keyfile_4096.aes128: keyfile_4096 $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes128 keyfile_4096.aes192: keyfile_4096 $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes192 keyfile_4096.aes256: keyfile_4096 $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" +all_final += keyfile_4096.aes256 keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 ### @@ -133,20 +151,26 @@ keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 ### 1024-bit pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_1024.der pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_1024.key keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_1024.der pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_1024.key keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_1024.der pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_1024.key keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 @@ -154,20 +178,26 @@ keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v ### 2048-bit pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_2048.der pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_2048.key keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_2048.der pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_2048.key keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_2048.der pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_2048.key keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 @@ -175,20 +205,26 @@ keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v ### 4096-bit pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_4096.der pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES +all_final += pkcs8_pbe_sha1_3des_4096.key keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_4096.der pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES +all_final += pkcs8_pbe_sha1_2des_4096.key keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_4096.der pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 +all_final += pkcs8_pbe_sha1_rc4_128_4096.key keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 @@ -200,14 +236,18 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### 1024-bit pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_1024.key keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des @@ -215,14 +255,18 @@ keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v ### 2048-bit pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_2048.key keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_2048.key keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des @@ -230,14 +274,18 @@ keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v ### 4096-bit pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_3des_4096.key keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" +all_final += pkcs8_pbes2_pbkdf2_des_4096.key keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des @@ -261,8 +309,6 @@ keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 key ### Generate all RSA keys keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 -all_final += keys_rsa_all - ################################################################ #### Meta targets ################################################################ @@ -270,7 +316,10 @@ all_final += keys_rsa_all all_final: $(all_final) all: $(all_intermediate) $(all_final) -.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 +.PHONY: default all_final all keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2 keys_rsa_all \ + keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 keys_rsa_enc_pkcs8_v1_1024 \ + keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_1024 \ + keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096 # These files should not be committed to the repository. list_intermediate: From 041a6b030f2c3628d34abb8360efc3988a18484e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 28 Sep 2017 14:52:26 +0100 Subject: [PATCH 287/493] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 227faed6b..4436237ae 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,12 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Bugfix + * Correct extraction of signature-type from PK instance in X.509 CRT and CSR + writing routines that prevented these functions to work with alternative + RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. + = mbed TLS 2.6.0 branch released 2017-08-10 Security From 2cca6f3290b5fc22517a9a684a3542fef5be44ac Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:46:40 +0100 Subject: [PATCH 288/493] Always deduce N from P, Q in mbedtls_rsa_complete Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D, E) wasn't - this is odd. --- library/rsa.c | 38 ++++++++++++++++++++++++-------------- 1 file changed, 24 insertions(+), 14 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3dde6edbf..4ee9308bd 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -623,18 +623,35 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * (2) D and potentially N missing. * */ - const int complete = have_N && have_P && have_Q && have_D && have_E; - const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; - const int d_missing = have_P && have_Q && !have_D && have_E; - const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; - const int is_priv = complete || pq_missing || d_missing; + const int n_missing = have_P && have_Q && have_D && have_E; + const int pq_missing = have_N && !have_P && !have_Q && have_D && have_E; + const int d_missing = have_P && have_Q && !have_D && have_E; + const int is_pub = have_N && !have_P && !have_Q && !have_D && have_E; + + /* These three alternatives are mutually exclusive */ + const int is_priv = n_missing || pq_missing || d_missing; if( !is_priv && !is_pub ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); /* - * Step 1: Deduce and verify all core parameters. + * Step 1: Deduce N if P, Q are provided. + */ + + if( !have_N && have_P && have_Q ) + { + if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, + &ctx->Q ) ) != 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + } + + ctx->len = mbedtls_mpi_size( &ctx->N ); + } + + /* + * Step 2: Deduce and verify all remaining core parameters. */ if( pq_missing ) @@ -660,13 +677,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } #endif /* MBEDTLS_GENPRIME */ - /* Compute N if missing. */ - if( !have_N && - ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } - /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ @@ -680,7 +690,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* In the remaining case of a public key, there's nothing to check for. */ /* - * Step 2: Deduce all additional parameters specific + * Step 3: Deduce all additional parameters specific * to our current RSA implementaiton. */ From 54cfc585cd9efc0b260c17317925f81e3a9ada6d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:31:22 +0100 Subject: [PATCH 289/493] Add test cases for mbedtls_rsa_import[_raw] where N is missing --- tests/suites/test_suite_rsa.data | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 8b1d1d59a..05e29678f 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -433,6 +433,12 @@ mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Import (N,P,Q,D,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +RSA Import (-,P,Q,D,E) +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 + +RSA Import (-,P,Q,D,E), successive +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 + RSA Import (N,-,-,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 @@ -445,6 +451,12 @@ mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7 RSA Import (N,P,Q,-,E), successive mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +RSA Import (-,P,Q,-,E) +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 + +RSA Import (-,P,Q,-,E), successive +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 + RSA Import (N,-,Q,-,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA @@ -463,6 +475,12 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,P,Q,D,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +RSA Import Raw (-,P,Q,D,E) +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 + +RSA Import Raw (-,P,Q,D,E), successive +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 + RSA Import Raw (N,-,-,D,E) mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 @@ -475,6 +493,12 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,P,Q,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +RSA Import Raw (-,P,Q,-,E) +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 + +RSA Import Raw (-,P,Q,-,E), successive +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 + RSA Import Raw (N,-,Q,-,E) mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA From 2f8f06aa25e9d5ee4fc9fe217543c872b39e4d05 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:47:26 +0100 Subject: [PATCH 290/493] Don't always recompute context length in mbedtls_rsa_get_len This commit changes the implementation of `mbedtls_rsa_get_len` to return `ctx->len` instead of always re-computing the modulus' byte-size via `mbedtls_mpi_size`. --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index 4ee9308bd..862301190 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -923,7 +923,7 @@ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ) { - return( mbedtls_mpi_size( &ctx->N ) ); + return( ctx->len ); } From ba1ba11a984703cd0fa8ec061254ac6147f8a93d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:48:23 +0100 Subject: [PATCH 291/493] Check that length is properly set in `mbedtls_rsa_check_pubkey` --- library/rsa.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/library/rsa.c b/library/rsa.c index 862301190..ae4382b18 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1028,6 +1028,9 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) if( !ctx->N.p || !ctx->E.p ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + if( ( ctx->N.p[0] & 1 ) == 0 || ( ctx->E.p[0] & 1 ) == 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); From 5063cd2ccab39001d6d6a1c4deeee93d35e6ede3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:49:12 +0100 Subject: [PATCH 292/493] Deprecate direct manipulation of structure fields in RSA context --- include/mbedtls/rsa.h | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 48b0145eb..df14ae847 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -237,7 +237,13 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, #if !defined(MBEDTLS_RSA_ALT) /** - * \brief RSA context structure + * \brief RSA context structure + * + * \note Direct manipulation of the members of this structure + * is deprecated and will no longer be supported starting + * from the next major release. All manipulation should instead + * be done through the public interface functions. + * */ typedef struct { From 4d6e83406ca8c8c1b17af7d89c1753cfcad070ea Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:50:18 +0100 Subject: [PATCH 293/493] Improve readability of test for `mbedtls_rsa_import` --- tests/suites/test_suite_rsa.function | 36 ++++++++++++++++------------ 1 file changed, 21 insertions(+), 15 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 5f493c3a0..160b916b8 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -852,6 +852,12 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "test_suite_rsa"; + const int have_N = ( strlen( input_N ) > 0 ); + const int have_P = ( strlen( input_P ) > 0 ); + const int have_Q = ( strlen( input_Q ) > 0 ); + const int have_D = ( strlen( input_D ) > 0 ); + const int have_E = ( strlen( input_E ) > 0 ); + mbedtls_ctr_drbg_init( &ctr_drbg ); mbedtls_entropy_init( &entropy ); @@ -864,29 +870,29 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - if( strlen( input_N ) ) + if( have_N ) TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); - if( strlen( input_P ) ) + if( have_P ) TEST_ASSERT( mbedtls_mpi_read_string( &P, radix_P, input_P ) == 0 ); - if( strlen( input_Q ) ) + if( have_Q ) TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); - if( strlen( input_D ) ) + if( have_D ) TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); - if( strlen( input_E ) ) + if( have_E ) TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); if( !successive ) { TEST_ASSERT( mbedtls_rsa_import( &ctx, - strlen( input_N ) ? &N : NULL, - strlen( input_P ) ? &P : NULL, - strlen( input_Q ) ? &Q : NULL, - strlen( input_D ) ? &D : NULL, - strlen( input_E ) ? &E : NULL ) == 0 ); + have_N ? &N : NULL, + have_P ? &P : NULL, + have_Q ? &Q : NULL, + have_D ? &D : NULL, + have_E ? &E : NULL ) == 0 ); } else { @@ -894,27 +900,27 @@ void mbedtls_rsa_import( int radix_N, char *input_N, * This should make no functional difference. */ TEST_ASSERT( mbedtls_rsa_import( &ctx, - strlen( input_N ) ? &N : NULL, + have_N ? &N : NULL, NULL, NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, - strlen( input_P ) ? &P : NULL, + have_P ? &P : NULL, NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, - strlen( input_Q ) ? &Q : NULL, + have_Q ? &Q : NULL, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, NULL, - strlen( input_D ) ? &D : NULL, + have_D ? &D : NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( &ctx, NULL, NULL, NULL, NULL, - strlen( input_E ) ? &E : NULL ) == 0 ); + have_E ? &E : NULL ) == 0 ); } TEST_ASSERT( mbedtls_rsa_complete( &ctx, From e1582a832b848b71aebe0ff0e0fa531cdc96b43e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 11:51:05 +0100 Subject: [PATCH 294/493] Add expectation when testing RSA key import/export This commit adds a flag to the RSA import/export tests indicating whether it is expected that a full RSA keypair can be set up from the provided parameters. Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are expanded to perform key checks and an example encryption-decryption. --- tests/suites/test_suite_rsa.data | 84 ++++++++++++------------- tests/suites/test_suite_rsa.function | 94 ++++++++++++++++++++++++++-- 2 files changed, 131 insertions(+), 47 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 05e29678f..ace4d397a 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -428,130 +428,130 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 RSA Import (N,-,-,D,E), succesive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0 RSA Import Raw (N,P,Q,D,E), complete private key -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (N,P,Q,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (-,P,Q,D,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (-,P,Q,D,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (N,-,-,D,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 RSA Import Raw (N,-,-,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 RSA Import Raw (N,P,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 RSA Import Raw (N,P,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 RSA Import Raw (-,P,Q,-,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 RSA Import Raw (-,P,Q,-,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 RSA Import Raw (N,-,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,-,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0 RSA Import Raw (N,-,-,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0 RSA Export (N,P,Q,D,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 RSA Export (N,P,Q,D,E), successive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,-,-,D,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 RSA Export (N,-,-,D,E), succesive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1 RSA Export (N,P,Q,-,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:0 RSA Export (N,P,Q,-,E), successive -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1 RSA Export (N,-,-,-,E) -mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0 +mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0 RSA Export Raw (N,P,Q,D,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 RSA Export Raw (N,P,Q,D,E), successive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,-,-,D,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:0 RSA Export Raw (N,-,-,D,E), succesive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1 RSA Export Raw (N,P,Q,-,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:0 RSA Export Raw (N,P,Q,-,E), successive -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1 RSA Export Raw (N,-,-,-,E) -mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0 +mbedtls_rsa_export_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0 RSA PKCS1 Encrypt Bad RNG depends_on:MBEDTLS_PKCS1_V15 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 160b916b8..062b97153 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -843,11 +843,17 @@ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_D, char *input_D, int radix_E, char *input_E, int successive, + int is_priv, int result ) { mbedtls_mpi N, P, Q, D, E; mbedtls_rsa_context ctx; + /* Buffers used for encryption-decryption test */ + unsigned char *buf_orig = NULL; + unsigned char *buf_enc = NULL; + unsigned char *buf_dec = NULL; + mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; const char *pers = "test_suite_rsa"; @@ -927,8 +933,47 @@ void mbedtls_rsa_import( int radix_N, char *input_N, mbedtls_ctr_drbg_random, &ctr_drbg ) == result ); + /* On expected success, perform some public and private + * key operations to check if the key is working properly. */ + if( result == 0 ) + { + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + /* Did we expect a full private key to be setup? */ + if( is_priv ) + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) + goto exit; + + TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); + + /* Make sure the number we're generating is smaller than the modulus */ + buf_orig[0] = 0x00; + + TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); + + if( is_priv ) + { + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, buf_enc, + buf_dec ) == 0 ); + + TEST_ASSERT( memcmp( buf_orig, buf_dec, + mbedtls_rsa_get_len( &ctx ) ) == 0 ); + } + } + exit: + mbedtls_free( buf_orig ); + mbedtls_free( buf_enc ); + mbedtls_free( buf_dec ); + mbedtls_rsa_free( &ctx ); mbedtls_ctr_drbg_free( &ctr_drbg ); @@ -946,6 +991,7 @@ void mbedtls_rsa_export( int radix_N, char *input_N, int radix_Q, char *input_Q, int radix_D, char *input_D, int radix_E, char *input_E, + int is_priv, int successive ) { /* Original MPI's with which we set up the RSA context */ @@ -960,8 +1006,6 @@ void mbedtls_rsa_export( int radix_N, char *input_N, const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - const int is_priv = have_P || have_Q || have_D; - mbedtls_rsa_context ctx; mbedtls_rsa_init( &ctx, 0, 0 ); @@ -1132,7 +1176,8 @@ exit: /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ void mbedtls_rsa_export_raw( char *input_N, char *input_P, char *input_Q, char *input_D, - char *input_E, int successive ) + char *input_E, int is_priv, + int successive ) { /* Original raw buffers with which we set up the RSA context */ unsigned char bufN[1000]; @@ -1160,8 +1205,6 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P, const int have_D = ( strlen( input_D ) > 0 ); const int have_E = ( strlen( input_E ) > 0 ); - const int is_priv = have_P || have_Q || have_D; - mbedtls_rsa_context ctx; mbedtls_rsa_init( &ctx, 0, 0 ); @@ -1265,6 +1308,7 @@ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, char *input_D, char *input_E, int successive, + int is_priv, int result ) { unsigned char bufN[1000]; @@ -1273,6 +1317,11 @@ void mbedtls_rsa_import_raw( char *input_N, unsigned char bufD[1000]; unsigned char bufE[1000]; + /* Buffers used for encryption-decryption test */ + unsigned char *buf_orig = NULL; + unsigned char *buf_enc = NULL; + unsigned char *buf_dec = NULL; + size_t lenN = 0; size_t lenP = 0; size_t lenQ = 0; @@ -1351,6 +1400,41 @@ void mbedtls_rsa_import_raw( char *input_N, mbedtls_ctr_drbg_random, &ctr_drbg ) == result ); + /* On expected success, perform some public and private + * key operations to check if the key is working properly. */ + if( result == 0 ) + { + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); + + /* Did we expect a full private key to be setup? */ + if( is_priv ) + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + + buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + buf_dec = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); + if( buf_orig == NULL || buf_enc == NULL || buf_dec == NULL ) + goto exit; + + TEST_ASSERT( mbedtls_ctr_drbg_random( &ctr_drbg, + buf_orig, mbedtls_rsa_get_len( &ctx ) ) == 0 ); + + /* Make sure the number we're generating is smaller than the modulus */ + buf_orig[0] = 0x00; + + TEST_ASSERT( mbedtls_rsa_public( &ctx, buf_orig, buf_enc ) == 0 ); + + if( is_priv ) + { + TEST_ASSERT( mbedtls_rsa_private( &ctx, mbedtls_ctr_drbg_random, + &ctr_drbg, buf_enc, + buf_dec ) == 0 ); + + TEST_ASSERT( memcmp( buf_orig, buf_dec, + mbedtls_rsa_get_len( &ctx ) ) == 0 ); + } + } + exit: mbedtls_rsa_free( &ctx ); From bead71752e51ec9d1bb2d84b0a0cc958cce15606 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 12:41:06 +0100 Subject: [PATCH 295/493] Correct typo in rsa.c --- library/rsa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa.c b/library/rsa.c index ae4382b18..d438247d5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -139,7 +139,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * several calculations are done in place and temporarily change * the values of D and E. * - * Specifically, D is replaced the largest odd divisor of DE - 1 + * Specifically, D is replaced by the largest odd divisor of DE - 1 * throughout the calculations. */ From 91c194dabba673ec4afe93a77a1958d2059384dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 12:50:12 +0100 Subject: [PATCH 296/493] Add and document an RSA-specific error code for unsupported exports E.g., a private key on an external chip might not be exportable to RAM. --- include/mbedtls/rsa.h | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df14ae847..705d16384 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,6 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ +#define MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED -0x4500 /**< The requested parameter export is not possible/allowed. */ /* * RSA constants @@ -446,6 +447,21 @@ int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, * \param E MPI to hold the public exponent, or NULL * * \return 0 if successful, non-zero error code otherwise. + * In particular, if exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. + * + * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * would be the following: Firstly, it might be that an + * alternative RSA implementation is in use which stores + * the key externally, and which either cannot or should not + * export it into RAM. Alternatively, an implementation + * (regardless of SW or HW) might not support deducing e.g. + * P, Q from N, D, E if the former are not part of the + * implementation. * */ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, @@ -475,6 +491,24 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * pointed to by N, P, Q, D, E are fully written, with * additional unused space filled leading by 0-bytes. * + * \return 0 if successful, non-zero error code otherwise. + * In particular, if exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. + * + * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * would be the following: Firstly, it might be that an + * alternative RSA implementation is in use which stores + * the key externally, and which either cannot or should not + * export it into RAM. Alternatively, an implementation + * (regardless of SW or HW) might not support deducing e.g. + * P, Q from N, D, E if the former are not part of the + * implementation. + * + * */ int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, From ed20361321ae4a55d122b1ae6e66915e8f40097e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 13:34:25 +0100 Subject: [PATCH 297/493] Increase readability of Doxygen output Multiple lists were not properly recognized as such. --- include/mbedtls/rsa.h | 95 +++++++++++++++++++++++-------------------- 1 file changed, 52 insertions(+), 43 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 705d16384..aaf0f3c66 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -94,7 +94,8 @@ extern "C" { * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * - * \return - 0 if successful. In this case, P and Q constitute a + * \return + * - 0 if successful. In this case, P and Q constitute a * factorization of N, and it is guaranteed that D and E * are indeed modular inverses modulo P-1 and modulo Q-1. * The values of N, D and E are unchanged. It is checked @@ -128,7 +129,8 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * * \note This function does not check whether P and Q are primes. * - * \return - 0 if successful. In this case, D is set to a simultaneous + * \return + * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. * - A non-zero error code otherwise. In this case, the values * of P, Q, E are undefined. @@ -181,12 +183,13 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param f_rng PRNG to be used for randomization, or NULL * \param p_rng PRNG context for f_rng, or NULL * - * \return - 0 if the following conditions are satisfied: - * - N = PQ if N,P,Q != NULL - * - D and E are modular inverses modulo P-1 and Q-1 - * if D,E,P,Q != NULL - * - P prime if f_rng, P != NULL - * - Q prime if f_rng, Q != NULL + * \return + * - 0 if the following conditions are satisfied: + * - N = PQ if N,P,Q != NULL + * - D and E are modular inverses modulo P-1 and Q-1 + * if D,E,P,Q != NULL + * - P prime if f_rng, P != NULL + * - Q prime if f_rng, Q != NULL * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments @@ -213,12 +216,13 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * \param DQ MPI to check for D modulo P-1 * \param QP MPI to check for the modular inverse of Q modulo P. * - * \return - 0 if the following conditions are satisfied: - * - D = DP mod P-1 if P, D, DP != NULL - * - Q = DQ mod P-1 if P, D, DQ != NULL - * - QP = Q^-1 mod P if P, Q, QP != NULL - * - MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, - * potentially including MBEDTLS_ERR_MPI_XXX if some + * \return + * - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including \c MBEDTLS_ERR_MPI_XXX if some * MPI calculations failed. * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient * data was provided to check DP, DQ or QP. @@ -386,18 +390,19 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \param f_rng RNG function, * \param p_rng RNG parameter * - * To setup an RSA public key, precisely N and E - * must have been imported. + * \note + * - To setup an RSA public key, precisely N and E + * must have been imported. * - * To setup an RSA private key, enough information must be - * present for the other parameters to be efficiently derivable. + * - To setup an RSA private key, enough information must be + * present for the other parameters to be efficiently derivable. * - * The default implementation supports the following: - * (a) Derive P, Q from N, D, E - * (b) Derive N, D from P, Q, E. + * The default implementation supports the following: + * - Derive P, Q from N, D, E + * - Derive N, D from P, Q, E. * - * Alternative implementations need not support these - * and may return MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. + * - Alternative implementations need not support these + * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * * \note The PRNG is used for probabilistic algorithms * like the derivation of P, Q from N, D, E, as @@ -446,15 +451,19 @@ int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, * \param D MPI to hold the private exponent, or NULL * \param E MPI to hold the public exponent, or NULL * - * \return 0 if successful, non-zero error code otherwise. - * In particular, if exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. + * \return + * - 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * - Non-zero return code otherwise. In particular, if + * exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. * - * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -487,19 +496,19 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * \note The length fields are ignored if the corresponding * buffer pointers are NULL. * - * \return 0 if successful. In this case, the non-NULL buffers - * pointed to by N, P, Q, D, E are fully written, with - * additional unused space filled leading by 0-bytes. + * \return + * - 0 if successful. In this case, the non-NULL buffers + * pointed to by N, P, Q, D, E are fully written, with + * additional unused space filled leading by 0-bytes. + * - Non-zero return code otherwise. In particular, if + * exporting the requested parameters + * cannot be done because of a lack of functionality + * or because of security policies, the error code + * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * In this case, the RSA context stays intact and can + * be continued to be used. * - * \return 0 if successful, non-zero error code otherwise. - * In particular, if exporting the requested parameters - * cannot be done because of a lack of functionality - * or because of security policies, the error code - * MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. - * In this case, the RSA context stays intact and can - * be continued to be used. - * - * \note Two reasons for returning MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not From 4b2f691691ebd72f82fd34ae1216a676e9e766aa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 13:34:55 +0100 Subject: [PATCH 298/493] Doxygen: Use typewriter font for variables in rsa.h documentation --- include/mbedtls/rsa.h | 211 +++++++++++++++++++++--------------------- 1 file changed, 108 insertions(+), 103 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index aaf0f3c66..b272b76a5 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -224,7 +224,7 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, * potentially including \c MBEDTLS_ERR_MPI_XXX if some * MPI calculations failed. - * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient * data was provided to check DP, DQ or QP. * * \note The function can be used with a restricted set of arguments @@ -278,8 +278,8 @@ typedef struct mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ - int padding; /*!< MBEDTLS_RSA_PKCS_V15 for 1.5 padding and - MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ + int padding; /*!< \c MBEDTLS_RSA_PKCS_V15 for 1.5 padding and + \c MBEDTLS_RSA_PKCS_v21 for OAEP/PSS */ int hash_id; /*!< Hash identifier of mbedtls_md_type_t as specified in the mbedtls_md.h header file for the EME-OAEP and EMSA-PSS @@ -299,15 +299,15 @@ mbedtls_rsa_context; /** * \brief Initialize an RSA context * - * Note: Set padding to MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP + * Note: Set padding to \c MBEDTLS_RSA_PKCS_V21 for the RSAES-OAEP * encryption scheme and the RSASSA-PSS signature scheme. * * \param ctx RSA context to be initialized - * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 - * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier + * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 + * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier * * \note The hash_id parameter is actually ignored - * when using MBEDTLS_RSA_PKCS_V15 padding. + * when using \c MBEDTLS_RSA_PKCS_V15 padding. * * \note Choice of padding mode is strictly enforced for private key * operations, since there might be security concerns in @@ -318,7 +318,7 @@ mbedtls_rsa_context; * \note The chosen hash is always used for OEAP encryption. * For PSS signatures, it's always used for making signatures, * but can be overriden (and always is, if set to - * MBEDTLS_MD_NONE) for verifying them. + * \c MBEDTLS_MD_NONE) for verifying them. */ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, @@ -411,7 +411,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * \return - 0 if successful. In this case, all imported core * parameters are guaranteed to be sane, the RSA context * has been fully setup and is ready for use. - * - MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, @@ -549,8 +549,8 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, * See \c mbedtls_rsa_init() for details. * * \param ctx RSA context to be set - * \param padding MBEDTLS_RSA_PKCS_V15 or MBEDTLS_RSA_PKCS_V21 - * \param hash_id MBEDTLS_RSA_PKCS_V21 hash identifier + * \param padding \c MBEDTLS_RSA_PKCS_V15 or \c MBEDTLS_RSA_PKCS_V21 + * \param hash_id \c MBEDTLS_RSA_PKCS_V21 hash identifier */ void mbedtls_rsa_set_padding( mbedtls_rsa_context *ctx, int padding, int hash_id); @@ -577,7 +577,7 @@ size_t mbedtls_rsa_get_len( const mbedtls_rsa_context *ctx ); * \note mbedtls_rsa_init() must be called beforehand to setup * the RSA context. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -589,7 +589,7 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, * * \param ctx RSA context to be checked * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); @@ -599,7 +599,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * * \param ctx RSA context to be checked * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); @@ -610,7 +610,7 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * \param pub RSA context holding the public key * \param prv RSA context holding the private key * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); @@ -621,7 +621,7 @@ int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rs * \param input input buffer * \param output output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note This function does NOT take care of message * padding. Also, be sure to set input[0] = 0 or ensure that @@ -643,7 +643,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, * \param input input buffer * \param output output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The input and output buffers must be large * enough (eg. 128 bytes if RSA-1024 is used). @@ -661,14 +661,14 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and MBEDTLS_RSA_PRIVATE) + * and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -684,14 +684,14 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 encryption (RSAES-PKCS1-v1_5-ENCRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Needed for padding and MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Needed for padding and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -708,16 +708,16 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for padding and PKCS#1 v2.1 encoding - * and MBEDTLS_RSA_PRIVATE) + * and \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param label buffer holding the custom label to use * \param label_len contains the label length * \param ilen contains the plaintext length * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -737,25 +737,25 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * the message padding * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param olen will contain the plaintext length * \param input buffer holding the encrypted data * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -769,25 +769,25 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 decryption (RSAES-PKCS1-v1_5-DECRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param olen will contain the plaintext length * \param input buffer holding the encrypted data * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -801,9 +801,9 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v2.1 OAEP decryption (RSAES-OAEP-DECRYPT) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE * \param label buffer holding the custom label to use * \param label_len contains the label length * \param olen will contain the plaintext length @@ -811,17 +811,17 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be - * as large as the size ctx->len of ctx->N (eg. 128 bytes + * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold * the decryption of the particular ciphertext provided, - * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. + * the function will return \c MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -840,22 +840,24 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * MBEDTLS_RSA_PRIVATE) + * \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for + * signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * * \note In case of PKCS#1 v2.1 encoding, see comments on - * \note \c mbedtls_rsa_rsassa_pss_sign() for details on md_alg and hash_id. + * \note \c mbedtls_rsa_rsassa_pss_sign() for details on + * \c md_alg and \c hash_id. */ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -870,19 +872,20 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 signature (RSASSA-PKCS1-v1_5-SIGN) * * \param ctx RSA context - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -898,22 +901,23 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * * \param ctx RSA context * \param f_rng RNG function (Needed for PKCS#1 v2.1 encoding and for - * MBEDTLS_RSA_PRIVATE) + * \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * * \return 0 if the signing operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is the one used for the - * encoding. md_alg in the function call is the type of hash + * \note The \c hash_id in the RSA context is the one used for the + * encoding. \c md_alg in the function call is the type of hash * that is encoded. According to RFC 3447 it is advised to * keep both hashes the same. */ @@ -932,19 +936,19 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * the message digest * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * * \note In case of PKCS#1 v2.1 encoding, see comments on * \c mbedtls_rsa_rsassa_pss_verify() about md_alg and hash_id. @@ -962,19 +966,20 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \brief Perform a PKCS#1 v1.5 verification (RSASSA-PKCS1-v1_5-VERIFY) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE + * for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -990,25 +995,25 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * (This is the "simple" version.) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is the one used for the - * verification. md_alg in the function call is the type of + * \note The \c hash_id in the RSA context is the one used for the + * verification. \c md_alg in the function call is the type of * hash that is verified. According to RFC 3447 it is advised to - * keep both hashes the same. If hash_id in the RSA context is - * unset, the md_alg from the function call is used. + * keep both hashes the same. If \c hash_id in the RSA context is + * unset, the \c md_alg from the function call is used. */ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1024,24 +1029,24 @@ int mbedtls_rsa_rsassa_pss_verify( mbedtls_rsa_context *ctx, * (This is the version with "full" options.) * * \param ctx points to an RSA public key - * \param f_rng RNG function (Only needed for MBEDTLS_RSA_PRIVATE) + * \param f_rng RNG function (Only needed for \c MBEDTLS_RSA_PRIVATE) * \param p_rng RNG parameter - * \param mode MBEDTLS_RSA_PUBLIC or MBEDTLS_RSA_PRIVATE - * \param md_alg a MBEDTLS_MD_XXX (use MBEDTLS_MD_NONE for signing raw data) - * \param hashlen message digest length (for MBEDTLS_MD_NONE only) + * \param mode \c MBEDTLS_RSA_PUBLIC or \c MBEDTLS_RSA_PRIVATE + * \param md_alg a \c MBEDTLS_MD_XXX (use \c MBEDTLS_MD_NONE for signing raw data) + * \param hashlen message digest length (for \c MBEDTLS_MD_NONE only) * \param hash buffer holding the message digest * \param mgf1_hash_id message digest used for mask generation * \param expected_salt_len Length of the salt used in padding, use - * MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length + * \c MBEDTLS_RSA_SALT_LEN_ANY to accept any salt length * \param sig buffer holding the ciphertext * * \return 0 if the verify operation was successful, - * or an MBEDTLS_ERR_RSA_XXX error code + * or an \c MBEDTLS_ERR_RSA_XXX error code * - * \note The "sig" buffer must be as large as the size - * of ctx->N (eg. 128 bytes if RSA-1024 is used). + * \note The \c sig buffer must be as large as the size + * of \c ctx->N (eg. 128 bytes if RSA-1024 is used). * - * \note The hash_id in the RSA context is ignored. + * \note The \c hash_id in the RSA context is ignored. */ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -1061,7 +1066,7 @@ int mbedtls_rsa_rsassa_pss_verify_ext( mbedtls_rsa_context *ctx, * \param src Source context * * \return 0 on success, - * MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure + * \c MBEDTLS_ERR_MPI_ALLOC_FAILED on memory allocation failure */ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ); From 26182edd0cd5a09f2435b1123e384e8a22fac52d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 299/493] Allow comments in test data files --- ChangeLog | 5 +++++ tests/scripts/generate_code.pl | 21 +++++++++++++++++++++ tests/suites/main_test.function | 19 ++++++++++++------- tests/suites/test_suite_md.data | 1 + tests/suites/test_suite_mdx.data | 1 + tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_shax.data | 1 + 7 files changed, 44 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 227faed6b..2bbc4c333 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Features + * Allow comments in test data files. + = mbed TLS 2.6.0 branch released 2017-08-10 Security diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfa..a48631946 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -49,6 +49,27 @@ # file name is used to replace the symbol 'TESTCASE_FILENAME' in the main # code file above. # +# A test data file consists of a sequence of paragraphs separated by +# a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF) +# format. Lines starting with the character '#' are ignored +# (the parser behaves as if they were not present). +# +# Each paragraph describes one test case and must consist of: (1) one +# line which is the test case name; (2) an optional line starting with +# the 11-character prefix "depends_on:"; (3) a line containing the test +# function to execute and its parameters. +# +# A depends_on: line consists of a list of compile-time options +# separated by the character ':', with no whitespace. The test case +# is executed only if this compilation option is enabled in config.h. +# +# The last line of each paragraph contains a test function name and +# a list of parameters separated by the character ':'. Running the +# test case calls this function with the specified parameters. Each +# parameter may either be an integer written in decimal or hexadecimal, +# or a string surrounded by double quotes which may not contain the +# ':' character. +# use strict; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de3..551f239d2 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -140,14 +140,19 @@ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - ret = fgets( buf, len, f ); - if( ret == NULL ) - return( -1 ); + buf[0] = '#'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; + while( buf[0] == '#' ) + { + ret = fgets( buf, len, f ); + if( ret == NULL ) + return( -1 ); + + if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) + buf[strlen(buf) - 1] = '\0'; + if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) + buf[strlen(buf) - 1] = '\0'; + } return( 0 ); } diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 71d1f6dde..abd8e55d9 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,3 +1,4 @@ +# Tests of the generic message digest interface MD process mbedtls_md_process: diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data index 2d403b410..3d063a477 100644 --- a/tests/suites/test_suite_mdx.data +++ b/tests/suites/test_suite_mdx.data @@ -1,3 +1,4 @@ +# Test MD2, MD4, MD5 and RIPEMD160 mbedtls_md2 Test vector RFC1319 #1 md2_text:"":"8350e5a3e24c153df2275c9f80692773" diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b0..fc7d93588 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,5 +1,6 @@ RSA PKCS1 Verify v1.5 CAVS #1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 +# Good padding but wrong hash mbedtls_rsa_pkcs1_verify:"d6248c3e96b1a7e5fea978870fcc4c9786b4e5156e16b7faef4557d667f730b8bc4c784ef00c624df5309513c3a5de8ca94c2152e0459618666d3148092562ebc256ffca45b27fd2d63c68bd5e0a0aefbe496e9e63838a361b1db6fc272464f191490bf9c029643c49d2d9cd08833b8a70b4b3431f56fb1eb55ccd39e77a9c92":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #2 @@ -24,6 +25,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 +# Bad padding after performing the public key operation mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING RSA PKCS1 Verify v1.5 CAVS #8 @@ -365,6 +367,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key +# mbedtls_rsa_gen_key only supports even-sized keys mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ea2a18380..ee8074dc0 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,3 +1,4 @@ +# Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709" From 56bae95e1d3528d4c562293c915c74ea8762505c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 15:33:10 +0100 Subject: [PATCH 300/493] Improve style and documentation, fix typo --- include/mbedtls/rsa.h | 4 +--- library/rsa.c | 2 +- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index b272b76a5..14cdef8d5 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -180,7 +180,7 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param Q Second prime factor of N * \param D RSA private exponent * \param E RSA public exponent - * \param f_rng PRNG to be used for randomization, or NULL + * \param f_rng PRNG to be used for primality check, or NULL * \param p_rng PRNG context for f_rng, or NULL * * \return @@ -324,7 +324,6 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, int padding, int hash_id); - /** * \brief Import a set of core parameters into an RSA context * @@ -374,7 +373,6 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * * \return 0 if successful, non-zero error code on failure. */ - int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, diff --git a/library/rsa.c b/library/rsa.c index d438247d5..bb456df49 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -152,7 +152,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi K; /* Temporary used for two purposes: - * - During factorization attempts, stores a andom integer + * - During factorization attempts, stores a random integer * in the range of [0,..,N] * - During verification, holding intermediate results. */ From 5b7ee07ff6a29f70c8a26b2f4641d9d0759f2667 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 18:00:25 +0200 Subject: [PATCH 301/493] Cleaned up get_line for test data files Look, ma, a use for do...while! Also removed 1-3 calls to strlen. --- tests/suites/main_test.function | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 551f239d2..20add3c77 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -136,23 +136,31 @@ DISPATCH_FUNCTION "TESTCASE_FILENAME" +/** Retrieve one input line into buf, which must have room for len + * bytes. The trailing line break (if any) is stripped from the result. + * Lines beginning with the character '#' are skipped. Lines that are + * more than len-1 bytes long including the trailing line break are + * truncated; note that the following bytes remain in the input stream. + * + * \return 0 on success, -1 on error or end of file + */ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - buf[0] = '#'; - - while( buf[0] == '#' ) + do { ret = fgets( buf, len, f ); if( ret == NULL ) return( -1 ); - - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; } + while( buf[0] == '#' ); + + ret = buf + strlen( buf ); + if( ret-- > buf && *ret == '\n' ) + *ret = '\0'; + if( ret-- > buf && *ret == '\r' ) + *ret = '\0'; return( 0 ); } From f04111f5c5feb1452c363fe1e8bb0d973e179bdd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 19:18:42 +0100 Subject: [PATCH 302/493] Fix typo --- library/pkparse.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index a06d952a9..56ba3a7b1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -956,7 +956,7 @@ static int pk_parse_key_pkcs8_encrypted_der( return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED ); /* - * This function parses the EncryptedPrivatKeyInfo object (PKCS#8) + * This function parses the EncryptedPrivateKeyInfo object (PKCS#8) * * EncryptedPrivateKeyInfo ::= SEQUENCE { * encryptionAlgorithm EncryptionAlgorithmIdentifier, From b4274210a4b5d454f6005f1e6d8225cccf5e760d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 19:18:51 +0100 Subject: [PATCH 303/493] Improve documentation in pkparse.c State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for zeroizing and freeing the provided key buffer. --- library/pkparse.c | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 56ba3a7b1..968c83fa0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -844,6 +844,16 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, /* * Parse an unencrypted PKCS#8 encoded private key + * + * Notes: + * + * - This function does not own the key buffer. It is the + * responsibility of the caller to take care of zeroizing + * and freeing it after use. + * + * - The function is responsible for freeing the provided + * PK context on failure. + * */ static int pk_parse_key_pkcs8_unencrypted_der( mbedtls_pk_context *pk, @@ -932,6 +942,12 @@ static int pk_parse_key_pkcs8_unencrypted_der( /* * Parse an encrypted PKCS#8 encoded private key + * + * To save space, the decryption happens in-place on the given key buffer. + * Also, while this function may modify the keybuffer, it doesn't own it, + * and instead it is the responsibility of the caller to zeroize and properly + * free it after use. + * */ #if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) static int pk_parse_key_pkcs8_encrypted_der( @@ -969,7 +985,6 @@ static int pk_parse_key_pkcs8_encrypted_der( * * The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo * - * To save space, the decryption happens in-place on the given key buffer. */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) From 08a36dde806a3dbd92f690bfff5e6300c3d1e7ed Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 29 Sep 2017 20:05:23 +0100 Subject: [PATCH 304/493] Unify naming schemes for RSA keys --- tests/data_files/Makefile | 230 +++++++++--------- tests/data_files/keyfile_1024 | 15 -- tests/data_files/keyfile_1024.3des | 18 -- tests/data_files/keyfile_1024.aes128 | 18 -- tests/data_files/keyfile_1024.aes192 | 18 -- tests/data_files/keyfile_1024.aes256 | 18 -- tests/data_files/keyfile_1024.des | 18 -- tests/data_files/keyfile_2048 | 27 -- tests/data_files/keyfile_2048.3des | 30 --- tests/data_files/keyfile_2048.aes128 | 30 --- tests/data_files/keyfile_2048.aes192 | 30 --- tests/data_files/keyfile_2048.aes256 | 30 --- tests/data_files/keyfile_2048.des | 30 --- tests/data_files/keyfile_4096 | 51 ---- tests/data_files/keyfile_4096.3des | 54 ---- tests/data_files/keyfile_4096.aes128 | 54 ---- tests/data_files/keyfile_4096.aes192 | 54 ---- tests/data_files/keyfile_4096.aes256 | 54 ---- tests/data_files/keyfile_4096.des | 54 ---- tests/data_files/pkcs8_pbe_sha1_2des_1024.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_1024.key | 17 -- tests/data_files/pkcs8_pbe_sha1_2des_2048.der | Bin 1262 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_2048.key | 29 --- tests/data_files/pkcs8_pbe_sha1_2des_4096.der | Bin 2414 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_2des_4096.key | 53 ---- tests/data_files/pkcs8_pbe_sha1_3des_1024.der | Bin 678 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_1024.key | 17 -- tests/data_files/pkcs8_pbe_sha1_3des_2048.der | Bin 1262 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_2048.key | 29 --- tests/data_files/pkcs8_pbe_sha1_3des_4096.der | Bin 2414 -> 0 bytes tests/data_files/pkcs8_pbe_sha1_3des_4096.key | 53 ---- .../pkcs8_pbe_sha1_rc4_128_1024.der | Bin 673 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_1024.key | 17 -- .../pkcs8_pbe_sha1_rc4_128_2048.der | Bin 1256 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_2048.key | 29 --- .../pkcs8_pbe_sha1_rc4_128_4096.der | Bin 2413 -> 0 bytes .../pkcs8_pbe_sha1_rc4_128_4096.key | 53 ---- .../pkcs8_pbes2_pbkdf2_3des_1024.der | Bin 714 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_1024.key | 17 -- .../pkcs8_pbes2_pbkdf2_3des_2048.der | Bin 1298 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_2048.key | 30 --- .../pkcs8_pbes2_pbkdf2_3des_4096.der | Bin 2450 -> 0 bytes .../pkcs8_pbes2_pbkdf2_3des_4096.key | 54 ---- .../pkcs8_pbes2_pbkdf2_des_1024.der | Bin 711 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_1024.key | 17 -- .../pkcs8_pbes2_pbkdf2_des_2048.der | Bin 1295 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_2048.key | 29 --- .../pkcs8_pbes2_pbkdf2_des_4096.der | Bin 2447 -> 0 bytes .../pkcs8_pbes2_pbkdf2_des_4096.key | 53 ---- tests/data_files/rsa_pkcs1_1024_3des.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes128.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes192.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_aes256.pem | 18 ++ tests/data_files/rsa_pkcs1_1024_clear.pem | 15 ++ tests/data_files/rsa_pkcs1_1024_des.pem | 18 ++ tests/data_files/rsa_pkcs1_2048_3des.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes128.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes192.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_aes256.pem | 30 +++ tests/data_files/rsa_pkcs1_2048_clear.pem | 27 ++ tests/data_files/rsa_pkcs1_2048_des.pem | 30 +++ tests/data_files/rsa_pkcs1_4096_3des.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes128.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes192.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_aes256.pem | 54 ++++ tests/data_files/rsa_pkcs1_4096_clear.pem | 51 ++++ tests/data_files/rsa_pkcs1_4096_des.pem | 54 ++++ .../rsa_pkcs8_pbe_sha1_1024_2des.der | Bin 0 -> 678 bytes .../rsa_pkcs8_pbe_sha1_1024_2des.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_1024_3des.der | Bin 0 -> 678 bytes .../rsa_pkcs8_pbe_sha1_1024_3des.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_1024_rc4_128.der | Bin 0 -> 674 bytes .../rsa_pkcs8_pbe_sha1_1024_rc4_128.pem | 17 ++ .../rsa_pkcs8_pbe_sha1_2048_2des.der | Bin 0 -> 1262 bytes .../rsa_pkcs8_pbe_sha1_2048_2des.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_2048_3des.der | Bin 0 -> 1262 bytes .../rsa_pkcs8_pbe_sha1_2048_3des.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_2048_rc4_128.der | Bin 0 -> 1256 bytes .../rsa_pkcs8_pbe_sha1_2048_rc4_128.pem | 29 +++ .../rsa_pkcs8_pbe_sha1_4096_2des.der | Bin 0 -> 2414 bytes .../rsa_pkcs8_pbe_sha1_4096_2des.pem | 53 ++++ .../rsa_pkcs8_pbe_sha1_4096_3des.der | Bin 0 -> 2414 bytes .../rsa_pkcs8_pbe_sha1_4096_3des.pem | 53 ++++ .../rsa_pkcs8_pbe_sha1_4096_rc4_128.der | Bin 0 -> 2412 bytes .../rsa_pkcs8_pbe_sha1_4096_rc4_128.pem | 53 ++++ .../rsa_pkcs8_pbes2_pbkdf2_1024_3des.der | Bin 0 -> 714 bytes .../rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem | 17 ++ .../rsa_pkcs8_pbes2_pbkdf2_1024_des.der | Bin 0 -> 711 bytes .../rsa_pkcs8_pbes2_pbkdf2_1024_des.pem | 17 ++ .../rsa_pkcs8_pbes2_pbkdf2_2048_3des.der | Bin 0 -> 1298 bytes .../rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem | 30 +++ .../rsa_pkcs8_pbes2_pbkdf2_2048_des.der | Bin 0 -> 1295 bytes .../rsa_pkcs8_pbes2_pbkdf2_2048_des.pem | 29 +++ .../rsa_pkcs8_pbes2_pbkdf2_4096_3des.der | Bin 0 -> 2450 bytes .../rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem | 54 ++++ .../rsa_pkcs8_pbes2_pbkdf2_4096_des.der | Bin 0 -> 2447 bytes .../rsa_pkcs8_pbes2_pbkdf2_4096_des.pem | 53 ++++ tests/suites/test_suite_pkparse.data | 174 ++++++------- 98 files changed, 1302 insertions(+), 1302 deletions(-) delete mode 100644 tests/data_files/keyfile_1024 delete mode 100644 tests/data_files/keyfile_1024.3des delete mode 100644 tests/data_files/keyfile_1024.aes128 delete mode 100644 tests/data_files/keyfile_1024.aes192 delete mode 100644 tests/data_files/keyfile_1024.aes256 delete mode 100644 tests/data_files/keyfile_1024.des delete mode 100644 tests/data_files/keyfile_2048 delete mode 100644 tests/data_files/keyfile_2048.3des delete mode 100644 tests/data_files/keyfile_2048.aes128 delete mode 100644 tests/data_files/keyfile_2048.aes192 delete mode 100644 tests/data_files/keyfile_2048.aes256 delete mode 100644 tests/data_files/keyfile_2048.des delete mode 100644 tests/data_files/keyfile_4096 delete mode 100644 tests/data_files/keyfile_4096.3des delete mode 100644 tests/data_files/keyfile_4096.aes128 delete mode 100644 tests/data_files/keyfile_4096.aes192 delete mode 100644 tests/data_files/keyfile_4096.aes256 delete mode 100644 tests/data_files/keyfile_4096.des delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_2des_4096.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_3des_4096.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der delete mode 100644 tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.key delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.der delete mode 100644 tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key create mode 100644 tests/data_files/rsa_pkcs1_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_1024_des.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_2048_des.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes128.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes192.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_aes256.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_clear.pem create mode 100644 tests/data_files/rsa_pkcs1_4096_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der create mode 100644 tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der create mode 100644 tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 3405c7f38..e963f493f 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -76,156 +76,156 @@ keys_rsa_pkcs8_pwd = PolarSSLTest ### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which ### all other encrypted RSA keys are derived. -keyfile_1024: +rsa_pkcs1_1024_clear.pem: $(OPENSSL) genrsa -out $@ 1024 -all_final += keyfile_1024 -keyfile_2048: +all_final += rsa_pkcs1_1024_clear.pem +rsa_pkcs1_2048_clear.pem: $(OPENSSL) genrsa -out $@ 2048 -all_final += keyfile_2048 -keyfile_4096: +all_final += rsa_pkcs1_2048_clear.pem +rsa_pkcs1_4096_clear.pem: $(OPENSSL) genrsa -out $@ 4096 -all_final += keyfile_4096 +all_final += rsa_pkcs1_4096_clear.pem ### ### PKCS1-encoded, encrypted RSA keys ### ### 1024-bit -keyfile_1024.des: keyfile_1024 +rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.des -keyfile_1024.3des: keyfile_1024 +all_final += rsa_pkcs1_1024_des.pem +rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.3des -keyfile_1024.aes128: keyfile_1024 +all_final += rsa_pkcs1_1024_3des.pem +rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes128 -keyfile_1024.aes192: keyfile_1024 +all_final += rsa_pkcs1_1024_aes128.pem +rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes192 -keyfile_1024.aes256: keyfile_1024 +all_final += rsa_pkcs1_1024_aes192.pem +rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_1024.aes256 -keys_rsa_enc_basic_1024: keyfile_1024.des keyfile_1024.3des keyfile_1024.aes128 keyfile_1024.aes192 keyfile_1024.aes256 +all_final += rsa_pkcs1_1024_aes256.pem +keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem # 2048-bit -keyfile_2048.des: keyfile_2048 +rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.des -keyfile_2048.3des: keyfile_2048 +all_final += rsa_pkcs1_2048_des.pem +rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.3des -keyfile_2048.aes128: keyfile_2048 +all_final += rsa_pkcs1_2048_3des.pem +rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes128 -keyfile_2048.aes192: keyfile_2048 +all_final += rsa_pkcs1_2048_aes128.pem +rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes192 -keyfile_2048.aes256: keyfile_2048 +all_final += rsa_pkcs1_2048_aes192.pem +rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_2048.aes256 -keys_rsa_enc_basic_2048: keyfile_2048.des keyfile_2048.3des keyfile_2048.aes128 keyfile_2048.aes192 keyfile_2048.aes256 +all_final += rsa_pkcs1_2048_aes256.pem +keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem # 4096-bit -keyfile_4096.des: keyfile_4096 +rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.des -keyfile_4096.3des: keyfile_4096 +all_final += rsa_pkcs1_4096_des.pem +rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.3des -keyfile_4096.aes128: keyfile_4096 +all_final += rsa_pkcs1_4096_3des.pem +rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes128 -keyfile_4096.aes192: keyfile_4096 +all_final += rsa_pkcs1_4096_aes128.pem +rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes192 -keyfile_4096.aes256: keyfile_4096 +all_final += rsa_pkcs1_4096_aes192.pem +rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)" -all_final += keyfile_4096.aes256 -keys_rsa_enc_basic_4096: keyfile_4096.des keyfile_4096.3des keyfile_4096.aes128 keyfile_4096.aes192 keyfile_4096.aes256 +all_final += rsa_pkcs1_4096_aes256.pem +keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem ### ### PKCS8-v1 encoded, encrypted RSA keys ### ### 1024-bit -pkcs8_pbe_sha1_3des_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_1024.der -pkcs8_pbe_sha1_3des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_3des.der +rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_1024.key -keys_rsa_enc_pkcs8_v1_1024_3des: pkcs8_pbe_sha1_3des_1024.key pkcs8_pbe_sha1_3des_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem +keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der -pkcs8_pbe_sha1_2des_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_1024.der -pkcs8_pbe_sha1_2des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_2des.der +rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_1024.key -keys_rsa_enc_pkcs8_v1_1024_2des: pkcs8_pbe_sha1_2des_1024.key pkcs8_pbe_sha1_2des_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem +keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der -pkcs8_pbe_sha1_rc4_128_1024.der: keyfile_1024 +rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_1024.der -pkcs8_pbe_sha1_rc4_128_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der +rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_1024.key -keys_rsa_enc_pkcs8_v1_1024_rc4_128: pkcs8_pbe_sha1_rc4_128_1024.key pkcs8_pbe_sha1_rc4_128_1024.der +all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem +keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128 ### 2048-bit -pkcs8_pbe_sha1_3des_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_2048.der -pkcs8_pbe_sha1_3des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_3des.der +rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_2048.key -keys_rsa_enc_pkcs8_v1_2048_3des: pkcs8_pbe_sha1_3des_2048.key pkcs8_pbe_sha1_3des_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem +keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der -pkcs8_pbe_sha1_2des_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_2048.der -pkcs8_pbe_sha1_2des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_2des.der +rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_2048.key -keys_rsa_enc_pkcs8_v1_2048_2des: pkcs8_pbe_sha1_2des_2048.key pkcs8_pbe_sha1_2des_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem +keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der -pkcs8_pbe_sha1_rc4_128_2048.der: keyfile_2048 +rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_2048.der -pkcs8_pbe_sha1_rc4_128_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der +rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_2048.key -keys_rsa_enc_pkcs8_v1_2048_rc4_128: pkcs8_pbe_sha1_rc4_128_2048.key pkcs8_pbe_sha1_rc4_128_2048.der +all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem +keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128 ### 4096-bit -pkcs8_pbe_sha1_3des_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_4096.der -pkcs8_pbe_sha1_3des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_3des.der +rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES -all_final += pkcs8_pbe_sha1_3des_4096.key -keys_rsa_enc_pkcs8_v1_4096_3des: pkcs8_pbe_sha1_3des_4096.key pkcs8_pbe_sha1_3des_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem +keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der -pkcs8_pbe_sha1_2des_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_4096.der -pkcs8_pbe_sha1_2des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_2des.der +rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES -all_final += pkcs8_pbe_sha1_2des_4096.key -keys_rsa_enc_pkcs8_v1_4096_2des: pkcs8_pbe_sha1_2des_4096.key pkcs8_pbe_sha1_2des_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem +keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der -pkcs8_pbe_sha1_rc4_128_4096.der: keyfile_4096 +rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_4096.der -pkcs8_pbe_sha1_rc4_128_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der +rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128 -all_final += pkcs8_pbe_sha1_rc4_128_4096.key -keys_rsa_enc_pkcs8_v1_4096_rc4_128: pkcs8_pbe_sha1_rc4_128_4096.key pkcs8_pbe_sha1_rc4_128_4096.der +all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem +keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128 @@ -234,59 +234,59 @@ keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v ### ### 1024-bit -pkcs8_pbes2_pbkdf2_3des_1024.der: keyfile_1024 +rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_1024.der -pkcs8_pbes2_pbkdf2_3des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der +rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_1024.key -keys_rsa_enc_pkcs8_v2_1024_3des: pkcs8_pbes2_pbkdf2_3des_1024.der pkcs8_pbes2_pbkdf2_3des_1024.key +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem +keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem -pkcs8_pbes2_pbkdf2_des_1024.der: keyfile_1024 +rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_1024.der -pkcs8_pbes2_pbkdf2_des_1024.key: keyfile_1024 +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der +rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_1024.key -keys_rsa_enc_pkcs8_v2_1024_des: pkcs8_pbes2_pbkdf2_des_1024.der pkcs8_pbes2_pbkdf2_des_1024.key +all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem +keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des ### 2048-bit -pkcs8_pbes2_pbkdf2_3des_2048.der: keyfile_2048 +rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_2048.der -pkcs8_pbes2_pbkdf2_3des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der +rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_2048.key -keys_rsa_enc_pkcs8_v2_2048_3des: pkcs8_pbes2_pbkdf2_3des_2048.der pkcs8_pbes2_pbkdf2_3des_2048.key +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem +keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem -pkcs8_pbes2_pbkdf2_des_2048.der: keyfile_2048 +rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_2048.der -pkcs8_pbes2_pbkdf2_des_2048.key: keyfile_2048 +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der +rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_2048.key -keys_rsa_enc_pkcs8_v2_2048_des: pkcs8_pbes2_pbkdf2_des_2048.der pkcs8_pbes2_pbkdf2_des_2048.key +all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem +keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des ### 4096-bit -pkcs8_pbes2_pbkdf2_3des_4096.der: keyfile_4096 +rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_4096.der -pkcs8_pbes2_pbkdf2_3des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der +rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_3des_4096.key -keys_rsa_enc_pkcs8_v2_4096_3des: pkcs8_pbes2_pbkdf2_3des_4096.der pkcs8_pbes2_pbkdf2_3des_4096.key +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem +keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem -pkcs8_pbes2_pbkdf2_des_4096.der: keyfile_4096 +rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_4096.der -pkcs8_pbes2_pbkdf2_des_4096.key: keyfile_4096 +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der +rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem $(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -all_final += pkcs8_pbes2_pbkdf2_des_4096.key -keys_rsa_enc_pkcs8_v2_4096_des: pkcs8_pbes2_pbkdf2_des_4096.der pkcs8_pbes2_pbkdf2_des_4096.key +all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem +keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des @@ -295,7 +295,7 @@ keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v ### ### Generate basic unencrypted RSA keys -keys_rsa_unenc: keyfile_1024 keyfile_2048 keyfile_4096 +keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem ### Generate PKCS1-encoded encrypted RSA keys keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096 diff --git a/tests/data_files/keyfile_1024 b/tests/data_files/keyfile_1024 deleted file mode 100644 index ebbd61c5f..000000000 --- a/tests/data_files/keyfile_1024 +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXQIBAAKBgQCsDcv6br0DRSxBvOuNhnubmZI8bsiNbtXBAajfiJYZpbsuaQuU -aiDBNT2RrEu4j6WPhwEOuu67N7KVkqPILEC2nzRSklzy1SqVq1x7TUNsZkM23Qh2 -XI0DsfWKAOnz50lVfVFVaLeO2Nx/NJ9r9rGYmAaQjDrqW0YiWgIsmIoiwQIDAQAB -AoGBAJU/epwJB6kYjiWQTfz8lakKdJI7v3kAlifQ2r7daudgnpjJwqPB1BwFpR0C -isTUxtdUUxSGD6UT0bRx+eUgjhjwPl1YqtgqNteZqFg5KADDagZEvbelGsoVF2JR -RtglJqBxm2dnXNP4tEYi0h1pdaXM/V8rrj0EXQZxd0oxiAvJAkEA3I+62w5/ihGr -A5M4RkzQ3cOU9oFshUsPpQxQFoyuOut0ha6AhXaLyvuDE7FWgU0zL3IIPEbxsVq9 -D9P7wVLlpwJBAMey0v+5XiIUKYZvxvXsMmFDooS6zdjeJpfxBOuXy/kfafV7+Xee -zhdTQE8vO7pGhqpWf1HGYQiMCOugQVqyEVcCQFuOmo12fkENRoVMZq7gElAMcVjG -rwrB9vOXoeNKcMTqmssnfhho9mzDbU0Ob49rQZUva/XBqXDq7tKUN8yvob8CQQCg -pAJFweiuQ0fQJDSJeTJhuZWPbfHO5Y1oJnLNzbNAOHv1BIB+MFoau1Z9HELQqpED -j0cmEg3WYUd/u8821Q1LAkB5YQyPIPcQTZCok6WhC9xD9NXsDo4Ah6YpOhtD9fcQ -82ZcIaYkZbikTfzyZA4gsHhnVaUHx+DJkPicUSVZ+mKY ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.3des b/tests/data_files/keyfile_1024.3des deleted file mode 100644 index 41448c17b..000000000 --- a/tests/data_files/keyfile_1024.3des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,FC303F7A77742B90 - -uTNEmtVgwQVIKnwtTcIal/TOZpwo9bbdVdG8PYGJavk4lfcvBbNyBs/2fRKi4RU3 -lbraw0jiF1XAfT1KDW+XDRJyNXEDQCk1cckvNtLsiytby/znqFg8G7u0phZ7JtOu -gsPUa49Bscu5whTtePfNAguA4LGA0Njmd3regcc54ygC6x4qBLkHtlTqAHQPoRgd -V4baIIY7u7PnE+BG7KObAQRUNhCOkEJ452/3nvnT2LTm0umaNuxcXA6HHSiIVPKr -/cFqpL70XRGS93xBXOBW8+SO9ekr7q11Zq7RA7y7Md0WuzBcA5hBALMPYizsErZn -mhwrJRphxLCFIx8ruSnV2kASgB/RqTJcQq0TfvTrxOaAxFcpvRcRjzUwYoU4fSbq -uJYjrNnfzgOFry/oMt1c9HaA5QDD7S5cCfwZt9w177FwKT7HAiYoPGM6SrS+MFjX -Tf44G7wvhJJ3Afce8ID8x1r7RreENTp4tU6fw3GqFYXAQmk3+PN0GfizRxSWcCrC -2rqeGi/bwuRu+QPEOO2M4oKUxxVZDCbPKjGN5P6AljeF+eTL1YAIOMb2sHTWT+Pj -WOAFxT/if0Ue2mIUIVbPUmymLwNBP3ztU/iF/YqKmZHeoeBt7Em34M6RlY93GEU0 -W5YwEmuGbJ761mORvcjskdXH/RLQ3Zlx6oOjXDy3ZxpzVI/zXk9K0xYO+ise6auA -kMOERq6qXuOgdxa93cWeeJ0dgV5TiWNAQ6krAGV5fGZGt4HOeJUks9VAMpjWzcKw -ONpWMc8mJCMJaklZ7mwZ29ZOTsCY9IeSwoZWS/ybStD6f2Hr2cEHqg== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes128 b/tests/data_files/keyfile_1024.aes128 deleted file mode 100644 index 8df642da2..000000000 --- a/tests/data_files/keyfile_1024.aes128 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,14AAB792276B5CBD7BBAE51C3E070E54 - -FsqYOUb6GINEBjW391wJkgXp/Kn1Rcl57h87u0ImHvnlHwlV2DlbQLGsdxtPne5L -0sNyVBeQ4o2zkcobcMkmsrscmVxyztgD0cvlwG8kDgTwH4059/oC67vfXBHmnSTB -RBuXNcneDZTQksN45TQ+B8TDfbGY7l7wsob27K3g5MW95HaLOKBkG25HgWiREe2c -lHEDymCK6+VDnaUy9YgVsjIOpm+FuS1LkHRXC8vuxf9tlzd1/7MAIquuTbaMsIUF -reD3mWIEiiN9N+y2cwTwGjxoP1ZS7X1knFIlPX+JjG2NLWQclflMCLbiNu+NaRqV -rIUAXjag/GY96xNjyKDxfEJ+RqF7e6oUFU61fUXwmO0k+/Pir/I/M++9WwMOmFpc -UIJpQitaEYGAarz1FoZ5JJDFl2AeYxI8vywwc16efcJYHk8yg11KEfGv7Hje33br -q3+zreLqqKs+ovkENWKgfLjBpLA82pghyunXH0wVGbrNYCzHVBtTZYcJveBTGq1P -4SGkjBGtoSb2ShMM4zxoMFKtk76IzUnlrBpG2n+WxdUNPZDcQrew11TX+R7uk50C -Bk3jXWMKdf3rDYfgka1O8a6OPlImwwAF/NBx9snMKfu3qiUt7IawY3rzdmcBh95X -P2e2IJR9jMrS/kTPc/gZo8hbCSnViBx7csnR9giq5x6kUVM8A1eIOANK2b7VbJxw -PenaoqluxBiy2CnTraxj1AqGWA5qzlzjGYnUS7HUjfLnt/YurpvkQhySSpvUJ6VR -IZWwTftE/XHfsepqfMnyAdkmd4DoUTTlQyUQ0nP07crDLMbiaoee9hLFNcWdwua/ ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes192 b/tests/data_files/keyfile_1024.aes192 deleted file mode 100644 index 45b67d44d..000000000 --- a/tests/data_files/keyfile_1024.aes192 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,B2012D182BC0571FC85B23C073DEC75F - -vnSFZy59JLA8GLUUpBvDRFm6XmbgcKbQJ3bFM6yA4DJrJn5JjfHcsTjRcWUkcOGm -OkSXXGmBJk5k20KI38ZXQX6+j/W8nnfFnu0eMCgo/+CtrKdeIzvBzcdmukEHZp9x -K4L5as8xsL0xf1vPXCyY4AyNyJOvsTkFi4P6ih44z7neGQM8sMhCz5BVSK0bzWZg -/vnvEit39faqL6t28B+OZPil1GCRHbi0PX6ns85xpQw1QNeEwlZ9XmltP1KHWeJ7 -jWPK2Dced/ZihN1AW2OPIHZ8xddP+yJJPdI4HKU2VXIcEDFZxLkSOWfdbb0W4jqp -z2iKJ/tJzQ4X4F3Z4zcx3pXWye0HFNMu7b8r6sR9iQj+voYEnOtJEloI2Cm0sRRw -r5ZVLt4iyQm5xTCSU2GMD/yNImiB1Dwv/+1k45xHcUMgTYiTwgTuFQIwilwl5QUY -R161tjGjmUQXYzC9fn9Zr2vfJRkLlh+ygW7ennycgfHzkva5slaOCSAstEC0aj2j -l26VFvzXu9qLoI3bQzfkRi0VU+0qLtI9cVMobwbEwvERwgjb6doyCeIB7R29P9j5 -MmkHYBF6qaXU/ICOnesd/XtBlb2aNNsYZJLOmwSCVZgT+JYUM35lHulhQWy0V6DB -4qFkQs5fRH+apIjAsb7Fk8/yjrjwKQNJmkUu+Um//5hiPcRYxyp046BokNTZFda1 -v8jKkKX2eAhji3x8PS+z1XYpfUJ3uAysSoTPe1YiwbXizZFWhh/Pan1rIOHwdKmy -da3957PnwjmANKUT0EveEe9ASrGgdN5rUpeeXGENbtmS3iX3g3MMepF6Kyb/k2dI ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.aes256 b/tests/data_files/keyfile_1024.aes256 deleted file mode 100644 index 2daaa96b5..000000000 --- a/tests/data_files/keyfile_1024.aes256 +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,490781FEB3C4375838778AD3D95EDF2A - -ECaTWvExEGV7cT05z1iGIre2LLgVaP8mqfxKQdaNnrAYaZDV9hrVVIvSICl3IMMb -9PVbCrWK5cgMDSqFtPS7y/ZpYN31alFVT/hgX+Gk7pEJp16qZv/arsiXFdGxaWmp -4br+oNiq5QbzDPwoBNKiWUGUk23K/TyxAg3aspDaz8e6EGE/zmhW2qKIXG2t2oxi -Gowb74mXFzZ1jYUfMpQw32nIybG5+lIwpSTY3DWjl1AKhlSvXgnTTNmS3XZwJmKw -FSXXlDZs9OM7n3GiLoA3rmeaqGRblArklykmh9K3uXRXFjGGWOduxybSFndIdYwM -HdV+Syb3eJ9wF15nk53DeDFfU8gaZ2GNUjt4B3nCOBT+iFhEFKguvo9bQ52EUU/p -mzZw/X3b8ui2YL131CI6BWdPZ2MoV2v5i9ZdCj+q9s+3BIGU1EgnU+o38LqYyekF -wdyc+PHMhq4FqzyJYPju4JQ711B4eKKXIVjHx71v2zt1ccB5a2yK6LLv87cZ8d1a -0ubOv84aUGPkA1mBvZHogsxejthraHFL77Fk8JgGfdTwOELpvK1JCOZbm8H19yBO -dxYNQnj64eWm2fgKrcHvIr8wR44RgB0cwucVjQ8LTgcrCDt7NGG6Z/3Vxeu6oVDa -ZDzbI+MvzIJwxNqQyjlYMoK7jJn+FJ+eihv0h5keoY7qKCFwzrE6eQFSZPBM8/KE -B90kVdpooUVkEqvcBSOADVrC696YB2F6pNuEUULiefJpcFsX5a2eGHw8Z1sPc7Pv -9YTRvvu646gX0JCZRMStSIMOtu8qveH0HtyFD9RTpV3DGpzAZmli1uOVW02bfp5y ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_1024.des b/tests/data_files/keyfile_1024.des deleted file mode 100644 index 368fc323a..000000000 --- a/tests/data_files/keyfile_1024.des +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,4DE281E021845C67 - -U+/JQ6yKL9vbyfrxM+v06U4aC+2E1QM4zHLtjMxz2wGqlm20H7mYDRaMOzW/RcTm -56Pcj7vplKwPdbgDohRVzvXa7vzV2Cr0/Y8aCdLEyRYJrtHJBk3+gjBD4uoDXhhD -Ht7IA9WfiddMbD6ZKaQgBAJTh+JG6XqE1mmGsCsUB3JarLY333u6M8VDhhvYFNx5 -Gw/c2hPixExnOmrGy5rXnIY3kzTB5xWYVPVrWy5+oIsSVtk6+5NiUOV273aY/t4t -EcsbbHwFKWchg7loEDoFhQzinhjMupTjLhjAP6nb6m1tGqoPDux5oiRBgdmeUTx5 -+8rgjPiaPezrALaG5MLnvR3w4rKCP/2sYzvc8bPvx+kC8T30Cf78J3kCUl6Mbgto -bBiGB3OrXkIebonWSZK3M/MQ07Gi0KYC61ZR0LLesXNpoK4oODFIvEZhXBKYIr6a -3fhOOjNPYD5hY49iw7OFR9kZ2dR0JSQ7YUVMvnS0cm1/rxPEFxZtqgwQVlhK3dHS -m4PvGD5JJJ7051/+H1ri/g0/Y9WE/KQMV9i270TLD891ND3mpJEErA1xeulzBbxo -/1NJaVA8dgrgHiCdEYjzJQLiFif8MU+kE9ZPa7jUON0jQz4aAs7cTA3o5SV26D2R -fyySVFCAk4dZmb5yGNhstN8dRP/DGs5t1Gwrlfd6jT6+hqxNEEmBH02L+jncfLL3 -xk74SVqKMFUE56hQhTeiyC3E1l03LrdNFmPwkD5/evMRK8K39esFxRnT5iOmt6AQ -AiG0zvb7lvkbk8hUnZA8gdTRqUxsSwMjOsF0MzZodaE31bu+DxHn3g== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048 b/tests/data_files/keyfile_2048 deleted file mode 100644 index 7babef484..000000000 --- a/tests/data_files/keyfile_2048 +++ /dev/null @@ -1,27 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIEpAIBAAKCAQEAuhHGZIwzdqq6yM3+ecmqj6DGpBZAYPHca2Dw3E0k/1/iLEXP -n4wSWWza88HneHU6wv/75Zuv+Z/K0ZeZ/OuG9vNIExUEfsZZkUM/cly9GFZrcDH4 -KXE7bxgiDP3zvSzKjPdk5aFZ6DJfK/iVmDCpjngEXsn0I3iadMWMtxokJipoGRlW -F+6b40DMQlX8VNJYU7269w84SmRRBAKLo5ZeNskI+BKpmqInZRfa9yGFOB/g448f -bE2NuV8E1wQzHbsdXV1HpIi+7hRmiYXsZVWIW2WHqy1TJxXWFo2sTOUW18CvNhac -zorRB9lZGT4uzIfJ0eKr1Z4uT/7rl6f/T5QRnQIDAQABAoIBACJtc4XbIxKL2G+b -HcCu/a4Bk3981oCZf60mjKpWY8gUl6aVbCsbIbIGICUF9awmFK9L6fG78r1/QWmy -YT2Y3qoGrYlKVECYtq3YAX9JhXthUhO6Sy5v0w1lK7e3rUeNaBTZGYQbbKU33MAo -CJXWOykvL6/SMif2Aq4kdzrRzWp6EVE73bSiicKCInJCDw+lQjtKWQQp0z0/pRRW -td3SLE0uIgjseRd6IQQugccdWcxqcIdA4u9IFEONI0VA0UGbckM0A59SC0EKL/tR -b6yUbOTkyXPAERVn9LqmBEIj1k3WyIkO+w/6q2hNTcTTTax8dnsTMfdG9OKnpL+4 -EnheMUkCgYEA5qftyM8sDgZsVLg57xfuX6BRiuJjtNwN0bMjkX+HD1FmqjniygYh -LvczUHDf1jwQKS6GQrMEWT03oojd5E/pOB+2RvCF5pPzCZrNNBVi7mSZVDMDgDpf -vIQRaH5VXVbjt7MSMTl2XonAsVtP0N9ivhFF1zbJ9X8UyM5FpO2VlssCgYEAzoOu -YdNqjWsVIgdq8HKiURrbhjSdggPU/dE7/aJZUrW0eAMrUBs2b5OxUzhJ2wdJq5h2 -N3VI9hYyeKzlnGbHuO9Sfxd0Pq2zus4t/tMs9xSy0UnwYfI4e49Ni/aWTVWE4Y8a -dVDPd5+Qe8ji9MCjcS685fbYWzx9CxzidGIQhDcCgYEAw2QMNajyW+srB9WMFjOC -lfU8PlerOQGUn0iOX+nVIq/FNXyV1qe8ool8Ka+EnnoBArHLwGLf0yzdnU0uEwNy -wD107sE/3OUF4+QD4xQe223SyZXxaEWK5ipGiOtEKy649tu2FIbl9A3jcxq0EW+6 -uOHu9PIPwWxm0fiS3LT6nGMCgYEAiOWZz5eKZry5gZlRNpuHJiSbqVdvoiRQKQFu -ty/L7pwtSfEv4SZo64YIYpZJvzwRhgLHOvQwrZEBXCWhABDSDLH5Ce7OTE5xej/7 -FZV/lTrPXxWYmBUthBr22PVZpWIveCaY73PmU/IeoTAF4yFgN0M4TWlY+wIaEifP -pj7rm/kCgYAORhWCosYykYqHKSC+pv0oCg68E4muam4GeHALm1tbPtQhn6C2Q9pu -4TVc/Pp47XZolwxsDPDvKlH6QsbFkQR5OJ/nhD3aVE1Giuv/gIZNk0d5aQMFjn3u -xChnA9dsOsZRDBglKZUMPG3Vz5IrVg0nTkpc1j8eRiiZa2W7gjx8jQ== ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.3des b/tests/data_files/keyfile_2048.3des deleted file mode 100644 index 8b44ef6eb..000000000 --- a/tests/data_files/keyfile_2048.3des +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,1B629C0CEE2C13F3 - -TwNn7h27JVNdu/bms41vRpA3vrEtzTbWjdf+3pACwbYWJV4i6iSHoRxOLZLzqDx7 -27pz4aBASEH3sIuzcz8tuhh06rE0L4k69Pct2/sKiEKxx0g+fINBGpdRTdGnxMbU -EbIaOR92b06MvCxROoXx1EsrJ0BSPGW2VvJQ1LitBZrOFVWEKc3LLki09c30Laor -qGmU0LDGTC6gu+ykuEgeyl2IiSv6Jjq58UQPO+pSUrr1WdjS02LWjy7WT/I121Tv -4VepqJLgU+HmIBmrjBhdE4CFI+cM7ndlhboU4mKCrMxGbSYlJFARCdW/Kk8CiWGb -XKXBheyHZ0pxWZ6QcYFv7fvqQNqdvZZyEJBythPBklpz7omnveKYj287i+RbhndW -jeEJA7WEf04AlM1q3dyfWUrvpfeAygqSyaU+xp2c5TpYp34KYd2OGhvCYn9PqIKB -DlkdHnWEwP6IgPDKB9gqBz9ET6ZIdBJ5R0c7FIsR3IE39uRwkGaggQrcHRPzWVgZ -9GwkaH4i2R0c1hXlOCa0CaHqWjAbtiBxGlBeJdww+UZcaV4Q/mCCA5/fSKI+DqsE -Z+D1mC53Qe8TDj06XUiB42J8EjiBzBlm8O/v6HHoXuvR7ijLfaKeCuLTM5HRFyCC -6Fbax5JO1cyt/45DjrWvOnyKOZuzri/ctybeqmLxMneka/rXZsq6I/QqJzflq/PQ -aqrj4c3hfB30cjwkqRaQafPrlOWiU9bZSgLctzPTZycqfp1l9uwnlZm0jhJ10UNs -1crxnWFpwIfLtaR41iiHvZC4CT8WBRgWhUURStd/N7/BLN19kOP0hDH1Qu7Wdw9o -5mIqvlFKrakaNl4cJRrw6QKqP0HpEFcG5cuaj6fM1r7WyDJbZlHibOYYT3ZJ3XCd -GzI57blCRtm1UbffIr08fAOQg+1amJ/Q13RCb1OpA/3I+FCrT0n3zXT1fKwFWaXf -VaaFdPdAfUssJTcbgfjRUWklTFp9/6QE7m34BZwmgm2nNziTjJ+mthtqXN2nNtOx -tr6zFp+Ih4DnJfRQTf9ew5Jt+IceqEwQ7gp+BzidvxS3sCVFxIdN10E31DYj1tS4 -VIMUm6canmvRGMl85i7m3KB154MBdjPBkPnDBaBLkiyFlMdtc5YU08clNqSKkYM/ -kMaOfqtfI8AcfqllQRw/Zyolxd37FhI4rmrHjSQFNsJVcHQkXoRfy8M6rmrp9VnS -hUjPUBnH4grz5oXbZftkgxPI/q4ODhFI1XtqdzBgOvqPNc/zo+tFboad5mUMgeVN -jFvyupWlFRp6I1Bfqmd+LDiv/ufJcLyPEOAaUJ8TeU7T8QOMnkbU/K1u9nVzB+cf -YAwCewn+hrKiBk3c6bqGwObMa41rapV5bgnct7K7GJTikr8B+KGom40GyQtrYlK/ -qosSH5BiIyUkDKaQKZdC/ZZAAXKhvTkOMq3WrF3fs+LdDLcY73lG+LbksxmSKMS+ -+MyZ1/v3+QPSgbPu/9MNsdu+Is7WfkX5TGD55ct1JhEWWW+XJr6LLuLvd87WsESz -fmo4x1dh3tbiT7bYvsTcgcGURaw8lmP3+ohW5WS9Nu8m+7+aVYvRtsIRJ/82n2Fi ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes128 b/tests/data_files/keyfile_2048.aes128 deleted file mode 100644 index bc6c6d44a..000000000 --- a/tests/data_files/keyfile_2048.aes128 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,09F6885B998C878DA5DB6A603F90CEBF - -hvmN7Ox4lz+aEmS3OztRTZEr0VuV5zpVHNy5RJGfyPodyY8ituvU7PsGbgESsd3n -7h0kwWnW8xYkIXGfRPUI/I6ji8JaDsEHAO42rP6FhqL/lF4KiBg3NnydOAO99j8i -MYY2vBsInyxe+VkbanwSAwbQIXoTfgHQf2KMs5HSQ5AHnuyZBC1mEbSiyVtlUU4A -o8HJRHEXQTV+jkfDY8JLK1gE3AhsLXaLrepU2L6ASpgXl4bWc5GpUtVFA7POuIQ+ -Y1V/7gfu6hSXNSY7iW3am9i1eN7fyLcrYTWty/FrnGDO9UBe9XBD6OE1J6ohgz5X -lL9cvSHRq604gmHe4MxN8UHLKVxCP3/xlB8lI/YsfBc3AyqqVjZq1f+fa63D2Xre -rl5xnil6O4mTMnN57RuKInewdTA9cRu0Ex+Ye6ZnA3KMCyXd+UxhayMTx/3XykMu -4QE04te+BN5wEjQ10TbH3s3yYgUjrDQ29Olq/YUFMo0AiZFw9eOlKCCfuD+BBRot -6s4xF6YrUd3bENdqS6QytziTJ4D6h6zUtWkdO9Z28E8hcc4CpPPBwjGMkmwCW2dm -EXkv260cMSPD9HCvG19EvSQoTuhfpO1bLxr1dJJCiU18GfeJOzq9w9mmYRtSluxQ -houae8e+lozcQ1yIIlj5qgHIB0mB9AGB62XIisLpdOeej50pzVkWZ8d8iHynFa5x -78HO2XDf0fAmocHYu/OLSE4FTXXKAidMfo4jHfsvjQbqE+5J89ZcBT1e5vFqUqye -K2iiZacRWrUUVpNMlONyxoX7h8kYyyxf/j4Q6/wIWS5OZGLttvEl3MCN9iNmF2r9 -voM1PopgX2j8GTE+FLRtebmbKZbv0wXGqaJoW6VBoWd7KrLgig1UeYagwnoiUJp4 -TgcJFJoC2Mzaeap2fSph+Zvuh4PMZnWn+k1Xccrn/DPrOSkvZZQErmwNpHh3qonz -hYN4IChtOgviXungpmVMHFWcxQg2zYu5AKO68PXHvYY8LUnS+4GXqGlkcFrY6eV1 -w/tlM0HuvqaLcOk710cVpc6vC0sMtKrf70nRKm0P0SIlxcnVJuk9PenpdrMUttAD -27ey//ZVeGSQ9MZfpDKcvXRmxWUv9VLESF3XeqnwKkLqtXRTs3GYX4xnbHkSjkvy -o2uFNqBedABVSthArwWBCYX10BISsbN4cM0fNoxDtSmr7gOt9bxwNeauATvbKWYx -MZ8c0My2PDz+dN2sTqUV3IyHOGrPxU2R0V9VlyhTqRf7J2E4KpXeso9nJGGMMIcP -f9luT9BGtmAWBS7t3XE0TMTmTuUFHxQC1Yh430yAIXQtHQNYtwEna2u/3R3LkEaJ -HTWWX4oGKbHG+cyiDqN7C2rQ09Rw7+iysqXYJqmpGq/DofmZaE/odDR2DRixW6Gg -8+5PkwTkuQOTFJJxUjK8qBCNIl2luh+2Zg+uXNceQYgAkv6sWwBq8kSdERfNz7t4 -+YwQAipTGiv5wpIYfisXsUZi+lSijfo7j0G55M07lZ7Zr0er9QIEsoYrpW1Z8QTl -/gUw7loYsrQYc0G0XfrmAxez/QSv6J09RPlFTUtIIRpJXcCahmQdDjed8vqSYgqd ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes192 b/tests/data_files/keyfile_2048.aes192 deleted file mode 100644 index cf3801891..000000000 --- a/tests/data_files/keyfile_2048.aes192 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,C3122B70EC372C6C99AFF447A1D84E0D - -mO7xSSSHQcDBCmn1BCFOKUgXct81dzRa38bPymInB1HugA/j7uvCqW+2W7sU3vFc -Aa6M3eSP1vEI2CtDKhRta3zPDMUQk5eHk/+2CzUN+KO725Xk+e/6vqVzN9iVjidv -g20cdRX8GYUKXdokvPtqmUSmbBxVpdy453uFT3/lIo7C01jHmVu+vc+yM2Uf6mwx -lS/LQ0Z3odgb3S1j1iby8NETi3bud/Va6h9T+t7BGEL8l/tgIuSBvJtMdmxbjbSK -4phRVV6il7wE68idotsVj/FChvnjuXe5E9oskpjw+sBioesfLrX4C/zAE8QwBULH -DcmrBt7LHsjuNEHYDXglyWfTpifCo2D7mS8IxcYH76xasVxEenDYZIcQlcstFQtT -CAR7gmeGxzJOkmOsgXeqiwxSY+Bz6f1P7D+jzuUuOr211DVMhnN+TELPWX3bHbJb -RwFy0ZfKxKKS5V5s82sQLw4RsB5kE/Re8Zkq1ZVIW7QhECDlA0kT+lf2fYX6JpN1 -FgPsgrSWaL0ZRJkz/aZERxbjJeZthsHIqvo5UBccVkgo9fgl0FJTcu4lGz6FPNMS -BhknarG5RzKHjY9q9FRCNrv/KirahCslEspwF7yBTh3oUPJ+61t9tQyqG54vTzje -wcit20iWvgMo+efX0awDmDgEtATsvG/9BmNQE2KPfXYvtZcvNnlUMIEFEpbcG7Kd -nehGyCZE1OsRpVwlDjtBi4GsgbscIswCqMo6496cnEV7NhzpaHpmFsVGoAek7p69 -UEMidOmO0VxnOgAnVO2ldTMzJvkE93YwweSbKIqE6yQN2CTukZ4eOUS7F7ZYa0Nl -De9MgTUuiCQ+ZFucIuzNUMQlkMrqSmaKdDVtr00OBeJgwXnl/5lSRY5Tv0gHnyLv -UFQPPtMB0aD3xzCI3BrlyFSCB8qj0EiLiHTF+f1cZ9rfVHykoTezA27278bCGeqP -2Vso6ZcXLaLawwzGfl7YQBpf3rcy/Vs3x+3b6pVbJ0QVISHon/Wb0GWh4C7ZV/MF -r2k2KveOcL4yWCxeh9UU7VYPjb0B9D5y3XsGwUeQfnYqgpbMincB7vBXId2kS9nP -N2vAnZaI4V8f+GBHmTr2LU6MRI5WYWKFPpY32ysR/Uwa4MfjPefD8C6djzyyrkk6 -UWylB2/NO4JVpwM1NmV81U0yOS8gEwIo779sB72bkdZWItgkuld8GTRU3/aJez5O -+cK4+EOtMALAf+DmFAsI41CXcjjk6mDWp4tZ1GCst0WvRf9sZs4kDbQNMdTih7aN -p+B8fwGlvErmmPl9jHmnISV2QNlbovmpInKD/cERx1RjZrc2uGLTQMIZBgwhqnzY -xj4hv1O3s0lHw+FEJ/xYI4gAJa95gs4eFPAZr/TQ3U7N0MweFI6LMNDJFQpuh7AB -djCTIoVv8EuHXxp+MhqavzO3LGxlB8fFDhFLPGfUhRioCDxExs12MR3qFKqmiA+e -/KntWeHDWcjmJTfhazq3hldUJVy43J7dACCKJ+QXsvvsgW1YswXWQIW5D594hcrq -9AzXl5Qd8kvf+2q+AoT7yZfvQY2YhLI7n0p8sww6+pGUZQd+aEyBsJK/JiW1LqeB ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.aes256 b/tests/data_files/keyfile_2048.aes256 deleted file mode 100644 index 3cadb3b84..000000000 --- a/tests/data_files/keyfile_2048.aes256 +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,5C4224A75B008756921BA509FCC77A53 - -nw3Mep+219ueQNBL7RhkmesgREtMPl3yohuuqHupVs6uPaYWAheiV5rcm+EZiLlO -ddAv1DSTCLjB8Xuo0Y5DjNTr33C+2WGrq3yrCKq0xSMkHMmA84fclskk/YYHkFKe -oRNng+Zv+S87IflFUw4M8GRi2a6A9vUj9699rvXTlNkzj2iOPJqckBX/qRnSwa3F -5lCe0A/PgZ4spbp+FgYnKv3VKFjkNR/eE34K/F+H02CVyzUKZsWnrmMIkoLn9Z9J -Z9EagIWMNgGVWpMEbnnG0vgv361ZTGkAqW8o0WRY/Ptr5MWVdyaLogopGF8HPbMT -CIztgQ+IpOwpTREeIK12UqEi7sPISsFHdeayTFwKZEjKPOXHe3tqze7riGAvNONI -wUe1JNAjSH9wyRSvnOjafUG96KWOeNwHB3EpZeZ3Rf9KPsLklXo4Bdh2rqpsiIrD -WpKjVtzdTh5Nd2ce2RYGjqmwKQLVpf91RHEyyHOBHCMsQ8NzaH1YA13RXQTg5sXQ -PHn57cQv2Z2RgBCEFgNTvYu0F8HHq7b6phb4CBenBOGpGMFD5QzWO0yTLDsZI01h -oVZbBALfhBboe0NauJyR86GRtZYdq66mfrp4En8ugzB4ifm5K0TLSmAox9pxKgKy -+93XfEMZ8Z8VpOprOIQEqMVRE901fVzrRrf2QjoGhdWoopAxofDIo/C5JvhkxSB/ -pfm3G0wqjsEZhA0sDbCuAGVpUQmrgEc0Wlm96fOtb3e7Ya0x0vdIHDvtxvrYrSjp -iTdhYq0DRzMOBnppVqdQWZRSrNJh0rcRMO0VMYLc7FBUdW4siX7M8WpwPM9yNnET -2hOOPv8eZdm9zq2A3rrrd0OU/BRtT7aFAW3ZdE4isKL/4Ky3KKYyOHnM4g+GeA/L -RHWlvnLAIo3JoetFwB1VnH2y6PTBkND27vFn3YUrkYerIk9Bp5uNfhfhieDaXNy6 -hnUnit0Q4VrobXSLvNt6Hm+cAWlYa2d2EQ1pyUl1RMrvj8l2ad3NFVNdBEN680v2 -yvP+OBTkhDe5XvVskpUbXMyhWoY5lOJWMsDdXg48vffJmwM+eSsmEzocFPmjElYt -39NRsBJ4p1AbdpqS6HiV6ErjUh6qKANnsNwZEF98pGTR3XfsoZWlgqlKTZH+5OuL -N+o7218DxiTcFuy8/tx9zsoZHymQFxWLUVeWQNKoZEf12nVusvHlLKSppeHHG6ab -3AxZ2NICNmELYnT0LxeeQL88b+IAMGEkp1gKY5UE7b71/hu4YaIKV9YUPe48fcnn -tY8gioAQOfhX2yywBQrRopgkw/H7ehh+dC8J56gDQg74aY092dgTQbPcvG6RMZnh -n5B9GpJSrr8xwRczfIvm/aLoL/fQAu1EmfW3IAcTZ9sfsMSg7OGNmgSp8OqvZIlI -2qxn1Lgo7Px0bKsw6aBBbrB3J6Mi8NWumj6ToX9wNFr2i3qldKKOQ9pGiqgewqYi -3lH5Cx7BDwLQOyTo+JMfi9pcUCfXDd8N6t6eD1sAU4FFo/9hVtX36MNKn/nC0Vzc -GxufVFCtKOFvqwkegRDh0izD4VrXiE4+URxis+ux56x0G9l/3c4ACYxB9Wrwi3Vv ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_2048.des b/tests/data_files/keyfile_2048.des deleted file mode 100644 index 98b376624..000000000 --- a/tests/data_files/keyfile_2048.des +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,21F054678F8CF188 - -dEvko+lzz29yp8Y2vCjX4YJjBk4c+2XGn8M5DZeMnL7/X/3EdRtMwoJnHcJMoxbN -Jy3Of6J1bYM61UQ1Bwr3vjFvOMrnHcPWHi7W0Imje8oS0aKV8UlJermDWEKULjPi -j7k2N1XnAzPmdrt1TjRwi2+T2KtFK9qAJ1Sjcjva+HecKMeVHXPO7upK04GyN2aH -30dmzhG9P+/kek2vaZ/8PrV5A4fBoN86vt3zRtxk5cV4XbLkjL21gSicSl+OMcqG -lI+6acn3jeal+y/zl1skowmIHjV8JQvRkDXFlyDncnvy7iJa2CHk2VPfRRAJACXN -3r6ZfDvIjI7eTl3blPUZ90GhopvVyPr5SuT/I4sXR349tn/PmuSPM5Erw/8zdQDW -GSVI7S0FP9WNZq76ioyQyc+ZarKatOiuq+F9LyBU6Yjv35f9+efZ+e9tDqtyaHkU -cWMbVC+oAnSrohQR8XxLWiL8Hu77E9y/0tDP2GTmrKYVTnIe7/mSN8C4gi58lhFy -vMLda2yi8VncSb7oPUl3MAKNq8w1y105JqHD+nWLQxc70kMwaW8/UQPgawpUbLCs -7cr9LhQmqmjiHxioMtg3wgzfSP+iewQhtigWxfVQyXwnPVpzyqAroHmIA9aM36Mu -TodpMeM8B6hiv0g88qKBjwRhCo/XSEyowZbMx4R5GWvHXJ6bIeh39xV/FXB+tj24 -5HsK82ZKC1gfdmy73/PFjdX3jpeAZ80BqZEaE7q1RD9HJPmArdBY3qF1wYA8leBF -IDgx8LqlxzQld/ZEFzTLZBK3fdlnKx3p9b2QmyBxz3ULsPHChQyvP1Jc9jULRQbF -GUMPOCgtIfbtcH/DwsXh8Y252/tn5SI6u5pDkPtr+KIeJAv/AUzI7mqeIAw3pDpJ -KehaOsXkrt202nQ5jt8zwSJxL6ZMxJFSPIjRqsBIXvsiMd0a7vsBkmYnDyKB2bGJ -LQ7ik9z6OdemGygYUTTjh0GuRf66VWtvOt6cSJPobRMLFSttW7qJBrcVRRWyT/ZT -PyrIsoGvgahbSLE9EPlqDbFHoAWGK+gmXjypBBcJNkCU4EzUNYylCFPqAcz3+klq -Kaq4OK02qAoYk8dHwAHgljO2UlJBDibwT+Kxg9jiAhBIMBoJLGubLjUEpAeevi0p -Ct632gh0lpxhIp/pBKTBYDaZQiNB2zW8gvK7CS5WJiP0J2OustmQvBLjW+vVmeqj -9125snRxKCCkx3xZyv4IOVF0l5Go7NCGi6P3hD5EsYQyBB3sQJtOIue0tr1vBL9/ -+eiZ2T1NTfSFUmHGsvEq9ikqL+tequRkX770l36+58w4080x+VM/8BNcFgZ5FP1m -/tUo8Bq+bCu2Of/JBllHNXrHXVsUJs/vSvAcibuAzHTTHoC1AainO/M9OKy5GxLB -KaTjliduSDvhUgW8g1lI1ipN3r+ddA1LuhsBIUBPuD1TvzXTgh9FhxbFNlRPQB2b -Sw1OU1lXtu6ExKH+Qwk0/rYXQ3Qv0118MoB9X/uGAzEcaZAIrwdh8XGeTMIKk+Y6 -e5VgSSbtOFiaVe/PcbX4ADucy1Ai1iEMP97YgmiG2z3zW6gPTeuO55TllV9jN+1V ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096 b/tests/data_files/keyfile_4096 deleted file mode 100644 index d9d3cf497..000000000 --- a/tests/data_files/keyfile_4096 +++ /dev/null @@ -1,51 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIIJKQIBAAKCAgEAt3PBJGlHt6w57Vr0TIEI0G27iIJLe1tl1ATc4+K43/RlH3fE -a4OE2TxPBKQ6Mcy5b4MkB+EnI5V3JqrkoJR+B709+utMzv+vLVZHR5CZR9eGsgp9 -jC39qX1GcoWhVF9TjNzrsvFNmdVuwGfnxanvVbUunyR/CyF41DzHpUAPirH9a4Z7 -dH5lAWrBpPxsvCVTObdsTgEiQBsOKPFXE5i0x67zYCkAuO0OAW9dD0b0B3tjJVhk -5iHV0eNBFcvx+6El2RK5zM4UcL9LD6epmV+nwBVfxMSrniuu0cjvi075thDRR2GY -vYMmM8PXCvVVrsejvzUNEu1ANXjwn+uYrdqag+4vmdoDDHGfR2objA9Lr0XQuyul -JqzPT0zZYbY6Vb2TWWhc0jvdwXU767nTw/4z9jHSPkyF20x2tOv3tpEcMTxFn8G7 -ZjPAWMqf/OmJm3j3vVAkmjKzsC3wdJkEWz31HwAdfX/QCrMs2mP+ISRxfCZi9RiP -btc27/nm9FhQrns5wyfUlK4ZzqOEuHCgoAd1eyBR1ejPg8ppm0aUBRcqw5xVUWN5 -pRSlbZdOMugYi7lp9tOaUEvv8O2lSXtGbSQaquZ3cFz1B3pgoebqxkV9gnJnI6La -eCYWB6C0RkosfEFqBTIb+IWosrN8/a83iHacVSEosmq9TGDXUHiUJVhldDECAwEA -AQKCAgEAsy2B9ZhGjeTPZz6w4ZAeFcU3p2rrYn6whFaDkKi+vS6tHgESfZglRzAa -VYQ5uq4kaAAETxXf7mdryv6a8yRVvCVfxhXQHVWpuXRNhl5696pQStDoMuQwnzxW -dECEhC3fIvQb2djJXHkUBST3QR5rPqEJ+jHhS/PTWihLLuHUzDhwNndRWUSiTrIA -lK5fXZxvHy5BwCZnV4mVWPPvgpph566+0qr5o6UVSt2EXQmGC1C+U5l0Yzmk5604 -wptBq+2HU+9wPdMCL+UG4TF2+vBsnbXCpiMZJBGyXAAPx1bJmsPuQ/PVBTR1OZYM -EQ3yNBWVn4mnTVcgoZmQHAI2S4f55T2ckwYTMqQGwGiRIVK/x5Z/cXDEmevmpqLb -8U9atXX+WSmu2B08T+DPPT8SvYAkAdHPXltVrGIyZs8a+R8L6YoRboVjKys8AItA -wvOzzf1qJJ3irXwBVEiSwqDhwmHFKbX42njfsBS1tpCARgNBrwZdhWj+z+g61sli -kikLrenGCc0AURtO+2SIuxUVhmJiazsBYuZfC49eQ77ATLwc0YliPbni16NnwRn9 -eBFo+FG4wc6eAIpIipO/nSIUNUTd6kHZKsL+eHLx2lKD8J02GbifcGkaY3IVNfPJ -2WGmlHy6vh/o9KM1o6jyrwSNRNgOQTi2j5/TeOKmxZE24OIZ9AECggEBAOd5c5xw -NV7vO/3Qmr8T8dagPiyIqjCt15420OsFo+Fd6laU/i3jDVG5fGp+b0I67IBlNIji -FpycORAajQZkUAgd9bRCm37SZ9yi0f9k94MK6sCLzAoDaQ5gHPSPRoUc7YGM+AFC -Ls+vyXcrQLb2Hxwt9H+TIo/cw67rSZThy1zIsLf7Aganq0pTG7+yMhcq/quUoJkv -ssBiftip4butkCk8aHhWRNkicKx+h8D5fRjpmDC3JEFTlleHKhUCTZ29Y5CdGR8e -c52w3GyJbiuWTv0Tc3Kp3OvHu6Mui+iZHpEUwmbm+kBewBwCSm148ViW3P4LZZjt -CYC4gyvXu9ftORECggEBAMrjvV3Gkrwah74IqE0eKJvFM4b0MZ1UzSSM30/z+T8I -t1qiF07KnmTET/IPWP58AGY1fHSanGG5/ScRrFRQjKxK0w0KiOpZMn+VwD/aziQk -LoW+yTBhUCFZ9DxBjlIoivjMlx3fYun35dfMtzAf66xjNDo7QKT1aKBngADtnZR4 -sEObu+3bxldD/qcO+HIC8FoqLwBAvmJqJ7YmsNJWFqc99q8Qt3taJPGp8jv0M283 -gs0W7WTjaUuBKus9bkjE7hH8XXKsSlkO1ufl6TGj+9kdW0mPB4dpQq8MJHJTP1gk -VEKsCVUPsHKcl0/u4ZSRAqfYubaIjLIIa6rEe4LXiSECggEAK5okHe7BDu3vlgMK -cz3Vi0FKFOd1b4//kqzus6avVQ90yfRs4MXpR2CyP/krCgXBcPofaD12Vu/Si+cE -c5THwo+qLddyJPSLXfNJrVseiI+w4q4ytBwqWOvf6G1oskBduM6OFOabnMGXKJx8 -Jzq7Z3p8mN9lXkYOkk99386cmRCwwSdGHWzOBkUbcAOoDdcqe7WWfuSOPlEPZc6y -V8D869eWMjzF4UTshoGbHs2gM+YkpeCJssiFBF3Qnn59kl4PeDkvdz4sNyMOkl9c -4lcA8AkO8SVwGPXZsYZeEmVtbZTEfc+6ig+PDneb/30NsUtRu4T4EVNtO9MF2mdb -2fO0kQKCAQBd09xrVb3eR9amx5Itt9jH0Pb3Xk7jl6gXUx6i9w05XWqN+5AT3BhM -OY1PQFHDvszgd7PKqQXRHBY6zy2HAIlN1Hyt90VCO2XjIvn5jdLvW9w39fdM7HQG -OHd+tkJ/NEiwrszj/77avM4Kcp31H4359xbcJzLKFsQACl1kEH9jfjzlx0utwImF -KejGkWHMOBe3WvLJhyeEk9sxncsAOtfXGAzRAUYZQaL8L7/agiCXOnC/L+8xTQoQ -5PdYOtyZwpjmsHL26T6o2PgB3o1ta4y4556j8gVlVgSEt3TTejQ9Ku/ctXrLX6oW -FtzTFoI0FqvHu66G/7cxTjuciakk5VCBAoIBAQDe9ZvhmCpCaRmFOULVGqb711Qj -cyM/ns+5qaNx4WuOJW6tspCeKy3ngUFHWnkfutKQTnD1TmYe/HISkiIa4w10ejSG -AjX4JQsWQbYJcUaUrFgUm5oCPM9pmWQwJnjmt1lHEggx+DqyD6kgPrUlSzmJHUTS -8KSaMCBXdkcHZDmy1N1QNIUGzmTv8QaJzb2+wFhf0A8vuDnqG/2/MlBUJwJE0fGe -v/1EABZzkJgjnNmtIDi8GuEbbVFms0iyIaWc1bUwiKbSs3KIWu3BYYeBu+5a8wfA -A4LkwhigbAn2hAwHwKjngT18EMf+A6EpElXI4lpQaauYTlerNfR+nDw9SgJP ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.3des b/tests/data_files/keyfile_4096.3des deleted file mode 100644 index 6097b42a7..000000000 --- a/tests/data_files/keyfile_4096.3des +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-EDE3-CBC,2204E2DEE853E8F8 - -pzJieIpy4v5DtIf+CVzXVtlCPjgbxIoq3Ci2qhreHyAK0H9MP6x6Vzt5vVYwolSS -5ZxkaIyY0NlCbO/ZBW16MEjYtNrLhOL+ih/BLSAnfNmW5g7UEJ35ZA8VNY6ElT/E -iadQPNj6NvAgtLfFC9elacidA/6nfTNmALxhWINolLc1kQa3CBsTRnpCbYyaHluz -/xo7Dgjaoj61YU4UyiOYtxHtYkQOXhdiKpXdLHHltxKxJ0fYmbBJ8OKGv596MIQq -8hKpYrcj8binwafQSYjj6KNEFL/PlkDii3G/wuLrFwgkDlNUNkUxSe96e6JUVBNn -uEgC9gg6BEAa42psaEFaq29Z1R0qkMNfnx16T/425zxdtcBebhdj8pIaQjxMlVhM -Qe9P/fypX3B9rS6dkRloK9AqGuRBeZBZJUUA6qgGagoBXsqGQc4FhFqrKdqBeB4p -IQJbWa++aH/bdP4HNrcLoA1lB2WvjtvPmdTdto8fICulbTDBDgsU96MUyquIkT4T -6p0yeXEVc4oKYYmHb+1/FncwawYz2KjloM1bX0f/PKtsrpk9kLDSj+cVxyRvi7+R -39NoFuEa7NPB8VKJCgurVL6lQKIiitBos2loUn0/NMBaSMJc0XrVvFG05hxGL23c -1tFhRr1lktE+TycAL59GKGJBh4Kuwjnu/eA9hkyJxDfJt5l85yIXmaqdjNtmyZ2w -2b0Lq0f3yX6NGc8zGhgIy8ZrknnRnPDtHSck14Uy0TJoooFbWFJ/PLpBrJxHx9yi -ApWbpC2vdtIVlPaYdlEAimuzQhEvwjSIqwiVc087PbCaCBEWbUizcdde3PGAw6U6 -I/m1FGHD4DqImDXSGB9iix1cjbf+4lsSHJNuB5iejSqu7FDkC5V2YZzZaHDFKLgW -hwpV4JKxZgnA09dIRQw5oNNI/LjcViA/R24rChIp3papG5CO8vD190CMTbDSDJPQ -NRwBQz5LCpIQaUU4I67sdyqhFQ0lvl0asTmBZzUOAjWyMEpOocQEy/W0vAUu+OEa -amImjcP4H9UBYfrXkLEuuUYofr3RwZMX9KIEQNF+0VvAfeJt3IDOV17zjm0kN1Ql -bjN4/iJAms1ljrjBev751DluzttX9t4Bsf7VKsmlGp5yM8YpzjFndh6/pjbks8iF -W2pGpdStiXJ27xq1aa4YrBk6zH0UDRL3yq9k7CUAwwT//qlKcgU/U1OU82gLkl+g -Jxy/93KgpM1H7g1FD7WM01LswEwPMWtMMA3IogL5L0mya8wEth15DxWKAkOgub4A -8YG6WnroG9aEovgHl5b/6laTryhbe4vMw8onGscsLK+9FbSPDiVAJfQisGnJYZie -PEOJw8iISTVXPCqbjHwIi7I1Kp6Yih4PLfUxmc4+Eq9FoB1pzxG3xEfcXinsJIuF -d3vH9uwUTv5mKO4IJxjc3Tg6nTMjrDfJHrRYeA40r+30abeWc6X3KhEQsk9nuj9N -PJmTY7dRkzxRsmpA9inJkunwhHF5FQdj2IqiQJNbapqE62MGlVofSKO8P2uF7UNh -8+C0k4ZSHTnS9+b55RDRvfduWosJbililNh6B12yqEfDMXayn812h0JNWv7lglVu -+EiCrCqnAWYhbqLPtIXHv2lowx+gulxyIrPlK4D6LCYy9iL3Qqh2bERfccPS5EaK -eU+Sj0KN2KeXv3X0DTKI1iieWOjk8dv5G+wml5cUNDHeBdKbsGuWWaG9F4l9Em7c -V8cLN84RcsyRKJCRL1kOpejD/eTWzuT3CmoWqFsqxsJGu2wXmrrXfBuTLIsC7liM -jtnF+BZZSebX4ST05USOHbKojx+yXhIOnO9oabm+ylnbOUrXXe3ufIA1P+z8GMJP -KSrRIeaRMfkiotW72wa+ofmRl98vSwzHdeP950ACf26OVe3Z7PWYI9nSmGR4lqrf -vxMAbLBvLbpq0CXQgDhpw1YX4UvvVLGndlcxVey6btFuy5Lmwoci+cgpkGBoDsau -oemfgVOMNoFSjoFO96kaKbrMLHmniEWdXX1FlHw2PTjv4YeniblvywFz3KqtxKzW -xOnWF7BwBTTm299ojTotOOl/iGMeMFXyGAc/lm7SLtpdHxYlr/3906Jee4ubhch4 -EEsNxqsvo4vBOl1tmspazPHVeECeL1Io664PTdTACQnENd67dHa0ytLS8SdW8w+r -7UrjK41PRhAhEBJUVnTKOE7QA9CPVMT74Qx51AQbW1uqlxuoFyO3w1Ra+B51eVjj -zjzN4x9M9m1TQzmpGBf5j8inIctdSAmhCpEB7qxyJVmHOoIUn48u3i47uWmQVwmB -W58f9J1TYAmUTvaSC+Mcmvbpo0ELhCRKVMQjuFT45ukrG3jeohiecPU9ga1VcWPc -uQdaijy+oNHDfJstQloWn8TU2Uaf2LvdSc2tuex/qdEt7eBXDpSzEl2gRlfrBFcz -/8jQqhsdmp0aFv5GkOtO0M7C6GAA9IMwYUDJBthITvUQa3feKKZNMWp61LUdbS+j -CwExwV8nX6YonV6QSq6nPL4+cmu70PthGuqgWSihuSYYbVi9UQWBiWET4PpFFpcc -5AVuyZrFhCYggeRGmukNTDhYUdThC9Ar35e5vFHWvZBbY+6Y9onhTiszAW9uESIf -ZBtmpRyZmbUYeuQgX2PwtD+ELBXMikyVt2mzuLKjeVocqaHsaZHiCuj24OsgdWji -IDr7DNNiLn06KFduCeQY+qWqyaj+Zo+m6Ez9h5BlINgDoNteEOIn0EshqsYgnmld -rYDfPHIxPFdRWaEI718VX5OLUdOXrPuW1joXZX3wiWstOBhqeAcKLbxlDd6FKyRN -xOXnKYOUXTJ69+FnPvUDpvoSIyFwOBqzQj27FhFIKNwjgdqLWiGeWNa5lhRf/XF8 -saaVma+d4alTp5KDMa1FdysEjbmWSZ+2WAF0NIx73qq9gpoHxFxLJ9K0dsYIfMx7 -SlckNm7qyFXsplSVieEC+xrQoU6E2Qz+o0bI/XSnPBN2ZvYaCrcgqe3SXDVNGXVC -HWmv85z1IBGP/DtcE3upNZyAR+Ty5PH+QhdzSPk5bxAp4dwqax+MD/cH7wB4CQ3j -Qm0WkWw5n9NkGQ+j6q5SH/eJsk060+irhPNKsT3ZefENM0K3JrMMFOZea6vRiT5e ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes128 b/tests/data_files/keyfile_4096.aes128 deleted file mode 100644 index 0a7be9112..000000000 --- a/tests/data_files/keyfile_4096.aes128 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-128-CBC,04DD86A29AB89C3160EF3A295444C3C8 - -Ki+maRW6CfjCEUAf9gX8bbOj/x1wHiYmRAj3x0J3NewGLeE4Et/nTwrzB7TGxCuj -foKa76U0GQGZe/8Z5Vx6GYVs4ChxVxa6nYWrC589Hil5GS/ycXyeW3dD+TRSDEGO -sBROGmdh9+EooNu62ohi3ttvBcreIz+sENprX6o6x9+bJzxUPiccEBIUcJHA4noF -NilSaT99A+m5j8/yBg5UIcYKgIwcn2Fmzg9g9GbPDY7zM/EkmEJUo8FaYYScuciW -6dyTpswA8ixR7drSJASXCLXpHbO3cK3gZJ1yUCEq2Ymn0pZyomonaSdN8sURvt1V -DeZJzoW7zc44L63B2+XKRjNtv84EtHa6UOOq5Y/0MhRGiPRJPAe4SruSB/Zf5N24 -jrQasz0+UYSl6sIvonmQje4G+jxyQDpGI6IZNK1tHunpMmjognhGV2CROrGkX/U8 -n6fhpITz3KYVtSyVapeyX8uk1wNEFlBIf6UTtt3hSN3js2RI7WnQ8Qpn6FJ8DXy7 -fMjPGhO3Tmx3aR2hL1ulv1B19DMmBabMiow6TW1BFT3YQvHpO4A/hp9eK3wd44me -dKrj39oYoB/yuEIp+UZ7dJaQtz5ZFwJGrFmmyow4wRJ7a6Bdkq+moN5VdK6AL+y6 -TFQashQT1KSQgqdiXX9wCvFMLe7PIsCR7i/tIr18fzbV4ejYKtece1vMBajyg4cX -RCVKSYO9zGTuxsBQX+mTPT/Wv+CA6H6CLssasdHrfxiJFP7jYLbkDUYtxgBhIWU1 -s7SygJETP01b37YuRhGPPYs4nMhv3QH9T6P+nx82nOPE2V83mxGF/g6Ht96qCn95 -1l2aPGrpw6zAd7ZmbRWPcNaDsxgkeFkpeGGCULybcP5yupRVm/lEQ1+YZ6JWUw6y -Yi3JYUuPDSvzEIxqSCLK+M4lWsTvjG5XLhl3e0nbjf5PIEeQcpU5O0aWHGMJbVwF -fRrcaCzuws5xZrdeSMDEOVN2IZspX5OEYruePtvF3RLHIFONcwIE5RZailYmdC3l -6+T3elpIndnb2OmbQsCV7fMXcoEcDn6UeGHtP2gtyg3zUKu1gd8gAt3XJRSAC4iB -vguPWHU9s84I263KiB6PyqtKrlCsXJ1AG5HCuBCejiganE3UwLbhs7JNAjiMAzFD -yvnXz5h66IQyG11LkPFBZEedm/9LPyM7yJtILKRRYZKnHEhO5wOqaVkp+d3BJU+8 -kqjreiCLqoxnncFWLre87AWGrlr4dLHqGnixbUyaT1ep7L2wogRzGcfkY4n4ERxT -VCXw1KrhAOCZ5KBA38byKwvSJBZSNrAK488lnTpm6/zU37VwrhXmdbJx2dS3DtYu -54wk6RIkfYKXK3NNz9auG5WpucUarApvX/56B1nGMvO2zuJr4C9b3IXFGl68jl9H -x1D27Rb4V/dMYW6XIhJ2DCZcWuHu1DkaugBW4kmRgbfyFk0JKpB1rQMXKsIPaAVs -uV02aOD+tCZ5Kd/l/cXISpaDIFXHO99hAv5euQck30hczI3y7LdUj4u945RxEgC1 -dA/VzSsQ88hbDavULg4t2Kk+jwdqm7aojbFTgjr3K7wJvocyJxDzgCrW6yZCZksY -C3z1hjzZldeFORDrgxptpeHfuwYHK9FFfDL1ItySWmETJK8YFo7rP3f1HvS31QbW -vFgseAteA9kn/EAskSR7tulrj2FAyF4CzXHAW1VsBbzmIMPx+HLuFON4TwVBibfC -udwwu4XNtK3yNqz7uPUHbUxYZ3E2CbJfBs698YauieNPZNboKLl3N2ITmpxlAcLN -2wNfh1v6UODeqepRXsn0NmYY4RZm7/90mnfcoe4zJ8+rRdCbNWLrXthra6ouqGsa -7qKH9xcsxp+y75/2S5sJ14TnXFFD72A5AdowSMH3poYSRgQT+SiBpTIOhl4/Lsz/ -jTHieMNE5htL3l+wjtkq+cGsZsDpV1GQhgB/0U0ps27jH+Q49KxB4TT71XLZJ/lj -gsDk9aVktLI/fZVzgzHWTXLXXPwbyKcKd6idJyOlekbddK7ESd4z0FXLNOVgkZr1 -JPFL6I5K3Cnx5TPt80shUH4noNHu1U/LdrAlwJ58CRZm0AQ5H+an1nhgis5lAOSp -iW4XQZ5SQgiCDNWSBer5qyXdJxA1j6BFNN3d8bm6OWCxTz3fYw6sqNe/gWtpnyi5 -WpUeNrkxIHiZSNyjfLjjJ19+Pxqrliz7vYVKw3YQ8u1R+8H6hDThB2d6yUOFc2Vh -XD3kl79zWYBUJRLOoi3mev3zTj4NK0NCXYQnM18+CmZcQPVPpyjC5dnukGjqJWdq -CBMt4gPhd+6oQXJJ7T4xkEo0g7N7x+Ha0dhPP5tyoX6aglAWLGbk4ZpT+87km4TB -4revhoSNcIWWwDqj34Mgh+9cH22fTLWqhmCNrUl0rTMgnZSQO8Z4gGSDRQxHFyzT -p0+vXucoTQ7Jci6VCqLUCfTLdNyTRgUubEBU/cTWgKZU0rutq3AB1G6++dEFZTtH -Ul04D+T/+G6Cc6R5s+Y1UzLVVpWtpwmxlnoyLXH1H3ROeyfJyMrweLGMxIL8VWKs -FM03tnwQFt60m0oL6qxFPbtu9NnGcLqc0uuQdif4IW9FMDp7aIIrABfX/YZQ7F83 -HySehJ7aJYKAyDhbOj3l3p3Er+DytaTH4kuV+6D6c2gMoE2aVqnSy6in3ky4xN8i -K+3BBuKuRRda8Z5EQWTEyiWj+2fglLehhVP3DTMDHw0pOf/jieTdXD1eHJmMeLYw -w8jLNcFGGhK2if/eBLKWBfJBc/Ernwbi/e99PN40TtxsBDYuInnP/SmWQCfys+1Y -mCtb9IIMiqReKwl0L97Mune6hImw2/LyJvqIpZR2veN1DK7vvdIBGU/KHhkUTjZJ -30Xdw64MBcM/s95qwzYn2qrmOZz7+si428Hxx5uXfkM9ylwFyvgwTqo0/xmh8Av0 -wmQYWJbP+bMSyXuHm1GVmSFfJo4aCA31JTEV2Azhap5+EAxQkWQcIY2sFRHqG6uX -xx3/2EMmtHpOPlbw3A3Pgvs1z0P0un7mxxTLBggfsnWeyWmB2sPquzk/37bXys39 -0S9AeBocaPsStJ5sPCUWGuQHAe/bhI6AwerxEKLGo/cBOo7G8+km8VK+WMx44QXr ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes192 b/tests/data_files/keyfile_4096.aes192 deleted file mode 100644 index f57762f26..000000000 --- a/tests/data_files/keyfile_4096.aes192 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-192-CBC,FD96F730C10A4F9DC895B3C06D91C5A2 - -QDAO7lDXzLmdM6VPdNkh6tQpnIACwT0f8rLd2RW7HlJEjdyd0e6Eamqxaluxc0wc -zWP/uchPuvWvJ+OAZjX/+Bj+SKWnnbG5kiK0NnavDFU5BhdlCwOE0RxMpAXQtf1o -5YNxSlY0u+k970/KQq1QJGR2osEdy7yA1GaXN3DNsDFOODFniATl0jctIDEg9lAN -fBCKJmI4xy2u//3FXN9FF6QkN9+Cryec0HtkwMVoEFv8If+AIGVKqjJLtQnuAq8q -VKiswT/Lc809zO6xf2wZr7KXzAbm9w8nYBBm3NaViNuBQZH9NMxw1Wss32SI1co8 -BHu7XZlBNCumjvJPewgdwkd8pggMJGw3r8oADPSKd7VmfxG3FwUpXL/JmJFs0DOO -A8aJE0yJrYHVPIJOMBgJM5ZC7iNHNyzSa09jzt7gctUV0zBW5xUVqU0ldiZvt00h -XCtIaz5wZdxt1S0hnqi13Z71rrJuzJg9/lpB4rGlhKqNiWNlvgdpw32FBpicowxo -LLd8Ly6nECj1wAL7TrEeS1j2J4wT+/PSQFGCJoxKQZWMfrqDFLGXaPiZJNiEtJxU -ISJGUV47WqUEmwUCZVE86zj5JUVaSrdcbcc6FPlkIIced9otJJFzeG0Ypg/J8f5f -Myr2bHHkDfIwigGurY7WK4vnWuj3tf5V6lVYrMaetPW9UZbxQOV7v1/vZiiYQj4a -FfLGKvlas03/IA8q+Egqi8I2wPXTl2Rtzv2bj91tsnxZ5Svm2+8UXiMKE9pKfP+C -twpNUr8LFBPvSUnMf7tWNo63pUiqfW81y846HtkWo6idwflkRc+jHRU9l64Nrq8i -YrkN+CPypW7IJhagzvniBXe//wfU3Cc4X7oNE5Ml6zbnVc6UTf8Ab1HiOnJ3xVF0 -xZsN40UE7s0+i4BgqcTAmNZUUzcNj8LEfGs7TwlhzpTZSGp9CfX9j73I1nqekJm4 -J5ENS0QlSh/UMGcE0vpqdfSWrgdIvVw5ArA9DSBg2yoR2twnUuH+D64SawGyPRqU -+pk3ZUAKBRadnreUH1wNS1p8WdBRCJDg2gE4ZcKGi7qBGtt+jZfj712FFgm60WyQ -kAZe3rsAeJuAmJVkFDmaBR2mA7Fdkzg5idlavjuTmV4nHKcBltNbOMKlrzgRkca6 -GmzR9ICeiHWp1Jr3bjqWejvb0qrEsBAkMHTmBKp9SNDeoiFahKwBzxk4NSNJPG+D -XlXIZF6gTfgwTWf7KbvAfonSqAHtdBiZSDOSbloSVyBmTseF8SQHL1eVvWAfBQaG -qwFdhjHKRQdJZbj7hrfUL57GVivuR4xOkPFopsRJOVi79jhTstnVbXbwrQBP79Gv -/ABHXlEz5ZmRTeCjCCXGXY91JZGCSksDSPVb++J2Ox4B1pfT69G0exdHYM2kKO6i -jtrmcM2t/o3+4NH9GapBcHRYPA/SFu4sVLvnuWi+xrKJCUjxfsStyEIMoYPJVeld -hv4Ra3uYqzw+bcVTfZ79cUDHqXwt28xkro82VPesCZhE/YpPYP3gxiKRV37EGedf -iczeQgWD3+90LhHsynOmR/i3J582/koEbjCBM4lKwBYjsRpYzM1NHiJ39BAx4CKx -0JRHbW/OfClnvG/6cg9RVm5hHV9JQCWgkzHGAQw09zP1PaVIS71nlPJhHzEBl2zw -yWFTksRP9Bhuh5BSItZLeZu79m6l5Dx3OYP9H5Dkyz7p8TLYoC7cg5UqIpWBgaM5 -ZSJA+TMwHQlijS/FthvR4yxAVvoK4vwmbsdkkorWpZxV/oQyjyVAl4onRiaDOR7N -/c4VG5iW7qoRukNOkHriFhPiWcF5cTLJDWYiLnxvOGY4qT5QZmQ2gc/QdKD5V5vR -34rV2m/iEmKc+a7SN5n3FsQ9Sst779Dyc+Tbne6YmaWqwWsJfQmUnhxU0RerKoIN -XMtFTx2M0NP26Atz3bYC65trqoqgTx7vnnnh9BxACggCcJYNrk7pCqr/ucitTQl+ -fzPmuKV8fIKd7RggwUnhjzZxYasEBIqusS3g8GYK6pfeMWViWOsh5k3w7/M3ewGF -KxtQ39cn7HlsuCamL0UchKjE/iV3W9Tm2s7TSNiDPDGYYfyQIcohqN4OtNBoOMwA -fuxSecUpLP8W02f9k2l8OQP0wXivP0BT58eLPT4edwdKFC6R0rihkDIUdHXmZJ87 -PgQxPyse4WnL8pEiQ6dfjwYzRKtZaJDpjxNYJYIdqW9Cc4K6WHsgVKPnS/I2S+Md -T99RyjWgMCJ/qwY8JhyMENYrla1m+utW9Hxhi4P59y8QKX/SPj4gdLZftF7hjkoW -CoPp5K7oWKNdxGOOzM57e2ssBUgot4jHGurcMSaIpqW5J1qsodlbJ87Yajd6MTuO -fAT/KXir2m0q1sIiLtPT3o6App+LPmbu8lOpHNFezhUI5YbznexDfaStY3hb0jyf -Vp1aUM1YrGbxNU1bL2wwYH90GD/2yjFK+BlitQpQwkhL2nOuCuzlvxq7cSOkvt3D -AnrP31zytlVMQbrjyufa3CG3mH7skYwssWSwbv1WfY45LdSWoT8msgLhb1jPVswa -+kICBKFzX3k8+NmdwEgEJT/8gUG90jlcmQO8+r3L9F9cjvUD4NHFHyLswK8CHYKi -auZaHf4eU/Il9I26pOba7TyvkFY7m/BtvyytP+uHG44X1jUSZuqf9FT2+PCiFqi2 -L6cKQ7MIi3A88BPoHVJrrmEr1AbeYWdZB5ydBq4fZYPtD1zgxmSGAPzWfRj5l6wa -3DzFFaRBPaq0z0fclCGED43qo4tDGZJLcnAnlZEfJckwITeyis06mwWZmBelokP2 -9eB7Z5ho36y1nKCuHw9i2DrSGMqi4WjG0/TsdfkXuOMZHDwYm9Rf6QTiAdlSvcR7 -GDrHbx2HPetA353OQ4QM4fgJ9GmaWt5SC4UtVs9IszvP774d94OWGSz35keHhDKk -JD6P4DcLwQxJbMrCH4U5UqtoZYaKumjpap4AxuDbt2daXHDa6ylJtplOiAHA3FGj -UXzBw53fX9WQ3E9cuaKJVVs8JPvNEQG74om5ykxkZcJOvF3IwuRCMcWWkC7BsTNl -yDIZ3HrQgq85243A9Y4N5IF1m00zNrZJEaNTqoM8wfeYgHBCYRz7rtCGpAmJDzZ+ ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.aes256 b/tests/data_files/keyfile_4096.aes256 deleted file mode 100644 index 2659f17ed..000000000 --- a/tests/data_files/keyfile_4096.aes256 +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: AES-256-CBC,57D8E4C458F2FF1E5EED4FE0E81F987B - -3thXhfEmF8+g8k4jTlpQ/xPGCBqofqx3PIYwUT/I8vKen90oF01fRyc1kJhTH0Es -NtzvSHFobm2THHZis1W9zmHIOupkTNpGgaMtiZPcgPIAOFiDH+jP9JRA30MhDs5b -qAgZzZ7sZy/pqVRD+Zf1AYEtmOi9toD+DFrDMffQ3tf6/DTMqAXR4S013c19i+hT -lDwr5pgeWYvtojoQh3uA60OtCmqWdR1h5Khkc/FfTK1TOLKNf7TPfQRSDlPjlBg1 -2vcMkhn/ETdB0a/poKAynRW8ZLJHXcWuIEYDXMhBEfDD/JhLqNAbpQ6V38X9UJmC -vOrsmAiXKtzY4Uw9DEBGOp8OgpickVybmpLDHWpJZzJ4BPoSQuhSqhfXT8c1xJDT -19l0+ysR6h+fy+fiiYoHz99M1SuW7Du99fDkzXzPtGR8HRoeGY09OMPd7AzvFp09 -5BBKXNXEmNeeqOiQcVgdWVhZx/9AhT41pNScWg2vJ4jrdAIFEy05tYU9H/e6138B -2VZVXy+cj7bRQiVXWy3T9ax3gC0Su/5sJbdfJBtC7kqx2FVhCcty4r9PhO5HlYNC -6T36JKoSsCz+ggmWntyxyi46iAxkdERzpFRnVHeDvT/dvUYQ6FOQs+LoYavPRAqE -/OTU3rzbzL0bMQtk9ovd6zgOHTUDrBOx2c1ahkaoefvF+7WhwluQ1L68bgYZITp/ -d3Cd3TEdL8cT+jhu7MaAvlp99IurByrtjAnZnLJ23AqGty/4o3bAfiCOSQZTjxif -K9+fCR+RjStAGuz0GtAjFXKsYp0L+nyL7ZIuqJCnRT1a+sqkX0xpf+jubQTnJE9t -lESqcDHFHcM11r9I4ktNM2HZHzGSjtBsuDEKwIo6NplAc1OU0UJ+Hytco826cZuO -ta0/9WmTAtE7xSY7kutK8MU1jpE3QA0xKS6gGyLeYY8vu1dMVU9rk0DHv6ZPfUQ1 -BB4lPHvSNflm+KjrOIAzY2b3ETKskJJtrBQ9Y/FPoMp3znIuas6MZupKNTbUXMzy -HUyoWL25kSt4F7TY8/PHlVWwdSXN9L+ql0or8WMa/QKUqGytENsYNh9Jl26ZFThW -uz0sWmAbZL4E9Vxz84W7Mzc3U1fMRmMwcSxixwxvENfapxVvbC31yrCTuK3D3mML -XXQSPELUqiHTvjO2m2ya78pE1roXCGCElEyZ/YF4MWSb08ovD7SgMI8vvGq8mrGz -sQgAG1yQnGI4NgLQKpoqYoHpTVXhjXpd61RLxgNbGiJdaV8yWp/WAtwiM7V4+BQD -KhboOnjyVcp79MiACv9QD0uuqI4PYmQJa1Y3swsiGPDRxxYYbzE40oPeUwC8ihYZ -yItNScHYEn49iF0jPYm1BtxH8IPGMk0o2w6s7Fz3MQAdvgrHrudFIPYh7wn7cRfJ -Wgha1pDmc72qorPOpzzSQwCAnAd9CrfYs69+V3DBA41X/GscziduUFfIe2AkNOjW -I296Zc+uJJ6Y2RdsZCUSLRjqbKqu5RQZa839uPfsUT0vmRI42k6qndFHMEbDzZy1 -2fntlBtggN2QO0khyoU5CiWKxhCS0vkXdcYqfyrk84xefWEWJItmLgIiJgbCsl5u -Tejsj6V6oJUWbQyZEnjFsKrDsobwQBO9x848COUseTb4cBP6jkyh5xItyxfxm9e7 -Gx4h0yfgZSBsVynofZMvMecZezQynjDOTm0FKUOiQglG4Z/R/ozbsfoiHVOzovH3 -cX+XT74TGjqBIoMYvShXpA8SVA/YvGL5HIPw9Gdh7FD70R+92Z2J1PHAiAPLLS5V -0X8dGPWSb27EGd6iDqZ3REN8fqWw00Wrss5cXTdLIW8eLRVTdTJb7Pu23yEnp4Er -sR3erVaThvaDG8S9dI8jr91zmHRT/BPXB8kbSRwDu35rskrCiWZG8koa4DiS9Ik6 -ssKA13CuW7gx/KNq7ambCryRf/X8ACspggtDUn9fCcF3yFrWkoGlGN2zrnhZOhtD -U6Y8HQf4PP2H1Gai8PoMe/NUK+/iOEHHZgv5UTXRTU1MM9sNPiFKv37zgmMOnSng -EXpUTs+R0WYi5/Zqa/gFzb00yDYf/FRrdMdVntSg2iQoEXOBwYj8mm3R8m6TjX8i -o9dFBVSQmBVTYrAHeNtubl+KDfWLyCSVr8nDXEg3TzUpIAEfaXJaIOjkMRdRJL8x -FPkKAe18iWf5g3AjRFdUWiF6K2h8/h8WFKN7GZc9P0m4eyR+k4ym43+Px9HOnzNJ -hVeIiW7GQ+KfsbIfC88kEwvzt4+AKXil1dzzADIi/tH+APXuugSgrE2k3d6ZtnkR -4fO20OaIDEENUaE63mtctB1wTCBmDZtjBffIKbXinpO92+GFsU45jHKhQpquaxMT -Ipy9Enev8oEn+iCxksZMvkYltN4dJ2FajoKTPjLHR7Kqn3NS9BqrXpguLovlB2Pk -MZpZ2QnLdA134kMsu2wApJQkr2jAjDujfp2bGddEhaLJY+opCto6KZ/qd/OSCbfv -Nw33F3JE1ZWnU4eeR7tcvo8J3y2Gnb7IIJK71Hyc+94IC9SrerewhC4Yiy0Hzfw6 -XG0iJD15eILOLt8sqMJujAkhSxHTOq+/0DVrVT0KD848VZ+Nu+lTSHp2/PiRz1Fy -WAOzz8FdrK+4BiLyvXet+APd5af8gOvb3PkWeMlh5PGsG2JS75BwiwNcwodbgPvR -LSzS0uB8SGgQhb3OU0uJGHna7GSlFYalk8QDiYec6iFcJ9OGpcCtplyyJaRYczsL -5ZKDi1830GzBS7X54v6GvTvUr83Z7FpW81hDXFy4hSbON4Vk9///9D9NjH0r4VE4 -2riSBlrVSY+vuBhmbsGnbMDRNB1tWWNDVVRJQPaZdanXc7m5Gdf9cjTxQrOvyMyz -jdLYLlSFVCo41C2JclmrcQWSu+5eBa27v6oKbOYqazASBtvlsPJZW9tngNJGvwq/ -Jq5U2v2XAzxulJd8hihb7uCLEf2rHQT70RPV7125JhI/6y0nEGqJX4WpuqTdAbx0 -VLwTgzvI8OVWFbGCPFWnMsJsFNFPYqlDRxy1idqfy0T6gk7vwtmcfLtTVQxptyoS -MF1RIXifjmMNBrWLmka3wUeJMSlB1i+MafihGQdwapQbZRh8Zx1P1+eH1sQo9C0p ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/keyfile_4096.des b/tests/data_files/keyfile_4096.des deleted file mode 100644 index fe98803d8..000000000 --- a/tests/data_files/keyfile_4096.des +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -Proc-Type: 4,ENCRYPTED -DEK-Info: DES-CBC,D6688446CC64F13B - -fE4BXR367Zorqu39EfKNXmZtCI6KflkwdYEkhIng1S67XwAawKYAnWIVAYWma1EZ -aVAa8/9B9B1C66hx21lFeBSFiGOZcjoB+Mf2rZyxdKOkiS0zHTIS5RAydP4Wysox -MLGRPaUVcc+5ZLjtqJBQVCQ1+CcqGjomqJo1VkTlWTw3P25WlFwHGGU86aIoKf3J -5PnEwes6cLXhetB3UXVcI3NhFCGzWSF29qQ2lmxNxXYv9z49kuJ/xPqYsJ0noa6x -eWep5pqJswyV0EaJCNHgsRB9RPOEL6QKHSEh7J7tRiImDVu+gAr3ewUC0pikmwWF -fcCcaMGr+kuQTgdX6plwaxxSmS4bQDmHDJuFeRkN/cXaAwk0/PZbfBbR7rO/waeO -HgcKXnvPFHDxkvhav0LCXbQp1RYN1O3U6KaMHP9MrXjmih2Alse+V7ZA5iNq7nCL -d/RIzOJEqPZFa1K1WohoPmcwX2X/aRLWabnCzx5VRrrptpWKZkHH22niX6mU3zqh -vfrdZ4o0NOmbKTTezqgU4WPX4rVzbzaxcrt/u+ukqubgg42v+KJIS5qiroASt/vL -nvdyQDmtOMBhuypTTXCu/uQRAN5N3dVWH3T0rioCFOPTaHZIU4+VBDSBFVrZiTCn -aS67ukj+U4sYffReO5IVanh3cZSW5P3FEUOgogmcq4Uv69G8MjGmbRCX2qtophxr -dQbXE5OqXopEgZlUu4YZeqHbIlfpKmN11/jOcnRMpo/Rm8fammL5gYda1uXbmjDg -8xQVdJ1kBWnWIYkdvoxfPwQ3XQeKxXJKvftu/HP2IKKlEvvP26wGadfD6q8N7dwz -l+ZpEHpbi+Idi8m77daKyEAMvYTCo69EfhkxsxNXlcn4MfJ4+JRRyAUTWZMc13gW -skRBsXi1AtszINDT6W18MrCXvfJlgxKl2zGFi5J922kI5NUG1kstqNWDqwiXK4IY -YKOa1HiP0Wk8CeZWceASL/hvgNGvp6uNkii+Vd8CP04JVLC37pvEtdxo7BI1HS+h -I4lR10LbNxyNaTq8QD/uFyziYq1HBkkWNzwNLPTVw+V06mqyioAByX5Uhmd+X/K2 -1Z3vmKtidC3CjhYhLDjwaT1xbPwh3BFRrKrnK0mkICHFrnTQKTw1UfR+Lf5mE97G -4DZYcaCwB91UhuYKnbeoSYt2ZzZV+/jKQZC+h8OevhggNP+n1bjxU8AZOBFt+UT+ -JRKlqEE3jn3u4b0v++j6dRqjACgH9EKZ3yUDcfWa51n1p+VPIQ0jXmjBKn25v+ks -p86J0Gs/Y5u+DuouYuJ1h4UJRY3iuYKWaY1KX17CK3lHlh6mPDi3tu6uFgLu+mvD -oud3LjanxqDPHAlGpZikaN9KHGdrG7AefaNMZc9TGdgehJ18e3pP3IKJ53o32n9q -NzqNs7q/zD4/rFKThpT6N27Zr3GgTqx1HkD11RiKsUCz7tSaWwVfFjJyrw6X7ua/ -UoDQaf8i93lEpPutubjQ1Z+QgfIX2wAz9nPRzxUnW8cyw90ghPiG/KulXLXgI4hd -J+67FnYU15xxQ7qBEw5SOk20iAjpAJBjqphUEsmrjKmg1Ffwb1dUEUVq7cBv3A6n -LBcR5BhEInerwLklPCFwZzNe8IhVQ4FOc5uWGHV+P0qsaN5A6UyaEe5pZjRBaM6Y -CRtRpblR29rP+a+CC578NSjY975T38lSN/lMQN7bnaTUkxZIl49ihuTv7R1wS9d1 -aksi/NVtoZzHVpciN6J4Or8JTqip7uebh3FE/cbaGf0b6H5DMOGOv5TEJpE7HlY/ -xoKC9oAHxomG8wuE2O9DNlol9v0W0MOTNInXX6D/g7A/DcmxzfuVKQOPKLQMUMKT -mCFgIBGPUUhAmwzh9ZTwq7cjLs4uxd3cJJSE2+TC4Er9AZdz8EMIlsan6JvfXW1v -DpUd7Ww0cCI1PlJWyrTmx0q/peBE5gqv9oUH/EwEBHrRv1JyhwpcY6gVN+EcP9QB -q+sIK7p7m3ioyub9D2jZyiDp8ZhhmiJsu1Q4LbfjZ8OHIdut57oCtJ2kxyQ8u6NC -DIbSB2wklzju9EVKkwjsq0OObOA21IaAk1eOGRX1AWo1jsdzUTUf56IJD2+z0vfg -ElKWS9oaoFqgYKX7bShk1u2kYR3cP2IDYGCMH2VoNVEsi5o1OP/LLGarF6uqSOHx -eZAJ6uq8LJYsU7+pRXu8T40gchtq8r7anx8Su48+qfky8+Y+GVUfGrZbuNxa6Qyx -ga7NysGzhFeFYHxUGFDxOW0OcUFkCawOtxO7VqqxceEnwQm5XmUVED0qQsrQmUXL -3dJOgWYLfmIJw/I3JRSgNAM6Q+DVRe0owFW2Qe7cZoJDsaRznsGj5d91kg84A4Np -Wod5Idn03QYQCKociIbW/2Sqf9wcpKnz9rHxYEW5ukoHCDtSM/4FeytOj3WB2KGB -q2lB4tTLcVIEI9dGSXrKb6Z15cKtkWAk3QDXJKF4t2bOgPb03QX8syMyrllqjFyV -3Jwzkx5qO1Xg99R0Ts/okvayLCFq9IsJ54453otPW/j9rlWefc3YL3x6TMRqd0hd -r93cUEM5dNP4IVqfsqfMaOhaULENQVUgUSoZUHB6dyElMbwGDYdiD7AqqG1YultV -K8rnkmKjbOzl04k7d2mhIF91pEa+TcHzJZDJpxZ08Im6C+iXWy8iTPr2hBaI6fiH -VvS77aubeTQapKJMieKYcC3XKCfp6S8A16YdIILKiKCRnXIGqlL9/8pqV5uKfv1K -m+I7f41Qa8XSuopKsK2FZyycODk5/LWbQi4t1t65i2NykOFsRok2y0AZ3xhLVSa+ -+/vViIHaqVHFINQ2ehgjqV4yDR4acCdtBoIS8+Fy0q5zGQ/KgHnq6qVxGxoFTR5a -h/6jOq+xiDevppRmgaVoeBixJtnfkPS6SFNbrw9vDzrQpJldnpCz/W+ImU0fl/J5 -VG9f9CFOptSCd6hxm6k4SyIL/L+i0KvfmP8OVLI9qIY/BhN4kH/Dj8/RgemsnZbV -g3T20lgnqsAEnfINdkULeH88zopFN04/0dT4NMO1au4gyWYIVgW5LX3gJLaGQrAh -7wpowgliu2u+6VvOaOBOrCFz1sc4tdiiAa0ElbwnyXPmXJY7Lx4/94u/6Z8aHqIg ------END RSA PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.der b/tests/data_files/pkcs8_pbe_sha1_2des_1024.der deleted file mode 100644 index d0156e991fa695236fb155b39567ba961b883ded..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2qHP*GJ5k()B*ws00e>pfOMx}A=XGM z?X^&}Gs9GHBfhQrQPnTXSX&*&lf!oXgOxXh$gi(cY zN++mU>OHpAU7UFrTPn;Wep@S&?UFfkr4nX~mv#tiA)H|^N zS92fsQdA+=T+VSwPONavPdqJaTrHo7YYq2>JaE>Nbkm@9hT~aSg2gCUXm8D@srNYx zB!9yAWA4STK{;uYW;sJt*_3mYR+Tq1bKWu{lkW~&p3fcqy%{G|Mx*YS9CX4t!Zyl-X1L)bM&~N(_JR)f z%~1du2;h>6!{Cd|bCDa;xbU9kzsS9s{)c0@+iDWI6+01EcOtWeEUDIXaOlE(Vr(=% zHwUgn+mYcWA${5M*v#m7_(8pHmQ<#bhrCrE2}o7>xm*WV)ylXaJve2)f=aN~q}AZ- MHlmZFXyd~eQlLdh?EnA( diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key b/tests/data_files/pkcs8_pbe_sha1_2des_1024.key deleted file mode 100644 index e9cc9233e..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICojAcBgoqhkiG9w0BDAEEMA4ECE/PEGdD1W7AAgIIAASCAoBApn+7s1iR59tk -qRMzsN2aGKS1IoYtJzUWEFhwAeMUzEPFhXkdCvd470VrkQsCXc2Q+7zqBT3uxb5s -oU75OJKamxiruNd8e52sQ2nNOF7gl/g821zy1b7vVhu/++pxgcrcjOIeL8OFf/xA -MSGvA0UfguIMYuy3fbKJTSltpyNR+mIH6PeVj+k8f5VFNKg5hsFcetTYURduybfi -DoqRTIcPKQVnP0gknw+Vacu1OgcKtQUa0823++OvAqF3J18Shu2dDob46mvXSJzL -n1ArkY+E7RV6hDCZ4vRYQU0sogDb8vwOvOPQBJ20f0EE0mY0Q+MCW5I/yiDR8KQf -Z4WG+cpmIpsbRnCwA07kAkO+QiibRYKK4fBIor/D8Y2Gi+xBXENHYIUimaH7O/kf -V1FotY0SvgD929T30gbk2Y3H2PWH1f7ckWzfUllQ8nlj0Ap1w14pwP1+CP0HzSqV -5uVWj4Vj06+vdAuUuzVhOTmyYWd+HdIec5chG323rovRO7yhTokiVu4v90umVMOj -gcnTIKJpJaqjQyFUpHbHonDKA2DpUhbMmBuL5OA83Dm9YRouAEpW/btjnrhFdWFw -DG7OrPzynb0jMyl/R62KRaouN0L59M+MBennECwpvXx8iXkWwA41uZH3fJx0GRIB -5eZtT0u6edJgVkfWHA1YReio7y4rFx5M56BndICDeH4Hy9LFIFSBgDqMzY4Tn4wc -qdTLQS0XptnJFJwfgH7YlNpBspxWvubCotp9PKxqFmx4B2KAKNvg4yCpyTpLcseH -/c8pgJkMFM9IxHSY/ujm74J9FyGj5Qq8qeu6PGY7SkjKxJFWZYERXtubUdSPEx5A -ZIRxGSK0 ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.der b/tests/data_files/pkcs8_pbe_sha1_2des_2048.der deleted file mode 100644 index cf13703ec61624d88cc0d4b0d91f537ccc1b3579..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1262 zcmVr$o=Yt5*dQI zLRSz55QIs$J#B?1RNcbN3VHcd^O!Vv)GlWPeYa6R>5fS2j;ntjHH9A`xv7650|G#3 zsx-K~veutz&Cc%(MuR?3am}{TkwJ#irENuZxWBk9t<}~JHU^#SUv-#8;d0Ra{C4O% zQc`@fGd^?9gcU^gca;0tvKP&firu4sWwW_T&&}TYBLMA8F|$bABr!I2JicMF^+`b; zNGYxh?^L{-ggJ-p4?64-p2jWNj6|AtT@%D{fB%q24cfgZ7+H*qJDl#h8qwUo{j_NX z-_Qc$v3 zhaaiBU#kF(9|v1*-_!$)4{I)EM#nb1k)h%JXK0d!rrep8ZFei~Bibg`;V`;N%8)n* zsrrU!&7yuPe6LLECh>H>#rkB$xyQnqf_86~m(-Ee`Kw#^x%!kMjBeB*hoTsIAT5Fy zHXMfqDnXVoa*xn){oPep#na&>+0XUgLxNIN3Sh$p*d0@^iN0(youPLk%6nxl2yRc- zjRYtw76QoD0*m7y%3CsMZaJJ&T3SkQSYD7PBrqG#4=YgSjL(xCB9oI=!IYw?Ro%|)DL3qqfS zZ>&Sy=LYC(`Ogdk{h)a_X3tB~E$7%?b?s1)t5TW7SN>&Q{X*O3AEql54ror=a66m& zrFQp=7(eQ%7qS!uRXrqC>+$$2>K00``JSs(ST?I#(Oj9G`V`AaMZ~TYJut-O0|Dr7`ZgIn{3F>z7%B^R(N3-vZ!^RM-BayV$ z(KtoR490%=sc{an8{5^a1`NUv+`-L~ehx)mfoy4w95A(UiE=YkQ1eH8=Qs7m@f!L% z+vK9d%G|F$7B-Qs_AbXduc2W+94qTmI&!$PW8(+4^*S&@(J$<5`OuW zrRHrCJqW&ld1qSO$|}DCa6G8+QvsR3oWnyC-bK+qE<1Cj2W;|;ITx*8VkMSjs6j*0 ziSyh5jcRUKKh#!}X`f1H>a}f}hxHnsE9;5ou9g6-_-uc)a=P|m5mrBM=x%;AK#TKW zPJ@pZix_s;d;h0~7G_Knp9-SZAWY5lbvu8j21u`PW_vWK3O7A|f+0VcY!6c63lS{I zX}a33xxBKf$N~ZqPMZ2gmW0{ifLun7gY;wqCyt=^^%C@sCGV~bm2&@_st zPkJB$dS!7$2_`lvX1zs<=ASvRjx>cevw86;BXFIYg9+Dw<;b&XK|=LOVq>EK5S4q= YBfu@Rbdan2agyh(&~8+;Nxtx@0?*uR761SM diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key b/tests/data_files/pkcs8_pbe_sha1_2des_2048.key deleted file mode 100644 index 49ab9d13b..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA89psSqndTZAgIIAASCBMgl69v6yJiZx5nv -sqKgaDdqe03S7YQK81v90fxRjkVE7Que6V2n3DpVDSB7xONi8prK/TlHC2gR/1Nr -DA25wB7kNgpjT1D2S+o1j6Wwv1DMWWH+7+eAvJuTt9y2lmqSLKenW9hT500tYsom -FzG9m+h14Aj5ELbilOJWci8ENLiS5y2cT7G6iin+udnN+9E/K1mIBfxmVTm96mma -P+71CkGQU7vCwyK1loXh8ZaNNyuWaMG6qLkTFEGEWCfR737I02jFQzme7PLMi8s9 -bNWFTNSBMA9CL2II6tHVHsp3BLKd1s1F1gj1/D7zyV+MqyCzgnogweRFlCKqy2xL -0fx/KzArjCIHNlgxm+6o4EJuMSBXQfDyqPgDNzpYg5t/Pob7PbnJ2AfJ4k8zk6ml -QRe9OmWhrdCNJmBzz18SmDInlLq0/IGXQj+c+sIcghtZowu+t+VcxTvhE4FKsKpy -lErsymCwSgpDMf+rp1U07HM48VaqiGthV3JsJpuXkA9CQAntbxviUTxXbiw4RyIp -mGqWdL0956b5z2m7ypyIabBXjGrc3GVaBtD+9QWSl4eRNqt8rQRKBN1aWf+KflQn -HRsnkynT3ZgQv2odn7RwGwm9iz4iNHcBlU1G+1OCPZJ6uTMi4DjVgI8MTxLD9JoO -QbNy0ZTYhkgu9Bwr9effrr0Uu2GN9jgh/IvtCwH/iYJC3dg+f5V4MGqBQTScKvOj -/H7gtpsdoSdlXAeUDRbMD1CHwK/xDSlO+xiLkfnW11WZhPyAcuZg0kFtkDdt3K9X -lh5YSyL/cqGt0WbCDLNzvOuRlRD3N7aV6J8IktM6aZ3WO56YeWQzsCEh88xuXt+E -TGJOO8SPFu1rITvbjIxJIwxjbwJY9cUXJXZrqjEzjq+tkcoF4/x8PNM/wJdxDz5u -tbVg4lJ8BDYwfkxQL3LQbjDIwvyx5OH76gCzvILJBrO8FhcqbnHzlX41S29sWRmj -JQ26H26SKmXks3Ty3XCla8khw8BYGXRvPnE37teffVsVZlAg9aYlXLKRadtp0duz -WWQ7ZKT9YpXsvGmkESrWFyb8hFUqwRkiTT134fYy6ySAuYRoK3av2Y/WYJqj44j9 -eY0z0gY7uPOH0Kmb5gQYJz0hj5IOVeC2MVe3vlIuugaOFzaevQzKy6ypJcb++75V -cHlZcVuVr2Cu/z0QuoloSoxI7K01sreTOHuN2UgN0MSQAr2O6qpT2lpWtiKjTKGY -N/di4Fhe5Fg8axUM7R63Q058LfJw2kDfWUiL2zwWqB3NoBMCZWqX7NhofekL4a1e -2ecGR1m/HS5+UFmC60MsNlr9Uv3SCd2MAgUAKzCZ8MkorjSNhOE32PX8+5+jtT8Q -B6vcZbyO8IR20pxSFrJILSSR4jA1cfwKPstKnjR5LXq2U24gZ4gauR89oJetAzE6 -pcesXaxD5Q+p3FQIrUTlijDH+cTesamY8SVHATgJBJYIN3p7P5r/JoDBy2c53gfK -7fNWEbj1hT8x4d1APvfTZI8qELtkd620CsURtsuzMO4jh4798zlvlkvIbJPWPHYo -RNvdUxQXR5xMonks8VIznmPzcTLGxsFNNH16/ZiJeZqVFp7CqjNY2/nLszp4CzJd -/hOagJdV7sfSJ4eosX4= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.der b/tests/data_files/pkcs8_pbe_sha1_2des_4096.der deleted file mode 100644 index 38cecb0cbb3b241a4f066dfde1b2a112bdb07517..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R1TYQ+2!d%{!t%}7S^@$H00e>wNP|}2Pk(7+ z?Da781K!?*xM0$O`!UK>tnrP}&f@pES(Wnhj8UTb6Z{_EMid0Hdr=wVNTZITx>m%N za|}N5P>I$pJWk|{%2t5J1ooNFi_V@x1mOM696`X`?i6l;__B!I|3^E`8y#2o((r(d zhv5i$`m>wL%)aCwrf+(^)a%;Aq-;3==4RbW4x5;(yP3@E6GBP}xNWCPEnzN0?3AF8 z^-y`{c!f%HDA+uhWT+ZGS@lz@g4ZL04PUQr1px8s8 zsI+8ebbz5=s|~jVV~;fMf58AkhxzgtTH=_A8f=DH>>5s~i|%0km8z08oxVBu4b7bd zFx{#KfI@p`J-Xt%VffOi9Uj9wjWfmDs;l7?AureyQ{*-ZQErnZlK8WsYJ;uFh{$-3 z&62!JW724ReYmU*en%pYN0+PdW!{g0a`Mig7f5Dzcxl1R3UF^%r|wc++d$;?*2pO( z6tZODiy)04D?J|AI&rNl4U1FPP%#{};wZxCZR6PdpbDHOBGSlCrNaGZ2B;E$Q4>%; zm(AsqoC4pAk3t#%LQD4;s=Tkj6BiC4s`ZS%<4r`!#&n?Hx62Nl$6-cbTyn*15!!;8 zpi0t&&lDWObNtrp_2X8YzLp8!Nq>I=>bKH4bjvroYxw#5ECGR?H9>>v`8{jLplw;> zBU_1cRA?pKVlhJT?8htiVN;X0a!9yuYFTK2UkMA3xLPNLQE-hjwzg{y1nl>R1j(y} zyvq9a0W;k%$%>|zQ9Yef`SNa&g;3hdvspYJWSyFR15A+~WJLu*5#9Jh=o=koR9$OP zXHx7g_#dc_3H8&iDPB~Zx7Ye-tN7`klqpcfZItcH=!081@r;llB7GO;iaun=KubE8 z7DW{yUP75VN3bS+)&*w?thUF=tPfy_o{Zdmh)^yeo zXn(ZX6f-v5jz{ghiMV29u9LvJ0|Xk8@pWId9U{J<;06pBzg>ZamXqMiA(z+P_+)^g zId3U*9wFDApzD<({UbCWPgZDV7=~H!5_{8=0^7Z$cL^ZW-_g6ann#BAxfaG<3w=Os zsIj&8L=$7lM}BG<>AqiTBB$LZ(_on;8kvvC64pGKQEv*{ALUB0fbB#Ggx`TsZfW(F zt1H4<8jad!ez)?@Tew_KH)vvhSXq0*&|MoM(QvM46WEX&PBWR=p+nNQ)=Y*IG!=)R z$(AQ~k?b-Z<0s1vq}W;b#xr)ee~}EG$lUXZi`Ghved`+Z+y$uho3PHUXEq@~7wFQVE+5R?e1VF?|Ccc6puDSh|v7n(^RQCz($v_|)vZ@D%S-(u2C; zvpTf5-} zjH)!h8wHd4O3MWmuJwj~AmLh`HGD=Fk&?G{kcMBb<<-ax&g1NxyMSS`n>cSDu*Yo$ zs%Lfs1G_u`TD5k5vR25 zsLO5M<%tOffW}Z)6m$8>GSh^Z)@g=JK`Qd=XO&-Grr;#N(Jp?nTd&wiuQE2Bc4~0<&d3 zhPeyKiTK!pnI4}X9@kgx7iqD)ztx@Wi0O4zVYmM-U*>(YbcV6T8^DlE-cJVd4alN% zE#=4u4d}y|DJd&uB7w*u$V_{o4|$tRAJQ6{AltF203By90K~)&wj@rQ{Zf#m7z$SN zj#(aQBD($NK|bTx&B-gKg}l{jTQsS^JQvT~hMd|W>^jLp>R6rWm;%Qpm!%&3ggBk- z$|8&QB13!<+_k8?6tlk4sT43%cVI{S>O^}M&+iDO+NpAIFHzl{7)$ZtuV z-F;k<#!-t7dCh5TnfWx=sH|26ZL=l@Au0Bvq0W)FKy3_bNhEjoo$yy4}Eije3rQJiu zMgfoP4hU%U@aCpHmI=r gsf*IEcYk2GJi5@Y6F_H-NpZeq{E2MD`cF{Jx#yP3)Bpeg diff --git a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key b/tests/data_files/pkcs8_pbe_sha1_2des_4096.key deleted file mode 100644 index f3f7fe35e..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_2des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEEMA4ECPxYSkeFhfn5AgIIAASCCUj5M4r1OJopnVtB -kyYUjmtJv3x6ricsKg6xfG8RsdP29gkrnRcFUvqA/QsZsrHAFlymyvdu68245/1f -Gwine+PDLBmIOmfhJJ32K6Ag2BTBqnld5mXaV3ykXcgD9oyxTPDU2CJguRncTFtY -CYT5bQvWG+dd41mblHt3cs63CaUePimzjIX9n90tPzAZcHFErYvgDzVdgZ1WQf45 -JwZelQ6JiMFCO6Kd2TMUM3ctcA8uFxoxlBCSw2C5pxnCYOskh5FJ0uFJ2TSP6kOP -USErm4radP2ERKNucsbzD3nL72Gl1nvVFr1UVEyvCLHfez7+If8X4/Ix/VaqgEJm -2b2znEK/UKnZk0jPrFG9NJ9dEgIyha3Y5NX28rfEeHLaH0A9CJLBGdKdrH0FIiA3 -GiO9ayiA1W3g5ujkGu2awPFvCMk0J5CffXumMs9BAmBMllJpVBJsf96l5lI2Q3BY -9+xDGxNf0yYV/mi6pKufIsU9GHt7MhQv0IUA7l9WmjP1jWUkh3rFeDtXow626UGS -qSHmZa7HRxiXuEmDX83AAdMhJpm4o67vmmhVnCALIdYSjEJ0lcCz+qK6XgSRpwvJ -+qmAF+W1ObkWI74d+w0XbHPLvlY7v14ZMB+8eCC9ANIyABqOgdhmmrD20mKphYXZ -ZgPOg99e77ijM4bRfWKL8NdFwRv83YUoi1HvZN9iltMaCbWsT3y3OnZmuFuYCPLj -oeQQ3r5bvuSThlTXWgbuH3YkYI/CW1Gnrevgbu0h0SuO7wxVWg62ZOAPbU3cYBkF -5/PACrRdwOaI7HViz+IPbzzsIArYGe81E/JXXqXfGkwfTqXzsa3resZqivlTVHtr -Rk2g8q253SEbL9zy4nNtoSFWgMmrGdbeL4iczQR2aKmwRKyL6DwylrCijwPEONjO -yik9P1b86jmGCZhh6VFugqXSyNDSUXxiAGW0w0uFhL8cr9n+WWfb2j/Zimsyv+wo -EbP5zMbYAK9gFQ1sOEKC9Isbvsgl1uSfaIxwYx63LuvrIxMCy7w7t6v3YHwQ8Gcf -fNf/VBjR+F764nqSo5XgXv1MX7ctWOQzj/Km5ix8cPuPszWGOvHxAHj6IJljSG51 -arq6NKrA33Y4bm6XxhU9BBSZL90CTU4lguqhznSl+I0VS02lqt4m5uce6ikyHFgq -Tv8hoJlW6E6CqvBJZWFrItoNIwBIJeGtKsrlyKyRvYhCdlDTteQmPNtFvvEjIkKp -AKofFUmiPTjMJ3ZBxydVnxUmdkIwGjZKUU0I+D80ENAHDLpYjKkgRC66/kGjqKei -pEzrTBXZ63B2qKitfShltE/d/Q5LpZXThQWYziktXsfxzaZdkKzb/Yvo9GnA4ix5 -jUDQBIIsKmtH0t/yZar31CGRqOaraq7UOYLN6+tXqTcW1e+uGzY/phQip8PQiSb1 -nbY5xekZcnxN7T+TYJ4FNCOQzsocskOYPpdXy/40h6aHvJ5A/PZM/6MbATRo10Vr -6bqlmPAcy9OZtlu8HEEkctVpER7P6wlvNGzzFIg9ASZhLqEFH5bKcjZtoWG3bJLH -va6U7pH1mt4Lyn3V1t7ZHkXLyBUbnE+Z5OxPown7QNT44/DG/91/SOy4Ugl+nAuD -1qH3QAs8aGMJM40LOH6Cw0ZOOio4S8TNrmzMFEVtEtpnGuLK0Gj5+fjm7q5ZEE3Y -cdkHFnIyTE62VuyPWFVkFlZKVmCRrVH9spfkPRjZMBRaGHqk38V34T6IXaO5u6fT -4jYqYN7dLcQ3xmGG7tDDkqFMAYWweYhUNPZtAYacQwptgBPPn5/iaUirx6T/OsSx -YoWIhtPsQoKn2lWosxlGFmoCyKlMvl7WuyMys2uavh5tPHw9wzzDcOH4MKxtDKgE -5/c+GE/DoAiLxPoZFx+qLNI3kAtq2FMJLbY2r9cQf/VXWnGHZD0b8UmHhXYR6UvF -FYpo1OF73zfx8+zJFRbwI1iSeEYHaGRXp8xEPWvB61wvojbGoZJhp5V1rPtO4hI7 -hwIU64WMn7WSPEcUN+Y3eUMZFipMSp9UQ02g2R8hvD9LJ44f995DuOEwT7w59NPP -MEBXL7hs/LIoSmKAgpvV8QUvbehMMh7/FWq1DUW+Ixf9uinwlxoIKFh/vaw7Hl1w -/YJWZvlw2PGGle9B5lQSGz3qyfxNdE9jP8V4Egl7xPar9B7vhANTCivpxpk18tYX -JiIFVizxfglZyaEHqvuymTfU6K3MkF8+34l09ZqyI26JxtptwwfEjyO12CJS618C -L183TGh/j0xDpahCu0j2bCHU/HjPIVtJ7M2EVyV1jXtDggK/MLAQAxM9nW8cPcFs -i357JmYQdSylL55umrj+l4FDYCGAk1HgHN8c3QseR0mLP7rleKC8YcE0OkA1I+2Z -kYxLuq1XQx5mSTA/BDtwmLunZjBSxThD6/LO8pThK4s4m1d1hNqCJBTseQeJX2Am -fF5oCO/+pu0qIif7qPXEdPZn5ZeT6Qonlf7oSGCY3Ov3GNZuzclyr2qYyARTvFfP -HX8nUZO3vWfAm2i7fKYVwKc9mqavpdx/LI5qEbIhZN0QzynZA1WjDmG8+jsL/2tG -J+DCKOIfhD4YyCVN1yPv8rCLDQELqdx/n533S7fDXH7L/NfTJe63M2o3Fv4eiDqP -jqOhr/fHx8apCwNC4q68zWoFAthCflCqSp3MFGhvwekcO8hXh4KTE4RCk2G0i6CL -oJUTDYULCUb7xUix5scX6SMF4YBUqINV/nffziE9SfaadSYp9krgNwvcJYG02tnz -O81Y4rWCK5JlIyx6t9r1vKoxm/tu1sXZgbU/J+e1sth3O50Ege6WP9Ec7Vj/MYIC -d8TD1Kd8sm1m4DZPpqUG0OxFvSEZqVfmBSwVsLDB2wr9D1nCfn9WMTj2lSvkhObt -I88hpO4EJ/kjH06TejhgRnuqJbpULpCr8YG4QQRCQxuMw301yohhU+D91aI/N+j5 -oHVx8kQX88vqSpzsrq8PokyxCqztjIInEPuu3FSmzAxd9vyMvAOWZzUn146N3nvy -PHrsZOiNUIoOuLAWVwm3QQupyt88dfqX/RGqbajFJdoVDt0ULwQSiBWYUQPouBmL -hAfrm+jtdorAFDG9WjAUEdsWQSvOk9ccZeNB97BLxmSPZbTXm006tarrUPNV2ycG -1Qs6LGLS17QGzDwCa3Q= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_1024.der b/tests/data_files/pkcs8_pbe_sha1_3des_1024.der deleted file mode 100644 index 82ff7265ae96b547873e61cb0a6b53f008582691..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2)-{PRevHgR00AB00e>pfbWj9T~1S& zQZEPFCVeAZ`5lUjJWv;o4i~MKV~4IX+4!`+!U3A&6-rgCLQ%~Km8Bv3;FD*6y4SOY zXY>c&f4iW`0s)fLEi2pzDj!KJ!*?CQ!In29U^Rx)s?I^}2Hk*41^TLpdl5Rj+_J;` z=MVNGf&qK^@cML#7!T0zIg-6S$&ez#dx5aGYg_xiUeK51U?IkzAGR39{37U2KL(lD zy(yf|2yxt%k5k9Oog>*LyQQHqpze*k(&(|kf=5(WowQT7u5;2x zN*#Kg&`N|lDrtFeI@sr=>+$Ddw~vAxN?O@)|79~L-uHzJwipQ&Fs>|OZUIh}Lhxb} zh?>s)k_~v{jbfBG2nuGVlawXWa8}wXeN&Y5O4A+S{DCZwZ{O#%DI6A5YJye&=~k84fLpureip}-OChuyvd+2<^!p!yo8 zvadkDzsRf0TcPO2?2?GmSvr$ewq%Q9iTq zwQUcFeom~AnqppMLg@?0=eh0C&a$IW$Q1TVEC57Z?U6CTl6^M-)l`J6*;CK{3N}?u zvCD#;h?2%I!q0Rtvj<0<4i1v)CoG%kjKkaL3NEJZ0~=5@GE~n`1WL0G)*8k?GApFY zx*ZTT@E>a`dgqxvJtHSSugq^uX}K{j+bY7tgcEHz`Gb-$>3KPW(S8>N2R#|8G z)sdAH>jumMtN$(5eTJ1ne#UPel2%g})rpZX^{?})ykwohA;n8Ro!2VRT z0E3F}i-rV&jo%|n9m>r6SmuDm-92PCVaXvGb2yxC1=x+VLzD<0aRzUAWH`=&cex0d zXf-ri+Q#Kqmh(;4G)xv=xC~tZtK`M_buh{3Np{h(qvJ0G!^fw%R#jyiVQQH+34nqL z1K&Covw#9sLIpu_Ty?JRFgu$Lq)Jkvv&9+~YJiJ+tAc9r+gi?H59%Y)7K;y!*@YM| zq{3z{Njr!*vOO{E3H4Z{8$d~eK3AsG)!zgmc&rp=?Z12fq?P0m4R^WE($1c{`}^cP4aIuvH>{0|?nqIB#e*TxyN<2)lVJ!#6mP z@KkRC*L64)Ku`P1;ZVum5j+*rN?0gyfSA7qIx|Qclp(@W1YU(bkp-byAYV?pexPXM;pKqg49i(!XK?xXDH-RiO zw&Q#l10SEirxoLx*+t;d%j@i0#>5oCEoYdpTg7x|HK}ff**3+`y-ODTy9iw?zZgzW z%#Dl7{6=1H+!`l7zlL4qynr+Sp8=3K=&71Ugh{5G{YG$d=HKrOB_GLgLYyci6-gCa zgDbdb(H%C{bHsat2R+gs#MrxJ(4_c+ia9>%|N8x#NQHKk^Y>+Q356p??-;J<0KKs6 z?Bpa-mk319I7eh+Fm0&zJtn@Y*LmJdbs*y4A*=n|U=&lV+A!>z;`LH7^V5^^H0mmp z>w_ec7RL^c$oj>$H{waOSmyAzSr*cm(wdYGwktvq6ppH@jGD#-G{T$pAT z$+d82VLoWbvu``~&Z#sdA)B4D!bs1n;NJkDCl@`1_q*r`#2R9!2??ZgR-=wQ5Qz)# z%Yp;0^6^Z3`|Q_t6p{M+R%>O_!mqQ6R~DP%W}XW0u3%|}Kx?DPx7IiH1Y$-~%?&sm zO*L7|@9kYz&YMAE}mkEWM+&to3i~s-t diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key b/tests/data_files/pkcs8_pbe_sha1_3des_2048.key deleted file mode 100644 index cf4f4eb67..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE6jAcBgoqhkiG9w0BDAEDMA4ECNiujRMQRcGoAgIIAASCBMhkPKqJt0WrzNqj -6mmg3kODdGl5iNHU9FQOzGRLEYa6jgoRefeVVTG1Xdol55JgMvyLmM2kPR0hQYAD -tw2pjv9E7gsMSplrRryxFZNeDz2n9jp/lUziDCXkAQaCtH7FGRSOCu+2HE5x1J7H -YUcrAO0A+c0BGKZbSwYm29fujT+vHkwwg/E+TEiddUDVxt+qPyPhtxjWTy+5xMGE -N5BXJSe7kJ8oqZFFOwIO3+WPbu2jCGhUimLOK0YxQgw7cqJL1ys2tgtPnT+SQ48T -aECllzkiJ1fdkvqn+rfR41m3HMctmdg6vIuCd1fyKXEJColbQIbDDM9yBKz1APR5 -nmQZqQm/h9kN1EfcTh6pZONVI7pczsuZx+zfgNpS2oQIHEJy/vlKimMjd9kwRJjx -2Ccd3tGDnptQ0Nv1o8CHf5c3rvuB3tQV2XOZYAjKb09KmFfsM6BB2E02+cSiVa8f -LfqFvBNsA5Ti6e12VzCiW5pK83zW5QlPfv8H4VjJq5vA5KEF2hqnvbKog1OLo/6V -TQjlgqibWFQeCpiTB+zdqaA+j9qiyDkGxZh7zzAtZI14QkReY5Z14Himx5FmUlRl -bu/enc/pkkYfuu/Q+c2u6WaGUZfIW8RWvKN0V7dUqsCwynSVcO3tEsvHwsIASqGQ -p+v0e6cjxXHkOB6tkhooMxte7T25geZzclJnq1gX8Nd3HibSF34c99z/6XKvmwmn -38mmHySj0H3C0F3wGSxnd7N66xVI+3ivmPrC/13u0ZNHUERI4Kyak58jJ4feWCLW -0UtsRTXF2UwaqiRLFkPn4jNQltvLQXEITk53rqH0IAcawFQyoFjXSp0iMbVrXgoQ -Eb6nIcCl3yOwUy4mGzv61itve1HdxY+47ZixZt0r0lYb+CvIIp7E6q1JWWR5YrG8 -OhSu49OMX1RnuzF+thvy8Fl/disd5hEfW1i8ORiaz7xl0MP6/sA26AnYXUzdZeHU -Z2wyv6U8RfKfRACzGPCNPD+UhUhQpdC72BDE5z7Hrj+GSAfaOZZ7JyhB2Qr76DLc -W/V6m2Ak1x2fNy+Zrtke4dGdT+DqqBpF10IJvtISUjJKGTeEP1OqXDCbqPqPIDXI -7W0WskVKMMu7Y+ADGjXxBGtmSnhJFKXoRVyjUt/yHzNWdJpfxwz+s0QwfYiWj2O2 -85UxXpjOUukapY7R/b+rQP3Vij6eQ3/ddGLkTLBbYsZBmqqIZv1pj0oR+uYXanLW -2kbZp6Uq4c7GwmkA4cJLnqcbCH5K0UAg/ArvCxZifTz/rQkvQ8ycz1dnWB/hLX3O -zrP1vLO68Ci9VI/Wd3OJC79T0DUfY+E9KAtE40duL4+i5LouXfkb+tZx374Q+u2b -DyWspIZaTQiSSYJWAgKCKfqrFhJLddNs7v8nK5zpgwYRcjutiZs94+9KHq6dYgfh -TSOZYP79c6lr0o32NjKl64+zRRoOyhk2fKGd5W8x3JCTd+xt2ZAQaQTibV3dAHo5 -a4sLZDUDVD93kSc6goS3lpdB+Xv67cSMolHM2b5Qu2fH3Hu4LrKxgqYV0gmyEcbN -RY+B8gEczz7Dk70J+L7kHW54ajzoqWy5OZ6RvapYpcTC1qrdnyfeq4Vl+F23MV9i -nG5wW51p7CLhHgXfUho= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.der b/tests/data_files/pkcs8_pbe_sha1_3des_4096.der deleted file mode 100644 index e3a2ddb8ed3d6d3940f9ea6ea31e7dfc0056d69f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R127H*2#RypH3Uy%=K=x<00e>wNJZW^GTkDb)U~xT=V7TFJ3VB zK@X}+ipwrqaNK4d2=Q8>r|9?L$Y$M>NH3Kt0pUc&qsx)W1o{%Q*m9h!)9pNS2BgoF zxkRgz+AdER={n|Kpve39UDr)CgYa1oRN55)#z!y6rF*uN>+B(+Gh87Q?LLmH$dkR( zGH;ibs;iW9=6MRhr^(2`)_2r2QSk;H4ozR(;G3JIlLBy!FRg#_^W!9uwzc8k;Ywa8 zK?%6{dZwlcAyx*{WZbEC3u&>goi?q~`7!J9uXg}@vXJ315t_x4VTC9o>kC1THMNi5 zM~o=k1C!|^gV$v((uSo@oJ{r^aywDQNbcS++{e8=-vd%xUyWg+g&dWekX9Rijx7&p6H} zpLSpW;|jR5_(GZM_RGt#ssQt@QkrCy$w)AX2QJ5sOsD zf&4x?keb=H;9T86aOaCd3-#Dpj=8_T)u!z!uYmpI&6+4pdH(YXB$YY?*-kiZ>cap zx|qZ`M(hN(qHLqX3QCmLZsV%O?*oq?+W?5dU$H`E!r}4Y&gdMQ55Q_!nm^5j;;;dO zd}MWeW8Ks^u|g9Fm11y4gI514hr7&gbM(#_qB8YzU?zIzQDYK2jkt`Du401QB+uNh zjFkjFCpt+?)E2e{nLeIfkr&G*XZv|))&%cr&joQ3+402Dg0?_UdLMV?W{Yh%W&?D( z=KLO(l(}h`IXox6L^0Ubhr=Or*p^2`lJuMI*zMSJ`fAEiJ|5e~{EpQttO%>4&)gOglfRJOf@1XLhMqtO^#sP5+0o~}0K~e4D)uEgWa%4lSXyZ5s(c zsLeeZ$)Sk^SlGL19+t+GpeHP;Ka~QpajnuURANl0LuzQoa%HsBX4VJqwy$xJ5Pslb zoRC>;Z2EKq3`2DTYn?7}R$jj0zhrj}O31CZPHpnrMP{K5^s`ZwkQR)z?$EK6fd9&h z5B;ShLBBnvMk$B1ESFeQsr>=&3av)cR%wL3hX5Z1>$c>92Pt;g9Ob=nCPwv=%dQ^ejxgm6|dME-; zL41p96Bo9kHBee99AL;sV1```&Oq^tkocRlXI}Q~5oP>^?K8kIJqaAMLrvKXS2wW} zG%n#-C*g;u>;GX+lL8R&v+qPT(h*%Q7~Yr7`1M`saU@H zdr@)pYwhdC#!B=H8Nwc#j&nqL;_+{P*n@ZI<93r?ASz8L>Ba{N(xZXeWZ09b{?5&; zcSEL^nE#vop%F`FI*g0E#5cZb0k82bc*ga$?lZUUuY+`{zd)m zM7KJlv;d*@567cC+s;8GahwG_EQ8&wo|la>#9Yca0~lqy-+1FFTS%`Uj$MXQqg0zo zgS1w)`6EOf{C4HOJiugU)hnvg$^Cvau%KTJn+MocfgE{n@Ya;>2BsqeSz~ zdFi7nAl#x19olee$pIq*!=J}va7K~juK8pMnQn3JJ-=3uHYBddClUe}^MZLTe-LC_ ztW16_3J2YZpK`jlg8B)q=OWXY%nRO90p1W~m9BN?c zHr)YxM<6GK3>Lf#A}xVemGx^Iec!pf$OD_Eea=p{ASD4$G+{`j7g+M%g{&qxRCH4{ gJiKI;Cx_ZO)m~%j27CHCN+2dofaLDCp0R72yF4zsFaQ7m diff --git a/tests/data_files/pkcs8_pbe_sha1_3des_4096.key b/tests/data_files/pkcs8_pbe_sha1_3des_4096.key deleted file mode 100644 index f4c093d3b..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_3des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJajAcBgoqhkiG9w0BDAEDMA4ECOdloICds7/DAgIIAASCCUjAgGtjIHyoGOIB -lTXPve5HO13IRcklwoy8cS6jSwhxRy0RZEC7fqNkDurxw0otXtW2heYsuBpwbiaz -qUTJezqVgX5GEmjdA5wWzyrMseC9k9PNBBjsOPq3IaF25H7FqMUdcJoELOJz7/ok -kKFV4rvWRfi400Wj3rK4GUJbC0cCD8io4vGGPbV//8isXKaE4t5AyKaG36hZH1zu -YCfOD4walC7OSmPiwb0Xa3v2lQPujruQc5pMWvw3BvAd/sFWMRXkWM1NUyhCefVa -ATARfygLxRiiy1vUjTliEN/trhBA1Gh8by+03QSy7FWNcaxWnxeunTF+x4hNJzvn -Bdfly8jE2s+JG0gwU4veZmR0kKf6fGmntjILCYKufwEu5OSVvURh5gqRAfxvq5Ef -2aWWbUyfAmZSoqgN47haLfnDS1fP1caErtdhqtlk+PvXPagBmLQtK8AFkYKB5N8C -z1dAXL2rrS8orJc0aoIOORbhoZpqLrU26d4/qOWsCMcwyJiG/9D4TvUbtmv3+WbT -cL7z4tGuD9uJpKa9+NNyXx5P3DXWiRK4RQlfHte/gst6aszegxdyfcqzVJIuAInS -nLjuVElwcONaRRKUAVwjzEVvHpfqtE4hoUlb2DADVdmbtSjyh7JY3MXig8GrLhAf -SZDjKZb4yB32yRadN0ojTkVk74ECjsGYbeMWycCdNybvwtqBvgiZ/3OvqMK7VC7v -ygLKv4kmrwN1gz/ANc5wWeK477Q7eXJe6nOGoi50anOtke0ACG7uK53U7y/+YQ5J -spKiNb3T2PeLu10bJbh80cw/mHjyzBHVr048zvGDvZwYg1x5ueX7VDOVXuGwb9f+ -8egH7nnX9rcn7eJK54GKFmwSFhV5jYoHmX76pSSp8hiVBBVsTS5zbw87YJrwqaSX -qt7KWqdObyA/UnJzsy/+0EQDQ4FeFabVq7XDLNXc1PdHEvJ4FSnJAv5ZTskDMjhv -/dAjCkZc/F5ed4I13+n6F8Hs6Bei1lR4L8Oe0TcAsAgQOutomhUiJgXi/AET7Y1X -IKaOIcKWU4CGtSinHwDgTtUL0BnROjAOrln781dAdF+9wxa2U26AWdyLYpnEVcLj -/RpGLINT5Ycsemo9r+rIKr+v3vo4GgStMLoEBZ43X+VKfppAw4Fz/71vO4fQKQxZ -SJitVmWwBvrvmuIve4ffzo0y2XpO8Nk3sgOstOQ7BNTi+2w5qwuikV2HH9thvgG0 -szAZTxafsjPrzeoceOvY2ttS+ZfVWdv/WcPHeRSG6GvMEACyh8J738vtjUrrdATa -KEvbPiCqnlmRigv4WtO+uLMjrnzGfQqOpNfsdpNflM/TUxT5AMSCIVhMsUZBHP1i -nfXz4P40ff4KFFuYo/xe2cRayvEtpIp7BUKn+PP39GAlsZbxDPIvA1q7nQ/L8Wmb -+uXpiXBNutxp91TVsShZXpRyl5GTza0cmBwF/FQiNcPBquhxxBLFXA8TRVG9+Bvg -H/t6s8JpIebhGQZJiwn4/qrOXtw6mmR37dYASIe4w4C86qYwLJt+kClLQmix4DbM -8KsaVKCuhtxBbRsl8aOvtTZA1x/STaSNCdXDgMPICktw/UTV90F+2m8Or0Yims5X -dOiY71CEgGPevENIKsYz7Qao7bqVX4MsBpt6zVdbxKtvGNXNqXJxVvB2TDqzbkCg -ZyTqX2//NJwhxQvEi28VYrAgKoELt0CNRZE93XU03yXN214ac3lQuEnwqCb2mu6b -Lbvvs9v/C3+OYcTj2tozXKcuIPpsr860myqS7nBwkmXg+CeUAPHUeWeGeA+OC/xZ -YzQkwv99+DJnX+6/J5j9qkBn3Xlkoz/Wk8C2ibeX4Ah9gAbRm4rHR2uqY28yZ+9N -B3qWaz1moYkUZ6yjpvzc/cuy7e6vwiVSCn0KP2Vv+kDzozRxEWt2dE/h5fbDOeyE -MHZFbAXuSYi5Iw103WaHVdoiitup42lr4E6u99u4z//2ul2yPmhyAxrW6dbTKokc -lTveP2gmBFHx4ZU4Q/1rX8BfRbD2Svx0I9QT/yhIvVm5y88vOju3g22BplTwlWrW -h33DhZxZaTZU79IaJHEHe0PFsY2dKr2M/BpG8wTIs4Bfno/7hVFS9upqaZwULZiJ -h2KW1+E9WtpiYCNbFSZLtHTN6vu1qWu32v3WJfOCRW1VXY4Rn9ANVmd9BUPbrVuZ -LdB5jtHHsCKvbQOQ9sLGGAdoLPsSASfEtN/XHq5cxh8eSfxl0uODBZpXi8vTD0X2 -KoOR+gX8LdjdakJ9Z7YLi7Qw5/DHeFsPpb4BGjsq/Itk7wTV/dOpXbeXRSWIAovt -ryfQmA+D7pbYZ3Ak5P1uXqpjliaf18gIbtpldnZlcmjL2l9CjOwpkLwzDTGrQAJd -swxd97I6y9qlRdmNP5/GlnuJ0nAYSDPaLKSGGjrv0CMHVHg74nDPLyW0qjPKzPQv -1l9Lul7B/AoZ+kBgVRe+ez+Oe9QL8173v2ahoAQBP5DR0DxXbOvcgKPrDdrDupjP -U/GRIig9mf1mhR376ZpYMe+/QunMdLckIhePbpY3MZiZ17iijy2jxhWURaEJ0Y87 -4yy9+u1Yu5ygHSZlDOOg9irrk4+cwbN8Nd00OE/2h0MKBRpo/PwirzVJuuWKya3A -u2b/r8UFM/Ly1nVs53lG4455/g4/XwpTjyAvMc1+UkIhFGvHCucdhiqqyY6fN+Mq -/sK6fwh+IwRro+e5HRKLELxK1IlHSj+mi7pcRaesm1XYa1YE0qMJZFM6hdsr2ptk -ZGbioH1hBvny9WZ00yFUbyvtz5W9S8DGLDFWGNEqJuD20kNq2WE7eKhCdQRkGOCQ -XA0/N85lQ3teQyHZaZg2AK0LWMoNcJsADzZTBXGF3N7eb7rXohFl2UJFEQli4MZH -EX6cL/yHfajeRmVWO39HyvDIssukNGS19Gb9yN9BmcAjQi41Ftj+tO+xRH5g70+z -pThK7K4gmmTmSXNW2BVbHAoJMqRRMAVkhAK4ZQohid3SaFtv8kiyEJuXeoD3Q6jC -O/BtTGVtnfIcX0TPRsUH2OE7g3n3Ot/9phIaftWqTwL2YLUvOOxaGItMXSglf4+H -27GQYvfQeV/jvBGypXHuGO/pbMu3cRfgr5JtwPgyHPyC4rH4507eR2APC2a2XpAI -Ht2LPuhKmpzN1Slkpxw= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.der deleted file mode 100644 index 39d6572a5e856558765459eb5b6d3b870840a9d4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 673 zcmV;S0$%+vf&!f|90m$1hDe6@4FL=R0Wb~(2v6}0^P>&g#R38d00e>pd#5||zcQV+ zs(Zj&E}a$uxtTaZjY1y4)b~I#U%&&9T--*nV^xsVh_=OtCq8(NMJ*FMayn;=IN_5L zokGTkLys5i(E!YVIjq$|3cPbvD`4~`qj({qM&qJibFcv&qEq@bm zJ5xPB?T#}SE)C+BkB;pOAvJ!y%U5`HHo=*+r6g!WF4Kp~}8*KD6!6eQ>D z`L3XV|C8}e+mZ9gL|d9l1>23nZ_Wl$^ix{Sunj4EIigl9%nM(2;j_6qHR(!mmaqlo z-ne~W{ha*!K(0rzRtBF=j`KCHqZ+y6+kjovxXT5PIo}32pnd``AyYGG^~c;iK`6r8 zqvNK&aAhqX8VhZ~i}S|`%2^l@OkG8^OpGtA4&_dn-{m#9ll?J?DX3}eQlN+evlL-M ziP`H`*q+I7bc_v8ML>;h=(9465?)QjbI0}pbjdf3?;CSrp(u@3G#d==1f`>H>Zh9? zpeMx&$BBENnat9>pw%7B_S9CQ07ZVCE-2k)TLLR7!XlXoW#t4-jHiOrT|P&fI_#V0 H#7@qniJ3rs diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key deleted file mode 100644 index 94a4df4ba..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICnTAcBgoqhkiG9w0BDAEBMA4ECNbmP7UF8CbfAgIIAASCAnuA63P9lQDRpOUH -RTWs/TL/H7tTBxLZpCiewFAadKpCre1TBDObhwYuWB41lgLUF1BXMv9ljbNF0MiC -Gnau2x+nzAtc9RsoaRTazz0y0OxYRoSXyDgLajyyAKo64aF+2gKofPjb9M6rgkXM -3kGBbH/sQ9KFoXnW8B/gNgxI34Uwfxn1SqCF+K1qW2ZVkW2kyMrUSAvTrBpgLCjN -/YGxt/JvmceDxSzIPLzegPaA9fCpzNldDn64P7csNGc4fbp+CJ76hJKtFqlMCtSw -7o8XtaQOALPbzh5hNaHycDpwbu7R6IJP4k3fgPBzB+ZmLa8kO5lnPDgTIRyTgDh+ -J55hnPdoNqekcVSAziA7NOy+MG/cz+eElZ6bkrNSRfmhmhc6GDi8hfzHObS1DJSc -BqAYSu471EI328kSVkQ6zZQUKBJbpGe/PK/CpvXxjp+8fYMfv2hCqAgQj560oR27 -YFAEZ16cZZL2o+JmffSIvZBuY/M/shYHOwukz6iGatcpgQQgl8k/3tAQ80nzP7SP -q4XXCY3HP9AL1YrMQohyuO2Y+i9uO1yak9gFaVM3i49d6iNs/Ujw/oI982ZHlCBF -Ls6sP6FnbWXxlI1UAkKGuMyh3rfcEa0qbkNqD6RErtlefKVtYwcJOeUT5axR2ahj -Nhe3VHMky0Aq9dgsCMDxI8Usca2v3xrPt9utGhvG89PmgG0YaMmPBADVwfA+L3Sy -n/z4GumLLG/mC/3ZwGzLN4TsIVhQcOthLXf07e6qsSodLMjCIEmSrcNiU9c7hCl/ -s42+lywTdTw9G4gxLmiwxNdPlWd/W7o4c9YpukXlIXrTguTJkTyXX2kaCY+SvNsp -9g== ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.der deleted file mode 100644 index 760187edeff89353b6a15652f8fa1a56b4d6db24..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1256 zcmVr!n}}iz_}bu z4p~?S_bQrByk$#0Zwt@P>2VRLYF_F57ziGZCbYol^Uw3LXX1-Bge)ZJ`7xO+3`w#v zFkta}y)Mi5$hcLyAcbulQfHn{rzp(~7h{6$;2S|bmt?VP%pBG{1MNyT`#G(*o?;M0 z7n&zzZcfF$K9tqPp(15n4ViR53#C|>S>&iDJo)!#BqKton@N)5-t?%DeN0_1Dqec4rSqTzV`Uzuab}TyO>}z~e#T}hH zS}RbaWEvG;#`2asOxKbVGrZdsG(a9Zl$`ULyr!ZWQ9=GP1NS5UvL3{K!;~l@tHhNg zm@AJ)nAfaQ_mTv+*$RnHFHt9ZJ%nTJ1w%1qW1fWh@}JG5pAZ=zW0j1pgMO5Pw=NoK zGCT|e!)*aL@TU1+#{`ou7MBXr?+=4+exD4APOVa9ic{@xSfTtZ}~C(TV?X=az&zoKsR>j zaEp8Xwb`=lvdYO4`i0Il`erlg%4ZUS%AYxqlGjNek1wbdI<{p_hHP*KDMXYzbOV*s z@i(x@$(PVr58FzJsn*gO9?QN*_9Mq2JEK+~;#=beT49$I_(JQDS6FVr315_GM@raH zNj+=V6+|^{^ft5_b+lxDeca7JgI3SBpeap|+!+`o2-mEFlfa%`Z1d9IQTBtAZqoiR z)tzZ$UcfiBo^qzrH1xW3??%5rNQUgh#m1LmOb@$zSm%(!nofXf+bNH)YBE&WVMwFr z)#SElkeVHUTDU#-2$pvvsQj#dRS)qGza&7%>u|m-I$fU~;7JpX2Z-VGhz7f>U;xom zlndF55?B%XGVl+(W<7vLE-RE-wt0cD8^G^uWqJa)=^fp3m2T12r8_Z@ekplev9+2R z6u|KHX!_p9m#{0L{{{hu=~!+#bg0xOp!-cK;m@u3@i-l0U+%LKKNer6BH8GJ?Z?GfJkM`D|(@2nZngI zPteiAxydZfoPiR+mOf&l5JJ#;qYYDB8fPPN{}28%LIK=XKL^6y70pLLM$3}1ox?=0 zmFJkBUs$j3DP}rQjh`|U_0p1xc_vP`BTZCR? S#tWaa9S`kWp%Ax>aCSXj&s;J9 diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key b/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key deleted file mode 100644 index f3be991e9..000000000 --- a/tests/data_files/pkcs8_pbe_sha1_rc4_128_2048.key +++ /dev/null @@ -1,29 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIE5DAcBgoqhkiG9w0BDAEBMA4ECANod10o/6XyAgIIAASCBMIhYRF0ehbnMC+T -q8Mh/0vGvpn2rn6L++Vam+jle/aTKct49cIfHemIcWpmewwbtyAcY7b01hpbKL3D -T60jbR6Jsf1AFkk9SliC/zS9sOlshwoNrb306ZEU3NA19zw0ezvnCZNReY50ABbr -X6zV1zfJKsKZ+jvA7EQyAUQgVAeN6L5XpPwYxb6+CJfuM0iuolavZLVUFrIobQQE -aI7TUnXngQARK047nCU3t4dfSnL5NmVf7uHbhffEwjvBYaHhDSECSotOCkDydzdt -LJdtasuApmvX/c4qey/f9yIuMhDKPiIjqEVqqAriLVMs3pD9g/qxpqyrcfwQ93pZ -ARj48cvyS0AZTeYsc3DQ0a7rOe+JnPzzIaEAeeQUW2cffa1/h71e5PoniB/imcTt -QpYNCk2xqxJ7jLlCtfzwso1ZNeXxlLqK3jfpsMmBjAzuPdhYZFegbFyCTl+hK1DW -CYTTo/vL+VJOcJ8o+v2vQTMA9vJYNwfwEyUN0CxXZL8IsEONSJpIg4OobgNH00aY -yXVkSar+HHOBv0XvyfruiupNsvb0fS+U9lyLq7R8fnuApjzCas0gBgP4X1DWFmm8 -uRkdxFTdAnyo5BEDKb4SzYS0c0wxPNTKU/KLI17DPZC3+UDZEyqug18QMXl5kZce -Kl3ofBYuVEbcQDPhzwRJ69iJ+DJZ5Jy0mpp3FYdhVBty3g+fzEqQm3DSFYiXSWz+ -W+NlmiJAZ00kk0Wwi/nfKfXpdoQ1gcUOHdcEnYEEKF5wcBJs6uLuVQALPS1tAU/B -S04PLALo/AR28D/MdAjxkV90mCKWQahks8M4IVqXeuECE9AuXd8yJ3geF1STeN7S -f9xkdyB9n5So9zwaaNBauMq6F6Or8bPdAYN3CnQuoodqFFzRiEwGrqGZX5ht5n9U -ROMmkBiqGfPcQ+LISvKnzFrf0n4/+Tcn1Q6H2vpHDwaXAh4/nnQL334lG7NVsDzk -j2alocZInPZBpb7ehL0OJlWOVzkxUs2n412Qdew61/hhed1T2u8XPT1GZTgzv3fp -1HdBNxSv/B5m6ZIM9Qc74Ibe52XtIBrOTD9jETrCIxVEi52ClFTQuVZ7PwHq21WZ -FfmJ3c5FxNPN6VmM++F9IeStSRTtohtds531jORKsiXiX27CYru9zaX3DzZksWFk -e9PVbccTcw4wYOJtiYA9kIu1qNVHDs4+0xCNvZeS+92deI+TKqP98Sk1+k90TtFo -ARwkOnCgFVhQhpumT/CmX/s6gtFq2MSpwely6kxV6n9rsVm+Eqm4GNkI0tBLwQOv -OwZQ8zTGyZ9wqcVfU0Oij2/475C8EoRmnkTE0JhcCcdei1CUPmUwiQTAhcXiqvii -f+W21AysbugJ1lww2bBuEvG9HOaunIYq3kCFJbrmY/NZaEOLuZXKbh4cvtGUjFlr -BrBEc3+rmjZXXKcNL8PVLs+ENvBsgKUOcf0lj4DGI0ZDgPKgcMyLGbDDsNPtUKUc -A9gKH1pMlIiS5gKXp+O81eOihSExTrxxnDPqE32hqMXEeS5rVoDHIBEGzLE1CTbR -9tVNuUQHtv+5V79ie5hNweqOIcHFxM3FuwbOSDGVW54e8awj6YFQpY1pIt0n0rYw -t0oJTQDl0KU= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der b/tests/data_files/pkcs8_pbe_sha1_rc4_128_4096.der deleted file mode 100644 index 8b538fdd54007c7185a26a29304e749b51eb8a7d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2413 zcmV-z36l0Of(dCb90m$1hDe6@4FL=R0Wb~(2%syRM82?XeF6dq00e>wN7m2eFZ!${ zjfk|Ov53+6gmseahAGjU`L+PR<;&I9UyXcBm5pNzy5G$S8#x|VYHfmkA>I?aZ5vM1 zVZGsHe~v7M0?P^_D>t`EC|+ucuF*l|J56h~;H}p8K8_c^x`_9P!To%8(Th-91A4vi z2}ZMa#rReGFg3Z_9&+iA8S&R@v^rXt-E|u5@eHJTE8JtOfpv&{wim7(6=*72xa_(g zDoE?~Sw*xb`(ZKQ*RQ)7qr>T!$HaF=<{d z!P-nN%v~HkglRTJ)PB#q#TyB@F^VBNGwE8I5kbzCE6M$An3+43om=Ic1>Gn0_)W4b z&j>29@x5$q$}xvVn+?}_E%`0l?A#Ju*PGw8mKJo#Cgl zb?@C*xyo>OloQ^`=d58%G&oL}x6_;&Y^r@7r<4pzZi+wojoZ8M#LIhZ#$^Xf(a`N2 zkHwl1k^|B|N>1ik^gi6zTF8kxklJYRClc-9%+#aEB zs182<_X2#A@IGIV5a*f$MUVyv;9~NjOcElK2Y)I=y^}4y;lC%UDdY;aM6647#^a(8j_0NNiQz$Ur}t~hJ~R^_mPDeD{ddlCwU@sV0%1P8cWuD zDdmh@Vg+<(AN;8V1tGJkhG1j#2j-P#F+kR*Z%TeheO7GjYJrl+Y25eXnktG0x=>!o zIlkOZ$@C%V{O@FYWW-<2Hdf!Qng7X7OUGsu_%rp+LTda7`uY~j!6@qlt1Aw6*_Z<0 zym%GJ94J;*Fm?^BU}%(Af{G@&Y73!4+h!*!U>;HL*bnZ!6IW^nqKF!Mju7g*%$46e z-suXG?;}B6eFq~0oep>B!o9taij;;P)n8&ue~K%Z+6{aAs@T4~QF7nF3-QP2{q!nd zcqJ!DI!7=)iS8*EfiTh`f^aPuFR0B;Vxy?wKNp;NdQP`dmZ4&9lC!F{B?`3j6-3{a za(XR~v7JxJ<&D5%O*fKyEI12|g>_rY%lu%nOtm!2FT>@hVL?jt>55R3JgRDPW@gas zE`>zygzkV<1VX+O$rCC^rZYjI1Ys?&D|^3TiCrtFo@)0f3O_z4>kMsuEhs)>{bl+_ z*O@Z%?T6_8qSrV*Ap{xlM{Twu^YYZ0h3AIRqEAE3O1h@(H7z{p)#)LS{_=P7+0o|7 zxY8RgflkOQiXyhp#m`JACm2Ok9lLH;eB*Eo63TacXeik^eed;(Vp|&2JB#s^wnz+UEa;RM{;wIX%|ebi!4g^6pk)Ooydq)g??zWM~ey-GqgmS-%( z*Yr*<(BC;VSfqEK#KGh{n2zNy@WarueE)^e0x`S2qI2SU9%8~UWcs8>gsgJ+-{7M} z>RQ%n#o+tQliq8gc?m{cUv|^?n8y$d?R802lkzhGX+v?$8PWW{0b0dx)JFZV`wb%@ z+-)U-@$n>34@*ohYsv2-E5EekvK8m?fpM6$s48ie!E7btsyGE?4s%WWDnIFygy%VH z;8vQd;9c3L+UEz}qDK>Ich6l9eP@kOVYaR!NjfqPqTUH4q`qKbskf{ z2_|X#!!KEk7g@vRjak(c3qtGXwrq4)SN@+6ntd@RSX{$70nUvI0PkWl6qy7kdLHk?=?cC_Kt-e4}f(4xV zEi!9T^Bp5Ev1@qU7@>skVw7)@-Q#932w9~JZPwNh@*WzJhx+d=Z7gI(b+uj=q~p-5 ztj4E&CfM#%*x=tzV+Z2zj2gH(|Z=WkZlq zxJ=HyDM;rWlT8CGk=~A&xp-@g^cu?-a<++Y%pRT*N5T&S)9xk#ouI zPcJ|Z-t$`L-nM~XkOc+flY-G-$X(f$Ubb${hd;ptARPl2Fvj#BQ1A*IotAxNH}BWs zN0WWv4n_n6)X2l>oJo~3ES-Yrr0zP88S#d8R1kp@R+V2UabD@GjeX`87jET4tJ8#ppTZ(s6kMO$<; z@7U?VWYv`Dibg}M8RLcY_U`G{Z=-Kn#=yTn?p`h&zYnyFbVilJegqUB~Pw*m*VEVP#X*_ecS;)L?8I fY)6BFM&LNQU&4g?67mzy4?FbgaK z0tf&w6b1+?hDe6@4Fd-R2o03VaOt2`D+Gc9fVIUQ8hM(XeFOWPZ5);oASzYIwrhlBa zu$XT_UM{=AT0P{G!}H^P>RquV)n5U$vcc_;hyv8wCcInJ(}%6s7G>eSW9vcoA$`K{ zKd#i}#wQiAeQEVddH!!PRQi~O+ZFU^^uWGy~mEF?m`bpI6@2jAF_R&ENP z<{f}g{fBQPNqa_+K3m&w2|LYFKBy!@JVah*Y$O*2Uogu0auiNnp*!miUU)q~ZhCsrx zXA*?+*o?BJfc6I)%07LOBnVR*#Bsrp4EwIDxW^uW$ii!Tw*Ls-iZ-5!sS&^7s?q&? wb$_N_PqZAj43-?a122>&HhOajNh$EQx2zdFra&965+kSb-np@jm`cStCP=(l8UO$Q diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key deleted file mode 100644 index 5e43a56d1..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIH84hnyJLdCQCAggA -MBQGCCqGSIb3DQMHBAiOq5X43zb6zQSCAoCbPjReKG+eKwVvc/0YBcNz62jtO2vd -KizRjLbGyQoQ80zEeeSZSkyFsSc026vI3w1TWq6f0+R2YovRyyetyb766fC6CPey -0xvP4MTBlWMrB+O235A/tLOV0C0iEHyh3a6YV67KLRh2fa8Y44RysdQj8MP557LZ -ckc5JZM06U9Hh0iLWdO/BdXg3jw4gZ59r0V3gcyZhy4m+AsTEswCeHpu+wXYBkQ5 -Kw2HhK7GPd1uiuJvOh5aVwgA/RZZsHnu13LiWAOtbPrkvM/HzHop8bGFJ46uv0mu -Yd6tgPxYlSR0ymMBFFarZXiA9+uoR5tAznpMFv5FOzcaquNkWFgZCW+2iIjWPsqi -t+AlQVlzZDjr3/+rETrANGVPdOKrGtBd0F2rXlo3x/JjbB1TYNF1xeUDgJGkkcxm -djvy7Hp49npauDcWTofMaquQGapHX0COPUNbKAzwAfTqGiwG87CuCGmer5dWeaAK -9qtwdCyPCyA5wncVBjVatYQqAWDMERYuGm4X5K51s/QMCA0xCgTGeHiRDJa/EXOv -6IobgRIcD0FXTtp4FB7Qc68yUN9PHh1OKtAHyvvURkYb5EwY/nibL7+P8pDXjiYe -EMzAtw1SOCnOCfFwXuCASXnsLh7k5d+GpfL4b139gYgzy1RRCOkJkoTvCjN1XgLX -fUnTa/GKtxJatQOfBKZG/k5QT5tpP2FdaHR1S5G+B+SAa4F4LQsOAx6nwpRr4wez -A1+HjDrfDGZytuaEwXpMmJBFeEPylccVGtD2S7BqNYuM3Lev0pwjKvMgQEvMZ0qC -EbiT3CssZm8Qretil8jdB/mkcyTvqcP4jna0+QkZaCwq6QS1N/wXPpQq ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.der deleted file mode 100644 index b9da065a6ecd6d259f505c69d60099c80c9ad07f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5AEL8;c-y`q> z0tf&w6b1+?hDe6@4Fd-R2*7;4>C$x}(*%M9$fu;eA2#EQ2)>_4`fDw$Ak|g1jJ8^1 z*+v;WMh4M1?z1u!fWMw_1+;?cZrcPB?{<=|!yxRA6(XUHA-*B`JLt|%PwJ%0cJ-{Z zza(Xll~p*Bzq$qs-Zo}N!OhqBy+UmIm(T?8JeG4n(ccv#YP)1R)(bA+ZqF#l{#vV+ zc z)uhc;`^W@`3FZKJ#nm!krUTTPYa(W*yH;h_e(#z&Tc3TRw_S#E7_H+A^TeaYfFfs% z%B?FB@{a(;8BcYg|42`p_uwUVAxxMnn`MK#N!9_1ZEv-o&DU3T?_d0PzU-SD^BmwK z!M`#-ntVgPlTz_3BTbQ^5s@fhbcV)_2kP?dtiQ3#m|t(L@`6-74?@6bm_B|JV!UTW zd>389_9FH*e>(!i;(jPvj+`=#^OFZ5v=b|dn@?x8E`3z8OXezJ5kWNJ~WnY7P*>aH#SycP+8tL^R>l)!!5rB+SPc$A3St!;IiB~Ie!92e=C8E!y6P7%Bu^~S7)0+IpZ&A zXnZu@6rRGHm>bV#(PLldDhNCfhAB06F`?4HSJ4^%DKzwC7qfVjeRE<}(N}V_Af(_S zfU7y&$dTd?u*gTF)80W=eGClo6^g!5GDnDlMlnX?%QGlGym3@2m!7}2-dt}4U5Y4F zaaIhJpw+@RI;-B2(G#*u;gsCP@$tELmYLYesemm0k~yr5q*XF~zj0V)pjk*@e=TFY zn*J*#4<6fHPol#?s-gKazqDYfBQ%Oib_Fl@rgYqWdg>4=0%OYK$OkucBAfXHO*Ywe zU(lqZIE<-f5MxQ8cBcr|7@B7mC!Z^{xe%%(@aoqR;Wi+M=ZxYh_@G8%%Zk76PSNo~ I_i`e`H>!tyv;Y7A diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key deleted file mode 100644 index 113ff43c9..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_2048.key +++ /dev/null @@ -1,30 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI/AHrzeKeap4CAggA -MBQGCCqGSIb3DQMHBAh7ILIFfzuMngSCBMgo7osY2jE3UGsryC0M1mpOLcr88oSp -OjyCBLdVgX6t7jz+EAWM18tcStBEVYpJfhKaMxyvn+qoif30K7BnTSHHL+J4q16Q -VuAnoTpCq/13SDidX2062BsjSYlsgAe/933hq9vUXstlq69FoRDbVgE9NFQib44G -TkJDsMJLfOXdJdLNcnzAEvZAEbvzhuuqeYPNm5PN9msIlo/kf+tX++rtZATArbhF -KYBunm/wEsNKrL4YrdqErj2SDGob8h0V4YFAIYjCHjn5z4kkOlfc8qwgCLZnn4hG -TaJhn4x8A/ahaYeWJKaDf1s5xe9iyp4VOwFBIXVTvDqR05ysc8uKFr+MkMSQuq/w -85ztpSBmOxT7I96O/bCYiQOfHsDdqx9cM2lUbYHk7wl0qF/r22TlO5tR7LEjfkDQ -qYbbe7Dcux5574PPHt8TcKmmXRA/Tm4DuqcHH4DIl7FS5T19Ger1O61YWnPNIEH1 -bvR32y2MjAe67tMzatWM9cUVOLvBrfUhLE409sK2xip4ef4Zfn4UvbxSqQ0c0lg/ -tfy4HR+UiO1lYfqG2e43GtDajXDVWjLlouWAN+oO74kZ2UYVK0bOisdklls3idjs -3Ot6NWyIR5XgyWxxpmYt8Ikqy7L2bUEYahW9+bgY2EAjcoJKdqaS/oWlWqe+wpYH -WpRn+K5Uq+EzXiRfO2HhsyDwEaHQEih6Tc/5ycNJ+CDXy3fOX+cjOZ3C8D/BAJGd -xw00XdBJbnlGEfWFI06r/Dt9tuDOpmOUxdQAk9ZZYNEb2l4jHjSh5pW/V/okOxpT -byy0QQMESnHInMiDpmTAMyhGPqZHy9XXz9BLPr9+WYgJFSbEKIPJYss3vd9V0P2j -DdnCS1eiLYR9jGmOOSrx7GDYqL1TW4KgpN7Nlk7H51R4YHVL34GGToboKdQL4/wb -870Uw8OnEqG/rOiNX8kyJmH9PgyMjrSZNXpb6hjfIyL86BbburI1svne5fku69Dq -DT04cLekL3RwtsyQgWk98C/3amIak1EZGXmAhkPUwGDQ8lxARfdnuJGNYUbF0asz -kvGJ0mXQyGJV9CdSI01gKsv7/qAxTl9ndHBCaP+aPuMRNlAPJuF9LHsLpcbaq/hI -OCPclBU1nEW7RtC6+tSKxmzOKEp0mtM0PPdLJ96QVijv18Dkit77e+rco8VrUUnf -LPdvv26SZViHg3sOyfECS/Oxl6mnkIJvXI1pQVdkWXQu8VtX2aNxTv9+0TtXz4W4 -acAn6kB2BshqLA3m2qZFKFFD4oriO/GcgWEm9K7sogVZ30fDSbxeXI+WEDLXiAuK -fgqgada+nq6S7/6sim37BwIvrnbSLA4s3qwgesPQ3zocH5DTR3r4eCqWFjAXVIOt -r6y7OoZzYAD7hHaFk4Xj/1xYbtFwciQBmXEtRfxRrhlsv/ESDVcN9ynKkUCP4tSN -mk8R4c7Bm8cgysAdFRwYczP2al+jxaV8K6vBV/9xOzVujzhJf9lxcx441mKhENSU -RT2YYgaD4xb1i963nAZ4aK6PEpJAxQPvc0OP/YjBhxF4g2eGEQ4wQ8vBffB/iECl -8E+fAXwGCk7I6XHGqeI3MnI2bCSC/TQIPv2EmHLOFEeHsw0hKp6BmnsouUklijVm -0LI= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.der deleted file mode 100644 index 565b4a7b1bc6cd52cb48579e8d406913b68f73d6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2450 zcmV;D32pW;f(ec=Kn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5AYbH=N3w=of z0tf&w6b1+?hDe6@4Fd-R2w6u{p)TvVas+}2NW+vVp@($%SJa{?JF=js`Y<|2^KOTo zH-@z#uQaAAQJz^=;5KK>8P6;5pGQ`n^kd?XTO(ui z$FH+8)o+cvNTIeZ3Oty&eNu*18s2FF6iXpe;TVT2Txd_J41Xf<9_&-1yQ>FM+kG(v zowzm%4{prxA13nhowMN1+nbhQB!9z zvf^t73QLpXM%3$+UUBxIHU-e!Wg36X;Cz8ug8Lp^=qN9n=V>qf6D5OG>Zdj)*)sA@ z>G$0L{;XO4)(5f7p|QI3l@eXY)p)^@1KE%`)h|%HBnm!6C5DppBBZC$_!Q#VM$MW7G0TU|3hYA=xes@t(hU2&umc0|$Zj8EzExW#263{B#4y z7f$!g0F|K()Mo&vyi@&7V5tuF^>JTLe^l1bERryhJ*=y64NxpICF=`r8fCrh(h|K6 zLKRQ=z%ri)xIW=kc}0{|3Jyh<+_gVK95P}gGFhXd`|W_Y8*)uhwftUlAR{D-1-d?) z4luVb$E~|3=kRuH^0`emC979)Bm{ubji6~mcE($&kz9`(X)tOWFYgm`1?L*_kOh*o zYd?``})!Q>?MT zF|>b~>4=ql6E4_y6@32)s~HfN$Y82a3jUR>33#?wcO1V8LL7zx4J$_!T?3!^jN^I* z;RVgiAo?YEjZ*8c7`48^@rd@GbPh35?2o#yLLlbP{M1CO#giuDiBbKhIsCGuh98DG z|Hz_UvjqM%_pNW2tnr0JYgeR)OGSbe6QdNJ5#;y?3&BfxeqRw%mc~;712L?CusWd} zENfftT&>br4~i;;8sLUg%4#7|5Ee-y5f_kCW2%Uv+KC@xM5VSNoTc@U7&V>8q$G0o zJw!2A_x**8qiZ?>QVdM(?`-TF8y}MCKmWEUt|j|$ zRjltax~$0U7|pYcG9&!vgsuV;HcpoWPgKW4oQUe4WH}J~dXJL}U#}vI9E*Z9Gw7Nw zoiA%;>tYJ;i_}z>;$0G7 zCh*Nc+eE zw6-aLdO&`9dzS&U2_uEEl6I4g2oU!g;o9qzja13- zY0_}ok3a_@Gkcp(0a%5l;Gp+1)(9cA3#41!X)j|5&^)oHk6=59$e~o2@s*hFh@ghP zYo0ue{Ro?zDrSb$x%;jwF*mcKyH-ksb>!>Ah^N^x;EA%KHDbs6OQwdKGUC{ZoHubG zf@LRRP_1{b`5`S0M*TPD$fG8}W-{0HfA{ck5P5d@gMV61zY$Px_z1GpRbRQK>k`~t zwaAWuFit;@L$@C3E-!-nKRiy$5`3f2z7kJ;^#5($a2b;tkdzPJyu6~Pu!IommFS!o zZ>mc7pSxZx|Gc5p)u`rDDQG`*&EhFgAtyX{f; z_Xu@+0dHNWvN@9OO20TsE0)T0^&It-D$^ST6=Efg)$1w!(^vbVBI`6F=W9nqKZl6({=uDPMQnXUvx=8En4u@@{9NFy5bA>Yg9{8_em! zYMGIR=|>&R%eB}vlg$WdFokCd^O`7r@7Aja^C6o9?4R424BG|@r4YRVW=7wzTDjr{ zN*b#Dj(;e}V>Is1tW3Eq#G)-!29>HU;=U@;I^~?LT%Qe*$Gthjt^@xNk|oWiCcUp! zxwsSPm7=w@i5|tY{5pnL`RMKQrl()}#U<3URF=Wy1|Y6i*y(Qe9i-#LvU;wSdn0lK zUU>gl?$QXkT8bSb{_RPeoc@#XO!s@N6R)hjZIvp1!utXnsWbL1Z z(x?L*NBDlR`%uRsPc|Qq*{4En|IExlp97utzlJl<6u8A5nhPZH>mFmGfJ7C6Vn1al zUsd@L&9P37o5qYawqPJpb#&ohV3A|Z`sA;zjmmRMK``)OBzR^j8xI=%_PQQavE;qo z?HZM{b~WKU(;m$bM!V%oqq$XFClWqj^b1FAK?=ICdK$y_tkYd>iB(13^h1T`KwpRr z>|nuTIc_SaLEN1b^$gsIa`I06wywAu2x^lqETZ(4Zg)h)z$Q>V??FCAC`tfIJBtvu zZU0!#tMXlC;kR^lU|sTKmdk!H4c4uFD{BY_nK})cY zkdM}Od|4_z1<{rZIY*FVDqFGs_tnpPOJ{7ZE!vU32qF>;lsqRRN2d&Y7g;C+o1@Nj z#2IrU7H1Ca5pof6cR_mXg(y6m)ZUP7mbF0+-`@+!QpygWZpFV-b0R3+5;^kW4^{oK z^_cQsMH6B*h~TFB&oHK7<@Z_xa!F?*=B zTK8GIh8uk5$J9uovk3Nyql_9gTN6%q+_R>Xamp3UXqd@EDg&K&rUsAUQ2@3V+;Rp9 QT0T8h_DJ-B`e!$w4lU!VuK)l5 diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key deleted file mode 100644 index 44e7683f1..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_3des_4096.key +++ /dev/null @@ -1,54 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIQDyAdjE5pE4CAggA -MBQGCCqGSIb3DQMHBAibdWQrC4JIOgSCCUiPoKxTPRfRt9TEaoe1x7+t5hfcqrKp -TZ7NRUDVSBVDqS1Y5Yvg3Ms8VuSf9AoAFxg16zuV+G55Y6Y4aIIU6Wnui6lBk0OG -CEaH5hgRtxZ47Rb8U+0x+34VsC1Ayz5uRp4d00ejlmzKXRKXKzVLMjxzfjFUAQHs -YpnRVD6bJWLQJjML+Yp56lQx6z0LSprdUfmMtxNFs69urmvm1B7dOk4hUMwhUHIK -DQTZDqig1DD7cvCpMxPxB75NJQP/mD05PM/NILiVu9kGQOXwtPvqzklyta0AydOJ -12xFydDKHUuBVDVoV31yEknXqLxClKSEMpPAnDEWtSMMgNQqV5fUP2sOtKldbKFn -LHHYZ2iuOplWS0qBMRKYwOv9MH79yAkMyRlgHt22B/O8m/IO1HPPY7DTvqZ6KkfQ -wT0odkZlZP+AiJoxdCeM92Wl+dsynm1Z7JbVVA9xLC+poGYh5u+oyeAuMCO7nNde -l5ztg/klkikBL/mM0NvF9jRtl+EMJkSAW9cm4A5b83WKkMSuPbKNvI4L79cQKpL7 -sF413/d0Q5lYIkzYZS/gPq8C2AzY6YFMw5yqZtoMdodZz85dbQEu1hWzKTUa2YxV -a3ULf058wKuRbBVCBnCl6SFmtewhQV+SlhBHj+ZXmwwelMe2gIbEJmDrkK9hD2Yq -/R8jqYgmo0Rv89MzFb2AYjaCIFito6/C/he8ysnkP92z4mNQwp6hwH2kkM4mJhP8 -IB2h/oHaKs3D5AjFsdkhLKQUmh3CMVL7FZBzKu8JJEE9qv9xX8OOO/FDDHVLktj0 -ueQW1bV5s+cFBkZC8p7/fisLOe7kwSPZ68xK9uqLSeZNh9aikTscGBMC2Wo02EEp -ALvTrqGVeRW1yM26ShZgNacgoV8McdUGjSt+l0N+a4cZP/uV1J74+khdCFy4l91q -fywuN/toCEX0babPygJ8SUAspRT6v9Mdumt2Vq2XrK5/pwuWlU7sHTuZm57c+ND7 -u9W5YmHceKBNocX++t2advaaND7WP3jk02ozkhf7OvtE8oIsX+RKTkIrKfxXSbao -iYgV2KGHUh1+tsnLnGmaXqv6mBP7phOr5T6aUh2hQOX7nyWekhl1jpG7H3pwhQ/S -CH83ozDqunHYw8sTLm4hj2WyMaqhdDCmaiJUXqLdR9uj1javVHICxOKtbuW0SyId -3tlki39OcrmIwGpCyD2w2gck0EZag+cXMfOTB5z18aDE8z6zl5kYe3QtHOG3jRJt -kFqt0ck4aAv8NNRvdi4LSu1khyubsN/1UeaGENEYqLPDbwv+ZgtfK86TQbjqIHlA -PjysGhXQC4sBSLztCw0r00tORxnsBpe/XEAZYYxwkUHSr54gRxP1gVx2QdVklZaj -DOQ8UGWdUbFdkM+NxVu1G22dMLzJ/SR4iYm9iC2SUwwgrwgnCcr20vTMRk9iygWQ -rhWYkSLuePRyaemyKeNcb0+si/COQQhFlaMpQJZX3IEqIrv4DQdODQHh3Cqa5qpo -maU/rUmdYEdzCQAnDdNQpVbDvrTEAgHCOHBsAtkye6G82DyTc1VVf6RkyO0YhwoE -gZZ+MJ2TV2e2V0M1WtMEH8VvbVMpQI7PahH4Qs5bg2OE8qqab+2EmwztyeqGXNT3 -rByfq3iyVtcS0YDVrtZ1ZxmG+ioKgaF4G1J/ECI4k7KG1zv+009mVJ9W5eJBl7yS -3tq35F9ldSxjLxVQ2ObrX3WYExp9Qr2rWvb1nCwhTQUsmA0Bhjlv9uBdhoC6NOr+ -rKXEnFHAUwFyNbCoVRZyiYhBck2GW7YSxlWtwuR0jqI+bSSLZymbkj84Kq16GRV3 -gs3cgM9coYLN8WNQiOamPOiCl92ctgm3kGVLNQdKMxNOE2I6C7fWt65hlrp6IxmJ -xflnLSzO9igtxTCvcycs6BADbZ3WKd0HsuqXCCy2V0rb4hinpRnWBcUJyMfcVb/4 -0JSJS3/mP+6Yn/rU6VTW4MC1p3xAaSMFYcO5JOkDvk5YOsiPtnw5KZqgtRPOxJAm -R9SAPyWxjPaH0YdNPuafzqiZ/cf0W9lgU9F+eSFivds6puorTHRFb4YgOjZVRfOa -t7ApQCDmonR5VJsV9H6v1oGiy7VVjAbmLWAujXuJOj6iwBj5MDLkfq2yoqpxJBkD -SvesC2PP4B/otRDJDM3Pytkrxqbf7luF9b2r7/G5zgwAj/ppMkSZTggzq54P2NE+ -1cNPUQAeBMXsFwmS5ZeRQ/6AoTcaVIvTC0gL9IRBdl+ZaDtXBPAIF2HQwsSqJLdb -ZkIJzR6P5CdeGwpQL9zbW293ZBvn7twPrgS7hMDqcpsEHxewbMRgmVHLKWo16Iq0 -LCKd1fKtQBrCbVMv6QQBKU2YaJ6HgUTHDmTsGbvqPf5xff4FStBNm/n8zAmvb5LW -o21onYzR0tDBv8uH1sWi3exocJVw380s3m7Pwmjn32JJ9XLOWyE4LixJ4XBrdhZm -dXgTxux33GCMLk6Vc0s5X6MlixGe5HT2v/euqK0shBvz/xLSNAvpFL21L0auwJpW -L6GsahzwUToDFHBe53Z+EW5q7KJZGB5PiuI1puic3SzArsff18w11oy63izKU4LY -6heyJcUhxJrcgD892akFPgjKTJwM3XfouMiwnMhrNn8MVhhqwAOVGn8Z6cFM1AKa -+OM1vUU61bse52eB5SubjxSgJn4dVMK7LBSyeiouHzRhYpXfZF0Ksn6sDgSJO+C0 -YS8yOfEMP9lwoFeWAzJhunYYC0p+sGR95lpcOPXDHEnBXSZ+fyi4FuLce+d6KBf0 -mxHoUPiRyJNycy4/k3jgIEmCZJas/gYzKL7wHp0ptukUnWxwHB4hD9C6SFJCsuB7 -JLkUFlGTXEaIm0rKhdXU0bD5+ocXfpGRBut7yIM4hQslhGNNI0HVEFTsqrYSzCQ3 -Oi12n3l27fFU6J6fBp9JvElPdMiHCm/iIxJpCSyASlbbdTEhcDefEgkdz4UXhwMt -Zv4mj2Srhtdh4jgKzYRdp6BNkQihOfNkv+yncoRvtWrHVGIZZy2F4i2Lps75KMHV -/kha/O39+6lvNEAQCA9sur65oSNlES2abaLvdhfTQ6Kk1AhB+IaiBup5IvHPkpne -f2e7BNEE2AzFeVMpsEMGZ/Xuad3XS77uQEljKmYJ8oMb/z47Q2JeusdsO+WKVvzT -By8= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.der deleted file mode 100644 index 02a26fe43c36a6061765a55880d342891034cb42..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?6?Q0o=^KEA60 z0tf&w5e5Y-4g&%Q1PBdGg#Fw^-uMK90)Tb4Vh~8GCHjTt+qq7J!?5`nf9$eqIM1O~ zc%T6yVs)k$V`e z2)M9nTE7H#R5+5buItaML)i8EmG(IdP^C>J&XWt&D9DivNOlB5QnlUAmLj<0GKj49 zt(P)ozrCn>I9{+&!YK@~K0R&}fAA^s4<6BRkC5vmm>&E*A)DO#u$96`6JM#JqJMjb zV`V??kfdhB%9F0)j*KzLSQgF%n%5?c6PPg)Zto1H8H$r{6`NlXnQh)4!Ok^>JF^f* z=4=;5P?3*s2vpuene=V%`a#iB3SoWzHFzl%7RndFRr)W-T=P6gE-jZDT}kQwO|=`? zTS9d5;RDzfR7f$Nsz7--RSfAbCSOQ35;IBa;l=C5`EF;LRb5U5UEJK~DBBzQ)~IlW zxAKj5KP>pZd^8c*Oe}07n=H zPxdr?h23S$JjYgx+!-Ve_M}t~w$PG-DaW&f0Ho0fv>J^|t8hX!rB81j%2$Up>1SJcMEST~V@Bb(Lcm*#f!z3*th^QmPcXhvhkr|Va( zIzTy^A+w?aV1>(mhR);>o#qH@4u^-_H|!b1T$D#2{TB`Ugb<7QQhW4AOzSoqy)!Cm zP|3yn+K82(7Z-Yvb}KAEB3Zoj5vP8woDlBOgFDVsNHLqqs+N@~OgD{$i_))ImOo-L t=BPTU$-DCG9nRrtdTMQ{Dla8~@{nDahgN5?i|K30@5Yn{3zpfQF}0@?Q9b|w diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key deleted file mode 100644 index 9ea8a463f..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_1024.key +++ /dev/null @@ -1,17 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIw+0X32U89PgCAggA -MBEGBSsOAwIHBAg0VpB6xQJjVQSCAoCi3hEr5Di1Db4Xfvdavg8wCqQ7rHCBCdsb -YeUo+WLcUKFPyuJO4Zh2Fu1vqnDRnaTNG5c9SVkJpXACqL3gvoY12gg5UHQNyfO1 -iQWvzvSpg/vOlWsxraP5SiK7C18RKGbj77BTCtlVvraL1RUaWe/ssrATR/4nFpLr -qmzXLz7GCydDRT0QUQs1TIy+tYIuI2rxgg7QQdHT2c40djaUCN5RaEe7i10ZitIp -Aj4LXGBkCJ8PBoPrG+Cw62+piuCzg33VIHq5AngZ/CLFNV6+70ZXlrWmJb3eukAj -RiQiWeRTAFgxtaMjsXC40VREeZplB/avnNUNWdeBe3GJBtwqBWh4plKXr2m+IloT -uastY+ndPgvDBCjq4reticn4SkIbjaCGhugtO8CmAUunzmU18z8AEB9AY+yGITnb -8lAickxhPo/4w7IIX9NCfZpwiJ2AfJnKFNk9JMQ5PpjTo8IM/lOW7WrO9sf/9JzU -Kfn19Gv/TtaYxiFtYwVJLM8UWl9EbVwobSOeVsIqCYOVfRA68qdms9/uztDNeiy2 -Kb11+l2Nb7BhUNnzYSkrPGftjQEy2dvABDk2IV4G/GvFsTviir55KSI/2qitradV -CZPiKKOLw7sy48VCLpiARnqC7e9TZI/HSQnMp9nGKD5O5jM0qb4nTto4Tj3dHNYA -TPeeuDxEThZ1pb4SwhrTvULrNogp9V5R5d9qFf/4hhkfMBBaJn1rlc82KMWq8THi -LdnVv9U2txkpmybtKySBrbEVhNfH6V7Xgu53kopg/Um9FwL+rarKC0bli83QmKyn -M5K981CM1/PlCj7Js4/pNMXbT221GXZaeX5qX5aEhOtcF4YI6xMx ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der b/tests/data_files/pkcs8_pbes2_pbkdf2_des_2048.der deleted file mode 100644 index e60bbf22ffad3f80fba576e2762d93ce905e1f79..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 1295 zcmV+q1@QVXf&~jOJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?5Pnp(j@hU>}# z0tf&w5e5Y-4g&%Q1PDkL>ooIUMbrd>1jrrHp!a#2>vW~Sf89C>-I~HdX=_O=KQs@A zgTISj#Osz9Z#pM?pEJtTq_kfcz6t0TGqE5y85w@O_c!<(K)K41ZM~B#^ zen@kgoe;tpL2r@dYxz%T;CicHamy@oM%9UQ`e|GUPj3me^01P5?kYU(Gz{%X6?)zw z+Ok=}3T9YA0c!0kOY11PKuC^gmYxFv_fA1s58MhgJlX1&%bTfe5O1pFKE%P?UZ_df ziX4`?CmUN#%P0qmfVq1)q^Dj93v7|vwY1jkBwSL3N^RD>iEEs1-XH?F*Wc! zbQ+za?Dqz-W@@^YsP&h7O`=9Auu6e@eoURC2i?}WGzI_Xe!sykFUK(Bbf*;XrGRgQ zRp57W*B*z?haCehJB+ZN(CHPS5)-p}&SXyqd7VENm+5xs<+Ny#hAwmfuqP zIan4kl^N1jt@lc7*xw!rZ|;n1#)GEW zgEg!OpYQDl)|ZqT#qROzv5`Vf1t8k{rtrcJE{pDJpml=H$FtXs0>PKSeD%n2=T~D4 zFiRVdH|*aF>GnG-N}e%W-MxPlr~?5(>Us4%2U(z0!|-=8A>a@e9)MRQSJ-cpigJ|4 zZN#5-+ezU4u~4?0{=exI2i3rkT)T{_9w2NPov_N;wvZ103P}%c9{Rv{1214ha6dbq{PSIWVO82VXang~RV+_HR2_zV9$XPcB$S0N`g zLPZx0!|(7(B7r+4_;Cb5*GZ|A$s--wOt%#>(0wv82pfPlwzE39XHCdw^SF*1?#xAF zv(v>I-~%>1b!QHNDa#Jett_@jnI9wW_z;h?KuqA;)HXQY)%?j)J`_zwToAc(9 zmjq%7s7k^KK5uikHQIo-f=U--K$_WYQ>rLi4O+7;<5GE(|=g&2t(@*jM z)_&}Y^Owe4UE6t)C}P~7y;fCxDZ4rp|HefLV(wQ;#e1Thc;ZLvITu$;z1{*+Szysr zGZpBT_O~^a+|f;~7vY7@Jx1?5AzNM-U17!MqBB=IhG}SYvmAscdsD_5q`;`=$yC1l z8Tm2H5i_7Gp;yB%h#)MEU>z*H^rxL>&JQbR=A-!F!AER)JuKp3t`#tHVts&>!r9g8 zlsmeWOWsP*JzXLUXdfuQ@_&R}zp5^@9lTQHTw=mvebmF0JgJG%6GH~*A5I+aqgtg* Fkyewf(eT-Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?7HihyikLzJHa z0tf&w5e5Y-4g&%Q1PB$5a?SXC*;E9A2}t%&n^5buY^#I}@9)m0dZi#J-tGdC3o7z^ z^?a)QgDms9(xzRWc~26%Da_$G@I%&Qo5x2^@Kf^>s-Nf;C8HgwjRr|{B2FqYv|dxs zz|3*WY%GFdKho~4G3U4U7^O9SAiK-j!za`jq!v=B*`p8 zWLM-RClpPX7E1v<{XNILae0-EuhYrqA=>hDgegtUG%yYb3W1`2M=Mleba@y0dqAvv z=&R6Xb=D7+gKHrLqSDC9RSed3F>Cl7 zEd*{ctQiHj>o!_LwOeK4)&Rv7x78Xzh(7zW<)Ik+{tgVs0`fWpnE* z%P9m(u#6-doc}2E510=3l}pC^wA3gD2N^&Wg9(_!H={yWw@%rgrNnM$OS4d=LOWUA zPI|@SG|I8NaY6dEhmXuzMK7G>wE*4}ph@0!VfCplj|SN`NOEG(yKhgrXnRB4c9wFx ze{S|Azbs=0$#RIi;sPZ{3JIK3O9Yu2nGUnBnKu7mvW5~1IC8LuyWD5Q()3;z`XKZ{ zB%$%G@UElGk-S=__cc^FWtumd{7k+n$cA!B06Nml^8iy5YfaLyI?Wrr;Pl_(f~R*+ z-oji=cKy*c57~M+`0)4kj|xz-URwc zlTS=Xf)%>wVMTk+4-$?`*(>}{ZDY>64I}Rb-=0=lu6{4ht|lMH5}!lz& zN1PQ=hTASg#SnlE#onOEW-;;3LW1pT7Ur2-*Rs);kst$W$ph!wjAwv8NIW%5bY-~3 z@30yobFKhbD;=u(msv-FGKFp>jQ9ow9fr{Y;r<5ixvpN?pDm2+idR<^y)IYA8OFF%g%Df(O39COwOYEnIha6E)WztmMWdI~pXsh{C(83_ptVCm z!990P-VnUcbnTXGszC~dagyf`Vy8*0DxSll2ozTLeKH;fLk>rN%r`V?nHbD;wxBDC zhdt%;)s0)a+CaNjTpyn%1jnXe_Y??}YwX*1yjN#BF24SG)#_9dO#4htl*;dxDGUV~ zFbIXCoB0_9Bf*qsXd3^{?G5cPSlapfP=+&-t^ijf@`E6KX9+F@v-8jaJz{ZJT4pyb!o~#%Aa@M`ebB4ssJ!ftY-m?jA>z%ZL@%=rBZN zgtF9#KZ3HsaZD-j)gRPBdeZSgN-jN#2vGBIR0L-|iB z4VHDoHhxKM(-8*Xp5w?h7zqq}>0$snjP`mv!6orsI>)m>=Smey%`+)<@wH%$i@q_; zxbhM&#VKK%ENF>Eeflh(2rU@O3*SkI7TVstbyWmJf&z;1$%%V!^wj_t^nFwf3kk|_ zcqNtAd@{_hgDa}|tE$Ik5^@VhXWhPUfc4gV?g zT0w&)@YO!0c>bQck9FM~fHt8w=q|7r+n>fU*%es#xIj~Cx*UY|_ZcN=cf*X9KT5Am zRWGPqlz-2vNSV6t98EI;J-z_!Dr}>Hlb`xXLbLf-&oFdUF*4?_W)0g6_~WDVy97p( zmxbex^ZV)PDDrg3~5B-uTl#_im7_)fAHmY}coLi9pqVtBNopUjc{+j+$rIGC%Q zT~J3809I9#Tv%o>TcIYAgh+1`;YHcv%_IU}7i*T^gbunTl}>@#9$HVD7Z+iB-RY12<&rUNEZ7+IRbmSMwP zRk?oAu8LE&{?tW6mw+bhhxS3ihIau_mg9$m&et~9wma22l6;fJNQgh?X$yX`8D_#n zL;SDO(0~ZC(6)R5jnSX`2SN;c9o|Y*zAVz~CyesBZylFbck&HT&UEy>0vp5OA;-5} zgUDL!?faK*U9w;d7Jxm}C`S)uJI{Lbeg%#~7qu>WJ~7lRnR8`HgedlYd-n4b>`NOe zQs24wiPlXd3E+c^Md^rRA3v9PHD?B}{iHb0%aJTF-@DV0WY*?*(`V6}k#iMVnWxkF z(-_h7MQqOdVYFO~oGVTykk?b#c&gw79f!}^U#@C}j#Zc&v+lYpzTE7q9YcjYEW>in zV7j9{C?As%tb5tpY|!QeRdxCP5cM9i;ywJ#cB$mY;v6OFT1lU% zmEP|b#Rb=QV0!AX&nTwMEHlax>coPei!YsAMt;#DJ4COvmG)5R<$X~Ru!F%L_sQ_^BU@gWkj}=E^pCAAL diff --git a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key b/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key deleted file mode 100644 index 37a17d95e..000000000 --- a/tests/data_files/pkcs8_pbes2_pbkdf2_des_4096.key +++ /dev/null @@ -1,53 +0,0 @@ ------BEGIN ENCRYPTED PRIVATE KEY----- -MIIJizA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn0fSErzBMncCAggA -MBEGBSsOAwIHBAjURz9xO7NuugSCCUhHm1keaRDkjToYahCjveDzt0G2e8p/0mvw -SXO/F9Pb3qcAKNozzpVSHua/ViCrzWjs5fjwIY/vlxfPfI4JukcQG0vfR89ScXMu -j/xQCTAyOW3xO8hUIybNO3Xtvr9VEsXlp6waWWk9VFjDr8Cr+ZoKx/LiDKqEORV8 -e+eDo1wVOmww14kJxnCQ9pxBc7y4QKRx2tuJIQ8EPzyn5ZKAcvVLZzirnkAjyWJi -hb0V16tR+6CYM9E+akaTWsjUBQuxqA89JT1Yh0IaA2pPDt2OA+1DFa6/p9GfGnAx -DAyQBkyt/vjusykKibJzSOVybre1tpIDdjR7ld4w0v0BZRFvNDuHSL22pFfSdqGD -IPnwJ/QcyhG4S+CcvMls8qGpSGuel4lGH3PNWHg7eife2KKb9NRAXan/c6SJlhEr -kJF0vi+cWRaOPWWCEms6st+X2LeYwn8R3G4h9mWHryRAUe898LmPcGNg5e0j/xJk -UG+GtnZFfJHOEtDHMmBKIOWvEieEaJOakjkIVS4wWDddDBPbpkNmVF7Ea/Sz6azb -lRSuObR2YSevWwvfpE0c5J/4QAPxlhmx8uQY/p/+USBo+7GY9H3htsKrZDseqZe3 -dpi0jVGsaKjqZDFMg/GZmSk+wVnF2U2skKy/VM9hgIsNmw1GLqJ9uEbaFaWmxqiB -ylYPJKkKnyWBv5AW73AOZXElJZCXTsRaO1j8OMrxG82z5rXmNIJp/FxAO3qjg0Ev -o0Tz4nqVAm7lVpdrM9lwT7D0+zNKo8YCPZkBPo4PUWmkgVdKEsCKUUXT+jl5Y4PQ -fsXgyLw8lwzwaM2NuphHErJs0cbRH6Kd0cr2TNzMMDbX2lhN9G1FoMh2Uk7KcOXw -/oGoP2oAXd97UxUVTx6J8WGB8+dDKHZDf8jki9LLsNjVaF/iom62J6L/wcxc7GZY -QJLoQJVgTfA01o/FSxuTjuTORA88NrfZdNoA8zZhEHY7TvVDMIZrz4klVPt1BS+g -5IvwDriG/ePO46XtkA6ZGjKNRXVBubPuJMa73ARdcWPcUaOPaOvvR3EuTHl7oCyi -79XAscPuCR9RvBc/JKZF0IB/b0ut4STCmzU1KGAufCR9QasazIzaTN/+MjnNREZo -3DsOsXtBvSs2zOOPdj4AEW+8bRuikQ7UApaajLm2K8LmeySZoAkeSka++XrUbg1m -55yHWcREW0j/Z3YCDnNGHCHPYhiSXQpWW+eLlwQ79VHKSMvunwyu67j/eCadfQ6p -QbNaQG5N3Q3IFG26AaAGlyM+7AuDS958wIyyLl7n4a6Nf3wJILHleZ2MlkxyFv38 -wHJgXmfoVpwhjnJegvzNJpYTauZ6nhsdo8CmuC8t4CwNFYfDORQj34IzUNHhqaEt -PzAdKSD6+E2nSNA4ri9MJ7HfXJ0AqJKNPCAByBhcZYsiuAwMAQWdCxgQ0Vkov6qo -28ZOemMk87mNa1m85mtCwrR69uBdoy/CR87bbjOmt9l2QatqILZ5dAT7WnM5CRDy -9gt4Rzr46EDVdkZiMCM1KgbaMKqfFQeaIk9bXBwjs2YTbfzHps8tACAEHruaddbf -XwAIJBEWMPyCbOsstvOrEFGm5lkQUoKqi1rRPHm7wlhvx8Aj+Y2VEmUGXdeve7J7 -NzrFgvC0yOnYOtYIgTpXjMfM98ZG2kic7jqdES2BdclNfiinxJkh0ZgpFhfTMe34 -GV60u/HfMxfssayyrTTjWrQ8zOvN8zjNjJ/cTllHZDOV9NAdQrNGTTfUh8LuPq8w -AR6xjbIcy0GM5EEoMIFCjXfJLw8N2xzhxjQb34lbPmxyaJaBudfB4SIXTtZYHSKt -b+NJ8NMQgxWbmimijZmpaorS46K6eiBXubgNG9q/IE1OdDWoNM1Yt7XH4G4VKPXH -z+zdE86uWxY6vO+jloLC5PnfzgACHmsKpUvAFWOW45I5etpOZY3KAG/aRg94eW4+ -vOFp4Z0bF6IPQ9hmFR1AN6XsZ2rIAQCiDiTkMsWXy7NHqrg8QANzE0njGUd0w+k7 -KOaK2rXjGq8WADGumwwy0Y9IUDYLQKBDLOatOQM77tHBtJkc+wewNCH+SqPQAeUs -pbcYo6aAIaQVWd5a4AAt+rlZYNaAgLBzUqC5MiEI1SPUlyoypTpnsQUoWx2b4VTn -2H2zt2MZrh34K+Q7tKnJATDY+8azqiH+FAS8+O5SL0zWX5S0GO4CNVD1rf00f14y -HNKlItpshutoa/aG5bmkyUKOgcu5SmARcqbvU1+0B1LO4TM6g2JSeI1eiFl57pkA -RmqqC337UfW+huIsxiMHTVxV2WiFd7jxdy22kNJZwP1/HwWsHXYEwKh3UeNJIqZI -3kwyWyK4j1hp7XuvDald3qVnGoVwMwyOsBxpKlqNO/3RstZw3SaeCXh0qUGLxY72 -Fwb9zaGY+Luxx5OGhslcsa9Lc3oV0yCQGGbJIewwgvBduzK+xPlDqEWnaklpDiYN -u8Py3vAvOpOFURgupoP3NiRv4wcm8MK73a5X58EF5Dpo83oq3C3pELkh5EAGqNrP -rdDxzWHOIH45dB4s2g6/rDMJNKZ98CnkHIAKSWkXwfbNtI0dgPRflp6ZE5k8zNtP -uquYi91fQft1KQNkS2LqNrVixWOq7QJZRNKPB8VTiTl1sIhmn1kb6//lHvo69s0j -WZ+H3MjtVh9z2Q3aSuVQfQl4jL7gUKF8fwxicbDF1uf9rJiDtN7ThA4p/g7T0FEh -3TFCVS874wh7n+FL/JvuQ6Cko844NMAecPx9PMgFmG4VnrsFxgzDzZvXH9m9lmER -fFlzFIsTV3tMYT5YNe7Nc8j/VplG4HII75Ot4EDcEIdyN4GodbiwOhOUnPHE837P -yI49T8sQFDjp/UBPYYLgmREvBIxOxhB7GsPx07Wy7LpYxEmNSoeNCuP/36eTciCV -krz2zKazQzv2ysHe7VzwHkw1hZj9FmyRuMVTGkldnfrySNqDGoj38SKTdEZcte7w -R7bH9Nge/N4ZJ8oskfIxfQ0xHRKJAsBF5KPvRzAzDFYRN4jy7v83IiLoOMr5zbDs -/R/zm1XytGuzCl1tWA+YjmtpTwj30baltzMcJBiYKgoZ7A1YflOM6mgaVduc9KcV -/lU+th8QUgavU16sYUGj8ZJ/3OozJubMqyiVR8csQ4vnGe8YcC7e1CmLnSjKygA= ------END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_3des.pem b/tests/data_files/rsa_pkcs1_1024_3des.pem new file mode 100644 index 000000000..1bc87c9d1 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_3des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,4A004A85A2D2D627 + +Ls3vMslumxSeBR4o+oncq359q0k0rDTO5FIFxcw7psy6ggd9Vpr3AdIq9qvevmuB +2t1KtlcHoI+Wi+PkpukHCpCvM0Kju19PQuNSvn6eFtR9VOwgk6x+j9x9ZeZp0Qks +BgsGzGubqdN3ze7CEwYGM6CvVpoP3qNC9hR6IogZ9VPTjZ0vM92cm4foSDSABxGt +Q37bLE1OKOfcCTvqx7/r+4U5Z47okeXvOS/Hf7yzayF9ZHuS0hCr+jGWl7qBWNyE +Ze7ITQ19RA7YS2nlvCvq/8rfduQsJyZTV0gIultM3tZ9qNwr1i5yp7Iq4U6O8SGC +cR/95R0Z8PMN2DSXoMJBsSRbK32r2GXJoGjvg+4R0UoTbc1MhUTtsoclIz98lsHk +zVxgPMzk4mEmQGaKVp/wa1ji+9joTkcv3cALHxTtNcE/dElAHBYjjJ7r9V4uAv3t +jay7R8SIPPh7iyuY4NTtDA5m8yyBKt7v6K5hb2WhT4aucWXHYTize+TxSTpekhrG +J0EEz5zhWsrLhXHV1KcGDIHVXlMnu7LCGyVNFCWKRBXIbZaujed0xwWgjfXKbkYd +MKePX76g5OyKFGGcv5KUknlQJhoRElrSz6pywbpwkl0Xqc1dusy1sZ9b5Uh6zjNc +r5sBvj1k7iK27bzdEuL1I3DEcUdmXLNF3dehNo4v5WQL5iBePLoFSxyL8EJkMQOx +fpwoutPzE7l71To1zmE3pmFdZbEXTfjcfqkRy9b4t57gUuo1UEhYYxoB0D0i+BkH +T0ZmJl4Qp2euaaMqYYN2E9FJAyrmpwBMvtgs5oprXRR6geZweT+J9g== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes128.pem b/tests/data_files/rsa_pkcs1_1024_aes128.pem new file mode 100644 index 000000000..f76290f7c --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes128.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,BF176C0F284E2E5F3D50F9C82D9CF950 + +AS/03rvTNYSsPzqtLr13jwrSOVaTUYniMzj42/4psKVTmrI7Kaiujsa2bjI5Ae7S +HDAumVDdRCDO/AV5qL7iJ0iJ+PqOh6aL89PktcYjkgx6XK8FDOq1wl+dPLjmrsYn +oRyRcEllZigBZRbYpnuKZOQ25vnHxGeZ5A4dLm3zUXoMnNXs1h0rPDix/Yd2AbTh +p371Ac6LC8i3KlOIvjlzCFaOWQNwCkffutXDb+TN86xF9+DkJ0bxHhWhHvf9+fI7 +XJFgLAeCpIUMCdhdqwVqr4Y5X0NBA3spmftK4iILn32+RHfLBshRwompMD1mo4Jd +ueEY2P57z7fNxeCaHww7r+OUdZbySauuAmwWHEoA4NxDXAX7c/1/PoPKOI8Y1OPB +00bKQtzGE+FSJQjRzK/n9mIZQFS0A+H54EZ1Iu/ojTpEzmzzE0TR+75lZyfqaf9D +BhQcyjgkwnJpJ2S+u/ssJl0vpC4bKGqs/r3eWmLJQYvZuPKPqorCAUab/ta+dYfi +gxD1DjBCdosbUOolIsjJfsejSuhEQulpaI61DWeMMap5UvzfZLLrQ5kJuibi8XqM +oQioenXf8gPc/FOFiLAAzLKtNjmAgD4tNdA3exmkHwKj8ds+HHS/2FmF+oJ2LR3O +tmO+cov3ZReOVp7wzR6lctG1b2WoVRu3kzwzoOik+SFBnR1v5z3uEggJV6/cyfKm +U3KzhOkrghOjonAqw9+H+Q9hLO8d76cDAwyDB3KxLO9yzdpukB3f+wS+RgaTdrxc +oMSiXklsO9Ro9NIYzYKABjQ1tDLeY8SOOidoLJrrXltJNDKZSVLR3edyk1rZEFXf +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes192.pem b/tests/data_files/rsa_pkcs1_1024_aes192.pem new file mode 100644 index 000000000..c819c0201 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes192.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,B83D6A5D09E192044299B9D06C41BDA7 + +DQvNvAQflmShH/6aRopfKpdKCerQBAf4RYC7+MZLYaUxXUuUzFuIuUyEmNbgsvny +ARfFtjCL07e+SGJ31hdR/BM8wWgv3v5P5+VyAnd64vUP0R2mFl92CZVxzcXw2TAf +PbxDrgmiFxv9WfUsa2aDkDhQjKYb4qlLv1WFc1UM68jLiL8W5UBWKKQFnCivcORD +GlsGTSxMq3YXW0QQQ5x47/4uWaXROLnIuRW7ZSeCi0wgG+RkBW1yUH6plhhSb/Aa +EnHqsAlCMZDLwrkgeSnmsMSTpbUcCKfiZmJB5sJeJX3RVwZ6l04MHMBtWh9b5fIZ +4ieSeDJfHqtUgJ9ie8JcLHuNsUxu5Crzjv6yuZ5su6P+YSMsNhHtOBUXAaSunRh1 +1brw1eG7E6qCnRYr7YyvtKhppDXLHf4sB8tdumTCHhBdxxUd49+SrmY8pznkNjAz +Zhfky0/GKe+fTTMzHNjtw9/qhj0NllUpA6SyptMM1vWe62OkcQYSYeH81btdR22H +Kubx1iYMx2hr6dsvM1+BWP8CmtD6wFEhIMBNKYcg/AWHA/NMpd7E2HTmviXBdEVA +4xMh9fTx0cJ9YnNBuVgNNPGSJJLa7JGWdfdCUpTY6S0YEvTQw+1letrVbW3xumW2 +Tk/G/dS0t41QJuaW1sv9DkJJcl1696PSI4ysDJx9Y8LtV1+DzvdlxSyJdg3mJHEL +qC6bCvj9IhjLsrTDWPuwXjIPl2ycG5FGtAn79pJhlDJzKJZKsbzmQJAvD5jj99l5 +ZiJ1UkmVdsFeQLxU9hsKD2Cvpl9/tdhUvLaZ0UPl43c5XaBSwcT9eztiLUXGivzc +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_aes256.pem b/tests/data_files/rsa_pkcs1_1024_aes256.pem new file mode 100644 index 000000000..9450ec15c --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_aes256.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,28A56EB102CAFF494BF4AFB55C4ED52A + +5yOXbxDDgomJtRFC9iBL819dU/vCOe0JlwdyQOQbagd1Efj7oErrMuVZJOl18d/o +2G6OtjqlynzoeqkTwE0yJEyRMLz6CIZp0wHGoDMyT4Oe86uGh3ki9ZqIWlgxt+mA +7e1RApFnZOCzmHCGZNCqdSNUV5G/cs7or6Gd9HvdKSCdxffPptE6FaaY8OX4737P +pr7svylp569Secz6MO1Rds7eOPEjAZBJyDSah2AMIiEMJxGrZ662iFo/3S1MuDOY +/xoDHtP/Vo3ep6D8Fp24PeJ4/iocu6hmhAIO4j+zLN6uow/Wu+D8kBKMhtrUtnHO +AoP6sjkNOsMg7fbTEqTrXHkOw92PbZSBbwsgB5z6kKeTCYVDBHUaDDlOTbCxw+t8 +PH6IOrQXUIPl7dt2ilfLjqgzpw4T+RCYp1xgM1ZIsoCspUpizmMTPwtn7fuIjUHb +copBjLOT4tUx7itVi2tTAMvtiW9mrHVI8xgpqSiTz2Hg4uMCFlxkglrwp1yIUClY +BtMGL7qA/l/gmhHRYDpkzf+ewuTeOImyyfEnAawVT3+G6p3tf/Cs9RVgUCnCrFHa +/BuYhGTtTV+R6F7+3yRk/XORp9R3K4BbgWHHma2dB0zYIFDXYtlrODUyQ362Tv1q +JNFis2PbtNB7DRKrB/KtteWtg32mSaTL446a0HCF0VpFB/nq0wEPCvghed5KYHSR +PzoegmnjkDikgid4O/RhcOC5+qEykNalddhQOY6CxJEwVTAviHbQAyW3eP1AnIa+ ++Ifc2o67i57bkLLlg0pqHITlz1+g7SWDj7Aix2Y68zWZVL3n+e/wzqbdYqMVxiGz +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_clear.pem b/tests/data_files/rsa_pkcs1_1024_clear.pem new file mode 100644 index 000000000..2d1a17602 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_clear.pem @@ -0,0 +1,15 @@ +-----BEGIN RSA PRIVATE KEY----- +MIICXgIBAAKBgQCvBX05buhPt1/btcKxPH/lplSqiqJHC1Qe4f6wsS0lx5cRUxJJ +4RKWKAQtu7bBINFENSTvTA5uHYlW7rIHevEjSd3u5USDvAbCxhlIzQKyAueWrr2U +06fL+FnCwYGcMky4K5zTTt4mOiq//kcz8HeGnoZg99aDTaU9aQ73mF9rwwIDAQAB +AoGBAIdL8P/C8qcdFGcd3QFxyVTX/b9QKB5PbZnqDh68+C+qWOe1lf+yk9Gr4X8R +CzfEjMDzbDfoTYdmIdMn9ku+CEV9PsQJi6L6CjGfukEcKEHte+gxlqjN+dql0AaU +vDNfxMMiF/4EiLzpy3IC5ZRoserRGQAEd9ssp5f6wZ7aP1jBAkEA4qt2CEG7nTCo +HSIt4etzgdgiFEB/G5dcu/5OGpRn/ZitvXj2B4Nspb4ZKLnRYNl/1FwS1rUuLJhx +oXTGa0iBEwJBAMWrJ2AhWa59byDDwu6FHkbcES5onijV/Lv5kKme+KkLi7RP02Rn +5/wXic62Y6vaM4ZSw8c/ERd0kC6EBWWScJECQQC2zb01T331eaY7SLNkPjU7hImH +d7SLFflOC/wFZ6auWRHVetZAnPdke/liZOm9h+uV4mO3EQuaH5+UrM7Q+vpNAkBx +GV7sN+jSV97PxnKweuY58Qy7mwxznQyAmWjWRKlOP9btkocHehRYPzeQWPdqiuzU +PGLcjA9BdmZQ1yUnWsShAkEAuzLRM+3C4EjUYziLe+nLS+KfS2JQvmA+cONkdQHJ +fd3iCk5xvpX9XnF4TiWspLryW+Vziq5Zu/4cmXeBRHorJA== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_1024_des.pem b/tests/data_files/rsa_pkcs1_1024_des.pem new file mode 100644 index 000000000..9eafbb6d6 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_1024_des.pem @@ -0,0 +1,18 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,B23EB871129DD92A + +F6S1xLJn+qc/BVv7/0RjykUUqvLR12OcChmOFo3hboC5omWrmPzhhy1IS9XuVZuy +1gFiqMQwwLcvp5jtMvWTw2kW9zKVcnRiuzlc/wV07bpYS4YV7chi7aGp2+5oUhvV +Ea9HgFQbx6ZYARk/bcFpejLsptiUBu2gNyy6FC+Bwov36H51y+f3tJIl51ImWnGQ +R1HMDtLuzHTb31CmWvXCYf14IT3gowxvpO8smaqoYOIw4XeSzprBKMgqXL69/qjk ++et4W4/zG0p5R4WlKBaReXJ2C57xvSTmbaqbCjIYroshlPo9csPAwFtRrWi4Aqv5 +j9OELmZzgK745QnL3IkqsjQuS+Luqg8s4OFifcwBLSVpo2pWhdJnKk40cai8QLpr +St8e3BHGZPdxacC04cTc8zN8Xr7r76lZ7h+ppksx0uoTV2U0+3caMqyyByuF5If+ +RUYXOJ0Y2jUMUYdid3k+C0bn5VbChFCxniv10LpJZ24Nt4RKEYy+2VhIQ+FuAbQ/ +dSMJdqBP4TTBu0DzCmqaGvgjjKLTFF635hzP+cFvaFWhVOY2v4tkV+4zkvBUKzss +Ef3ZwhDses56/KTI54GUJqWxNK+a1ekor3tr1IUMPzeaApzUSRXusT62QMBOW0q9 +8lSNcAywvWrlcZ127J2zZMrk0SKo1jNNzYKWt0e9XpqMWAq07SlUL0MJCt/KYw6J +1eXT+xE9H5FEZvQkBFCHYyAyq54P3yrWV9y01xi0y3ruBf50i7k/IrAtE9c1FZda +2h5qh0GNAEiGRr8bbh3A3wugidwAVoHQeuMnAsShf+5gj8Np7W9kEQ== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_3des.pem b/tests/data_files/rsa_pkcs1_2048_3des.pem new file mode 100644 index 000000000..ac7ef3c4c --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_3des.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,3F3828FEA9BF197C + +30fgMPEIKER2VH64TsY5lk8ICdP0prc+UiW/tjbQL+2APptirB5SDRAtuwTvbFRc +Da97zrRwrhhGxNVobJhhffQlyB6vhM6h5aq9dKwD3auOVFosOm0xdiAC/tv+DqAx +DIZIhYUB5IeleQ5rlDJWoReUeOcnB+d7VP+Zlc1l7zDMx/3FgOyOhlq7dufNUGnY +n0tZWKItiV7rOYWTjbDu79BpG52VyHf217v+DeDSugom4FIWQS+XwIKg7xvEnxn/ +vX9pgiaVfXlfZLfUMhKIP+azOIm5BdqB2rklCpa17/7aQ8gQid3qolOMObWfnBcr +MWY2BAq7qSkebPydELB+ULgGP2F7Xdx41RfsAq8RNyVITx0G/NDkYELx02M30f0G +8FGAP9ft1m5DMBbAYBUhZHlSFZ/9G/gWa/VskSmjniq83+RO24fXoTxYUx716z4S +NmDV6QEv5V8ZgLtspoC003H6FWTPXuDim8UuwJeGJ719kXChT2imMeAUpITuoC81 +edv2Yf4sqAqg0EqFlsW6Sd/1k7+GZKfW0LgCRvTaqYoZp0ey4wxFoa8jqvz67jKA +H4nywF2gyf17wk8CM01gXcGypyQcNHrqq7ai+Qr2pxyw8xNBIz5PgWmJ+3Etef0G +hy/tHfQqgqerk/ghiAnDJH4pc048BjFdXfoIr/gMGDM5aHBDJpZuEAmhgC8PMDmV +NjG5TxzRDlxTH1dKDI9SkMukURy9aYYVJgm0RA+Ehn6NnhZrdShv2G4MsLmEZSsm +aik4l71NlDZlAJNYGYik7bXI16Ou9cfU1JNT9+xZ8NcYIMFH7CPRPaTcuW+SgsaM +P7wVw5rUP9+rPwhcZCleRaR2vkD4MRK4r4+HqjIpPzlBagO8FHb5/wxhbRXUQrEW +r7F1bMa0ZlxIGRf+Tq2mLr0suuL2Rlvth6WeVVi+Il0VllO88e4cwA2EbPRW0G+2 ++yuOsb5PRf63BF3FFVhM4jGxYbC+uuGg0qC/RoI60A+098MlJZRoVV4qvvF5tOM6 +PHCqsxIijXHp4/Vvfu//E93AtVSnPxblXsUIYLx78NXMMl1j/i2PHJpTvxhGICwU +j4WUKXT/TQISYrfNiaqc521vq1MeCeYRi5JnILxvMz5UJIQ5ehUQJ6aDxN0OzZk7 +qGFhKD5K91X2ApoE6fq38fxYkh+MN3mjD7uBArQE37TxtDdX3+l7kcxHAiILQUcS +TIe4qYuyxHzuSlt07fkVWQg8ukDdHYBy/vL3HjDj+fuKATiSXbOLP3s5QgAiZQv5 +yzljGNvqtagxJMTjIeD8SUbg2kFwS6FR7q67S57jyyikSkeDKFXjOg56Zb8gEoBU +nrzTkLICntwdZqFpITklGfF3tZDIWWgbYZMqEOVk+u6WQWv+rBlXfgyW1UbmcgOP +yoiJRSvqtsVwY5cSyuiZcm4Py6VM33ad4/fd4E9W3HQL/axHfdUzN3YMGOsd/PfO +AdgGl81+uIgttDOjj+X+HF17gq3jZA409MZEyyBXEI1QXOJE8EKOVnzjHd+nO3OZ +GmXYWveeyMUrZba/VVoVB5S/wZntL64GHd+GqaXSuEgjmqYFTPgsehCUYoHHxxeA +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes128.pem b/tests/data_files/rsa_pkcs1_2048_aes128.pem new file mode 100644 index 000000000..4b9578e6e --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes128.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,4D279F635142BFE952A71E8EE6D14B0D + +6+qW0XUu06eXe0jjSsmRGySu1KXnEjg+682sUbxOk//2YitaMx8wMQqRQvT9Uusp +lW7tYOz47wiz2UrJXKo8Rxow3B38wW7vwjh/Xaw4m6DlcID8Ho3ubN1n9Or9goi9 +Kg3NYtrIWac5njywFzf17TIlxmbHg3wF98c0bKRInBGZxVcEtbcdRiM0ZSst4IAm +xi7vEwHHyo7d3cBJoItJ/1kELqHmwFoWZj2wlXCVEHUU5pFfK5WY7uq5P9FQFBmI +et0IeCCdysZyRmS8Y6BY5cWv2u9mccIvvazQev8H3W8hQ/LS418yYenqd8CAuvct +N0tTpVhV+jXxPwV1+F29kpkburnHrbDN+ZUIVaAdea/yNMC+bcoEypnpT6D1m2ig +ouV7jecJSOxhaDh4h1JccR6Pu2DOWTDpn6pxUrCIo4+2lVbLXOeDS8ClhFf5VzX0 +D+5ZOAdm/LSQIOBXBtqOJ2qDBJINZgpQlRDvo8wDHchslDChTNKdvzjgr/hxdPeE +tAf33lXR0TgqX2vhwbpjqMX2Zi+7VL8ylcjWITdderiNDueDpy7UN45f+0DVhNfT +JIleuqNl09tL34unugpM+QSzgJ0odHpZ1VXkr7zgSFOYau6/drlexS61KXsqk6x0 +rs+n9ssgVqS3HCne0l8I4VOejutBLAVGOXoz7EC9PtS+iYavetnEcqf4SBPHikrn +j67x/wz7jlEsSCyYA8SfPJY1wcKgfKaSU+w2XxAo5bMBjb3QiBYRSvb67q+DtO8K +hUnZMqdbvzFIyXfP4/5WGhBe7ho0dQrtVT+PcCxknMMQ+kyQp+f+jbddLCvcKQFa +Dlvw4XpMR4Ee2ukkaWpXAc6ES301NnXoAwlvKAkThfRDHwGckGfiEIunEZN5l1TK +0X1tp21gUZYE+o7SZNI98Sh2CjxIQSKdA212hI3A+2mOwqBNoZcoDBqrvd2cCoNR +xDA65eV8l5HrDAtMHHt5wTHzcfMik1CTHwL0/O8izQH+fTHKw8xR+VEoGbbQRkAY +PJzMvehkVkc7e4K22nXAs38LARUW0D77ppR78VV2d/D5FCIXrDn58pi4RjjnQOO4 +yoGv4snLhnMq8bYQ5En9403cbMCJBYp4gvC09xeNNkL6EKoBjpupSMrZNn19VsrO +VkACjifittw08/g5ncuAAO98YHQKmNPTM6py707dMs4L5jTOcLHCqo+fo+Wnx9Nx +v7JmWNuFwfG+gIBIYIKmW0om+pcxfYMsry8byIUGNj5SnaGtl5kLD67Lr+LLJwBJ +TNbGd8auBVtroIjdGVnvwtS1oM6eNXogL++sD7NBY5GdJvOMVP9X0VjyfHd+byjL +SfTAJq986dSO+5262mRY3fLsKCeQ/quIvxGsJ2sdRoTFXyKFUu5etuOH+40Yhivx +SnyUd+mVH3MF2sWpuBRE3Ny87mmE8CzFBh+pDdVpdvb1I387wwhpcSfW/6ila16R +1NSvAFwXMeZkxpZZ6hn1Avyc1VQi0fICjKCR0WYY7+Fl3Uv9uXznzuv9COHe2nmu +Giom0TSsOhNeMq0N9AbnUEPAhhIEsaMSZAOODsrvtbRijCcrCkY31EI0O2pT0Vgg +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes192.pem b/tests/data_files/rsa_pkcs1_2048_aes192.pem new file mode 100644 index 000000000..a9585bf37 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes192.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,9253446D0CFFFA0AA50C251F129E6148 + +CrtEJsyM72x0zqFnS3qGqTF8JtaUgKe7EkBRoDt5iEowPZFjPM6QILEsBQLAcG4J +RKi3My1S2nBweRpEvTYZHHzHXsO4UyTCNfeIDl7F1lJ4lO+SB/kBkjAWUTcdT+h/ +x5F6F+dZDMKgYvDjvvZfQyl+x3aDd0y2ZqWQWJEvqH/uGQK921d7sdDFclwDVrUT +YWjF91KNzycRaOvTHjX9X/bW4UZZif9KTZSKSr71zOX16YHU7aIWJH+OPD/DSylf +dbhZAVwRBlCsUxckkReg7u13D93jlOlgP0ufvpDAeR1y+jumLOeWddiMBtRtFUPj +IfS2RPcyP8NQnv09tru+ra6KqRJnT6SKRGS3/+cgXGIirwNz0PbYYN0BCIOh12Co +sK7gzCbVrbLLLSLuENsC4NeihK4WBe0NqZDU9BMqZ/ardjwhiT2InM+hZC+HbltV +4h2k/We2LSP3rAU9a7v6ve7U4OI1kFEGn+sNPuDb03C7IkIA3ThASh3gPq1nKs7O +uWQ6SINnZiPXDvlqZiQHzFipF4OBRRxvlYyly7IBdbIfw46cT4dnQh9uBqSadVq7 +dUf25ouFP6uvnmaZ9gEWvpa5yEafb4+x4io4CLbHPp/pPIgOJKIv2Olh5biN8IhM +BdO0surr+BHFogjjfh7p47yFNx3N4E+wc9wmEAzNgWijqq/btu6GxYkBltSwbh4X +8SSwfWrRxmY9+n4zIyehFJ/Q4VCsVTz2meyAc1hCyi21XWm8uBSA55DHmGXrrxwh +j4VQBzn6qYsWJPjvBfwluq0OOKjfniaoa8QiH3+Evmjyfs4wWaSDXOdxAZFvA8JG +oqiuFPuQwmsFLxrVsL9UMPj8U++zHahqOWzCFzrd3LlUrEAE6NRrzLmB5RPcdACM +cgoEgFRR6l81ZWOC+aM+vDyc1u15iOrYhbtgfeeUmj75nJQ3TLXDRv+BryRtP2Wd +kI6lNUL9M8QzqYfJqfKzJ9mKEGa5iuDH1RcWr7cOv8xZtq+ZrzI3BvWMeYs3CTpg +PFgKGg3uWvF6uwq6MQJIXU5K9AZtZE33oH0CQtDjSUVdrFyWgNmDgMGgMZlCeynC +y/82/qCO3xiFUoK53sh7Qv9Qa0xtIeWsRrZyutyxQQv9Lq5xuiOnqL29TL+GVPJm +/wztj2ElsxqPMgnDHJHjixBBC9POX3yHciDAiuXIukz3u6bsPhBfZKwZ6IhsKTVs +R1XMadx8g4kHiv1GnbK0/jlZDC+ne1C5yJg5F0n3X9lx0KJ0tlNe2N2/mWeVd0Eu +mIQq9fLYTrOguE6bSSp6sMzmtpm00Ef3GHSXsf3cWVOFRMEWGLJklDoPgPr/rSke +QwLb0U/in/NOqmO1gfl9y70XM2zJDDDPrSN+SDf7zEu9Y7R6KmHsT4wbcC/LnSbM +/TOodgWOBti4h9EybHc5udSMMSyQxBedAh7I0OkCyBDgXXyQv2g0ak3EgMMlaUHV +8Gtf6y2g4Kwh5DPpJJIJ/kxgsicO6XbSGOm/Ya7i67MBaG3TBZ74B4T/urEYYc2X +X2p8+n3RGXG6BKOQcXR195GWwwjxy+HI6hzXGO41Q7mrs1mOsUvk66VXYFFLpEcK +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_aes256.pem b/tests/data_files/rsa_pkcs1_2048_aes256.pem new file mode 100644 index 000000000..2e396e1d7 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_aes256.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,44804F408DA69A39B0DF6B8E84F4F663 + +zEIU+VIoZQIfjf55n7N2sCz7QOOZbVdvEacGnjOEh6NoZ41R4F+bio5HthVcq8qo +hyKUcZaPm3+2AceL/xfdx00pq52GqYVl41MSDTiKwCBE8ulCiHmh9bMZHPToAysC +sQlXWDP1FIcmILk+/OnorPLpsox2Is8CELgVfkd9j/ytCMA0TPVEqxqJzrmwp76p +vP2MWS65MIoDFnLHcabHdZZQlTP5DdRj3AlNfHqUMIGygzs0vEmpHjHttOFW9mMF +HIQ2x+Sznragg9ExjVgW4BgTD5SrXKAEDUcMv64w6VCE8Tox1QaWbKoWKEPMFBnZ +HH7uVQJnptFFgJ7cKd6xu+TynEMe4X6iR5GAqPIqd1rhjWFxkQb7zCUy9PukFHlH +uZ3kSLVGV2FDFWN0Hy1R0rfrEFOXc07dwg5lp6AXG7NziJoMChSS2ipAbXo2uE3G +PdIw6nAR/abyZqtwlyZD1jO2R8WIXYiGUeeXhC0C7OO73J7IZnZox6bbVemFyZw1 +AKgDGjuaEbBC2jBEt3TE5/Aaefef+/nm7MENF9BJlPF465H1ZfFbE3PRf+2eVPf2 +Q/dsfxKFG+Ui86qcXjBjex5BvC2kfMqXumdoTlEx24FGFCRUHB5dmnWRUejglJ9Y +QWfolL6ccre3LPYDSmGAnAzfSB8yCqtvsvT92NDFsSsO6KYBy6grhnvv0ieVcUh+ +iDQa5f80fB7ugitliOPPBzWjt5P9FDJJ7Ht2Fpbor0Ig/JKngyTfTRVjTh15PEMc +kYHFFoeT9r5w/4wABsh6/REnuiahcJlcUadN8js/zrPPXAoAjZGfpvin0uv6haBL +Qh9OHLSw/61J2EP7Jx1IL1TPBCBSsuNb4PLT4e3kqq6GVJNRHCMRpN35ytZr4pqj +lkEgl1uVVeOgJYWr8jMDWrCh9ih6xBCxGCb7SSUmeRU7FUJ+ybBbvfsnMWn1TJZX +Bee2PTac6JkXNdDgM/Pe+B/wCFR3clg0ptmr13hmLqmkbCMxkpCVCM+vPA01GNgc +MjYIxTNxB470tKva3jWqC86ffsvvmZb9eTEog/cfCABscX3Y2ufYl71t49tIOs8X +5AXE6GdJDCqJhyE9pDkt2prxeoDSh7tcDnxjb6JfAhvmNORrjv1hI9mmC+IT8F// +QrqxIxBjgKszkFeG7dS5MHo16FCsawCJyl87Dyq+51KTyqeqsXBvODsNT7FnrBmg +Hho96pEJQ4y0YqP/aXNo89fVfYM3hbdUS9XtN6xh4N4vXI6sNVS9NQzfZTcrtGAM +H6IE/AEYp4htKeFUM+QQsPZI/EcgL5e5GP7BA7xrx5L4T94kHIjz69iKSd1zNKT6 +KhOWNsWzHZABOnpYQPvsjjDeIG9/u0ryXYGtH5dwX/z3VvIz2mQ0w14OIw2KzVYu +KGUpGXRvSx+o7QYulVh1Q4BrA03bSaKtmYnCzpaKKslCBXxbQlTIvL2hlienA63T +V9l9edsJCtzElSfJteqc2uh5oVDkGkgUkfmrY1b/8RHKKbjeEKHOEZB2ZxMTT3mk +RGx6HBKoLSG5jC4TjjUcAIY0NAmJRLsabrBTDLBUqxnMZroF75Id9KaZHSa74x+Z +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_clear.pem b/tests/data_files/rsa_pkcs1_2048_clear.pem new file mode 100644 index 000000000..d9476348c --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_clear.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEAqFVn+bKgHDTGFY6QU25+HlEP7ppDRC320hNPs91pri4VZrjL +hOD4/N7sAoWTZiIOGCo5pJ+OztG7GA2B5tC9/cmdSN8UAXR8YO49+8ZqN4g9Ox6q +91E42Rq5A9aCMkr7wm5Ym3cK9dZGXHVa4QsROdnoaIKpu3UbbjYOrmQSXXzEkTiX +wMTIsXz8SclaRYNhHtnv6CKAIm1sTP4a3GyGeCzBW40zknNcgTqHo6J3FLw1AENY +iaQEeXqTOxq3MFWm0HQFoJC4IND54RiARCo7+qJe+aqMGPwIIzQEXRIQVVcG3lvU +8lUyTPpegYb2O4zdRrCE7GCpBBe137NmJcZMtQIDAQABAoIBABl8JKu3EWpzyvGE +jfEzr0BjwWe8TybJVq7jYZO3l8JZE8BjhdxuOwP9s/mFw5UY3s1lxyhXR8WkFxFD +KkGJpNoBZiCcNWkq+5GpQBUYKwiRRcPnlrauw06LLyuXlEqM86SyFBQlZ7FkaW6i +Dco4ZLk/dmIsNgo9ZpO+92YLnIQumq5nAY4Mw6CVra54koDmLXorJzidAo2n0059 +K0hUUMgh4o1BEn5I+YPZOkmASsNUh6zbm26tyaiBnU47ueYE//+RPCTPTI4ePBG5 +8nGuRGebGpdOm9OO3IGgps80mADnVUI3QTjcwQlY1pEeaQ6FMf6WpfwFSzssD6WS +lfEoVBkCgYEA0vRCLOvbhikfaKCnAkaBYlhna1BI32gPa4+bwCKupaI2Kl3uRhPT +JB+I+fzWXjPZDq4JsuTcHCpP2EpfBi3ltXmjmmI742D4h20Cv9lPWItICn11HHcQ +aV40Td2Lo96N8fSzwdgr0cH8fVvTEWaZiUMZpafypNIecf7UMMi7opMCgYEAzEdP +e/zyTHUIUpYI4OlD/C+mCHGOGnDtVG5RIAPNOiXuDshGBetQf+GmCt88RjH5Gz4R +LuYhOQIKObtMRzsgD8UbxBoRtmwTAtaX/e/rZiW6kEgplwA7ZV/7oADOBEqhf5Yz +ublAtD1VS9zDXr6ZoTeJVmZ0VMlKXPd3wgnZ+JcCgYBgYQRS7bcwBl25OZzT5055 +lhY560Y/+5T/+W6ZS78rIX9Jv/x6u9f9awLz49Y0189Va6I2v2To4VP1Z5Ueh52p +WderUzI1Yjpp9R4KdMhRleDmGgeFZ8hxu35+DLgduDJ11uzBpXfvr4ch5u/5xTxk +f+mZy6+KKg2K23gqiatgTQKBgQCW2Amfmvco8jrFETlZK6ciL+VA0umGKOF3uUZ6 +h5QiXiPeEpFyiYMWC4BbAuE1TG2QalKx+QmLWTBH1UDMUKKqQnjwY/e0ZzXaoK/3 +uhRvh2iuZjsf3/H8N9ZNHosCrEF5P2bOvDdFYQz9SfWSntg/Lg1iGaHJgiJBaBOs +2y1z3QKBgQDF1Fd/BqSCKA3WM0+3Bf7Mu4l40CKmzjFpVGALTQIscfE4kUiymXna +DLWearAGdiGpWLD9Wq6/hBC+LLQXQ0zckITz3L2Lh5IJBoysOc2R+N2BHdSvVlti +sF7IbcMbszEf8rtt2+ZosApwouLjqtb//15r8CfKiUKDRYNP3OBN2A== +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_2048_des.pem b/tests/data_files/rsa_pkcs1_2048_des.pem new file mode 100644 index 000000000..c2968338d --- /dev/null +++ b/tests/data_files/rsa_pkcs1_2048_des.pem @@ -0,0 +1,30 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,A21ED2721C71226F + +KC/2MeXdBpU0LCzk1qh2ZkN4f/GNMR2iqyUYYqGdcXGe2tiw1ge21cH9+TPrwX9n +oHFPLGstWmCZDpp6ogyDLR5YD4pcCYrVaqKtHVaNnkuGj2ShMef8ql7c+xcXpWDH +ptya071WCyQO7yifUMj0KzSgN7evDjn7m94sbmBQ7T0hWhmKs9WiBDHqEG4zDsfC +StmDtaXoILmmruCrVgvGWAlCTfye4mBaqXvFjNl4xATLn/Nksk0TgmFijrRP0ynm ++J2shgJGyHvwSgwiX7bkOqhJrEZqI9v/ob2slaG9Kod5NUXiHKxnZjdqcH6PC4i9 +ZCdJTLlNzBEGm4Pq5w5kqm5OxD9ScTfyYKyeXbWpkCJmU8HRkXm0m3DP8jRoF6Il +QwMCY5ANRZ81sEzQQa6obdaXeioMaD1+CpvMVBCsu9EXVAmTiH5Jwj+xbtMXwjz1 +LNIGIlZg8YutLBfnMxnz9RFbz1+PBwJpKIDkK2Sp+Twh/3hbEfsxNrMl59urDyll +9iO/u45sY6wVXomuHiPrclC32S8QW61hGB44aGwdYTDfpTQ4hRo03xuE3l6x3GFZ +W8CPPReIsqv6m8bT2T8THgGDYmTJs/LOQFhZacTbnHi5LwVjNKyf/zq3TXBo8sTh +O2mpmt0Qu7VWOlEqmwmAGdzgxmuPnJtbKpPhAQbqTo35usRd7EjWkgTRzTEd7yle +t5ylUXQoA1DFO+H+VPmzzOo443BLhINJD8nhHKVfGj3VVpWFnZgDALhFB3pC+lpn +5ESLfD1wnMSlSUmKCYbOF5zgmasTAAOi0gaFKW7FehbAPbDha5OyrmZWO6/USAqt +3SrobdHX8XiEjrq83CWlTPDL98gL/LO2lv6lWoO9AA6t32Zur3oS6pjFEYTZtzT2 +sztUpGQbV5OSh7TSSoKRUHKl/0YqBeO/TBUBpM+H+rTtksdnUG9u+wKF7rZodMtS +TsnIb4onpmmk2GZc5YkV36P2kDlsceZHRPte7Vi5zEZvelHUOmiamGtpXWMug9um +lnRs6oryDFffoEZ3gHDetE0bG6f+pRtpnvMJ8VWOFXDnuei2Rv43HLtf5p02+ELq +m0/HtvjFGDvro7ktYFNogpVgAfOwadBArSelmH71GJa/4KvUcM6Anx+yJm2adqE6 +5Ugm8JTaJTxBTHqv8dEKsyDN/5M4QcBC1AfTx3R8XGjqYeApHd0das7w8FdDZtNJ +MK7Oqa2HEq3ChaV8OaiyHul34gR+NttskcQkgRfJX+LJ2j3IxVAqmUdid8LFJL28 +Rpx/pONcGJHjdubbZZ67Cldb/nUs0ST+HQ+BJbYZNqTeDDBSCIsye+MUKnqBIOl/ +30zEUz5WMe2w+c5BWw65aVL7F6gtKao+W93CQ4yZGbNRfiglX193BQYwR1+7QAWT +78jf5WyYzFj3VU8iwZ/PQ3njCR9Fumm75xtIlAhHqliKg8C3Jfb8uZvSjvntkjWn +ksgsLRF+/P1PdulaRYNcZAoYKTz9vYpVaWlSyOm3HnKpl2wSoJXrp/cHzd37FyqW +z8CeXtMSvio2wXmadhBEEoc8QSY5s3/J6jDJaWUxkQNPdWZkDmVgDC0DUlfEdSqh +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_3des.pem b/tests/data_files/rsa_pkcs1_4096_3des.pem new file mode 100644 index 000000000..6de58fb7b --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_3des.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,08A2EE4A627B9219 + +BZXLuKYuOupeUZGJPIIiGd1dFXaBiFNmczkwjADQeQPb5rzf89n2d7N1442YkJ5q +nIvyHoezi2er4bhxUX6ToftGdd9X/WeAbuW3QfzlLccf69RgLpKjWasKRlws27WE +ighuRsgPK+UO2CzR1PSBi2OIRdAsUFhUx4IN1oSMPcx5eR3jglH+jrFwv7oOclmz +KBWxAKBguVOFpYfbjy77Oa1sainVFIZMeXOqkOSggfX+kmHg9Vk+AgkCAhM7iy5m +u/2uYjL1Fp3OUuMcnjWG3GAurKAfquWcifF3GSzH6lLyJllC/RnsUwB034J5PHB0 +KrfHipJyIqFSj+lOizDteA65EoT576+4VOpts0aCc5sZeouQS28nyOVKbOtaAXJL +seQbR26RoAw6ngD8JZAFw4QrhekKRPKzkTq8s5E8QplW/Q+G2P4gmn7WeKDQGHW+ +8FJtBd3kmzIydaM8TkdgZOBaNPAvkRdJfPcce1xdhCOVfI+jM2ZrUjGNjGlVChLv +P9cKwP1KgzUVb/jYEboD8d+ia3xwOfB2sfNS7mDoTWeJzle7zl3Np2IVNpND6zpy +eP4sTjSMDJNGZI34aGkGQEBCznX/ssCT00CVLS4tikQQvHGGasHVqn12gTn+c4yl +ranvfJ72h8DIpHenIQdvzRhTHG1wqIn1SpLOxxRzUCtGUuSWmbTk2Hxxk8xZUoNu +n9n9mXv4DecGOmmaA2zHq9N/lmPv9ekRneMypD5sRjo9OUJVPeNkiHCzp8ud+Nr4 +PcKeZSsh9SBbGcgQXrGedntjualYq8/yoE0cLKOud3uq9PA7gtR6u3A+nT1NFMuD +hnsnlDj5p+k1rWDt4GnYDSjRrbFMZ3K+s/OaJ0+Ul7WXBup+0X48zNXv+8FPxsxr +4zMFpLuhxLAI6IJlqjM8TQhRmP79oGxolF/rNyOR+3K+HFjEFaBW/Cm6WZVKYV6N +6kY4HBFsYFhdfPlIpKX2FfdH0WT3yzHLuMBsb1Cc3u8DSYThg/vxldwj1LZnTUJL +ah/r94RjOXd2IDe3CvgxK8ofT5XdAPZHBKXosnMTBx0HZ/prwFXt4YvrwbSxHwT6 +Ekk+uqMZE73Ln5Qh4i1iEH0j6Gwyw+PekVsc5h++Et/7wHlvF1dv+RB1imQvZ09n +Qst9uN6SYhhfHm7CbGpNjMFJGopEgA719QoWnzCefgnuiULWd1nvUTjsmAw+w3DR +WbWVX88K62wE9g22uK/EB+yvyQjbOYDroTIlpL1Pndmj5R86Q84m6zgOsImmn7Jp +fbG1CXlRCIlFCD87dxNSccMeUB5cE/qpxtaAntYqChgcbNdQATuO2YB77ZQyL9T+ +cxCOIXzhnxhqvfZ/Gb6kT4LjxYFzuY2dVIwiGAHtqASpbrB8qhsj5SOcGg+qdNwD +LcN8nOIz90u9+odzilr5BZZIU/mFKzhPw4+Mv5QohAk4PUx50yz6NvFiCDwIhPxX +9MvV6l1pr2Kx6nH0uzpC8H524zL2zhYmNhUdRUOCPApLv5a58t8QkgymFD7ZXQmz +oYtIyuv0D7F5SfHcDCul0sQ/cOoVSLIX5lj23M1SLRVeUOCO1HGK1wLaZX7jLzbf +sZUFFWclSehoyt3Z83M9/nbDq+b1Vlk/1qrxO6/AVYBneb3KKYXiYXIQHkGt6ClF +yeAPRXunxm+R/qoXaIETcknyCOH3teePL0uC1aD4jJEwlFH3JvlSSA3ruAsrBuzQ +Oy9VUq/Q1lK09SRT+EKzmVhvb3lVYkP99Du1BoIyD9IURGyxoT4Flfn2E+tfN2CS +Jf/JQEtf5eI6jSM3xq9fslQORSNGWm+Gb8i1wH/Sl86d7OZMdma5fyfqA4dYAi+W +2k5sPNomZ2z8kL8uixR8Bt/Bg8nkIKjLpZIu4cd0gP8BWbmJ6axfwbcmP78Qk1Tq +kwW49WVg6Sc4sW3T+zPdV1wGm7DdW3KfJJOV+6i6q4GTf+4Idh0631lVC3L4wJ2v +C0l6XgR/VZQ0O5NFGeRU0tdrqvck27BjOkngRvDjTkApngilLrggvIXSeYMku3q1 +2MuydcUFA3najp/F5v+jTiYIzJkuYsF4T49M8N7L0XLuzmhpYK7EU6E6VdsoABCY +JWWzdZdfQ/dkGCbn1gIbSi92hG2YQ8nOJ8wOfm2fynO9iCu3o6h59sJ4zrplAyFs +TTdK6yd0uDnp9glPmurcEXmYOGVjVfRCRRx3K9tE2QHub7lGew52KrcKt9FUPaGc +iD/WQi6WdSVa+YvLopFBLzaau60QrwORYKBiZIOyZyVq4LVWcg1FIbni+1NTOpTO +bo7/ymJVA8yPqlcexbYAUUL9zF9BfS+lE+MWygA83dWVogIpORu8Us4GtUf9Atq8 +Q+uxiIK6V2h3KQn20E3EHFmoRJJ7My3GPHxuG8/mczEAVMhfZJSXqGNiUOgc9EIz +eFsfoyPiUoOkL0WCXYnt9GDPX+P5FZ2ycfLb7pQUCFqY/9Lr+0LzaEqqV/GLyBRH +SR8j61eEV4ZlISLA10eWkkyVVHRA2OeAc2kmaVC2H7xBUY7owYDDtlUzKeKL0/al +gvCqE7kcazHcoiBkQI8IzslFW2Q/plURJGkuiUPou36aFFTj77C2oeWT5hRxc+X3 +9frLSIRQItMhxIRxIccxuv46lHYGA/fiPLJ+L+GiuZZHYX11UIQ9wX+XB2eNLZFS +hvJy7+u9hsYyi7KWYnXM+8I5+RO2NhXfKhPwW9IJ1aMWMUh/VEYlGOMJGSr5c6qy +21qNuK0D5a6tKRkHxaUlLvPOlylqGINRZiupjXIrkbzNy5pEYqz3sJSv31FHUmc5 +EbrQJsI1ia1hEY5Zgq0eQc3k6HcfmfgIIZ2GB83N7AGrpMRyH9g5ZguxhdbSMjcR +1ZgUxx3sXWPIIwlLTsxl4wY6CqTQG2ZNPya2PTW2X+Qsl78NhLqKUgXHsfQjViKO +ZY/02FZEObhIfBprdq0HIu2sFKtqyzO14kVe4MX+ZrB+d7QmwPqDsKb9EpUWimFs +HFPsOkJ0lc8EY5i+V5XecWOhQccjEzoqQzffnlWC+E08/G0MyngXfym/JPRJxYu4 +nFYfGzbdedXl7vYXisw2kbrrQW/EtkVfYyho4G06tszUccLGh9akU1ie6ekDQT2o +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes128.pem b/tests/data_files/rsa_pkcs1_4096_aes128.pem new file mode 100644 index 000000000..c54c1be20 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes128.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-128-CBC,2DBF602A00D044C2770D4CDA0D26E8F1 + +945LBJrU1VrfEqmgyMSQmw0BtwxxjzegntS9iB/6XsTuRbyiOpj1YgiF8oHYhNXm +8Ubgwe0WEkqYOxyWvrBDxFgFfcpHvmrNvPssKW7u2jFx+wKKDCIBHuXIIfm8TJ1t +lhal/TpRAs0Zu6ub66UG6WNxtKIW8Na74OyHiBk74V0GCpNAnNNpWsJ4YW+M3wep +rMXnySl0EJ8caZYCXVzcHQVVygCEHCtSr+cehCPSJl2jeWIwqqy6fiFWYDj6s03C +eTylSyWFOMjpTmi593Dh8vwJ8bIC4aci3BP/+TYlvT6+91voYz/X8HtlNMen/nhP +ZRYbfwH/Qy2FaEhHI9VzQu83Wok07K9TayDBkjh2HDIL/SugeLGqBEeVzVN4aM2O +/QA8wg+gEBTOZH/uXim/81/pWAaYfXPH76/OxjgdrbKQx1CN9GR+h8stFrMnTlQV +AycGUc83rnWEJM9t/3KyrDMSPwbm8lm2npdboh0iXi/OocXxrW9Mm8OpD1mXFOg2 +Lm84CCs+X7lwiDMbBNRSFiiUSzmzX8GWMkwh+jjAiTa98pbc7EKcTlYlkOkOTeVj +rj8Xb9eBz/AfdrV52XnDBXhNmlpe41ceiw2aPmZ2UhfaHbm9wYL70GTrTvbVG/gC +u8yYT/3BLZ6j9BAaS1QlA/sbJvlvc3TqQA7wGUd8RonG1rqEK39wBM6M9dHddre9 +XyCXAaHH4GbXTGFY9xYGcoL61HFrEl6HZ8vBOs41rYROPYIkWJXFmoDHY1aZo1Oa +ofhJG2bvv6gZQdt2f5JKeWSCMpQFSP4PWj8Z8TXvHHYQm9e3dImVK0E2go6MjVrd +ZS6WsJajlp0UB6ceLFX+NYP5YH4u+VJF1PQ2M6+yno0BJpjPBFhv2pEHLxPCQDXg +L66ZgCiW5WPFfnm2PZOE4qtlK2msJGDzOez+nvOc/Pxv2BVhWKhOM9Jyc7c/at2M +gGNV3DPGFlRnuCdHDQy3ncb30fQsjJqQU2Xrj5DMYDaWcLTjznwXO5GMfVAQufdg +EJAYGa730fPudLsT/pDJUIj24Iz4Xfnd6ilj6C2Sbdl91JZP0JwFkEuQ43zo9Nr8 +vMcz+wzfkbq9gXKOM3WNjbHFX/BfS+/vM04Cu4m6dhLIFDw1sguI5yCaHOUiuk2E +gwGHkE2rKo+/afymCXYas/INFr944eIfkK/dMyMZI16CZZtiowG1UoFzynNb9o8U +NUMhy8Ba5qrbvx8LhaQkHbeiBZ2vKmyay5Y9FYZ0JiY/Jn3ngiec8zsgZG3as9XY +3quTs9W8fa0HYTNvJ4o9xZembpWMj+HLGjwZ8uiSQUFDp4mcwltb7t4cnFfu1X9Z +MPPKzHTrECAd8A1XH6HEmeZhUaMwtLt4vNm0daXe4LvgMAHk3pQO1flVrsRxl3K0 +VD5NhJCG1UTl3OUTV2WL5+WW76JkdZ4Mn1N8tTpyLmQraifG9yBhGMxUNl4x5brf +uAQGzV/U09eEjU8pDVZEteaLAbFqH0xsp8Chz9dGM6pKy2t2H/ZFvk3g5YOKo7cX +mMGf1wG8WRyiZTxM+XK+tpmUkuPgRjxdw7rFTTwKNG5VmBymIHGR7lwiv7fLPXo1 +0v3gCztnKBTfCdGUjdG8yRNGAKtT4VdRsCFeUYl3ZehQUXlO3ZU6bcVv8DGFmPli +B566h8BPIkQ49MKbxX2E6ukw5hGzilAoY4VN8txXGtncvm0FUTt+ji+wjIDAKjZM +DWMm4bN7/LCEfsx8f1+XivzqQY7hdVntkeUH6R9GMmJ7ldfR4DYVzGljB1xZmVNV +FD+HihBMVCtvzXLax5zlrf4iunmSMPBW8cNTJCHXNu8HbxNnlhIQ55G77DDIn8RC +sh2UDHEWfkXuhhCfdxOMCUIBTBMCgK4N4pRdxEmj+RFKJR1wHY3SyMrcU7ye5/nr +mxBF0HZKmHm6+U/oASjHeycUi2sXbzu60H+rSQjXVnCuFMubQ7LzJzNddmRc346O +6fNa+28RUAxdmWOD8co5N7f80GAGKh4VwD6Hi7KDFdXPNFclesjTKF8U6E/Q/hjm +HkH+uVeOKZI+41qiNxIpqP+76h4u69ZgZlYVd0qkbRABLBPN69cgsR4EEcLX8JLD +rwgPaLrLyX9muYsFf6I99DDjcqbW4BAu8gjzE5qGZWQnOXAfSihUBqE2VgUQttF1 +Lw+fEe34AqJFr3ARcQg8RsZLomtQbba8VxQBVMiPgi+53HSz9IHTApTQ2ukuFB6x +h/uyVtBImLCEmBu5p2ZSBx1SWXM9A2pj1tg7CgS6l5F+VIFInkjBmSVvRooCj/eL +kaEXz65E96Pq0tmRlw+Zg4Xo3RaU+Ah2Vt/6Je9ljD90wpso6QbQBNnJMDF01EKu +KJvvxf60xXB8j/EZvYm/7wDItCRnSBFZnOQlIfzy4bvM/TLFWN1AgOsIuWjROe+n +Daq5gnCBeTwNwiSkoM5WjjlGGl3K1ubm8t1dEbjgL0tUHEv/A+cD94SkqwdPiL+K +uY3qmWni4ZfwD7V0l9cCkUpdhmmCuX5v3ylwmSvXJ70Ag6tABDSMZK5pj2GTVGno +ggZYcO6eORb8iaiE5ZkJ3tRYjUtbXuqTharC2OqlwEvlOGF72SrQEiS12zgkGYnJ +ZYDGz+wDA2CCpFXxNwL1ZZp6ABgH2rgL3RUqPGrXefdib2lNupvrm7s69//wJmpC +yH4Hex8Y7zA9I1cumIPFARQIOgNbvnCoplRYNeX4TmIMY9uMGtFNRHvrk24bCdz+ +leOGPWFPrT2SbPb6ctGRwZmgXq9NLcea62ErzDHBwEvMxFVhKAGoRUR97YZv2y3F +hkj/kdgQVg5TEQfYWINkDlGX8kpRcyHKYA/VPzupgI9g7dvP65O9Fo3sivJ3RM8N +QJj1hcGn6disCHnw4PrgnxDkVELIAOD5xye5919AYj3j/MwIu7kGANNjJk34Tu6P +gRxagTKQB5qyBMsYJl7k/D0RUPA8OsRH1Z1Vl1+ZXtaraQP95Ozoin74NPESKMnf +8lhmetneI9kgnW7zDxZbz5On26/UnXB9FfJFPsHS60SVpUFihFudrpSB6CHxvYAm +hN5EUekFEAgB7LJ0Tcgc49MbVdMKk7H2Umoovc1Th2DBeET0Q1yabaPG3SQF9lPH +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes192.pem b/tests/data_files/rsa_pkcs1_4096_aes192.pem new file mode 100644 index 000000000..8f2af5a2c --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes192.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-192-CBC,3F70213897D2A537A35A891E5682E0BE + +cjhXvbgnfdO1KzCgWFTwBr0ga2bwtEhFIWSE2EeFXK4IWz413L9nfGyx4VGMcb4b +j9f1XvJIM53bZ1lrqPkDd90qzq3GG1juNdAKUqUSATFUjo41/KLE/yCETMEhWCIr +LdH51NvRGozU75SR+i3DlZGSepn2geDjdCrCQuwVOJlG3sXiyEKYvBpQDHYWhuH8 +isM6Vlh9sibC1WhYrvslY6M9l8C0WuKGkqZcJmIYC2q6uHTcq1g3vyZ7ZEwxSYe8 +qxGMJa9MwkmwAaT9d/FTLjXwfagl0Waz1dSBOegtqcTTjaougv+df0y9VcxVYcay +lMhjo3wasTl1k8PW6tM1SEEXA+4QJsGWdQSqi9TqwiqwPcsxAZ5ycNmF+Kr7h3dY +7yFzc1E3xMpH1zR2lOfvwKk+2aWEyeHrREd611Fpu4Dl0WEtxnTphswt+FHhmNqF +J8OAm2Cyd+pzkPJOJXgbaYqM/ff7DTo9KQd+WJbizOVW9tIwz9benq3KCuL0NyJK +r0Al9BI4ysc+3hmfPKhrGzvP/BaGPTAfE2Rk9qajPfyt1vYg6WzLrvvyPTuS14mC +Ldbfzl/KBZz3ED3eqmW3/uMxIZcnRUL0jr7DPkdN5hoJyEbtu/kT4Cjke9IrOnOR +rVHowECNOjiA+Z5cIW3HFK4jjQwUZKMrZNrN6gRbT/ZDa5CwgdmmFG49U+GwNHmu +cXvNnaGY8PDPvXBG9nmJ7mDA8P/VFPYQVcPLlTbcA3QL8NUBWi95tp4FX0tdEouP ++nR08+UutUnifGDgScBeBvzI1eYP8Tb4jc/yQDT1L2qsk0bY9LNTgo5XMOuStM/d +Hf1IH2vx5o4S71PtUClJ52dGSbdr1FGB7CNLOHugaX+D0FsjxsFiAnPAvOvZ64zR +vILBa9G7pFxhP2cbo1jO6mAixN6pXoZTEYv2i0SpFvQzxAP98PZqWFdAFLPjEza/ +Q+OUs4xV7MdcRh/wycihFCCeGs0QFcmZtlinP7qkTpaXUKdcQmJHj5CTawu2GFZz +4S53US3p8LqoBMOb5dgG8zzaCh85evrG6liKGtzpY3obsGZYej/Dvuht+Q2Pn9a9 +viln5g7al1KEz0cU1VTfB+SIunCMfNS36e0zl8PbSG231vEQqVbx8Xv5zgzSL5wg +I+XtotQEgQE57miw0hjW+DCaDaBc7mpYzPBaqtC0qJUSOpFE/fig21H4uDBBZbk3 +Pf5fkLXrCuoT1EJQ1iYAuJo6KTdvIO//6h1lXu3ZeassNKS3k6yAmyy+mN9+SY4i +RQR/tjyqbKRVoCLiNJ/h917NSa5jFJVM3DQD9ZNYR8KEzVFhullZd+MKeuVM4NoA +H7K50+vCfIPetZfkamT6DQxcgqwRz10pfY02HmNwx5sPk+US7epVcBlEQofklLEq +fUV3oVbnaID1FjcITwvL//MIYMyHa83e/WFkOLORxzRCOnCe5lZMRNNrWFZCCiqb +X61aRfeGtEkEvxe4QYbUnk2jOJYsaBW08T0gOPKaIo6DpzzGKsotzYrTFs4sVr+p +QfQvWVKq8yYwgBe+qCseNcbPFUd40xGSbZrYGLB/Btax5431A1KsRUlzo5gdDDoB +fEGA9oFbVTZ93r+hK+zs6lWXeefe3m1wAetlLWpEneNe9V0mHZ/GiPY3cpE8dJNV +OPucb0DQqJJdmCfC9ZXxgpXSppqB3jo+C75lgTyd2kepwf9uiVTz/ysnHvj7T5tF +A05lfnQa30MdllCBaYisJa77Tpq8VoB1boogC/UNsCorsuXCDe4PvKPeElGokdwF +Z32HdTWftm+9ZkiQBY7aKxPELnMaTEvxV7p3O45bqcLt2yuLejDSp64lPkX3I1Ze +nPdEnYfOLacvDWxZAmqDmzCTwbLqeuqeXEy7SDELsOsLjJQorIcv+t4y175javpP +8f9TNhteNhOTjg2com3KtyyApUPZHxEnFlq88zbWCqOg3pOLYXbm8qaHs2shlDoP +Qi18GHQy8eu/mnju6UDASAY5xCCkfuh3GVQX9TqU63kK3j3+VNFmD8v8luStPFqZ +Z41mebckvTPsdH1wzNSZ0yu1m0nTfGrbNbtG1gDEdnTBsLH4P1hm3DFVOLh1S4TK +iVl0JUnGbWmSP5AJjbxLw4Y8KrKgKMC7SDGlSyWiEH+rPkVtqrJEwG0nnanstM8M +Ddbf5YvpWXFYGzCERMm2WrpWVrXLwXdMW497cO+YeYviwGDTmAqFU8PoJkDCt3F/ +WbP7Sl8Y9r+a92eyoWlOh9iP1uEneNsT3z95wpqWlj9eYZlFNjD8aY/FXgfnjXey +dehNvuCNor5+FI8fuOHj1C/2Z0PskmzoYuWmno5sPhNtE2GpWhUFejVF6QdbRbzm +6WY9+sJeXaZcrd+AGH51ODgsliSPP48bCfkynkni6bVyURPYeTduhd9Ww8ZXpjNi +ROUGA73edxzZffhAuqujKNE7+cs25kVchZ5zh3S9RYCW4iXfMsIyLv2bi6dqJPtD +YW6emBTTHMYNE1EFyBVA/WLL75EDExJeCbIaCf7sh4lsVI6MMyU0TwTmZ+jNANqi +Ciiys0AYSfRAs41m36h1Efy8G1bx946iShl/BYQS/6Bv0nr/LAOfaqo8mx9/jj/z +Zx95oX8rKViAj/dtlH+/teW+i2zVVgjcvDr1pvekeb1n7xNLxMZs2bGHTeGFrqrB +1rv9h9uVJP11YP7AuyAflAC3LOKOtxen8cxhvFWJGW/djyrEaETyKy7mG87v63ze +OboJYP0F2005FS3xRZJGohcysp+CDZS/2r0DfiUi1b/yXeMf6yOdh3rXSVDDrxBZ +ZOciIgadV2wwMgj3tMpHfA4kRuNWMdr2OUws3/Kl2vVo2sd7oh+Nrud+peSnWq1f +0yhsbrEhxTFeSKxd39qkUg8ELMsO3mLjUVKC1bFZzd3cHulVJhBRC0vCrVAgfFye +hy7E9sU4+cbbGGb30k8WODn7ciG146B4rv+ZXDTuDG/PJeDf5FLrJAg78RycF1Xb +vRfMIcrygIczxKgd8sHuAk0/yYN8tM88+9wEzPr5F6Z2Dj6Giai8TH8p3t9SOpev +JIFSVyPYxUWg5B0kCOLhihe2aBP2Gi3+VoWbNoRiqH7dV6refqZG1CPf4RzKJdT2 +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_aes256.pem b/tests/data_files/rsa_pkcs1_4096_aes256.pem new file mode 100644 index 000000000..e2fc2e262 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_aes256.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,52B3A521A4BE45F79E26667FB6F79A81 + +m10sgThu0xP1wMx+664P/NHSZSjTW63ntAUwVsCfpWamzPLGWOQwGqhfTP7FF8Aj +ckgoYL9Gryulm4/YLH4lh78/beGVYbY+dhOiQoJ284J28v1hGbwr7jRITuabKted +PSqD8UEWqHRmJojDe9yznbfAKjdRyBapQg9qrbKsuumq9KKmEb/7kXKIy0eEe2lS +U0/aGFlPh2jpyLuV16K5NbeIZBzyuowZWcF12AI6gc+axP33gpWPDoNqP1PLluT3 +LFx7o/1S0mMpVNQ9GUcxk8X3mngJi89AyUVoby1YIffGEQWKM/lqbl4/uztVRaH+ +ZL6d/loOmIV3FqDs4RlDTUGMbauvur3BroH/sFNNfsPv0L60U5ZqNVWpJSLdiyzT +Baqm0jET+pQnwO5pNVMmC4lV7ZTIRcoSmXwautuoxAPoJKGjrU2nKGCFWvbYyq6f +pIR7RUH39pz6ivzW6+cHbS5B/6X4BLGMrgk4Y+DNUWtDaPebocIZKPhUfvnqwb79 +oNyDmn3wIniyOYsZg3YzVOoZGanWfEfMc8AQf/MsHmSETRRG3+zGqfuF2grgLt5M +6f3yz5ybKnMYC3U+Qug/R0xCw4r9PygCF9S1in2mPj4alyfgU7bfTSnyIeEEzA/e +csEnv8c3BUrfu5Mr5H2miBByEnaE8LoW4e/fo9Rjjli5YYPyS0Gmj9dsp2Sxh6d0 +F6uwftnHWidmPjzlYYRaCnCd13cf7MzIgCAALKU6YyZgj6wHZ9UGHuPY/gmM3Tly +rTxtaZ8RkQ63QLyC3rfed9/rScZLP3unnWrE8srxIBfkrdmF7q9F7GvpDLxjg+F/ +SPDXBU91sAVCLsV4uEVmx2uYBnCGQCvk/sESlsDWVHbIzhqQeeGOTFTwRi1L7dEb +b4+/+t5AtWV2/Jqp57c+pi9MISB6dGRi8PwzVL5o18mRqQoqDMGazqiZrnkQ2HLl +kpXAPaZiEC0B/nbHk1jvs7T8vyckNCo3u40Th0WWMWDBg2oMNkFg02Syp9suBfGv +eof3G7qPKGZ42hrMt/niBhRhyK4hB5P8ZtcYs/TdJJVAK3oBHbwZb44j8efkng05 +3gGCvvRjCYqP7ijhHaIBatqsStuAoJqZTQsXed+5BenACYqGxT8mJl+JMqS2kjum +Mt9WNK6EWV5uTe/8M/A4BMbR77/AOgLBYIWpOWcsjnTWDayZiapEwnKoMPUjePlr +pbwSdPhP2VHHFKqNak+OEDsPm3ouYrCAowe/kU+WvGuyf/83BizJZ4cbnu4XE7JO +jw5PHrfIW0HhdqNDM5CagQOOWQazCUB/uH+ehqt0tbDmx7ZHPtA35ZQy+tVYcvFE +RMozwpEcDQHDyooWBIWXx8v8LYySH5kYUkwTySe0WQrPjFAQ4WOQDTaq98gm/q6b +oUGQZeRwPAdUa1muj1xUELzbeok8h2uLFS3VEliLKMo9s3gK/GKcmyb3vhZpE+uW +JHRR+MkvSHNOyV3eT0m6S8zTj+WxDAkrwA4OWN+pZndlIMzUuJ5OH4iyXBDIbozX +OYZgHXN4hXLO2ThNFvud6JFj/pHurTVBIATSo4Bb+VCynRmtiV6OmHoDoNQPrv0J +OtttwAbKEIUp0dQLMDzxiyqnurEkvwXJJA/hXbh7pxCVt8mlTzuVWLLxN+paF5Ro +3BincBlVtPdWcx75TEXhewnF/JiM29iG5qx6NQmaIe4f0MGtPCFFnedhMJg/zKpf +WRQiXWfsCCJWPM6NQdCxmFJkPuoFWGU3wpFepUFrYVwgnSnwYdmDphyo8IzMdZKJ +HoC6TcfxoX3EaOOFYNPDrYqFU64gpfIX537Cunr4l11kmt9F2CpZSZ7SRT/b+fDn +JDk8+Adm8bdisO2ap/Uktei8ibEXMcpB5I0/t6VDOGFLnvax+u+eGH77YK0zVExP +5N6h8kuMFTLYSiDi01rOxB3EgAXYqiMNttM3XyKUiNvLRIuBqiAWjQ/i94PifQzG +i1UeItRU6Dx4JlJhKnk5C174dGwv2cg6iZpKydHexRyKl+/+pmvYFsNOQxkLc/U8 +uxxHANzHRImndCsFiWfX5Wm5AuY9Rj5EbW3D5vsGiAT2wm9Ire+OkIgAzOpp+Y+b +llT2q7aKV6ZRbGYxqy2b7crPhC1+OgvVapGdavCh1Kl28wZyW0z63KzwhKrfpzTG +keJn9uokrNTo8i7kB9OYQnB+Yj4l+FpX0vF6mC80HWtpe8dN1fEa+nBhMg9NYaeW +W/VBcd6HHsMUbI+LCxhJdJYm5ZcN7+7AkoIp1lkWb3hVDutKYKFE35o2PQaulVUw +Tsya4tqVB4FpXZ703IkBXKf2rS+mUZLkBM0FD0NZcVFC9DbYFKhqArhPygP8Dp0b +70eMENpvur+Y28Xi5nhgB5bYtb8AKuEPr2A+MQ2e0RNyS9ADf62Xnml1xKpPjtvP +lz40QIZai03vR4jY60RRVYxiCfbAjdR7UDnuyNynGXgRYR17GAEssztuWszOuneF +uZrUF+QqvjDnuX6TqUUzd7DR0tt9n5nWEeX94YEwkdnGMrPSDjYVBFrUzxb0C8EO +YduXo/ZQVQy0egZNqiIYt9MnaLpnm61PNqYjNAJ+4Lu48q7R1x3mnJj2XcHOonpI +gn3riWaDVOg5oS/M8T2Kog5QTfZXqYj4JYluWZjgPl1OwbxflAPvZ9SJwPnQoENA +v3emZVeCZDH7aIbLVIXPOq5cZtstuqFCVzafY8Fc9WpAQ7Av1TiSvJb/xPeD0D9g +Ka9q9E6K1Y+Y+4gdDkRnssG0ymLk+F164+6cuCAVALwGwW+VtDyc1e1cc+445siC +6epL71QT94CfZMQ7A0ZkgusKrL3Yvwkjf6mBkOvKeh14rbdrAltzCSrf9PmEJtB8 +BRI+CWhsBGUwqqT41U5SFkRG2G1Kx7xILbZgJXJfE71esB77zvTSZRc6/IuvLUyH +Lt+crv6L4NrN80dHYrdpcRKspIYOMpBSGGH8OMfSVU/kvAPVB2zqzHgFxA0oHkm9 +cLCLIPVZP8F2iA8Eghm9uGILxdUkR+YdAY2ZEr2N3722ZIMBBDIljdQEaRAGDh/H +B5e3w69NVD9d8cKHz/M7ld5O9B0o+G+/yrDkAokJuGACHjqhEzhBfpDO1orNb7Sj +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_clear.pem b/tests/data_files/rsa_pkcs1_4096_clear.pem new file mode 100644 index 000000000..96933cf8e --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_clear.pem @@ -0,0 +1,51 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIJKAIBAAKCAgEAzoPnqYh/7ETGmdNWcczq73FW++HfSm1PdeJqi9VlaQHvm4TZ +hj3JZAp3iw/DyQFiKDRGwukLbroWrQ5tGnksEmuLWYiinaCnApVLqgw3crzCTBoO +XoRwyj9mE7I8D2NyjBwak/Q3mnbqAouNVNtE2WAqBzEHNIBvub1BuIhh9MzqQViB +4SFLyuOzfSPfuRWO0/7RkykoiYC0o12SY+fALP12PMSqwsSuzTXaPNUBI94ScwZO +MAc8ey7jomUKPnEZRASBwCNaC+NYr5RlR4JP2hqozma0nbzndPwPdYZ2m4uZnTzP ++2Y9FbP2brRYCkMbPOmnt0g2CjiDdw1J0UHbFT9OOVXTmFYrGu/BlF3sX7akLz8l ++4EWQ97acGQ2goPk1wpiaoxFAujZsCGWGSdEWEM6LEmY6Jr/2cyX4Elw4+Q7Ljxp +DRN6jc3QFoui62bkKqozqPs+1yu93vPe8GRHIHxCzNTa3oDsE4MVX+boc/CY12nK +9uDkBjpwL4L8/FRFSMDbqiVlCnwqkQZhfutzgD64IMy0B2FhbvaPM+22OEEHVEb2 +hq/Gbs4y6aPQP4VtIWe+UrFh0FUIR0xayGnME+blxD2Px9oJ3KpJ2IEG9ulxtHXe +Lzw5jgC584s4wFJz8R2DL/js1dbNXiSQZnNOau0J2srz7w2XFo1puGxY9UsCAwEA +AQKCAgBp/PKRZNfah7WxzvAnuba9qtqsrVDvHsjQRKLQH3ZLfU3e8EC/j8hjSqft +u+qMp+QbpDDI6dgPPPxUVvoRwyymS4GaMvDam0/7mGnb3Sc8ALprWlgTlD9a3Uzj +QO9oKm7oj6foVUeQRAV3xu2DJoHgWmVXiYccH+q3VfV74qr7e4uie+00gOUoPNKq +oBW7JOBH1xjyQQZoA6Ex0t1F3vQXYwIi0ACfs1fPRBs8a0mJgfjQBeVs6tnUks0L +VHX8dAk2imWZGcumHEkw26VbHPskgdgvDjEWX5QeyxqYA6mtzOjK9SH88YzaLaGF +UZN5uNUq3vRPsYTim/yExlIjTnxEL+dNAeI0kZQpHZK8G4yHbWQ0WRJGd73lxIUS +fXiV4/MJNi/0pPfEklZ6TThUZI26im9QxRzGDxiIk5IfL4o9kF3JXdjNNd/rm62h +/t9pQdb7UvXGzU2RkN9q/fOsdXF7n4xibAtUMzCDSnQwID5sI13gIxsIYpLP6x1x +8Ew2s/4j4xVfyDt/TwimAgCdFQFZuO5IiHNVoAqa7mCcAJH5UFdtFkRvDhtk9/Il +zF9XpG+Bf6vwloUw/NEczjYzNLjKAnl1fZJCgU16ct6VQ6ysR2DXRzNi9VLigWJY +RC/+r4PvOTP0TB5Fid6MtPAakb1/YCP25zg7XZxRW1oAVS4n2QKCAQEA9DGty3ZL +h4BruBSRmkZfGySKS3Wo/eXyrY7kv8/6+Er7DKoGzcVbOeQxBBzwJMgssRkxSTpO +SedraYBA8mb8E1T3ZfuzS2eNPSMNci9ukWl7xSYUJh4BogmVqUDQPdtScgRdantP +/lSFSXFSHoRvte2aeTP6YVIwa6nYICnTi/F10++LBJPHBTWDW/DVjn6zoV4WBlML +zx8C3GAoXDMP38eJN+Yld9ApnlTfVv+yxKGJpJSCy7fDgjr6tVMMfMRlm9CJztqd +hAEVFRhX0HbRYnuU/vcQH8lk9NYDCY57+8xazcc/NdYthZANdRVOX0MVWVhxRrGs +QlBRKL7idcwEFwKCAQEA2H/i1q/oXXAsJ/HdCKVg4Y3dKG3XutDNJOHw7UTPOQdO +Vr8LA6hit+D6zkRlLyGFY22XqlwY8ae0lWlj+dCAbfefdIoNQwXz/K0F1ofz9CCc +qLBBccrvoB5+Lab9Sk7YEjxKAt8d/6UXk19OSKJFxxn/s2zwUtKIl+0gkKpbKLFp +QjP01B45GhYxHvwDTn3odittlaFw0VilnqDb5gqm2ficWgt15NZo160p3+f0MpCu +6f3umM0eRpLsvZxmHmVQmyQGR+STD5AlMHXAJjVoPP7iy8EOnrgGnJgY6uEVTEK/ +2hZ0qYaqU1rPveXSJ/g8su0sokarwKlOC7iXa8+07QKCAQBm75IdVE5eXioKPNFr +wQJSRMLvMDf+XzI/Kx8OJDPc+m59VibsEqdz7dcjrrckKiV8uevmvGdIC/9hR6kZ +BYR4+bYYDVP1Ez+cZ+xBF/F55odAAd84eimiDnxCDoo5qPxGB8UBH94GjcZpwRUm +vBkDDZeyQ9DluWmj2MK8PCVqtmw+3JkzYr/gWEB5PzomiQ5blXefTt6Jfr8L+pTI +2NV2NXyITcG5kcwZbBmBaOQIszd8YwYHrf0CJq6MROfcqEVUu0F8Kvd/L52deNd7 +jrqQ0xtppufrHlAqTRSWsLNe3zPfzn+8x/4EcUba9hJFYdfcA8YsULUWdxjfHigE +E+4dAoIBAQCjXq2f75HaoIDRi7ONiK44xkJy9aBq+pEzGcQiZ2Av2pGE6Bi5o+EK +fJ0F9ZqdHCB5zQM7rM+t2y1r6eFla67eTJNo75veTam1rCLRpjmyqMFOkeJwqgB0 +xU3VyUMtRZ3K9O+shw0uEjheHvcF3F3nRnkrvjMDbJdifa+rOsIbTPTu3iILxtq0 +ErbyeJ1OJ7i5I0BIP1DQyKIBt8T4LGWH6hCh6jAGhL0Ms0D8Ex604XT8YYAgkfgc +rVY0JsbwfOd8ioyqx5MplU5a6SAcNQT5siUWOBJ+NsPWeveilkLqDxySx4s1Ocdh +qw9Ebx5MxweWxV5+/fExKxEXyy2IT25pAoIBABGpeb93kYkzbycwkJl3wsqCPIby +kHwxWFpc0B3w4ugZQAUYt5EiJtLCiKpBqjm+6/1Gdv9zAJTndKnKPeY43gSjTV3P +bObZ3X7X8UuAI9yJ1TybGQKmqlPzMSViBMLu0JaOYCyan0CCSZUMB8Np9XSGkvwN +dgG9jzxqj6XvY+z9ghj3ffhB8o43T/VPIUh4ncIHH6dCToaMWAzPWAbAaIEbAjnv +zqGFToTirBHQguS9U5tmrUxgwdeZEXKt8UE1j/GVirAngnNiImigeUfNUlovmtv2 +CJuAkxzzREpVNdQUVn4+UnMNaaLs8lP+vVqL0ojBRGN3eZEQrvJi4LEbCDc= +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs1_4096_des.pem b/tests/data_files/rsa_pkcs1_4096_des.pem new file mode 100644 index 000000000..5bcc71ee2 --- /dev/null +++ b/tests/data_files/rsa_pkcs1_4096_des.pem @@ -0,0 +1,54 @@ +-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-CBC,2B0C21459A0C9951 + +KN6p9tJbTD9sZ8jVAp7fX8Sug6XqCi8YF+oy0SB9NeHO+YBDGJDNtWHSMSKzjbxk +r5AN+75uV2pEoRrLyYaWVA22sbAJc766ZQX01tSkxUX96J++Do4zUxR+GJusIUnj +RBVDZfz7vg/qa3xJy5x3cB0iqunrGGCQJ+CZsUtYnk26V3iMBjTu/WQ+vqt2RRIy +dwzQNPy2LWkXQ7KIoh8yDGjGtWf3XYFYQU37jGlSoOG/AVxa7CrXdtATfa/kGLVP +fOeT4wDLjKdawT4GUhUj5yt70SUSFtisNtTCKsLGLSpgvO4KWMYOsvo6uB4jxUEF +X5pBJLz4978DJ4N4L09Qg2DxC2JIyxZ5L1dJiWSgMVnKtq4HM1J6VFNUseB0ZDB5 +X5/S8AWwfb7gtBRD8hZc+UBaBApgU/us3AZhkqczsa35j12op+mpLGnAWiQNqumn +iHdcCOJT6ZL8dq57qmbEzzyrcdhYtFJmv+GLS6m4YMKk4CHf9lcD/8CmjxhxVZ+x +OkeKF/MK6f1iUmXwZl28QIcoXrTzinyLjF2RbNQfhrgI2ZUTlbVgDVWhygB1eeXm +sW9J4B1H3zGslbOcrqdh0NHdWKTvTp+lfzTtrUtd0TqgRXErFJ6e3pKDDCDgglrI +7lyyrG9sOF2+BmYevLUe6R8XCBIFhbx0axClN19k2OnjvCbNpVlBeyUF/vbYzcBX +1toINEauWM2J9noi0ysFs7vy9nBVlFcrNnSXNFSgbydn73fYk2WnO5myoBBapsKD +Ph9sT48/E7xfgDmKJ+TLyz0Jfo94RMOQGgD8qNvZvAcxTpwZRY1q9c0crCihOdXE +qavdYIzIDF8oh46/SGSU3RilE14uHHOtowzWKc2jzD/Ly5/cHTZy+DfPd1ezL0Ym +w34jj952+FdMMXb9cmzS9Vw3zHNndWCMZ/9tPJMRoqGgbFxcXViwjWlkyNoGn2u2 +J4InmiIbxwvEt8JNfHC8qLLZkQbtdwLKP7viz2Lmyn2kSR7fWenTDr/bwgaLRhWK +Ii4/BiZy+R0vjR64U/12+XtdYI69ijkwOITDLePY+4SYeZjHTe2BhihhfVlR8sLL +xP0JW7MqnFs/eJy+xe+PU1MKG/WWpwhi+jGWPiYJq7cuIwz4l3x4GCuE7R+6EF9x +SxvwD67EhI9myx/ilzdPiPJBwPWqEvd9jVEvqbTBJERiNGH8XXH1pjZ/gPdKxH7L +QnJ+BcZrxxrNW+xKwvkABq12QhF60XkMik3o4XROY4mS9CGIOi7d+B1mrG69Hkg9 +BVVCwVibbYyX+7+Hb90x9x0e4CY9nm7h0PrGMj0vGFSY0oUKka1OPra3gqZVQzdN +Vb+hG22Iw36VlbGbkoEezL+ic7Hpvrl4WwAcNz8Bq5iyQLbupp/rdkmYh/JL4rSh +509YdEFAUV60eNPcGuSnxhxB2m6Oi5ViENMw/zU2po0oZkh5XUPCin+Q+Dg58z1D +qeWg+ZVhLMucsWeXUQiNA3UQEJde/nayi1f2SxMWuvZxsaS5Wh6PrqutfwtOokuf +DJzWJHiMavKP9nfIj9phlomZru1R/2fWEme89rCrUHv3Kl9qV4dwRMCDFsqL6iuh +siD1BjJ2EFwm8sPnNL4GW0SZPsWZiF/ENasiVbUhvRB6gyj9YYomimIhOIjtn7As +6dJpKFAYOFJDXFv9Ofj9sSdDQP/4GYwKTaYGbGYo/qIDPriiquA7CGBI/gksAmoL +DqBsSXrUCaiPF7Xc8Lji5oCTH34WQd0TYLOXawWB+oiCCCUwnIt8fClGBmvbfMfu +5oXoVPUFSDgKCylTedXJjkUXMREvNdQbSNb9osmp81WveLz3HVU7yYksuJK2Ungx +R+QeINhN7wC6E8JJUYtn6AvxfhLpMBpjDfQ1zOqDitye4Z0YR/aI42d5ll2ZilL0 +giof2N7Spnu0g5f1twuW8rIl1BjykiJHAkIFoTHaQApQDtV/iDarJJJ05Og1lWGk +4s5WMwXtVJiq4QIGheCW2ho9eKjcijoUzCDvK8pfb33jTd4/77h5M8DQwzyzVIqP +ap5mVK8WTd7NJypw/VP00EoyKTgYiRY1jxCCYtVajukg6BvLnZijP2YA/E+ivpau +lumYhCYJj/wZHxhBuL1qjjz74Eol6J81VPAgt3Dqmj4Did9XHl2K+OMzWlDfe+Ah +eQFEK0xhkPyScYAE59dTV2Grf+abGBxYnH8RzwxUi3/F0DVWW0lLZx3tfjfJ2GVp +dh54pdlN4DLIDcx6tuKMU/F0NC3l+esQy6sd+Cn62pj8IoJyOBStZuG9b3fJ5CfH +dAkjlCJwtX6F+X/3MAMYLMsFL1L5BxXIdn7F+mJftndtDRX4PuKuW2wv5zM7UiWa +oQSKofdQFI4w5jxup7SbYedLPFu22Gt8IpLWheEjxU6tOmWmp1F+SCFoM9vkv2+4 +hZjDexRp5jidGs8A3rzwQOpnWKD/HGtsJZAMYe1+UFwGJNpz7oNM2It4kfuvVqRE +Kvesu5Ut+2FmRJ80Y5nZWY53mZHle9GTGlJeFTeueOE+aFzpj8ghWXY5swUlcNwc +05J3fqom2j9Zt8PGt1yaVo6Hd/BbIdXJ3lWe63CnjlznSBKWn7XpgeiJ+sU+zqYE +vclIczNVJL+FuOa9h38jn0yblMZQybStDPYpOCpb/AHxr14EFkZJKCs5zNn9RV/S +ypllyB3DT9fBCWed8rxAH0PQ5iYc9UNeSkfmWapfJT4YCUmzNYU0C/f7blYet3xL +1gOXpiISdTh7ilzFe/i5d1I1UegmtTSj/MmVtT8mw1gqc6NIaFIFY+VKU6am0z07 ++aD5llI0Ok3/J2YMJKrW14u8VU6oAKfSqhZRdWnEemBJiAgKre9r+3qwg3pGgBCt +sRYpXZaRLbzmtFjI5Mfy0uB2zhB0XuqVCCgqT7WqzfWilgLRPW1PLJoMxOykg9FW +3EofQFJZ1/jHCm0Mxcy2a5edwgjIHevRQGGAWHaOnjiHXKBhpnRRTlxsv+ct13kH +c8cT7E1vQ614hRluDfTeQmyHXerlkSwgZDsEaJpOJ2nWnes2k6u6hRLNEPMoQy5F +dUdCwLvXxNEnClgx8IizMJmxzhvmAHF+9//WgJS+KxB002MnP4wX8ejpnCgM1/oe +-----END RSA PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..e064e864d835480095cbb74fe4aa092aa0173349 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R1TYQ+2!Mm*l=fJU)B*ws00e>pfYL7Rw!gMx zgv?GgA>;(i|gDNea_l|<{~6{GNn@YTVr zB(+Kn9te$&o__NL=Q~qw0V{(+sYHXXLG^3v?Qd$}jeo=jkXj#rK<=i(F*n#H`77I+ zc_8*JN7OGkSd+mC%e=oYiczQ!7FkXGr2gK32WjhVS#`RoC0*J zhtzas@j4h9H!+;cpSeY1qpLe{4q0;6b)BZ~Ia-4U!htU$bXoDb&!gSY?id{r#`7kQ z#Ip++2ak|Iu$PCTCi%k(ayPJ6Sa%>Sc9BmBrBvpd> zMdc_sg**C0bXqOPcS5XIg&4 MbJuDe54{vmUUPRwrvLx| literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem new file mode 100644 index 000000000..a809e038e --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_2des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEEMA4ECAvRaVQoz78HAgIIAASCAoBiIDDzD49HEwvC +COrRrODVgYMJ4+jy08j0yQoyjjcLRt2TCMdNZ6F6ATuc7YUQhcvJIVT8RLGxluJ9 +Biolgd5Ur3elFFl/8D4jSR7x9zmEFq6fxDjrkcbb1vK/1pth9Cqfh7FXQgD6Dlmp +2Y1YTdrelZTQs0hRZye0YmQB/qpBs+1VY+zkSNvKtlJZqPYnKawMxD9Dif7glpDV +ndpZvNXDbbRy3vLq8k0rKRIJQ7mLjmAA+3kgRRtUhCSTbvUs9oIGqgq7xm60mcAz +yG4LfRQ2khZSQTK47PENsDoZrazioZ6F4d7qmB/peLWuvqVdpBY6gADecxJoGq5a +4qvZy5srgYvOFfGi8T3L88mJc38U2WQ2s/eHsmSzC7EmXapNE3OE6qwDfn3bkOF4 +odksNaz0IoK+msaUc1eweExE97ERlNKo+XuJeO7Q3rjO4+JkFINONbpfFJoSmZEm +XX15ZYFFkYZ5eI36zOpX4ilHmTFmXq7BOmNz8hHWwmKUSVx8JsdvpMDbl7bfTtxU +sTzS5LIgbxpP1n/RdTRe03ALuCFIyD/bFdbjH0tzzKChV8Y9OIHFt9aLDMU/br5i +tRQFh1D5baGV2atoXi080s4iiAm/ZN95btvLOs0C+ixHpolgHsVwrkJgKIzdQKCb +4CSHYst3/4Q/3KTm4Cp4uslKgVD2fbnSWMmHnN70kERG2kTLkCexS/Hht7YDU3WV +g0xSRKbmedpYJ0N4pSvpIwQKAaoBWpgUVjcWOnadLNFHz7rnpwDw5cfhWBKyOor+ +1YxRhpPCLzec7UG9dYu403ATh5nbhxnmz8JkUqumSt/fvfC7j8RSWhNIsBvoiWxh +7SCrd1Z1 +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..5a35ea8712d5606ea6319021690fce1191a6e563 GIT binary patch literal 678 zcmV;X0$Keqf&!v290m$1hDe6@4FL=R127H*2twD&HR0F)MFIi{00e>pfC-pZm@X?y zTgkyZ%$a@=0+r}Z#3bLi0m3c9cs_I3HMwt7Ib2hLdC<^%B8LupOk0AEJg&I|#OBbT zAsi{tPn6jIf@&HQ6#5hcCl&Ek4OyhpVrnPUQO_iDec*2}R3BdGi%gdRT7h+ZK8{_B zH2pXaV`b{)#$}|X14NUPM;T{GY|`sRif|0C0h)LM~S|DTOFure3E^%KAa>w0en0p)hMO-O&|QQOUhlF zPu)JaB|cxQB~VmrN-SqJl4%C-pKpjdFaD|LMR0r$rimNtPW5W_^mvp|(#I5U_of!k zJdK8g3(xs4d$<;luk@>G6xxVI6*AyQVN}~btyv!RBGA>PZK$8AeP*HX$RgzeqC}lFZu`4z;Vf;3^ zo7VmB@-K8OT2lE-oB@|yTt+bF0>B;J{Ky?1diIKUk4uTUo0gEf ze;c9i9zlJeOt5ihvb_y>+O<7X7CcyGq))Oo^!pLcG**ZU+foI4-T<|Q?3U0LcEy$q MleRV-ZdBP2a&!hh*#H0l literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem new file mode 100644 index 000000000..ba60e47b3 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_3des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICojAcBgoqhkiG9w0BDAEDMA4ECFLoZ7dfvmefAgIIAASCAoCmLLB9OoXC5hH7 +nQ1+s4xBIk1CEfKAJGw0KRMaKsztHCB7hQwizu/pzJlGjDHlDVNkue79C0x3rhPU +1+894yR7pcwToUeJGkv1WGKmxOJUFJjmhnsBPQw7VK/0LkJJtaMriAyoB/3goQ9w +9itzzPBatbrc3t1omc0BQKvjl8T6qKoYOO7sKgKp8aKYxzf51fhlq7NPETnDK2Q0 +ib1L4cVeZS8MHsvl+rY37rrscTAIunEgx8hZj704ZjBMXb+wKvLNtWhpKdwyhwog +zusj155WD/GmqfXQyaTNu3KGKZ+1CtzJ57LC6hQou3tVvqX5lxRv3mk6PdZMeI5Y +vBaU4lBFUd7OEtVrpEegeMnKWAB6a5y83lhrK3t8yc2l7yzvkhLOK6iwF4OEjRXq +lZLZCcKzdVOt2WodwmQ7Q+ul+unnnlaBD8A/mScX5GJQxy7g+aczcPerMbHE4Ndx +H/ut6J4HM65TzVXl6EUGd1B5MkHa5nBqudqsyCAAYyZHlw2I3S4OF5MElsFJYlxE +vv5qCOajPCowvND2vWi9oVntTsbC/c34/Tmxlott8zlSIj5c2sDeEfDi3vJ6nrMe +W7tpAEyXe7Mh/Ya6jbJF64f9FLUHMwGjVsaHSTzMW89zp4H8Gw9ujiE5E8FwsVpJ +NLF/KMRjARZEu+uuhrWbsDQ3B3iHZ94fOH8oQn4K7TPpbK8INj/JG5/FPjTKk9Lw +1ji/zJFD4VfKuZdoRAoMRbC72i0i0h8ZBlZfpeG/pawaTJCE1SVLEvtHKB++2YHX +ZeDqzL95FdQwnK3FgfqfNLGMlIbG2JSuCE9JBY+92RsvXjMJRZxkZjvYL+C3alHR +VBkyv+4V +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..e7e32b0becd4c95a83d3acf00d0f68280b8e77b1 GIT binary patch literal 674 zcmV;T0$u$uf&!i}90m$1hDe6@4FL=R0Wb~(2#NLD)Dq1ka{>Yg00e>pd~;XIT-7rX zDBm0EzJ&z0p)Y4&28CpLV5F_nJg`kPcZfgZVhqQG8-V3KlXVTXT)TRknZnX$FDG{e zrxgP)xd}A&a=QuPP#*PtKVvyEqd)oq%u8q?YO9P#{M*|+xNrbIcNcnA=cC+f;(zcI z|1s}Ke9Tb!sI-vlDJ#lNjma@NlhATwOc;1Kj1s# z6M467t|kNez>TOu*EGK*#Wt|_z&~Av*3O(_&qEEA5&2ka7wp;Qo^_mOM%taaD_9K1 zliO`z*qp_tgu15nn(vHy*fzP2t%n%`CiJ}DXAnd98$^KrCH+#L0ScrzMBF7M){?rA zutv)QT?SYL%hFgQhOVu7KUoD=Z;4L0KMoykHtduh(SlP1GU7)pI`=%dll$t zaOZ?CPMlhUAC@UDX&!Nx9yZn;=yEACUY#YU{{(KxafZ&7wt0#IgJ6qWrhz**q?oID z0=u@-r7yy&+kLoy&#hCf5c!SC@n0FonKhs!r=GE?`ko%R*+)OmVX&%xP;oaL5M1E+ ztDaOt>St=!nMs;Rs(%U8P+V6>2ha#FZcM9lk)sjPE4nUbPM*`UoR1Prow4~sxsYeC IUzg?1#0gSGs{jB1 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem new file mode 100644 index 000000000..089945b05 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_1024_rc4_128.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICnjAcBgoqhkiG9w0BDAEBMA4ECHgR0/cyo14UAgIIAASCAnzDfJIvSkRQKqrV +lAzAMnhd42XlhqWAJLh6aB76LIWVmepDkNnXRNX0W1R+XE27/uzgs4lcovW5hU40 +2HZlv3R0u9MEvMhadjL4ZWS94143p9y7P4vnYembOcc2WnlhFaGSMLFSwMI5vgnL +8xz2P9+d8IuxGpFSgw8S8zchg4Ewzk+0nSdG0px4T5K21uhsFzjvZRLrG7XXuIee +tKluUauy4diqA5jrJ1ShmrFmNTvtzAPfMX+QohuY8nhRUeH6bx9dEWpbIq/1K/25 +1uIdInZff850YKRQpK1IkinW0YfFxoA+sUGvxs+aDecbq8w3noaRIjJN7r7ipFEK +dhdehOxD21Mq7iqsujV9RJxAbqkuoTfECHJP6N/Dmp9CY0wpnE1lnHOTZwCWqDPh +aumtaFsMxJdNPZ3M5xmGInPWnT3JpW2hwtoOF0Vb0pP9VSfo+3yCm9b5ipFvcs8C ++c2MdK87zSqFvKc19cuv9tggguCzNjAcECHN7pgY4VId7cWMK/y3k4mk2C8hPQDw +S7gm/n76BSxjZFjs9ZQn9n5meO/47ohgV1ua2WICPMuPmzz+IPJpT6mQrcPTbzm+ +nNGrBVRooPYwnHPYKGlPJWkfFzsWnQ6dRgEOcM3DJMfU29QLHmNHu0ucz2k2f2C2 +AHB1EFEIC5Rw2BxH1x/gqYlZAB7TCHZ86XWIzbYdJlyNjb+poXNczLvghpvoIBC6 +dxEEsxVVzRYCRbmLtNTdXa7XfQfEaRs5GR3qrKoNNDzms11btQWo8eiZUNIMA6sA +i3Qhs73feJ5P3hup8Kl2P9N29MuAjYsS2oeZApjdiXAzf5IeFaqTQRHR6Vumvn65 +TLE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.der new file mode 100644 index 0000000000000000000000000000000000000000..9c33ac90affbc2d8b89963a05bdfc7d6af11d71e GIT binary patch literal 1262 zcmVr$hzBz5Nd$_ z9=C<8m2<-hsHtC14i;MGl*M>9TyK4@DX7z+RFCrF3$@wU=J$Y0dT~v4+b13|z$+5l z$;^5Z!GXhk<)(uXU(HOfQ>_pHQC`{8u<-E-;RrSx-1hA`(?1HAKCC^rZo*QEYJ38M z1B509X=9({<|T>FUK2uchLU1P(tUd2ebp+?Ar1(-P2a%t7EbCtIyvvd%>oU=4Wm-%|GViW!dKfe4Mg_hKntQ7Gkz8xY-d;(`#? z8<#@S%ehvEeRRQ-rtF{MoLi3>k zyz{4mq8^^(elV=@wa}OnP6@HYec1M0jh>sBZ-}YOhE=E&)0>4$glDR9%fK&UBp!(3 zzO)RZ!(=HH3y)S9#Y40c;FAxwc*IW~rv1(tDQ70I3PKy6mO*$kbUXond;Hus(0ZDvsY>y%>m#&eU^C-6v_CkE|o8@p*a z%zb*T4{+3Ne*Kf{cSQXbPD&au5&l~1hH!XcTWOd*J1zpbdn{<9s4W-g6eM0j1n{e1 ziS?yIfo%lma54Z!jZ0;j<5LHMA_Qc3bfz%{ujDv&boY4tx#o^OMRN!^LLZ@$9=D6g^&T9gPEz=Pmm>y? z&ch(sWO;-$W}q`#o_7ofj!$Tz4ymX@n=5c9DhH%uQ#S(fH+0a=fiJToe+auL$r5ru z>B+t)^N@}xcSSl87QU5nF<>x?Y1qY~bgrbdlNiSeKKA;wWNMa%0gcA z&7ozMu0?2Pdv@>Ek5^S!tr1RQ;;jmY&MiZ-7 zj{s;6MM+I2di3^Rtnu5*7{tNI1YmuI9^CT!ezbblN*oJg3RX?Ndc&M7@^n5P34W^V z(L_u_GYMKos3krh$ohczXO#6HvS&2d!j3|I%u(m;JW%1q;+3D|a!W1^HwFs=a{qQ_ zYe3hJ&sW_b%KWL)NvS=u`JY>W>F(jaje%Ec^{)J*TBNf1^NlWoI$Za)~nDAqM0 YL0z(?ueGNndR`qmc1{lL`Ee&B+GAZ|vH$=8 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem new file mode 100644 index 000000000..534f109c4 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_2des.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEEMA4ECA5GT+CJ7KU4AgIIAASCBMjIenQGGZ2PvUzA +9D9eyOS6Tnry7U35p/WsQ+DOp6p1fniIWQmMj2s2dH5+rq1N7acCPEpmTLvDZb0e ++YFrRQU44WuwAR9itfpvr4/yR/NzyvlGlDqY2BiJJIRc9g2oQixBLcN66GMVS8YF +Y9RadQYO3gMoR6adn3Of/6nxDvzy+4RHegXE2c6i15g563nObozLemnnThM6KiIa ++B4wOHbQD+ytp5D9oX9xbW7rK5v+SH834vlLtENres/Fr/DMV6rZGvYAPkJTxEcN +5eTTKpeB45xAZ0DLd5OBrBtVQw/33NIHR6unWbQcD7/Tyb2UvJEwf3RvNQ8LlQ1P +xwd85NBB1jNJ3cFMGZYCGL24m72KTanGdhuzBtXvaAEJe7fLdhtsDhJeD56yFMGX +2KlEvzgvIQYBBIqIgOsnoBAqXg4QdDN8GRc43VmnVjd+zMmQyq30Y6S30SkAs1Wt +lqoKw+HXSLVn3dt6fH/mwM4scau8r/qQxhsw/YkTXspGFvzjI34ejbh7kvlHe57o +1TyJMDcKeGrpC253TJKd5xPnzY9vFQ3OuoLd4Xt2cDbhz+EB/A0IJzRRxPE0Yx0Y +WRU5Y3I1EXI82Hv/DncGFuG91s+OIoWqB4ME9qByec8NQOH8h4Bz7Z6XuCINDBwN +u1GMAsocVL7SwaYdBtmG3Vx3+tFHj7W9IdFBd80nDzavoY08BTJCbfC/P6KgMj87 +oVtl3iD2yecfozPg8ffA4oqTfAW4ACbq6rU9KyETOqNPlRYvqcs8yLK54MRT7hMN +HeT32iOhMVdf/rqO2F3LasYUXY/MY3LFAlBaVWOuXvZ2sRHxDx36G0wyl5kA+Gea +kUftk2h6VtzWywQOzDetbYkSgNW3L6SrrD//3C8Y8vN1s3WB61flF12hR388LPHW +56KjT63/7fp58D94NotijYmXv1S1Vzu360hRmrj2+AsgInfFO2ldB0jxnSDJqyyK +D6SSOEY4jr1BvtZT+FNYBPCJyWiEuDedN+BPpo3arlNRG5uxttSQrXhXA9mtGFBL +wMxMdigt/+KKvZ/4yAmQjfm8JC3kDNC5w90t1Ky8Wb2SqCvW9tMK3whex8tJrER2 +UzAXyjSk3xngsbgopr1dsNVcfJPtMbPFW3X+pVqhwFgN0sVThkXLt2CRS7NTcOFL +mRzDjUphbX1YI5jiERja2+SOvqHvBbzDCvftR46W6h2RZIVICqpULS1Zz32nro0g +4fRBxOr4Ii3bL+wZx8uvYBDws/WjfWeOhDSyUEJx1pl3DnzspwP17JvdMvCoaxpA +qA/+wjogVmyMTaUO2tseo+jKf7Tp5Nd8P3tMelFVI1VxARUV/KXo/gllwYW/aM5H +8gzV5PXZXR3hKGNi+nrv5++JtddrmyisUEBVyBTDqwZHl1KCwmfZcFvsBbNOmdXd +SKp8Tqd5QwmgcOmVeTl9YxHhL7/3zNQB5F8V0ZNDsEXiVy0+UEEjFj1yLfbsl+2D +vWSl30AScCrIsa81iKk385wlAjftaO1XaR57ZxoDiHvG0ZJUtOV6YmW/RnkQUPZz +9+kMTdCjmcSIh6eF7AW6XR3OQ3tTqxLStSH8BUNM9RYnkeBCn5YPnGmgA4rI/Oo5 +8Rsd8ZHYYP6EVbRqqV4= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..28162fb6302dfa62a38d2b233de8aad7c11406d6 GIT binary patch literal 1262 zcmVr$R>ydW8c`P zj9J0|`g^2eT(dnD38OxisR-Me1-${D9p)``b)*01W^IP>_dGrGM5G)`fT$*)Waq_- zV4a}9-u^USeke^4(@qkN8h{)KJUq@dFdOVQdOeiMz=z%8mP#y7{%}RjHF%LB41hzK zd$_cW5dm0y5pKlunB6B+qwn$krDo3C$j2x zO$P*4k1p`~b4E(ohH~YXoM!2Vrb)LHL&1c1FHNt}W~c86bdD4sRZqhhAc@ zPd}uR2X`}&)k)b9K4l7pDXv*vWhq_W@3TYt?(B zed0>DL5zTufDU^#6SN(V2&e(;ja!1s`ca}3sDUJoqsA!+zIwxJk&sGag#K8GF%!^| z)HLYMcvK^Uq!LPM0r-uSIFt=SsNHQ`VUNjSeg1-{WjZ*PE zsy?`kaN>RZl=sK!A{tkTsj_9rqnPhAG)SFv!xk!&ukQaAJ$F%K54wn18uIs9#w=x- z>4k}xz{n|k2>_-P(`jE|oeN9kK9KCO8&Uko+2Nh(FUYN=jThY;mK2~A_Ni8#MVwId zT;uH=XV3n1(U=32OHj2ks6S?6WoOV8J6!;@?dtE%UmA7l&J@xP4v(%oKXqv0%S8`8^w~^oWs^TgJl!b=Vd)iOlEpw zvejPw)O>+3KLcEt+L`{UNFN(st%Qr@Mr5x~+d#V}9~aX<6IXBq)1oE5On$tA>|oea z7X+(iP&a)pA-zpZ4S5pnBA>|!1e8WxaGp=M>J^*a1Cgd%dJ8Ay+2a@*cOSmaL3*bT zJV^}TO&X~kBMB`c^J@HSr!LH|2TTAM!$QxK%z%sj57=3>=>bchpytkB?Y}W<98I^~ z%gl_O+dQu5Hlc1RoTUa(<|A}tPB>n)F`9b+Jh-DcF(zuG?EuWLr!T=`#Qt&hn2=yj zUA5%ahM&$O6s$)*Yv_##fMKe3!T%vfD@WQ69Pl3?9ZSuzb8M$6OGm>N|EKMx{1?QA zem;DCp$XO!AjbmW$t{U+U1;SL-drpiUW0E))i!6NnvlOeQ%6`CGC>lOWR}06)MADE zy|y?Rmy$&|Z#w$B{Hl%+qJL$Peq|wnD}smJzpqs$R7cDL->^5601m6%sufUuO^JR+ zvFLp%YXuHEXf#(+k&W8~d!o|Mqk>uR@(&j%c0dgB<&ba+y+uetOe*B|FBSz;PH zsq$_XEgsJvzeltAcxHb?Sw4oO>qpe3k^8MY=?7dD_cvwQgzMnql-^_;v@8}ILj_f% zWLJmJtsPro+M541lkaIZm4U*{5PTSA-69PA9X6SB_#$#l(x^lb?Z_XIc`QwhoN(pi z2ht}9PL{gNB{r; literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem new file mode 100644 index 000000000..bb9d227c7 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_3des.pem @@ -0,0 +1,29 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIE6jAcBgoqhkiG9w0BDAEDMA4ECMCMlAMpv/XoAgIIAASCBMhBuDiyb2dI7UGr +SSjkSXankWDZDnnu9ctLQNh86M63CcomlJelhpPlYOGiE8d190awlciHVdd6bqTK +TeMaeGGf2fG1oKrbXwTu/dhdVBXun82E6XYioHwaz574Cc4FE3zTX5AyiXQuEVpZ +aiMnwwpH9QuurlxOPxWlsv2j1bWo1nkenM7itJ1UqprvXZQRZgvfyVzLrW7k/T4g +MYzoowNNHzuS/IHaWXddpMsO/BGkaD376aSdQtmp89Xocq4ON2o4pjGs0r+iQ5rz +/IjdbNl6vq0KOP5Lkwob7Cl3ROGVim08hYivCDgxFFuN444n9oRFa5HcPkTT2uI4 +JLkJ6UtFfziXkPkMJAbYYNtKFp6XLnQEZ7IZGttGBwuSF/b19e6WIjrhkmc4PtTN +3GEtlnn8WeiohKz7zxINBAjGgH3QfL0SZnJctXXKArJTkpuMcbhvXIgR40ZlV12n +sF9IexnKbhCANkUd09xsDYevxes//6kyXKBvfw9jDNpRqN5JE/dfLtWZz/VdPfGh +z2ZNr/YCOpK6aum8GlPF3XGh0+5dXlRm6ODI5swGqLrJD28E0RBL+I580o7WLJKg +JJCycK/Ny+Bg4GTtqA5jtYihP8oRARdTHaDplujiGdh743qn1dGTBJ+McYxrPUQ1 +wWyNvEfaosF6GmZtFI4Jtp8rleLUmzfB34u09hzf7LgzD2WI9akgtDVH+sIOfXr5 +2iQUdkXumM+TGzCHso8mHVBKAWFn4IpqbpImJcUUcg3NV07lqtwOR2bM0nYnCQTx +ZSxtzs8dJxCGPPYPqmZukMSZfUHVN6zDmEpHbzbEgDbUTdmtVy80Zo7YTzec9fqE +CKlfK+6i06YMncZV4uqMzWUtbENTCX77w99Q5pQTpVRsaV9dDCgn6m8T7zxt7JHC +2uyH2H0Xk7aYQ3aeKqfwmHXkcGIexkxqJkR0JOcRa1wSEhMWnkoN1IPPA0HpcuWL +/QBI+Y2ZoDBjQVcbtB/VlCe6lBTBw+4Pb+fOqdt9DXgqMhoBXeeLIA9UZHef2v8z +cHT02+QpLZfdf8X8hcgca+kSvEiBrjUClivM5U1RcG7uE/Hqc0JE17B9LboRqzyk +MUvaWntz9HR09Z3Dlrvz/rBcVYkgF+tiLESPlINqnRLUsN+/xn9+VezFizO0G39X +95gO9W6lwc+CAA7iZL4+yVzfZa652Yg2eck8EOgZ2N9r+Vd/7rPsv6ysGpU/7p/z +96zCPaZ5FRzVUrh2jQb9ne8SKr2C08XxAO6pqvDEJxHBYC1U8dvki3dfbyO/rNei +GzXpJPnIvIkE1++XxPlWZz7xFOEP5qufivzm+P6cGCNbme3mY64NYhNsDox92S6h +PtYYxdjGrp+de3+vRwQXFkt8WHxg3jxBk1H06832rdP5Nx4SOpPEhFv4xE46oVr+ +WcOi7h15De6dk+0pPZaBffBj2eZjs5lqdokSjyS4ScCgMUVHz/Emq6XLE51C2SOb +c9Zo6w6/zxxfxoXJ+CF8Srmsn5H7cw/tqnTZZmOjsLw0Uh4LaHS5BIwvqfB4z1EU +6RwXSVvjNdZ+7uBKtmE3rETgAneiNSt8JWvpSxV/deq1exseugi89soTc+ki1Swn +UdVwFqkfgdODn/zZGp8= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_2048_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..7ebca110c1bb346d99cbe0b362f40dd53fd9cd22 GIT binary patch literal 1256 zcmVr!ebm9w|w(s z#P5MFH=4cWYna;;oVKlDrR|k~RJ*%xqi@pUm2%PbHXQ6`@St{=65wIRTV)d(cae>HfU+p&^c%{7jv zF;HqMVcD;+c3LJ5tMeEYECvcP`M3uV3gu*3Y+hmE>lC$9yAd*aQzUn4>0#Mfki9KE zy1qqBv6qI7@1)M6e_KJw;h8`fGlk7RMsGRjMEJ<-(>Qnl#J$!yAG!uYdHix^&k5P~ z`%g7FbHT(C9ER(bCw`4?x3vybB{`9S_%EpvjYnpg=1K>RU0*2hzYY^M`{O5Q+tJ97 zADe6iSS@7E(}G;be6{o@&$}6bq{v8~671B9m_dV#1)!xBe+x&@#YG9M1OZBZW$cLE zz^gj-pu)16-uX}5sf{*8VDqwF ziNu5q!w^p{UjPWCf|r3?+f&hCjc*2cnDHVU_7-S>YueOY2dg;j))Vu-v6LOdLV)j2 zxX1I#u}>K9sC+LcNMx^8k{csUj;}Y?C6h_^QjfTMI!4@U(_ot0-!G9C%(;BJmcsu> zBeU1(*yn_xAX$23M5i4{(D+CG1%a)VB{vhl4Ql4nk6-QP!bEZ}mud-q(CMi=m7`P6 z4)y;^;xq-Tmrd1ln@rWMwJHuiR4{E3<{xy|p+2?UEj|q$bMjuqOHr5T?DqWAbU7Ve zjgb8fomayTu~mFS4tyd8rlt{NOXv6gj|ShyvvE+d0@(6(2--<^hw6KFV9Qs-(RLsP zE6MB_FFj-6RLxYnEwGwD{dRG0&R9*I!})xM^H861<;Y}Y-0bosf=J`QO4mKL-lys@ z=ZE2@VeHVV8~JdLKZut>I&OsPGW2N4FFfAl)Cy+lq_uvZ87SBrct_Y$;?<%UBkh6| zX2oGWhW#R|@?w;qF}g5NLK1_r)ti5T6W{(><>*URJvbgVFoa4bf4zYxW^>L%JHGtc z^FZ~^fTyjSLi7CYyG4ErJhdi`-@ZM~irMwH(1Av5wo)znsR6N&HijLnlj~ikOJXHVQnC(}+E=E!xGj&4eJhWiSw7Rcl%xyg zCKY&^3k)=kNXe z$UUzvaElx>)jR-R-smI-3!ja!(fMW73dKywNGeZ=qQnY1 z634&6)zWy#nPygDxlPCd6AE;Ff&ExJjnM3+y1i14?RpJTS8q6_qO4k5*P=lj?CM_kAyT|g7B#&abcr;{ z^I#a8Uil1>0Ie<1kLfKoU5(zaw#(1RE};aGZHYm?7k-3#Zy8SeI~f6R%_X^@2KIu_ zIyB{|+Pd79xDnDl;`X3sh&hT^=47OwnZ)8`S&Aw_ll;Hmsz{PQP}k znh5g6lGFA0d4Z$!M^#3#_kKqItJvUuHX{ugaEo~rto3Oj12$Nrm|;dggqv=Kz2~L7 z_whPtoHeC74ZTbwab$ltn*N0O2ca}GRoEOu0X8zRzM9FkTQkz%cxH?ge&(zIwMbB) zv(3xLtu~NNlQbY9kIbKXYoune!7L(8Evp%X`)dQnOdC_|xXzu4E5a569arEVH$0Eb zyhCX87y0`qYVfrpT-T?Cxq|U!zYkIQhuzQYa3#iVAI&_feO90Kv4pRg7)0vG|I~!e zA3&gMn9i?4x8)yQxnyNWz+xJOOZN%Csd7)!?4PrLz)}pH<@)y*;g4F<^4xVF??I{ygo=G#Gp6qmn&Qw2RsES(=r-B)Ldime@7YE z>ft8fBx0ns%-k%BN+b8$;XX83Bl=19m&Tzak?DYHPiuw=9f5H-b>UKvwMpI2_iKh- z#(gDKYqUFom%9AYYv%?eQWbsz`HkQVl~xRiU#;G#bzh?HI;W967OpubZ`ecf;?#tv zLb2|+I%r6_VfjJ1X!^##X-7A6OqPozg&s6U7?M-1hR7c^O>JSeVfn@IW}dp^U*haY zCDZNOmtrhO{bWX&2Y9SXP31)8c~Cb>hbx{xSWH;uRQlbBPM|(I+*ubNo{$2vPd%LQ z^k2>!*kxHz0)}}fxvRdC92{_pW>^Nj22WG!Wq0KXj;>>zmn6N$wO*zHV-!Ef0y;UL zBgxfN&*r{|P%PS#s-z5TamVKA5r;3#Vhxx+I9BlPKqI}=vs$Bc*RFR^M=tJVuDmTe z9T4>nj71{{^|Us~N_)NDk-1lVDnhA}67kDz+o{2a54Wx)MO;k#oF?iR_l0|gfaE34 zrFsKlY9&*2YWq1mf35o9^3z*)KQ!`;JGsB&L~u_RSvBm+H-q+I?1Fzg#dO+*V1C^%-?9NHLXC>I()qs9d(tC{uX!vxpeKv2S^S zxY;QS+FT8&EFrbT@*hwS$89J2SKuk*m=%^}JcE(QXW1rGe`d}h-IW4^^Yp$wr<(GQ zLOOd_{mo0UVe*oLHW$~o>$B@RV@h1{)2DvC5N}Ng2Ib=6LQLPN1US7x zIpZ?G{tc^lU8%n(Uj^Fo4$4ByH*TB#aG<9T3w39z(SlEc=Cf#5<0)_%t^jxl%af>G z%8r$}D=Zkp+}a;V;7(C?ke5i}p*dLKPDXt~BEpdKbKKZH8~qMUg^c|k8nro%ezK=? zxqQ|SeViMA)A{$jy=IKNU$0A8s>!;As!Fb-?#Up(#e#vkrT?UE7Nq?x@X!|FBg72W>d!|CKkCNU) zcVKY!=8!o-bv&FH)fl9TRzu|Y6B}a<>v1PWpdqVRU$b~^a53s*&OP?t?PXI#qJMf(uZ^NIIid)7A z>G>MZHBg0;h$VqWmf=wPIejKXlz)WVa4!fG1sEm07LI`e0Pt%u|96-iU)Ky9DGL&7>1T}iqIqVqTR^*nzb<;|SUDM_6 zau5YMx!9Db1LT>CLGR$%TC}8w?$Ef7mSa}>f9?B-q2E9-ru(iOKbci z7s*P*4|k*t<=WN+u!={C+=aA{QCdCF4(JJ39zrh*HhbZw-d$3Z^CC4Fj0@_(1=O@+ z`Ce=^w3Ps%lsz&geZ2{P{=9MlVAzl|(nXNwkNbeuLg$*GJqayCyj?T064F}2M;|@Z zVubW8X{V%-@HL=Dwm<8-(^J_+uS`y8s?9D?}H~4Vc~@Q zh*NeiFZ1c5SfH}CjI%}`VOOmfe-`qX%nAN}fn9Kya|6)dlOwt53fEgh#<962+W%rL z$>Qx*owDs3P>kHl9$LT-0D7~@yc&!igmS{>XI{)4e{43b(@>GaQ)l66XJ2S(oEI}s zGge=bf(-<&)nd|)ML$O-RcRnP%P)09somnYkLB74ES3Z=!E}S0sWBLxW#Op{&^Y|t zl%m7o=42LvOMguL#J6@4H_c;r4EWmOeI+IDv zm=@4_?QT_wFYQ9mznxS3^!>tjW>xfxQGWMVVt@5Y@JB#yYp5{5-G$HPw#I{}Cr``= g3Lq+fE0kz8XgbqB^9`p{v90#mk9=dxQ20snxuLhJLI3~& literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem new file mode 100644 index 000000000..28008ad11 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_2des.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEEMA4ECPkUjozrjcILAgIIAASCCUh6qXN1usH9xFF1 +BGJOOudiy+TSxZXhEFx5BBhUo7QgeixZ8evDOsjiKXeFCaLszkdN6q0+a26G37Vz +Pq6umDbE4lmwt4WSfvwTPEKmb1Z0e3EKiqJunjigvCASaxsnU6YebzvGAcCqiCHx +PvHLME/5zWhrBWvsPapGZMIOplXuZneQz1wwtLeUtHdRE3DNbbBj43BhRtNu0HA/ +S3WtwBVn+pzeNuAt4c1skQzp4Vi5wZtVxbw4UZPesK5K3v3rw3irl3zI5MWb/Oav +T8ZDcsGmOEnDJQCVD7LnKcXXwSCsvkFOAZ32UikX0g+htY0AX1691Dtjga5cNhnW +Vo6kdAO9JzrYTPgzacldbUg9DdOB+Jf2fcUnFtQEG/t8jN1IroswiTkySQ8FEn4b +ch9CFvMJmR9yQ/Xtb2E30CzIJZ8gcfbR+kIxtJaowSB7N9YEFcCehfxH+stFifU/ +O1MW1k6H+KQ4OFMChRJr4ZDQxGj6yK341G6sJn8KV1/YN6mAdjh0oYkWO1WTKIMs +MEdVyrP6RU8r6tWppS8J3C91qHBp5Uq7QQ+S5cgYLB4C9Y11UuRCePdGx4rx//aA +ibPWNvnI/0Y9+76KpWos+QgcRvkd1xUWN6lc2p8W6BNW5a7xGf0TggNaGy4PQ5Zu +oQc9T6c1OKB00Z4CKXkLV31whq7UPcC3bi0VT3hRr0WBI8L128QhV00WqwKpyRsW +HZb7tnkm3fU6hirLrSb/nmh/fQ8E2wTju5LvRqXNdjk7u69Tfs30qgYlDXUtGd4v +MzM3Xpw6he1QirK2jYKGX0aNcarc5eWHm0hc4HelJO83cQCaWv+CHcNl96hix5Zs +i+ME5L/C3nJ+5xRfsMdceIggwWL4ZRaH/8zMid9petOqmkYausQgbBZfdW6jvNxA +BPjV+rJDD+o0SC82ZXBK2TDNRVPJ0TYGSjh4fUp4yRpM0I3UZV0eOl2tTu9xwBJu +ErcklEDfu0Do2uD+w2dV9fU3fI5kZJQWNfhgMqUumbAl/pNpOAaU/WxX6GynaX6x +NgntoNIO2m8hzev5ORdxcRm90cdrtc1gBqkX+cKfepDE0tr21/8J1cRcgGc+M5tX +jpHCJWl3wgnfQUfJam8KRPYEzVFQg+NHHa0YnWLihAi/UwUegjekZbF8LNmqftEh +OU+PfluF/kOecEFiXPlzejlnzZtgpDh9oev0fJQVkH+1zDCMJDmTAyYa/RofpVNh +yslPPMVMvbrarrZUR13EcdHgq3h76+wrgr5afnQMkCduVuTrZv0UbJ87Bj8L1Q9l +AcwCtuP9ADijvOGtyv3/TVFxVkwLhjMJrxd7rr5pZZ70O/zaZK7zponJ/ieaeu8Q +YanLTkLKDXk8HXBcBV3J4FJ5s19JKMLOWFde/jE3/+FN6drUz4D/oKAKNzzAYmKA +6TWmB1ICmyXubc/oPiwNFLc/KiNcIL6k30d0ezPOVCQ+Wvu4mM4vOCKm8hxg5rFm +yn+KO3wLYi3T/iT6nUYGUpjTvEUGjvn5dwRcPIA2TgQNxJy+KswIpz0P9GbjRVLJ ++Wb/c+wbzLzM9KgmM6IYz1+Bzhmz/45iFhZBjGAILxu8G3hOmdoQJFePwqkehHgT +6L49fJ9niPkc3cUsRCMiY3zoflV0mtiworxNgaHEq+J6bRcSSp4sRNH/AGrG6FHa +dI/9FNgZwSE6rMvE3IxVCwlkF836DzRvlcELosS12KW69pNZokbONc/NZBsyuWq2 +g/rjVN7Iyx5TYt4DUgF38OtZexgJzgaZeKJh8q7nvThpZo0MzbfL1ony1uslmmpx +sMjKqGIPtU/Gcj9eSAQqBY5cWbNOUXyC39Akoe+YVNg2BS46s1Oj+IU0d8yyMtGs +SKGlsO7EuT0Ndn6ZrIXMhWvJzy4XuAGmhdpgeDkDHh6iwLEHZAqGZ8qbgO+UW+cb +pn2o5PHyCiMjkX9M04GzVSKQ36ULapXlqEH6PP/rXz2aZftvMtWZjaygh3240gOH +bZNkYKwe/yQMprb05wvMU+g4pKmz8g6GZ9/ddvSBxDuFc39iwiukZTUA/lfER+kS +c1vC2Qo0/aPXUWXDPF2OMwPYzHdvRgZtd3y4no6lzl+Mmsx8v0l53+ErBWFvxX+b +2jRwxJroalyZox9HD3XIb2nl5ZBDdGQ7C8WpSwlJvYDV7FsOh7ijz6UM9iQ8RKJv +6HYoWLAZ6Tjx1KJQ7j51wUMMWtmy5ktPCCphLYlHTyhLGNAuYY1/y4dSVPHtsjqn +bA5WGNwBILDvi8tJqSOgbkqQCd4zwZG4LgLp1yfrITX9Lq2spFnivRug0LySuTOd +/htruYm7ArA1GX6xzihD03DiVnWU1IawzOmDhujFwkwlrI+zMFuVsoObocQkEPTr +7Z1dQhafMQhHZ4LI4t9camcB3ytCEsGsURFnATqYsJGc83a5NhSoqSP4b4AWlMye +vOILcaoOW+UpjMah7+MIahz0NOr9YKpCNvgM4WybKcsWVjer4fKh8GiWowoHEQKS ++RR9OqfGhIzcSoYE3yxURE5zUB7dbvRtWhIIP+NW03eL+kCLbKK8QY/jsTm8kKS/ +tKZIv63xaA+BX0o0Uchgf9bvf0Nra5+CLGb6Q8NWeCnw4YmwkANiv13eeOzepuYQ +YldTRYAxxjGLJqxBDPb9MCVBB0G6cXvk7MUNL3MChG5bGZqlY/UkV7Yyp5nLiFRo +1a/LQKGHtlbSaNgyGUwof72qfNQZshbPvT+v72YXF53NkzxZzjA/fxp6qUd/Xhoa +HEXILcDRpUNEbdp1adnv8WMJh2q9X/D2qHiCxMJXsQZZEXjuILtZzjqj4cuVoPxZ +qfzGHtaBZJymol95iqcYXpYW3OYDYUJDMby7mEENfyoYA+mYx/7qlVaLBPScWZwx +NTOrntNRYrhLcabHsG6iT8jGYfpAw5Li7YlCMIzXo289fFKMxTUB5ynpPkRRxHeT +AW1itLT3AOsg/E7CMF/4ePe8T7bx/2Mj6YlovE0L2n9lu3AIKZAkdlst4qS1gy0K +2pYFJn6qIwBKVXC8RwQxX+nBOMFxTbrF0AxZ3Ff2IF1x0+JimljBFNr+ZN9I78sQ +lJUtQrgooNSYZJ3wLAZ8DrHb11dg6EsT8B5dtt3EsnZZZ1IHFbedAP0JxVxTTe0+ +7+0jri5fFGtpGIDCl70= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..b6c8249208a0130a32f4b81377a5f0c7a78d08bd GIT binary patch literal 2414 zcmV-!36b_Nf(dFc90m$1hDe6@4FL=R127H*2*PF@bqd0#jRFD)00e>wNU-yplw#&k zon-2w%=2Zntzrzh8i5E$@gzun1Kw_Tr|N&bfh}i`56_T^r-2Vayc57|1vA2=lxL~L zy;o<|d`IxjR@Jl3s@8Q=|=swzU?QE-ME04D$0jJp&8dui zkO#}rXj)DC@?9QxinIHv55Tbu5U&;He}V1W*=+;~EIfy@RO}ZgFt#bGW7tv^Zs6JY z@)0kNQ%d73@8`m^!Cm!oIAh$oF$Q6`wH6+6ikr!~|Lv|P;3gPWA zWoCfl-Wi}C8Wq(=wLroVgUr2QE1e1nKJzs4VNjRh1qTpg3i@J70BD6ieN_A;85g>Fez>Xq-fu-HrNHIf%>TM z)Fu-=)hCr?qf7mCD4|J{ac)}rJ*0u-XEW>*xhC7-4l-ZQGH+yRTw}>Z6)3&y;_|ot)n|uJ>e%iZhl0d)ee{TFS7~Kh4)+xh1ssHcl z7n+Ft$FzgA0TBErQMF3bAxz8VU7E>5ChUjU1qJ;##BdcM`+DgktA-oH#@)1-=k%>? z)J4lyiagGW1flGGPVMwd0Vi}tCB64V}olZ%*PywEJD$ko|W72bLK$8r7T(7aOVqGdQ`!;{+oQqa7q zEH+0o<^X>{T}4u8nhK!Kv2m=A<9RNIFA`i3-$jaSxfTmZ?Sjy=ax?b1%{CzD! z@FtP#54H+mkjl4@QXOGtN!@LG?*4Hr6ei2@6Ii;%5%2$zjlPgccO zxY?cv@y`7{s4J$@$6pv|HYH#^@llh34d+E1xrs6hs@RGl*bIB5b^0R3crd)t%G%!L z%6fo5#8%SCp1#S^NnKcelN+)h8Iae8n1%MYpgIzQ&2n(;gDNY{rD4^1T z&#mb*k)?l3&^+u{4sK#~;1Z#D)vhrUXx=tkm0~oHzm=onAs=xf@6JY8`6H^%Qnws^Ft!ld^4a_ea1D9 z`%b~4L!ki)-nhrq8&Hx4`%diM+kJnpPoAWJcG(M9SYt=PSBR>}t4b^%&#emKB19U# zpr1+-THXfy;PlQZW&XEHx-MxF_Xcz40sWg`ItCdy5q4~lXTG3qKmB&EpJ65I=>WZN3Um{SBWcCCuCBz%=L+n`PUjATkTO==%Er8kzr0oCjm#HG+V5p zKX1JpWZz}W6r_klHDm_Lkrg*QP(jhu= z(t|AuH1s`%DQ7f5IJx8HzkW2obYG8cv=OA62~IJIkci)(=BVF!yVw)0HOQ4tBZz#t zN;EKVTIO9_M5Mt6ma#7EbL>++X$pCM0q`ODrZL@ULJ%Im*ghc)Tct+UnCC=MrszEt z07m#(ydWEf8dhtm&0~*JiJ1Ml9))+HK_R6R;Q`v$fZ-ZiZp=K1os{OvDgF zz4{IP7j|xGBWd!rCWmzelKr-yDzhGtxg{c(-WsX>Q_N|fr-`AJ2HaZoArEpmeyR~s z!P+Vc%PF2WJ*Ub^Mb_FLaMK=zK)92lPay#yF@y82fkB<$+3o~WcZsh^^Zk--M0_~l z8F+DTM!cNzTe?wwU~J|EL=bS{kwkh|0xYb$_7`>FejLuCRs7bI1Tj>$EU%QDB{!my z(46b4j8*#gj_DwPYO+_-C9g)4l6)OuLvSZgURq98X84dHT0C;%uX7tkJ6l@4+$Pf6 z*C;_G4rSFSA)ii>jWEW`&^91!$f$OyZG;c;pS0aL^()@5T+rnk(}+vPqdd?M@}mm& zvBoz&Q-0SM4jb~hlK%8in7vnC3g~Jg7nE?~qSIU+Bk@44Eh-O1!N!^#2=9+Oe~tI7 z^?LEOGunt*U1FXDec%0~Z% zW>eO68$z8cB-PC<*PIJQ4zQWd?)3mX^gUPY@nBE&gR!Ln?K&;x0>FDMbHxp*>eC~9 z#4F16un&snAzXT6Ijzui^D|tWmpICja{_0g`Tbj;AJUnh;ex8MH|=}UF38*I{{w6k z>=Zv=lP{)s(KNZs)3TwwBCHDdZJEE{+G2quP|k^PuoUg>K5`{M=sHC23MIL@VIMI6 z@cHO_+GL_>LK~u)Mk9x{xrv<6hqa)}uyc190I0bQa|4EjYksI{b3M`t z^tB*a)Z6+n2_CMhpeizNJFiX3&HflR1f{F+su-%bg}b_}P*~}2L_}BQWSvTb=Ku6K z9W8jiNb9Wjo>`B&h$+; literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem new file mode 100644 index 000000000..e4333e49c --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_3des.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJajAcBgoqhkiG9w0BDAEDMA4ECLM+ZvfOIzTqAgIIAASCCUjfmUnY9iRw1tT8 +WER9PHxdcq3hHQwc1NE31oae0fgzT7SDLrcQaoFsiieBa5DpCszjxErG3xlCOspm +XPHD2zGdGu3tKfmf0ZhezMPfREg3OhQNDn82TIKEbs9bxvDkSuKjuDGGohWGNu1k +8eE5MfkrWUwcz2mGhPjgM0vyBJkMeMioZLzoccwgSti6AAwo4f6ITnUjbUR65VQo +l8Aj/JuuYmnWm7v/eh+I+4fkXHE/DpFRaIPrhzY4+EhgTLSHvkoEEnMGACS6AyQw ++n6IZ8Un3SkDPv8laZTUZIRRJVFmC1e6B2KW/Ky25EhnahDNvGALTanYdsvUFTXb ++dr7HAZjAQdWZGazifUNiqGBuSTXy81zK2NJBcztsAqaELWEufvGfBNngcXwgqN9 +vw4XHkK6mbAVCiVdIO5gx3z30LVdQLeXQE//pn4Cx0cmwXcoCw+5pIaTHQe5HMWe +4+pqQ7igwr8zFAFi5ClEfQP0L2DlBI/Wg4mFEP6ROW9FxGg5+9Sy+l3A7ke3lh5d +Ed3N0iqMAU0Ra9QXnqlArxwimuzLLleV0nMOL5jtG0qDWQhx5Aqb8QPkN4LGrZWI +VG7LFfPxFXFe8LlwI2n68CXOwYWAS2v+8Z1m4Xe+0ZfNMk0UUWhigXDmgXihRkoY +cDfVQxR+LBDoYcTXTVawP+YDyIeVz5X+EaRkN0m6bC8zG7/tYBEafdqjytUrtnZw +za+CfYRNPT5DZfURL32yKOSJ25PXUGfMt+shITmVCJakkIpI5WzhOoXbFVSNrNDt +3jhzgcSVOge0RCiS3iXQLOzhqLJHc7BkOkgRBw+HR3HIpmiXNm+GJJdVTxJYsdf4 +REIW3tGzC+77BXdgmI8bvOXTvOkA4aEYskNGzoslqpoIvcHVjliHbHcjQLkOc9uE +B6TB2qebX3GUFw6PtaazBcCs/WmFooprn1k99+Tp1ZSNXdfXMaq4IAkrixJn2MRS +T4vhzF7rrNQz/x3ky8QnFTvVKg+Ruo7bgJ83J3vuPTDZFO9RPTADjETA5FEHZTtP +Fj9vcPDawNwl2ww0eeqhiM3Lx/nGzz0+8DRykWAX7TPQdHmSEF+F19nhMrdls1F2 +b//ULjF5z3eV/qE+Rvjl8u7SkylXPvKbtVl1MV0us4tbwEz9pOViKk8sViISj1Gg +RzydfhpuCq5cFExDvHbUy0EvOZN6tq/FcuQa02jqVWybmqmQtVUhUX2Cgn9EVE5B +KYGj2od5eRyx+1Nb9uaYz7WO9hX5U/zpGvZweGgz7+/vdt+Yb/zTvP6beyKbJVhy +7gvBiuQcSV29bSUu6wn0IAN+34eMqkbhcS7F7e9/QVTNKaKF6Wx5jtoTUDp9iUlN +C702/MghLNKp4g33MkxryxYgVTbD8YuLalwQqzmytE7AnWX/f6Z+px1Z5aPGEfPl +R+DgvWWAptmb6NtcwYkue76dxy5PBdBsaq4K++W2CxdU0c0yj6I3X3ukzlPWz59R +T6q1ArHXv4dkMfa6bV0db83nldsypXN05qP6CsMrycGQlYQHKlVRjCav9W2hCKyp +nJvL3WTelGyDrC5cRNTZ3N8peMmWVazF49LhMZPpOyRKrvtynmRyB+oIQPe1ncOJ +8VOszefTLpzaIvJsFcygDq8ukZQsLxhyZghC0rKltaeVNYrbf+c1yZc7Xc3CTigY +YCZPNgIb2CVBwxCV+BhfpYAjCZ5h2lJqt32JwxJcc+c9+ZXO9hvYXY54Sv/ccK5D +O5TRDlFmS+PPg6H96LoyOYKy8BGACgTAIQFSNpOQq+LCDLcdxpsUxtfdLTfHyu4k +0+vNterIJ7NW5dZAU1rs5s2Kv/bIglMrYMUPV8gsewQTeHL4OwtcWgMWjgeASTdy +PQZCHw0l7NZBugUYwlMh7JiYerLhiAn8CoqLay6SKpI0OFhSjFwc5AIsSsBPOX+o +Y1kPWqzIBeaHOJYHyl/y4fvCz/8XC6nKD2wEem0i50RUMfZqAX/JHmEe2jxkECgI +XDIWPPLjP4xmb30qTIO7zsOPCc6RUCcPfjaTWKdvlL6GE4mUeS8+U4P6KrwY0KzA +yNKaGvm+QsET8f4YYma9h8Qtjmm9obr6eHIAOhw//qd4gniau/4xo8cROYJXOYzY +WMinLRNwO2U8k2hIzzH4c2G6GQ2+4PBlJwjpDj3OX4wG2O86IlTgWC9R/qoWDVLr +6uuzCtfc3hOQvBhscOBuwQdRH1h5Q8aznHzafovJhyuUi/HywcC+EQjuVnlEUDOH +LQdPczisyByRn7tgZVflKsgsKGRWu38LiCYJTWNSgFTgS0r7vPXf9sGFEsyezHhK +FFpUMga0NbQ+TgRv+7jDgjnmXu5fUrl/LdhuXEp8porhLd0QXNdfyd4xssNnHDAq +nN9SlG/VXqZNe/FX8Nbg2dvaXAm2Xqnfss8NYSpHdlWQvMPAjzyqictqjP8lKCK2 +BQ+ryu3Shq9jP1LoKbxjR9A1gZUcDe6YIcAUn4vu/7ehmCvbZIMhDwGCbdrabtrk +Y6V0/74a6lih0BoIAn5eF5em1wFlXxGVl+F/5O8IZv6FvpaH3DZTIwqUVRc08eai +2zm5OPNLlBiapfLD4jOYi/RLWOEn0TVOjZCPLK+Ij9+I4zhKR14kGtjuwQf77Owh +8t1pNW2kuxqtAR6XniQNlrzraeOA33TagSaBmFT0SuM3Mt6w5iwPTZ0GMnSAKCxg +93Qi/g7GlNgNRbWEV7yW5BJcVuem9Zzq/nvUPHQ35MRhAb3LVf4JDX78ipKM5nuN +nb1si+4lhxll3JK7HmTG9vW5VgRCdslfYmgLjVGGQizyoCsd/H3++7AUskDsptOG +c9iJtXE2RbW/VW8e+4TvqNwDCrtXGbLtw3GGyRoPdrAYOpABkuFoP0yYtvwM16dp +2kAvaIntN1aZbGVblJVNILv9SfmARchemI5Gl86RfyX9XyPAZ2Gma2QTXgm0f6An +BOYpqHE/7E4tEL69cyzkJjtjES0KqZ2BH3UXQNtuewo0bx4u9FSt5GP1qdx5v0+I +stI1KFTS4Pd97LdssbynNJsCex1ns6zXE60JlppXkTFInlor4bMi76PfjKYepQtJ +qIw+cDvt/u1KVQh8KJv+c1xQuABJk18RERYC0os5tTR81UaBAiqNwttJ4vjcC7Ku +yIu5YIqzVqms9uKNYNw= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der new file mode 100644 index 0000000000000000000000000000000000000000..f3bda6335dc4548e5bf735798e16a93349ac1b5d GIT binary patch literal 2412 zcmV-y36u6Pf(d9a90m$1hDe6@4FL=R0Wb~(2rUD2G!2tw@&W<~00e>wM(Z0H-uQW) z@5Fvn`oD+=-66Vl!b=vj;W=;adBlq=!Ri@3)@YPWE#?n- z9r{cHB`sVOrT2jD?_pXG^OMeV7Nd8(50ho!2VlRWfuR|8lngZiVHq}x3MC+fXfXrz z2O7_91I#w-%qav!Bf(u#65B$TVR%61e!*JgOFL=F-F3CU%yQb#PVf(DZn3WmhZC3! zC`Jfzm}beXNqTBHUp~dBLAPs`D#lz@2=_*!Y|R|KiX;Ci`Z9KPvulOe|9!u_I8v+9 zOv6c^a3A|^5ewrciRI-LJ7O^zVoiGtvJAP^q@?MIo5Mp}>oK$P#5#;u+F33*Iav(C{%%(GI-u zmi2GSZ*UQrlcIA{U3KE7{D+2iI$ZmfzQ}SCzBTA28*n*_ADH(LsM04{RX~BsWk2UV zSm9@Z7xOdjNR?#Zs&_X-pBma3Z^N;x(1&sx7Hn01Z2_KXO>}Ic#d@9;WL9`#?Wv5E zzg?i`S+LI`)Nu-}4gf{$sRP{@ES*?Va-pk{H0^3{rDgL|u{th3D~BaJv59ND8^ui8 zKx&8S#;JVRQ&7O#rD_lWLsrqh2{mYcMlR2Ayvhysp@F2)NiJ&Q;&f!FF2M7EzF^G4 z#jib>ozEm2C4gYvcR0{s?tV}7+B=(Lcx@09*$>>IN2zXVA8ybEooy>}_W>=~4@Kcj z-F_oM4^U_3(Nu*2OIa9Bt>t(4d7Nxqys>F8FmpA%Uu^a|9N%E)c~adl&M5JsdQDHK z@OxwC6LPIE68vc_X=Ckqc{)iOn4rcq!`n2ofJ)^?K*c7XVb2EclAw~($@3Fc2tGMm zZ8Wz~{D|P{H$bmBQ`)z`2~P%wa92Og3Dyuj@b3Cd**I%R(FAbsy8Oa`f;r!z6a!)p zUYoNTcatp675L&?Lx7R)jZ5#u8G61Hs!hD54J1B@eB<--WcM&xWM6W{TtSX?J4v)-X#WcOKaZ36zf&;Yp}>@e*UhUu?SR z5cR{|@j+E)CF_jZc&DJ$;fj;~@>ac9{nvHm1Euz`VJyFYY)iU(%XR@EPt7J}qmGRs z5z2y41eWrFmt(8(mNL)opytdQ?yM}n7jAg|4b;9|RcJ}{%F5dTwxScUYtEiw`%oBJ z)TJjQ(_YHH z4VpZmfjZ&pB*MwFb?1>Ng=7^XT0k33@Sm-P31IIB0PS|KeBP)$rX&v3LGJT7eW!2i z&Zy!608|}89re~qf5&k6$`1)7IKG%l(=IwbuG+?)#l~ZXzWKg`jvT2k<(_m`+5q_*P=BH zpt-f(5sPy8DMFLf22?|9X+8Dn$(ar0+O2DRZCEnY*aEv^dJ!$r&fqFTc*U}q{v$$#;+4>m+BG}<;v@7*g9m~pSL8D zxe2GxlcKKTApoBeWWXK6UV%4iW6)FW+4l6lM!#Gl#vB@|t#)KPp}9bt82;BGo!Os_ z(6NN?y@^i8M}hp5uL?<_F^;;&+F-Y6L?IU1X%VxQ&YFv0LU=hlGF<{W|CB&Z+w-80 zg`2>l9{AGey1@*%qc4r4)lnY}qZe8q%tdBLq8I!Cx}br^zuskK**>TXd&)m~+xS0; zlrrYSsYH^canBsb{3_wgvR3L4o_(7;@-K(E%!NhTXuVI&Cn>9RD$O@k9GAelYp#~@ zYc5Luz03ijVJs_y2pE?M(d8jS0TpJ8nKsr1`}Kq&jdj<1pgZx;>;;}yz;+C9nN__s zHlDUGt*{As0#fMc!+dntoJe*Aifp2onPWJ$uF3!L9fghbIF`ECUZ=OB#!wpNN}}v0 zH3tkQTwvk0`W4a0g~+yWF1!KRVqNAw1fZ-{|9U|SFWV1L9Q(i2H-a^xA4=$fmUp=y za~WDETR<{0o+aj;O@%=&DA7?pT z=|an#z}|BQfd0Hs!9#AlEb~)5eOJd}V6cEFtj$O(lks90m2?fgycoJ6LTEa%a7%H$ e4b>KVe;92Q%sFRX4hjGC7p+t1Yx5%ihJV6X=AK;u literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem new file mode 100644 index 000000000..53867ac53 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.pem @@ -0,0 +1,53 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJaDAcBgoqhkiG9w0BDAEBMA4ECOJxEWpN/HEEAgIIAASCCUYouEt15A4DUZoG +aJvr19vCKfGPErYDkh1fI9u04hDEKCdb+Z7oxaqXQ34rr0H1t8/SPdhpvqms9Bsz +3nMIlgzEPnppyiRLCa4Ycev0jtA66xkxgGGXnA5uxZQcTOFsGDR4gpTn2hi7//BO +gHhKVDbCd6nShZkNgNUe++tclNg65Fmazm2pwpnCPfY9TGnou8bynMrJrau0CPB+ +v+pI3NR39yxDcq6MNII542Ma8bZWE++WmqmSXjsnXyEV850Dw4j7khbevXlKIh3C +fsf1mb1/lUc+8HtsjFLgBS3Iag2D/AfAbCDCY3wWG5KcMJk2CtNayOAmMetL7P1t +S+i/zTmqAeNVaUF/6ciwY8JNA9YHnjV/0LH04I1Dn1emQVltcqKJahDSoxwGeLD0 +lv0EMQ9CBRHqdKKVaDjBJSqLkwQzLuiqye6ZREnoeIL2cYXDqWoxZzjtxr5t261F +jl+gGBvAX5RRKz3+Vj7hb8y4n7npYJYXk+CanrsTblsBhOMaFhgup+Vd+UhHGQku +FqHR28bHlJzxgUvlhYV/WdMUtHlGHvpax1Zo57ToC0JxlX/o+lPHiZvvpGZegYOe +Mta5f4xI8PcfVrVbfpHaEnt+ffZPtDVZUfhfZwlMniUKX/kJgKGdtpnrgm0wefUR +ymKmn4af2tY/nT828+pOBcRY8WV5G5EPthkA/EemXTor04bb9mglX9ZJ78vrv0n9 +XaOXkMGYuj698Rqkx5BtaVX8EjWKnknHn/GOLSINu38UelRDV+xf5GQyDQREHsuu +Mkj6AcygD5eP0p4AZZaHw9H6nytoZ9SX/vhUmRTk2vbrgnAPwRBFnZy6S4mipfFc +m82EyC4RHklbIriMRRY7EHamBrUTg+8axCqBWY1jtSvTXwm40ybpigsiphtbcaCN +9hT13VfVkglyQIbmxvxeoo9McgKv2BoP+0i5xIdmstu63bcHxO/DaMXw9WPOGgdm +kyFU4MwJZhvk57H4HwleIPXXJd93OJ0NNunDgBWxh3mnKqnM9hpit6ljjl8y41RC +QvJTO5cR3cKuzPpzTqfpC8eYeXiYChuFDgXKXubGE/PSSzSmU7cnKUrHAOyrXlD0 +EdCZkQBFF0gnLksVSjaF/owORlc1KualcD9ahOgWoaup4MqlyW7A+BHJ+f3Iz22z +oezU/B/FGPTcRc+kEpPyIHG+98nNeh2N5nmY1+piXkJCsq0WdcjB13t8MHLLGqQ8 +shUpiKtkwtO45DIP3xVykntZsPb2gHuj2JoHjXYnxmZ7MRVbTe+s1F3xpITNa+G2 +2Yorp0zqVrhNfvtsLG1i0XdOwockHo5k+dAFkNngJvQVTwsBUw/gqcDwgkoG0yKZ +NZTZDRJDv3yfopbIvGxmXBj723/OcR0prKLHUc5qaCvK5y0rvM7G+Dg2/W1rzRGx +9IjCOyZzkUVwE9vKZO+mdsa1zeVja1DtU1sjh3k3+Lw6P2+LcVZKWI7IjJ7vcNxt +XRI6+jlaR3/ht++3+ADgBpZUVAzBwiKeaneanFoiu0kbXv+G74bVDXvKLTXXbynv +0mabkp8cszm2wMehp9WuqnBKtAot5Q6sPg4i6E0si3LrdDzKgENgMAF8+ShG5r4w +ULHQBwMpvNS6LnrY69TqAQp7MNS5JoCCHnQqXSgUQN53Zmcnmaz9qysHvbJLK/On +Rp0akU5A+WHFNPvGqkF8ou5OZRrN9XQMk75RRgi1YYY+UddiaBAsxqFQBKq5ooxN +0sE65WM76WU2/v10va4iCNPTFjB0MhGLrq08sgSNfHhePpBK+WANuzjWDUWS+ekC +VCTNBAARzlPoxuF0YsUUhwYxqFw/VC4PW9WeT0kx8pvaIwhf7Xk++4TKbdayQehK +ImH5vmvpeWxNa1O7nVyvaJfNvSoj49X1zNg4PKDAOm+kEAjGvWeWKEOiHTLIXbzu +HztTw/pjNJ5NaCNVWeThYYduFuRZaqap5khpqP4s07zvDvkTyKiJj3MSFel/K7UV +uy1e0HPymTFToeinLW0x3YaJnLcOKDmF0DSJB1gVwl55B3rEYb8tODF6BLjz149J +BT91EXgj/Futj3YpPTcIjJXsBDElP/KaBtB6uZGkmXgnz8OvRgg7wJR3n1uHU6r+ +S+19ugY5I5hAFFMLAIg+zO2IqSXW1B+CiE94tr5z96VTyIckO2Ov6p5fcGpI1VkB +KtcuXGUVuF9pqFRKkFChu90OiqxdcdKYqgjHy1z1jovuYm2pfCB4kvPLn57XVsmB +T0ZcdHFBf+SwxuKdr8KsK2k4er5c4jTTIflWWktrD9JLcWLc1WUecL18lFByOOWh +5fF7zX+NNsbMBES3F6TG+06NfgC6z24/h29zfnps75usEExBc7YHJsmWl3Aef6bF +vcoS2ug8ZXaiefhlFkyx/frGpRnD57ZOvLCi/TUVf2G0cynEKvfsb21LN50eMKD2 +HiIBGoNj9f3vJdIhLTDFurf42ocY5EQzLGleIQ0Zpv6285LqwqKKl5v28o+A4qnp +Xhkt/3pqZ6aJeSCNQd9Zg5tOd1tXpcTdzl/BmFIvmE+SIsYydLxrX1UEWfJfEL41 +J6qXTzebh7N16bGfxU09OT7puztuK+/vAHEvCGINddDaOJFayVdEaMVUux9nDkoz +b1U/5UxzpzFdNUZBHg1JjkUWK8oTGmkJTlI1aKJKKA1RfmnzwOd4PeHI1hIuT8YQ +8qwKY72mCCb4Sr+Xiw43CqJ9NgWCxYr0ua+hqm2xv43QMhSCNd7v1Dg0bi3ZgOi8 +1eSns5VZFww2JkYo7rrKz21EiFXjhZ4u8MF45M5/cbDqbaPVb6FMx7MqaKmnkpQ8 +xT4BC2M4xCiXnYrrjhugw2/FMkMchIN9jG47IQiACQ8pNqoTd2tLFCFpTZeeRCaP +Dgd8rvaMXjY/Uu9zB+LgRlQ/c01hGL+/d8cNEFzTU9jajOLobi3pKQqLdvlo40Dl +qH6eLTnYusrZnZySBuZD5c57BBW4GMuetvtqr2l8iV4BJnMvLZ9tB69eA1PhKXwq +tHY7a0YkhLUUqKFyPvYcnHjU9Bvg9PnciXnoDFMP1Obkou27vpI6NVmIFKMX1OxQ +A2IJ5YWaN6h8nJOV/THzKjMDmPbXLmtQDuaDPpDaNE+oDwto/UlSQPV8KtW/MR+s +k3rLyN3KXoVl95gT +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..4f860bc963bd5078c4eaccddd204ba25dbdbb2af GIT binary patch literal 714 zcmV;*0yX_Gf&#`cKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?5;ThiYc354DP z0tf&w6b1+?hDe6@4Fd-R2r8Q|J{H(~Cj^25fC|LQpXed_Dk7CGlt4VQ)3gi#XMu3HDYGC?#62}p&gk7vI+eM5yO60=|&d=lgWjrii z2Pu7lELhZ$TB9cWTEX9&T9q&|9D>MowR6P`Y^u}-C~DAu3~%1PS`ILo5x;K<$^QS9*Yl-(wb zqE*hQ&qHI6&HJFgpLUH8CWS}n!;-vs$At|V8k^Q_;k9GyN@x)2FcDwG^Kz?w%;~H= zV0fyrj2g7&b*mOakZV)2o((g3zm%YUO(x|9;TW(qiiH+{P0d4`YCjPGie?071BUI~ z0yiZ$F1YWGtVg59%SK-kW9lN?KaXTA5@j2VsVOb_VSl^kzn40da>l1%-K$PgIUg|Ya{3;x6UAM0V;Jb&T zJ73a6prqR}WdS($&)-Y=0&~0mvgQsa7u-*M8S*Pm91O+W(FGp6IAr7QytY&V4F=$N w?6_~YcF-xs%YdiWRnW;VRj}SK4~1pFGs%!PC+aC5D8)w8F;8JNfB((fKFCl|-2eap literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem new file mode 100644 index 000000000..c7cf185e3 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIERyXk+8ULCgCAggA +MBQGCCqGSIb3DQMHBAhUeao9yOi6uwSCAoDMyMGii0I2y8CvM8SrY9tRx+Zt8WsP +vhEWhI1kbzWpZUdS1URWGZZz6oS33GnvUDmN1fZC3V/k9OcknZvfv8UtHj6RhK3a +dBgLVjEkFfqz2/4cOfha9FrRUJXXwW5JmnNhn3e8WZTvbtEt0e89n4jZWjWnkeoJ +rySKWuPn9SKzwFdPh7ur8N2BfjvwxdAZ1uShnj/Umik8o5wJZUz/7w0nd7JpcsOE +r9wC446li8t3owkm81z5jFTQW9SYZmT0ecICF1CRJgsp060TQzBeAKAM2skiOZXr +ldQBUqZBrYV2ZZ3+bepLrmsgobxDzhiNrRXjs+8lO3TGerc6ZD496Xv5XSJF3QuF +aUjWnaW2YX46nRWY60Bq3IhAbuAGF3YGvk4O/+n90Y4NUXj8mwLq8sFMlXKMyxLy +fHBfWKpwTFgtdBO4nSPrn310+xiPSxU61WGMZkBlgv5X75xiX5ZYktUxVlktvr1Z ++ZPeIMRzuoeK8J8iwzx1ADbOVPCAGnPuYbvUalGoGQkjCUEdL08XauaUdK0eDMTh +5gh1amQg+PTb/ZmYAhaDjHsuzIIgfWtsfL+Xk9AsTimK/qwP6mQLT6Kb+PowX3mQ +Tr4SkJH31Jp6mTxueoCtqPEC1BxhuDlqlTvmPdgIPCf4dbFtsEsSGbWRUYuZXgwg +Qmhp6TC3YNPVtLusoCMwjXkUSxRhScAzb6RpEGJwL94grF1UvTfleTGfOppKxZdG +yjzbJcUlcSCuw844HZDwHVzORQT3zxaguKuu/XcgINd5mU2STOopz3AkHhKLSFej +UANon6Dke8NLp96JvX/NN8zqvauRHg/r7RgcSHQWRZpbAzX4bgsEX2Mc +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der new file mode 100644 index 0000000000000000000000000000000000000000..6f1eac29e432f29c1fe7c07042f312cc4e3a1c1c GIT binary patch literal 711 zcmV;&0yzCJf&#-ZJq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?4UZM&s}NnGs$ z0tf&w5e5Y-4g&%Q1PEZ@&5~$6)nf#L0)U+BBxT+fdbH~%S!#>pdxGNTAAe*K%P~LH zOWe*%BSuq-nF7mlA|G| zJz;aisn7&a*LV2^&)rB{gs?Fk$z^?^b03f|v1vfKhd1*M6x)g6CuT7Hht#WGg7?U{ zvKlQS=Uh*9W4fo<5INIjPwiJJR^}izGf7e*@G5estIQ8^9`+w>6w^;3C}fhVN|t1wmuguj0UgPMjRpv`ZH*2V>{oSYP0-@;*d6Y>`U}eOeOe=5AlVq0D4?eP+rV+Xq)#>6w=9*S%Wc1$O z{427i3};KfQ(==K9|t4OJh6V6LB$P2-Wi%b-bys!OLtfW7}O0jkpmW*vk+!Zcy`!O zWM*uunJY0zTqYa08cHJNSZt(v*({($!@^zCJGV%D=j`|{+lSVg$tH{uCG=#+il}n{ zE^4!a|M<2mo|niU2s@uBVZnNM&P*Sx1EEfPMvSoz3IVxxWO(GrRuV2s^1Y+Fk~!!k z7;+J%D7E7~;EWcR7ZuJ@;X0vorq*_22X<(RipNrIX53O{ANA%a4mZ8vZ2mE$!1t}L z%n1moJ|}1{s;FSqn3tnn?0$n3$RIIG(FOO;o9T$XFPYQZV$hXgTNk6R5oblvX|vG` t(aDts{{kKPdu=I)PNR!X%;iP1In-10nNZb<9)4J0g=?^P{!-0mQ-HA_L{0zz literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem new file mode 100644 index 000000000..9ffa511ec --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem @@ -0,0 +1,17 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIICwzA9BgkqhkiG9w0BBQ0wMDAbBgkqhkiG9w0BBQwwDgQIn5qnCAJVLccCAggA +MBEGBSsOAwIHBAi4cuNF2wB86gSCAoCiwf84D3eyaesCJsiUCgk7bakku/Y10456 +CzrvLgneXNCbksRuCb8iFtYtiHQJcUkAko9B4uVh/3u+L9dNMnBAEEfdW8E+40WM +tJZcX2f+FMZPaXNnGkS6mGRJc12tRmg+1wZTlKWrk1hHzEom3SpPHsIvz+aWlXUO +Vq0mYp+CQIRC311E+lxCT2acamfgyxrNHZpafUq2GwK3NjS55jBg5DYcp5uhMOvd +sPTh72+ZXZq8qn6dqu//RD3L13px9GGsdFPcwT0BPdpKYLkJfdAXRY002DpjAU9R +k3LVxl0O9Z9VDzjnwyJ1qSjmo+Ejz4WsDfwT2oLGrn+6UenTsHxAE2MXmC+mm4r1 +CJ6vdkgw4PTJGxgwVoXaskfzCyz5LjW3oyEQAQn0DHZ1kVS1s+pFSQo05S7wfjjR +KcYwfkMjiTHzWQ5LQmt8/a7GdKSJNEi1I9cs3M/HjlUa3U/KOYrdYlQGp1eD7N5p +mFqc16EdWaPjtVEZWWgprjLFA1SmqAnBtah9xSOHCOmqxbiUiUa1tQExglVYJfTT +cy6HRMBEP4yflxPrONYiHFLigBrb+Er0IRx93BjxGXWOriPytiYWG/idjP10Rmmy +3michch8jBYL+fGNiZs/sbK6+UVfHbAv5lMNvNVuntlnnCJkobBTdUww2YJKAamb +m/URTp8k1xKenzCfc/oqj2zl0j/vxr5jsv30JL8ryHzsUKYnhy3aoFNpknyM6Kid +UAaQtYX11+5tvnI+uKxzjW4AYi45PmLTul+bN4Zb/CysfGbWPtv5fiyM1mvSlyj/ +fI98jOK5GM2bALc1cj/ThK6RNtsRwCGohp6RO3wSlmfBdYye7OLk +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der new file mode 100644 index 0000000000000000000000000000000000000000..eda37aa2e82f8fc70cc806498429e1a72d6c15f5 GIT binary patch literal 1298 zcmV+t1?~DUf&~sRKn4jahDe6@4FLrWFf%Y41_>&LNQU&4g?6*Mnj(di~9ls z0tf&w6b1+?hDe6@4Fd-R2;6$X)iR3sE(C%E$OWH~;^a*6ljG~bJnf$4#sx$}*y^X_ ze$E5wd9lB!2TJo z0g8{*4|18B4qOefA3iIWg3mGg9?hKA6ka$>=3nx*)x==qaq(bwYxy2Km4 zhZeBEiN$js48*AEjfbgRZ?38~EtJQgxwv$ZlbIa8c=I5(j|7=IQ26&oZ(|%aOda+e9z38&MwQXEQ}o#a4xfuJXATYJl1KQadooXQp>iMaiT+Q zGFg#LN%~6Y7^Y|lx6T{`jxJc`GOtY#gvC?=9}KxwT(P`MJJ|$T%RcLRXqH;0l+TZm zfnzoESgm-k4CN3UFZ6b6*NMb)8b*vek^c7{yJX?0x(-Ra2x(d`+NpwQmGS*oS;+eM z^9ZMIl4a%``aBywfc?6bk9OhzHhf%cfxRKf3jV534p4eSMQ6y=Da2Rp6j$^IG+In+ z)_&hu0~JqZ%3y}2H+@NOX!gJxZ&OJWO=Y0C=hNTCS|JF0;si5O7HIEU%n*58@%^gc zk>oVJtM8N!AfSP*26o&R9*Q{D_DRKcVfIt?|jYUC#zEWB&Qn{RV1 zK!O!|+e?kEgC#-}{@j+AJ=mP5^?jsrui6FLN}}%}vJQ{wjNw8rw7z?y1&UVK_0QwR zGlN!;C0|w=_K1%wl%*9mI|NOro;}#rK6VAyAawd#0P}W3TYVx!`tsfiy0oX*mQ3znmQTZk5o@WY`a~ zCg@Tw?4N(HSlF@krEEe|4^HIFvbTO>BJ*o;T?Nv>Oi9!mIjFI8!5d!CIj$QpQ5zbG z8;x+8-yq-_#-Ev2$@tjG74r`dUA$MlXeBO!=pgZ7<*3ho4+75Vi)O);ARt<$o@pWc z;!4A@MZpUib#ByloS9AZ-a+mI>)C>sY6R&DVHBe6HzSy1=^3$!j$Tk2DlZ%yudEFc zyb2jXbol9CJbh#ZW#GUk&&`#w1J$Op%ieldFg@`?8m}ob4n(}uaCL&_f4`(ta?SAr z`-y*%ilKF&BIB+pi`D&CQJaKhw}`V&;vBAPeW%ozwz!X1xaDTiG*d)C;M2LXg3AfC zdN+m!gi31U0lmr)Phdt`{!xfD?FG_mXS+3KMWm$3iV2M4=(WH4M6Mg)+wU-8!h+v; z$vhM>cuv(r0eKeb!}i*3hzUjQ^$NrLrfpFD)E^(??}<|VOW*L|&LNQU&4g?5s@KZRuS2;ui z0tf&w5e5Y-4g&%Q1PF-jn=No@4_^d=1jx2=J1mx!PzTQNN9yM)+|bD0ki@B4RtF5J zrmA8(oMMx=TBST9adUugZ>z*2+NV+4_z{rP+C>OH7JF24nO zIvm8)Pp&wLA01Z=r)a8csI zs`T+k2NII}lvs->?m{%uRx=v>&&?VF5{%b33@ z2>=J1LSsRDU@0b6=6Sr&IyKgKc(fr+`!=t)4Y&k5{gXhGDdv%&UAQh|kH_+rt&k^F#z zB2Q&?rf#N}A8aU>l0V&4{kq06trV z07)FIx{cWYl(XaLR!bFg=Y4=&qtajC6^7g`s2XZWE)ESZLxn9H&eVHsE+gWa2`wEd zv`J09M#L&_hskgro^=#9NjTtn+KaU{hdFvCHaC^7f>kU~>EpPV^0vEfp<61Ns`BHY zx*RIdXMh{iD5aRW>mh$R*^|; zNAjuksxY?0^Py=gdrOrlCEOLmGN-e_PCZULT#|_|dQv7TDQSdwe8KiHeX39)5C|Hj zb_F(3x>--qTM!}LK~T0m5@~j}_AsJdo_N&Fj;5aPT^(gU<7x|KSfxf6waf!`pA9-K zuvVoDJL-1b_06XSt{_M@LZT+a_F46igQ*O)GCwW{PO>T?97MMhb8zVggWTgSGIp1p z1>MhajPQ>D|1@)4>>xfF@D8HTl|Kg0K3CzZI1fC!{oI*t~7pE4#;Ai{dtK zNU=?`PG1RKh4ec4p9JF zBh0bsw-o@QBQ*Favk!<;yVUsW4xw1dU8vkgU7~R=o~?)W`G7-<5THD)LRN&6O$_Ur-m%z5c7Er*e`K_-SE?3ca881|VCco8M- zjFK)U7?0!~qU-&rr)Zu#TNjkP^pbq3J7B$qt0Bu2W{_|T?rhr9WgX;f0h&LNQU&4g?6?>4JY~sOnP! z0tf&w6b1+?hDe6@4Fd-R2%F%?-B>|LQv`wuNc7d1rV&)LY#6Y0*fxI#O4HF9_c=j6 z9l5MyN#N8TXD+Z1{)gTL(DE28B)jSxpM_EjG=nDny*-O-1q4}i-LL`Zl-7$tDDJat zCbaK5{=e)G3JZifgHY~nd(;9j>Y-e*mbUe^tp{HECfw8Lf8-=ITM3&LcnH`Al*#vQ zYk|v&IzH?JVBlLGX$Q0d@re9@7~SDi;Eu!ko%bfsQECB94PwVxw&wfE2feESJ%!c- zmnT$%1p$Z16ik{jnpYD4K6w5nL?Zs2GA-2!4t_;D zBaV=0(-qOR^y3C-Ibih4_{9=zLFhmcTKpc8F zn!9m2QkN2GSg72hD9onIp~Ru#4fao-0t|cg(Jlp|wv-wJ&~6Z{y3{faE7Nw$eG(vD zQ}ew=K!D#2S1Pkw^U5?jETW0UY0T*uiZOih?MP+C$#RYt6!Y5Dy&nV6k*lTI1x*rt zAX4e9)ye?qkbRpRfBrB}v_B^#+JEDcux>ldFFZ9TYCg32rIlz&@MMeArMB4O9^K9M zHYX7tXCP`dO9Coc@zpRz7Zm1VZ`}5VjO5IA$@s2-u7Su&qG4TqMK+f7()SAY%xZ@T z(IJ;fzvM1@6w8LvZpZaWqg>;2I>cZyk^VfCaYHtaVl1P^e;H7FTS+uH3rPPwXmPU< zdn)NqBYIj3kk&qqL+F%*`-8Ro0qy$$w}7mV4xayNw=d4>hbDp;vW0K|ZJiIfsHmeY ziNoc*GLe z{8%XJ5M}a=@r&H{; zdO^^6AX({h%bdII_j)5haYlqhwbVC)lv!TS>F^7PwTyVTsC6|;!4K)G;Y$!vYe%dC zT(K_=pqHYA3$Wb=FAd`DKV_;PM(M_Nw+d*^5i=~81&Lc+!_497<|pi)G&a;F8GA^0 zcm6H~ZOMyLKE5SApHqhb+F?h8_QndrJiCs~y?M$2p8!M7&3P&4k&&lj9k%>qTK1dW zxCHu~>NYH|mjNs-dDII6n9^;>J!#aS0#R0LxJ9xHkPxV+0YDUp8IfXXc1e9Rn2=8db9V=uqN1lr_2i|n;rlx^ypp|CVuOJ~At z8s8yCp9&b0qn-|LdYYnpOs?;M9r$es1bvpqGEWYJA`L?+)6b7lioiwp=Io0h+tjjc zqe-c_0?;e6zKEV&Sts1NQw5YF{Ribi!*bx!y^{TzXSV~q@|V{<_NUk0rI?my#W<>v;3g@k&k z=dnt&SV^u2il$PsYX6jAO|c}^tjYG@I8kLN4{Y5u5%Ry(G~qgpP`g%~K%!7l{X3(E z@uJwj)qb$9jN%@TZ{LluzqU+H6pMP24+;Ti|x&H65_vKFc5@K>}7fIC)?Le3%wK?9jf8vcv9 zYyb#ZrXeQwm90^X_;<6%*=tAYm!+F-vO_cFc-VWaZ(w&=YPs{9Gbo(6F3PnPgajoB zC?dZP&LKTJV(nZ&*yPXK8gk~Z(OM}{_nx*OHS*K=Z`hWZ z@NnYCwDgHG#LWC4MtuszcXPjYZBK0Vr4FG;2x_Y89FJ4tJ@756witJiJMvbrz;;;QnSAt04AUS#5rcd zjc`7-l*7~(914D|^E;Q@iRrB*A&^{z=36d){pZWrzp5XB>?1G3nJsX zj!R>cd@nobPEg79ga`ylM%Xov6l>kuOu{77Nh5AdC{z@fW#1&KJX{r4XULT{t^B}L z~XDU$UFa+Hsu{B5Ty%%Ghj@pma!GkQr@8erEL+P;IiA%{->G z&AwKZD@Kg;nL)_ZE|6*ZUK(hxlktZ(9gpr%hLH!65S)7<{jCV>mxnJPA-vAawJNn z@qGty2#{CejmmfcZ#}mUN{UbaF-FohurP;rjt4@m*v=8SeH2A4nThpV%%g?z z{~6a-b?d=6&v9r+xO)8}LkWp_cucv<&0eKrelW+W^sLVEqCtJ47%woCw2O?RZiaPk zX#}D%5Q+yOEI4!KY5!x)24p>0;EVH@nD;kLccn#Q9we Q_FbR0{-)2QG5^wEFPiwO2mk;8 literal 0 HcmV?d00001 diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem new file mode 100644 index 000000000..c5113e713 --- /dev/null +++ b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem @@ -0,0 +1,54 @@ +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIIJjjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIRkUpAqxZvr4CAggA +MBQGCCqGSIb3DQMHBAjFyO62L4EIxwSCCUgDa+4NxmT4wXuKjxhe0+FV2qY41npE +e6jBLdDQuqtSlB4M9A+AVtKWi1sncYzV8FLtPofX25HCciByddYaxsYFtVdmaY1p +ckl9kBU2JIEZ9kvfBxcuHEVeesbvws4hJMO3ADf5CPS+vivEpYt4W6VUANZJTGwD +jA3QBIjSdJlC4ievdcxOn0mUc8Y7X+RMmAhEV778vQoTMaoYKOpAa5aQsL5eN392 +GRexE5rzhI+jSctBnGL1t8IhUbceBnLjAIDRyNrQFnDypzAMrV/Wqtvf3H8o7m/G +3YGSuGa4LbR32PAkT9MrZLIoaKBGxPu64UvxfBFm5RIubtrIgpQXHo5m84Jpwef4 +fD/0argZoh1DSlP/LMJ2s/Rhz6fM4bXohtpPJCqo55FLxjhfBrA180SNXwOWbUtp +wsR5qIhy78REHGHjm7ClQBvy7zr20yFJn0+XGFF58W2+GTKstOg6o+L64Ad5byei +VE0SxPhFUamiY2HGmLpBdbl7Rb5El57GJY6cDl9JRgLPoVZf0eYzScv58n1oLT4p +jHkLZgi7RkoLf9SAyR+Pq8dg+j7b7KLVy3fgIPJxmqERm8kqU4KKs1G5oSmD0wI3 +YVWCB9knPTU7VFnvBvDxmD+02uY5lcKCHIllLSZNWJFjtsYU6MJcLC+6dBDHokF5 +76/h5g7oe++YJjut759NqxeKWpXyJLbHgPT9W0+Q2bODItERHF2d3abGDuo4oY/I +28+ihesssWEfkRx4s7wY8KkbsT6FCXfR4uTxuYYeygsmN7F6rQhM97ErGeH9LtmW +JNq6A/RCZaA4rYiAUzpIFZ8x61EhoQtuSgs8EBJo2W7JSJc35zaMFb6oL0Qqkq3w +rMHlBXlTlf0phppJQxrEPqfCPfqdtAJVLk1SxpfW2RgQH0Gbl/VYbK3Fdu2kdnYA +my3uuOqT5k5vG2rdBkvIZWMqB97CWQNBZmiV8hUYjqIJ4HipCY3ZTtnXIipQVS8M +lnVFc+7nSTkzAQ5/RrTBAguiD+b4CvY0H+CVIp5FgaMuo2BaviqqLN8Nx2fUvCGl +7KsXhWjztJgKPbLubUu2UcmOh4QaTrFQ7Lb+/yt3HHzaUWLV/I4hdOgH3VNdTDbh +Y6+55ayW/gXzODhI21bDWRBa6RCyffRtYx+4fccpAz4mz58ho7QyvOoKnVzb6Len +EAAAPJctuwMbY+thu2mBOICn+fni/AMTqTggY37Mk4BAi0641F/6RkujGlz9/2FA +GFifDO/VSWO9OprlmYCr0HuuGdMaHB+VTEj5j+cwpJ5imUhQHaN1Q3masJmD+sdH +27Du/O164hIdblbvUsS+9v3l+EgMbHqC61RQbBuNzs/1slxTz7uO61a5Snu8XYWP +pibxyCaGznvyunCZGTiWuHNYR8OnEJAM4O/wU4ThCzb+fxKDMchs1LG0ptw54L/B +86oMiScXlkCbdl9fjPRuHTuWBqFDm0Lz77POyXzJFpre2XDbQeSQyTzZFeAOFeGy +P4mrLDMvxsrUU8U3EGeQtTvdiFjNS3Ba6k/VN7qjkBcETQHEmmOnO7EVDn9csybm +q+voR7JpokjD2YKCp2MwUUO+rjuTl8LYxUPrmpofY0yH2c+0OqHA6txszkEXgGbz +oXrgFKZqSM+kFGpaRCIPjkulCdC6IB9i0Qu8w1hCMVUPIN5HFoCkP+JC5jzdz08p +s8m2ZgkVmcZQCmtq0IaRQH2nPS1n2V2dbEd12r4exfxXiiU7GZ42jszfopEhF2wl +GCIjc/joTLGZ2M28tGVFDIg+kuCLiB/C97Uf3WGDTmDfqOY2aBfHcJ97rCHIyxpH +ZVnn94IBvanuoA1DZvEs8tmG4dG/QPhstTVcYZg9wALzOURXZix2zRJca937sEoO +PpVXOj5509lrQwOtbizl3zUcJNT9GJBYWQTpceNVY/1JhB6EKfnZ+Am+qVD8/rjg +1ei/jndWOmX628CGuqhCPT7VUnC/0H4oIvYnf+QJlNqv6sbhStw/VPNpMzDiOhnN +Kl/1aGktHth+IFdzTpmqFbRIxLkvvrAzjxLRGfOnH2N5V+sWBudq6PsQ38QbpdEd +WlF37Xdq74wpQKmX165eE10hd42DJkDORPUycpVTr3y0zDVUjnu5Bo2xi2AZqBoH +aylv9hae26ZYLzp2RmAQFkEFxcpuqUvuJq4MtCxmvXivttrBRqaFmBKojxJyOOon +JQQo6aiof1Zd3inx7Prao/aWI77R/vdaS/j1IWqyOFu5BMi3tkdL7yAxLq/e5cbX +KF+bJAvKvdjV48cPyMQ4i+SiJQtFBEj5l7ynrJ2XaOCh2jhxwyLJHG9/qGU5dF0M +YuD4OY8gTxZDpi1jTU5Q6WUqaQBTUrLQqWXEhDLhyHe+f1mqb6IfAfrW8X/Kbp19 +KeOmyOESPIrfz75yG/nQ3IpEk4ufOmNwA9kXYveZOYtFNfZJcjYMIlC37ypg8+Ly +dzvLpx8xuOplz8aMHtNLojkKKoKpc4KYZ+QZzj9FOB6r0mvc9Sqj2A3xFgntnZal +soJwZmaonKT3kRQxDZ3woU+JDfw2Sdg0Fb0jWvoyPcYdnQoExR7uF9Q9O262oAPg +r8g5UNtcKXpGz1x2/IfVNUQwIQfmz1Slty61ed7l+qNcd51jK9RAW8HGbx8Blukn +izE152He9hrM6XhO3h3WaSw7qx7//5n+VNV0yqp3rQnQDr6V+zcfjgRiNWITXkHg +a2Xvju81h5zT/RJD9jon3PBg88effiBF01UD+DxENNsJ2WKtc70HvhRgZoI6/e5b +04YX6HBLSwdbUCLoiXFbXDFtRE0Krmba0tU/i0eRgzUipPDrQQUNt/6x3a7Ks48A +OC3/EDfcCYzu12W9h0TR09YlfiNJnalxGSU2CgzdxWhXvqxu5lfswIgj6c759RnD +v6676NRTlS6J+wn4S0ShNon1D/9siAGkLbhRKBc9TjRhxSGwHLRFYSbRD0ql0RLZ +/8kIlsKSmX/wJo1k9g3MwEN+SddRkbFZwjgZy4vgTQhrH6r4WQzCUXcO9F1i4Acw +rnMmV9fUJ/IZ22snbGny6yaBa5T9RcvPpCW81PXeFBZo0cK9xrs0t5eRqwmyKTpF +FpldzwRoyFRjDnGVACMo/X1eaCwvew+1M8fcSs1p+qrBfrfRiI4tg8bNrYdL/0u1 +RoE= +-----END ENCRYPTED PRIVATE KEY----- diff --git a/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der b/tests/data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der new file mode 100644 index 0000000000000000000000000000000000000000..f40c9c9fba44817037173a7a0f1433865f5857e4 GIT binary patch literal 2447 zcmV;A32^o>f(eT-Jq8IXhDe6@4FLrWFfcG11_>&LNQU&4g?58m=MWLy*x_- z0tf&w5e5Y-4g&%Q1PB`z&kI*RipvCo2}n<1K18;h*z((5wgp+kqs_>ehWuxDNE$0> z&G{*om#ZF-N?z@;3rmNt8tcWZUC|pi?r02cRy6+lrVfQ0{k1foW=N#VHLj1cRwt00 zS7e0(CEX2tzSWq?fqQ-fz{6B0GqTd=B8><_`P4JXRT$wUTfh*Buvk21xe@J=kPe#B+>#rV zPQ|FhA(JVmA8a{MKvs1Tk3+6-Mh5G0qVV9*VkNA)kcNuAnBTZjGmeX@#;AuAGx>^L z>{|N&jm>8w%J6cd0V`CK(ezel*1-kUhN{YUeXf&emn1oBk{gQaG<%;`EJ$cwy_d&_fU@2FlE2gIQ%y>>1`S2zx=+7|oG&NY_r|_oGc}cQ|o{3RP zHt+EeKW$T?!Cf-x(!4{OQG1igoxsJTt)vaM>S|$2 zIS^8>3uIT3YKn1Mxwi0xK>=O+S9c^(rmSh)IjYQ5A$*a@BP5 zfGQi!()mW*i}AMIRU3pxf#p104mJGLuU|4^)d^)kx7f|%0I!7d;gB;WR!d(6Zd(?}4Gw;s-qWE1 z(oi1}!@6wqk_BMB7iu$tXD5;UzJYj>Ot~4CpIX(krQ|gt+65QB;zt{+)j}BKZDnX^ z>e=YlH^Kk$AumAk@-qJrV?`4Dd~Az}1tq;?TU)_`w$mfr&Py3QZ+SifB0?|*PqoS# zT<2)+L+QS7g8Fv2=qvsa1JReqi#VcZqGyXi(=R#F?~MnjH4mZ*lKC~}h_shq8Dow> z)yI7OPrxy`K?*Xe2l9qurR5lp@Bv1rr!WAMD0HPOq|wt6klfB@C#`EqX0&fRn)$l` zdKm&i<$Pvn9Jp`Sl1o%hVDFZZFk}cNHYMa}<6}GejyD{L?_C7ML0IE8HD||%syMlO zncE7tWq5YgT;fFmdD#XtVUR3Ap5TGPQo}YmM>r$Z)eaF8&>y!k#N5k@=5O_7V~~Po zgys;O@hjJlD#(^7$za6zYw+}$@cE(3lD93LG**Yvpcm=xyIQYG#w;o7ek->CuUC6a zpoeDn`#f#ci0E;ewF6vwoSSJDYuMXSWfHf{q9MoSrSqD|xlyu7qFJb&gg`_8K7YXjK z*p9+9^<2Ke0S8@n6Xv3JfmTcrlPyT9+@|8(00OrXcpcT}6eP+LpLb>4<+G+Y zL(_*wHD+~&8@Mf01x`){*yPQRjkEXpJF530Yx#rAt^vX@cfSb$WP1A)6^QnbccxEO zoiXh9Sgr&L*L#Nos~13ey32^H6Ge{(D~+!ZRMW>(0<^JtfMxX9cMgKLTsRm|>?BS< z4D>sk{nGoo7cFu}B$ADtBd}%t8OW;Y*P8>Bp;Br|WH`t7O+i z6jo1I=5Vn|)B9-hq5BHfIDdT~1A|~&S9`Xa1LKZk$3ZqRy}Amo(9UBJZ6gT&rw-zy z*U7fhDI)vZI&i~=fU+3^kxD`fF&YBeVZe=tSF27`(A?cWuN+g!GwY2vPJfKI@lQb~ z;;9`gdwY?~3FdEy(<-@1&p~^(Lv-eK-Sej_SKU3<7dcAFJxLt;F&>d=-{i=XPz`CW zxbldud@WBzU9S~n&=ymOHqZ1#iSS0c#?h3TCLp$5pV!?CO1>4ZAM2TT_*16%9uMUR zaG{^SJM{wm${@Y6zp&*-RuctPwxVRTfsP_1B=-PR*rgCY?H5vu`(*%!|LEJF{t4Gk zddFDjOT^QZc(8f9&Oh(V1J2D`FGCTylyB_I&K%qETCX`4J6!XIM+Jjr3*T(th Date: Tue, 22 Nov 2016 14:56:18 +0800 Subject: [PATCH 305/493] Correct the printf message of the DTLS handshake. Make it consistent with dtls_server.c --- programs/ssl/dtls_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e18ee42a1..f271bad30 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -203,7 +203,7 @@ int main( int argc, char *argv[] ) /* * 4. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( " . Performing the DTLS handshake..." ); fflush( stdout ); do ret = mbedtls_ssl_handshake( &ssl ); From 376f7f5fe19b1ed354467adc31060b9bb41ae679 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 23 Aug 2017 16:04:40 +0300 Subject: [PATCH 306/493] Fix typo in configs/README.txt file Fix typo in Readme file: ajust->adjust --- configs/README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/README.txt b/configs/README.txt index e9867bc15..933fa7f21 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of them, you can pick one of the following methods: 1. Replace the default file include/mbedtls/config.h with the chosen one. - (Depending on your compiler, you may need to ajust the line with + (Depending on your compiler, you may need to adjust the line with #include "mbedtls/check_config.h" then.) 2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. From 713fe7f66c4b393e1905568786d6d615a761edbd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 May 2017 11:24:30 +0100 Subject: [PATCH 307/493] Add test case calling ssl_set_hostname twice Add a test case calling ssl_set_hostname twice to test_suite_ssl. When run in CMake build mode ASan, this catches the current leak, but will hopefully be fine with the new version. --- tests/suites/test_suite_ssl.data | 3 +++ tests/suites/test_suite_ssl.function | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a39f6f09f..b92c1fe8a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -54,3 +54,6 @@ ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0 SSL DTLS replay: big jump then just delayed ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0 + +SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice +ssl_set_hostname_twice:"server0":"server1" diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8d3448cbc..60683afee 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -40,3 +40,16 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) mbedtls_ssl_config_free( &conf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) +{ + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 ); + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 ); + + mbedtls_ssl_free( &ssl ); +} +/* END_CASE */ \ No newline at end of file From 39f5d359f5bdebd76c4491920002dda8c4789fb8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:25:49 +0100 Subject: [PATCH 308/493] Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter. --- library/ssl_tls.c | 55 +++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 661ae7065..8d143a383 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6159,7 +6159,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } -#endif +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECP_C) /* @@ -6170,32 +6170,51 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, { conf->curve_list = curve_list; } -#endif +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { - size_t hostname_len; + /* Initialize to suppress unnecessary compiler warning */ + size_t hostname_len = 0; + + /* Check if new hostname is valid before + * making any change to current one */ + + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); + + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + + if( ssl->hostname != NULL ) + { + mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_free( ssl->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ if( hostname == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + { + ssl->hostname = NULL; + } + else + { + ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - hostname_len = strlen( hostname ); + if( ssl->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - if( hostname_len + 1 == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + memcpy( ssl->hostname, hostname, hostname_len ); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( ssl->hostname, hostname, hostname_len ); - - ssl->hostname[hostname_len] = '\0'; + ssl->hostname[hostname_len] = '\0'; + } return( 0 ); } From f5f9d11accdbd95ec82d28785c14019eb8c925d9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 12:59:32 +0100 Subject: [PATCH 309/493] Enhance documentation of mbedtls_ssl_set_hostname (1) Add missing error condition (2) Specify allowance and effect of of NULL hostname parameter (3) Describe effect of function on failure --- include/mbedtls/ssl.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc0007006..87ea00dbb 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1794,15 +1794,23 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set the hostname to check against the received server - * certificate. It sets the ServerName TLS extension too, - * if the extension is enabled. - * (client-side only) + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, + * too, if that extension is enabled. (client-side only) * * \param ssl SSL context - * \param hostname the server hostname + * \param hostname the server hostname, may be NULL to clear hostname + + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * too long input hostname. + * + * \post Hostname set to the one provided on success (cleared + * when NULL). On allocation failure hostname is cleared. + * On too long input failure, old hostname is unchanged. * - * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ From 2f38a43d3a53173d3129457d5c93d99834fb0ca9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:02:16 +0100 Subject: [PATCH 310/493] Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. Add a reference to the relevant RFC, adapt ChangeLog. --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 5 ++--- library/ssl_cli.c | 8 ++++++++ library/ssl_tls.c | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2bbc4c333..565ea2904 100644 --- a/ChangeLog +++ b/ChangeLog @@ -194,6 +194,8 @@ Security team. #569 CVE-2017-2784 Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 87ea00dbb..e98101e19 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1804,13 +1804,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * - * \post Hostname set to the one provided on success (cleared + * Hostname set to the one provided on success (cleared * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. - * */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..19bf021e2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * * struct { * NameType name_type; * select (name_type) { @@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; + * */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 8d143a383..de2490ced 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6218,7 +6218,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, From 83ce8201dcd2739a2350fcfc20d28083653c4e3f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 30 Sep 2017 23:39:46 +0100 Subject: [PATCH 311/493] Update ChangeLog for fix to #836 --- ChangeLog | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 565ea2904..ec9125961 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,10 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. +Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by projectgus and jethrogb, #836. + = mbed TLS 2.6.0 branch released 2017-08-10 Security @@ -194,8 +198,6 @@ Security team. #569 CVE-2017-2784 Bugfix - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From ba5b755f1a286dea5d80cd57fd5c75399635cf7f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 09:55:49 +0100 Subject: [PATCH 312/493] Change signature and semantics of `mbedtls_rsa_deduce_moduli` Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has been found. --- include/mbedtls/rsa.h | 20 +++++------------- library/rsa.c | 49 ++++++++++++++----------------------------- 2 files changed, 21 insertions(+), 48 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 14cdef8d5..a7e8a3320 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -96,23 +96,13 @@ extern "C" { * * \return * - 0 if successful. In this case, P and Q constitute a - * factorization of N, and it is guaranteed that D and E - * are indeed modular inverses modulo P-1 and modulo Q-1. - * The values of N, D and E are unchanged. It is checked - * that P, Q are prime if a PRNG is provided. - * - A non-zero error code otherwise. In this case, the values - * of N, D, E are undefined. + * factorization of N. + * - A non-zero error code otherwise. * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, - mbedtls_mpi *P, mbedtls_mpi *Q ); +int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, + mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); /** * \brief Compute RSA private exponent from diff --git a/library/rsa.c b/library/rsa.c index bb456df49..e01397ec9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -129,20 +129,11 @@ static void mbedtls_zeroize( void *v, size_t n ) { * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, +int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, + mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) { - /* Implementation note: - * - * Space-efficiency is given preference over time-efficiency here: - * several calculations are done in place and temporarily change - * the values of D and E. - * - * Specifically, D is replaced by the largest odd divisor of DE - 1 - * throughout the calculations. - */ - int ret = 0; uint16_t attempt; /* Number of current attempt */ @@ -151,11 +142,9 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, uint16_t bitlen_half; /* Half the bitsize of the modulus N */ uint16_t order; /* Order of 2 in DE - 1 */ - mbedtls_mpi K; /* Temporary used for two purposes: - * - During factorization attempts, stores a random integer - * in the range of [0,..,N] - * - During verification, holding intermediate results. - */ + mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ + mbedtls_mpi K; /* During factorization attempts, stores a random integer + * in the range of [0,..,N] */ if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -174,20 +163,20 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, */ mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &T ); - /* Replace D by DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( D, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( D, D, 1 ) ); + /* T := DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - if( ( order = mbedtls_mpi_lsb( D ) ) == 0 ) + if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; } - /* After this operation, D holds the largest odd divisor - * of DE - 1 for the original values of D and E. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( D, order ) ); + /* After this operation, T holds the largest odd divisor of DE - 1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); /* This is used to generate a few numbers around N / 2 * if no PRNG is provided. */ @@ -220,9 +209,9 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) continue; - /* Go through K^X + 1, K^(2X) + 1, K^(4X) + 1, ... + /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, D, N, + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, Q /* temporarily use Q for storing Montgomery * multiplication helper values */ ) ); @@ -239,14 +228,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, * Set Q := N / P. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, &K, N, P ) ); - - /* Restore D */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( D, order ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( D, D, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( D, NULL, D, E ) ); - + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); goto cleanup; } @@ -261,6 +243,7 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi *N, mbedtls_mpi *D, mbedtls_mpi *E, cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &T ); return( ret ); } From bdefff1ddeb9ef51cb495734debd076d20e2bbd0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 09:57:50 +0100 Subject: [PATCH 313/493] Change signature of `mbedtls_rsa_deduce_private` Make input arguments constant and adapt the implementation to use a temporary instead of in-place operations. --- include/mbedtls/rsa.h | 13 +++--------- library/rsa.c | 30 ++++++++++++++-------------- tests/suites/test_suite_rsa.function | 2 +- 3 files changed, 19 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a7e8a3320..e45520f9a 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -122,18 +122,11 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \return * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. - * - A non-zero error code otherwise. In this case, the values - * of P, Q, E are undefined. + * - A non-zero error code otherwise. * - * \note The input MPI's are deliberately not declared as constant - * and may therefore be used for in-place calculations by - * the implementation. In particular, their values can be - * corrupted when the function fails. If the user cannot - * tolerate this, he has to make copies of the MPI's prior - * to calling this function. See \c mbedtls_mpi_copy for this. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, mbedtls_mpi *E, - mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, + mbedtls_mpi const *E, mbedtls_mpi *D ); /** diff --git a/library/rsa.c b/library/rsa.c index e01397ec9..3e58c854a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -252,11 +252,13 @@ cleanup: * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, - mbedtls_mpi *D, mbedtls_mpi *E ) +int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) { int ret = 0; - mbedtls_mpi K; + mbedtls_mpi K, L; if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -269,28 +271,26 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi *P, mbedtls_mpi *Q, } mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); - /* Temporarily replace P and Q by P-1 and Q-1, respectively. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( Q, Q, 1 ) ); + /* Temporarily put K := P-1 and L := Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - /* Temporarily compute the gcd(P-1, Q-1) in D. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, P, Q ) ); + /* Temporarily put D := gcd(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); - /* Compute LCM(P-1, Q-1) in K */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + /* K := LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); /* Compute modular inverse of E in LCM(P-1, Q-1) */ MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); - /* Restore P and Q. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( P, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( Q, Q, 1 ) ); - cleanup: mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); return( ret ); } @@ -664,7 +664,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, - &ctx->D, &ctx->E ) ) != 0 ) + &ctx->E, &ctx->D ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 062b97153..f32155479 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -804,7 +804,7 @@ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, } /* Try to deduce D from N, P, Q, E. */ - TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &D, &E ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &E, &D ) == result ); if( !corrupt ) { From 1b831fe1c54c7c4c75d194c7ffae6b67486a2805 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 12:24:50 +0100 Subject: [PATCH 314/493] Clarify guarantees made by `rsa_deduce_moduli/private/crt` --- include/mbedtls/rsa.h | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e45520f9a..05c18a997 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -99,6 +99,10 @@ extern "C" { * factorization of N. * - A non-zero error code otherwise. * + * \note It is neither checked that P, Q are prime nor that + * D, E are modular inverses wrt. P-1 and Q-1. For that, + * use the helper function \c mbedtls_rsa_validate_params. + * */ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), @@ -117,13 +121,13 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \param E RSA public exponent * \param D Pointer to MPI holding the private exponent on success. * - * \note This function does not check whether P and Q are primes. - * * \return * - 0 if successful. In this case, D is set to a simultaneous * modular inverse of E modulo both P-1 and Q-1. * - A non-zero error code otherwise. * + * \note This function does not check whether P and Q are primes. + * */ int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, mbedtls_mpi const *E, mbedtls_mpi *D ); @@ -145,6 +149,9 @@ int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, * * \return 0 on success, non-zero error code otherwise. * + * \note This function does not check whether P, Q are + * prime and whether D is a valid private exponent. + * */ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, mbedtls_mpi *DP, From 43a08d029ea2844dbc60eee97952f446c1addbf0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:16:35 +0100 Subject: [PATCH 315/493] Clarify guarantees made by `rsa_check_privkey` and `rsa_complete` Document explicitly that `mbedtls_rsa_check_privkey` and `mbedtls_rsa_complete` succeeding does not guarantee the consistency of the underlying RSA private key but only that enough information is present to perform a private key operation. --- include/mbedtls/rsa.h | 55 +++++++++++++++++++++++++++++++++---------- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 05c18a997..d711e0547 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -375,8 +375,8 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * a set of imported core parameters. * * \param ctx Initialized RSA context to store parameters - * \param f_rng RNG function, - * \param p_rng RNG parameter + * \param f_rng RNG function, or NULL + * \param p_rng RNG parameter, or NULL * * \note * - To setup an RSA public key, precisely N and E @@ -392,15 +392,26 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * - Alternative implementations need not support these * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * - * \note The PRNG is used for probabilistic algorithms - * like the derivation of P, Q from N, D, E, as - * well as primality checks. + * \note The PRNG is used for the probabilistic algorithm + * used in the derivation of P, Q from N, D, E. If it + * not present, a deterministic heuristic is used. * - * \return - 0 if successful. In this case, all imported core - * parameters are guaranteed to be sane, the RSA context - * has been fully setup and is ready for use. + * \return + * - 0 if successful. In this case, it is guaranteed + * the functions \c mbedtls_rsa_check_pubkey resp. + * \c mbedtls_rsa_check_privkey pass in case of a + * public resp. private key. * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. + * + * \warning Implementations are *not* obliged to perform exhaustive + * validation of the imported parameters! + * In particular, parameters that are not needed by the + * implementation may be silently discarded and left unchecked. + * If the user mistrusts the given key material, he should + * employ other means for verification like the helper functions + * \c mbedtls_rsa_validate_params, \c mbedtls_rsa_validate_crt. + * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), @@ -573,21 +584,39 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, unsigned int nbits, int exponent ); /** - * \brief Check if a context contains an RSA public key + * \brief Check if a context contains (at least) an RSA public key * * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. + * On success, it is guaranteed that enough information is + * present to perform an RSA public key operation + * \c mbedtls_rsa_public. + * */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check if a context contains a complete - * and valid RSA private key. + * \brief Check if a context contains an RSA private key + * and perform basic sanity checks. * * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. + * On success, it is guaranteed that enough information is + * present to perform RSA private and public key operations. + * + * \warning This function is *not* obliged to perform an exhaustive + * sanity check what would guarantee the internal parameters + * to match and \c mbedtls_rsa_private and \c mbedtls_rsa_public + * to be mutually inverse to each other. + * The reason is that for minimal non-CRT implementations + * using only N, D, E, for example, checking the validity + * would be computationally expensive. + * Users mistrusting their key material should use other + * means for verification; see the documentation of + * \c mbedtls_rsa_complete. + * */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); From 7471631ddec87c968ddb614dabe8932f310c6f05 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 10:00:37 +0100 Subject: [PATCH 316/493] Make input arguments to `mbedtls_rsa_import_raw` constant Original intention was to be allowed to perform in-place operations like changing the byte-order before importing parameters into an HSM. Now a copy is needed in this case, but there's no more danger of a user expecting the arguments to be left untouched. --- include/mbedtls/rsa.h | 10 +++++----- library/rsa.c | 11 ++++++----- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d711e0547..94e0b2888 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -364,11 +364,11 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ); + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len ); /** * \brief Attempt to complete an RSA context from diff --git a/library/rsa.c b/library/rsa.c index 3e58c854a..00f83a06a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -18,6 +18,7 @@ * * This file is part of mbed TLS (https://tls.mbed.org) */ + /* * The following sources were referenced in the design of this implementation * of the RSA algorithm: @@ -551,11 +552,11 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, } int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, - unsigned char *N, size_t N_len, - unsigned char *P, size_t P_len, - unsigned char *Q, size_t Q_len, - unsigned char *D, size_t D_len, - unsigned char *E, size_t E_len ) + unsigned char const *N, size_t N_len, + unsigned char const *P, size_t P_len, + unsigned char const *Q, size_t Q_len, + unsigned char const *D, size_t D_len, + unsigned char const *E, size_t E_len ) { int ret; From 3f3ae85e11852d52984d0a27ead5c4cee3da729b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 10:08:39 +0100 Subject: [PATCH 317/493] Correct memory leak in RSA test suite The test for `mbedtls_rsa_import_raw` didn't include freeing the allocate buffers. --- tests/suites/test_suite_rsa.function | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f32155479..b965bd65b 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1329,20 +1329,19 @@ void mbedtls_rsa_import_raw( char *input_N, size_t lenE = 0; mbedtls_rsa_context ctx; - mbedtls_entropy_context entropy; mbedtls_ctr_drbg_context ctr_drbg; + const char *pers = "test_suite_rsa"; mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); + mbedtls_rsa_init( &ctx, 0, 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); - if( strlen( input_N ) ) lenN = unhexify( bufN, input_N ); @@ -1437,6 +1436,10 @@ void mbedtls_rsa_import_raw( char *input_N, exit: + mbedtls_free( buf_orig ); + mbedtls_free( buf_enc ); + mbedtls_free( buf_dec ); + mbedtls_rsa_free( &ctx ); mbedtls_ctr_drbg_free( &ctr_drbg ); From 98838b04afca59ff562746829e3912521b8f8c38 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:16:10 +0100 Subject: [PATCH 318/493] Minor improvements --- include/mbedtls/rsa.h | 5 ++-- library/rsa.c | 55 +++++++++++++++++++++++++++---------------- 2 files changed, 38 insertions(+), 22 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 94e0b2888..d3347fc03 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -383,7 +383,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * must have been imported. * * - To setup an RSA private key, enough information must be - * present for the other parameters to be efficiently derivable. + * present for the other parameters to be derivable. * * The default implementation supports the following: * - Derive P, Q from N, D, E @@ -629,7 +629,8 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); * * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ); +int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv ); /** * \brief Do an RSA public key operation diff --git a/library/rsa.c b/library/rsa.c index 00f83a06a..1fcffdfc3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -310,7 +310,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, mbedtls_mpi_init( &K ); mbedtls_mpi_init( &L ); - /* Check that DP - P == 0 mod P - 1 */ + /* Check that DP - D == 0 mod P - 1 */ if( DP != NULL ) { if( P == NULL ) @@ -329,7 +329,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, } } - /* Check that DQ - Q == 0 mod Q - 1 */ + /* Check that DQ - D == 0 mod Q - 1 */ if( DQ != NULL ) { if( Q == NULL ) @@ -348,7 +348,7 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, } } - /* Check that QP * P - 1 == 0 mod P */ + /* Check that QP * Q - 1 == 0 mod P */ if( QP != NULL ) { if( P == NULL || Q == NULL ) @@ -689,7 +689,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, #endif /* MBEDTLS_RSA_NO_CRT */ /* - * Step 3: Double check + * Step 3: Basic sanity check */ if( is_priv ) @@ -1009,23 +1009,32 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( !ctx->N.p || !ctx->E.p ) + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - if( ( ctx->N.p[0] & 1 ) == 0 || - ( ctx->E.p[0] & 1 ) == 0 ) + if( mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 || + mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_mpi_bitlen( &ctx->E ) < 2 || mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } return( 0 ); } @@ -1035,8 +1044,10 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, + if( mbedtls_rsa_check_pubkey( ctx ) != 0 ) + return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + + if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -1055,9 +1066,10 @@ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) /* * Check if contexts holding a public and private key match */ -int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, const mbedtls_rsa_context *prv ) +int mbedtls_rsa_check_pub_priv( const mbedtls_rsa_context *pub, + const mbedtls_rsa_context *prv ) { - if( mbedtls_rsa_check_pubkey( pub ) != 0 || + if( mbedtls_rsa_check_pubkey( pub ) != 0 || mbedtls_rsa_check_privkey( prv ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -2621,8 +2633,9 @@ int mbedtls_rsa_self_test( int verbose ) memcpy( rsa_plaintext, RSA_PT, PT_LEN ); - if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, PT_LEN, - rsa_plaintext, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_encrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PUBLIC, + PT_LEN, rsa_plaintext, + rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2633,9 +2646,9 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 decryption : " ); - if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, &len, - rsa_ciphertext, rsa_decrypted, - sizeof(rsa_decrypted) ) != 0 ) + if( mbedtls_rsa_pkcs1_decrypt( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, + &len, rsa_ciphertext, rsa_decrypted, + sizeof(rsa_decrypted) ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2660,8 +2673,9 @@ int mbedtls_rsa_self_test( int verbose ) mbedtls_sha1( rsa_plaintext, PT_LEN, sha1sum ); - if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_sign( &rsa, myrand, NULL, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); @@ -2672,8 +2686,9 @@ int mbedtls_rsa_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 sig. verify: " ); - if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, - sha1sum, rsa_ciphertext ) != 0 ) + if( mbedtls_rsa_pkcs1_verify( &rsa, NULL, NULL, + MBEDTLS_RSA_PUBLIC, MBEDTLS_MD_SHA1, 0, + sha1sum, rsa_ciphertext ) != 0 ) { if( verbose != 0 ) mbedtls_printf( "failed\n" ); From c6fc878eda1421c68a3414bf47546e4f64f63839 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 12:25:52 +0100 Subject: [PATCH 319/493] Remove `mbedtls_rsa_check_crt` This is no longer needed after the decision to not exhaustively validate private key material. --- include/mbedtls/rsa.h | 23 ------------ library/pkparse.c | 3 +- library/rsa.c | 70 ------------------------------------- programs/pkey/rsa_decrypt.c | 8 ----- programs/pkey/rsa_sign.c | 8 ----- 5 files changed, 1 insertion(+), 111 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index d3347fc03..df0ade80c 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -417,29 +417,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ); -/** - * \brief Check if CRT-parameters match core parameters - * - * \param ctx Complete RSA private key context - * \param DP Private exponent modulo P-1, or NULL - * \param DQ Private exponent modulo Q-1, or NULL - * \param QP Modular inverse of Q modulo P, or NULL - * - * \return 0 if successful, testifying that the non-NULL optional - * parameters provided are in accordance with the core - * RSA parameters. Non-zero error code otherwise. - * - * \note This function performs in-place computations on the - * parameters DP, DQ and QP. If modification cannot be - * tolerated, you should make copies with mbedtls_mpi_copy - * before calling this function. - * - */ -int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, - mbedtls_mpi *DQ, - mbedtls_mpi *QP ); - /** * \brief Export core parameters of an RSA key * diff --git a/library/pkparse.c b/library/pkparse.c index a6916e7b9..f0b9db320 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -751,8 +751,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, /* Check optional parameters */ if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 || - ( ret = mbedtls_rsa_check_crt( rsa, &DP, &DQ, &QP ) ) != 0 ) + ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 ) goto cleanup; if( p != end ) diff --git a/library/rsa.c b/library/rsa.c index 1fcffdfc3..841f48976 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -706,52 +706,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, return( 0 ); } -/* - * Check if CRT parameters match RSA context. - * This has to be implemented even if CRT is not used, - * in order to be able to validate DER encoded RSA keys, - * which always contain CRT parameters. - */ -int mbedtls_rsa_check_crt( const mbedtls_rsa_context *ctx, - mbedtls_mpi *DP, mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ - int ret = 0; - - /* Check if key is private or public */ - const int is_priv = - mbedtls_mpi_cmp_int( &ctx->N, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->P, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->D, 0 ) != 0 && - mbedtls_mpi_cmp_int( &ctx->E, 0 ) != 0; - - if( !is_priv ) - { - /* Checking optional parameters only makes sense for private keys. */ - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } - -#if !defined(MBEDTLS_RSA_NO_CRT) - if( ( DP != NULL && mbedtls_mpi_cmp_mpi( DP, &ctx->DP ) != 0 ) || - ( DQ != NULL && mbedtls_mpi_cmp_mpi( DQ, &ctx->DQ ) != 0 ) || - ( QP != NULL && mbedtls_mpi_cmp_mpi( QP, &ctx->QP ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#else /* MBEDTLS_RSA_NO_CRT */ - if( ( ret = mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, - DP, DQ, QP ) ) != 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#endif - - if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - - return( 0 ); -} - int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, unsigned char *N, size_t N_len, unsigned char *P, size_t P_len, @@ -2532,21 +2486,6 @@ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ) "910E4168387E3C30AA1E00C339A79508" \ "8452DD96A9A5EA5D9DCA68DA636032AF" -#define RSA_DP "C1ACF567564274FB07A0BBAD5D26E298" \ - "3C94D22288ACD763FD8E5600ED4A702D" \ - "F84198A5F06C2E72236AE490C93F07F8" \ - "3CC559CD27BC2D1CA488811730BB5725" - -#define RSA_DQ "4959CBF6F8FEF750AEE6977C155579C7" \ - "D8AAEA56749EA28623272E4F7D0592AF" \ - "7C1F1313CAC9471B5C523BFE592F517B" \ - "407A1BD76C164B93DA2D32A383E58357" - -#define RSA_QP "9AE7FBC99546432DF71896FC239EADAE" \ - "F38D18D2B2F0E2DD275AA977E2BF4411" \ - "F5A3B2A5D33605AEBBCCBA7FEB9F2D2F" \ - "A74206CEC169D74BF5A8C50D6F48EA08" - #define PT_LEN 24 #define RSA_PT "\xAA\xBB\xCC\x03\x02\x01\x00\xFF\xFF\xFF\xFF\xFF" \ "\x11\x22\x33\x0A\x0B\x0C\xCC\xDD\xDD\xDD\xDD\xDD" @@ -2619,15 +2558,6 @@ int mbedtls_rsa_self_test( int verbose ) return( 1 ); } - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DP ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, &K, NULL, NULL ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_DQ ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, &K, NULL ) ); - - MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_QP ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_check_crt( &rsa, NULL, NULL, &K ) ); - if( verbose != 0 ) mbedtls_printf( "passed\n PKCS#1 encryption : " ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 493c8706e..48275bc23 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -150,14 +150,6 @@ int main( int argc, char *argv[] ) goto exit; } - /* Although we're not using them, verify CRT parameters */ - if( ( return_val = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", - return_val ); - goto exit; - } - /* * Extract the RSA encrypted value from the text file */ diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index 5f615618f..ff6473632 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -130,14 +130,6 @@ int main( int argc, char *argv[] ) goto exit; } - /* Although we're not using them, verify CRT parameters */ - if( ( ret = mbedtls_rsa_check_crt( &rsa, &DP, &DQ, &QP ) ) != 0 ) - { - mbedtls_printf( " failed\n ! mbedtls_rsa_check_crt returned %d\n\n", - ret ); - goto exit; - } - /* * Compute the SHA-256 hash of the input file, * then calculate the RSA signature of the hash. From b5beaa8995289f080ba410eea293a3065d62bec3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 2 Oct 2017 13:01:43 +0100 Subject: [PATCH 320/493] Check that 1 < D, E < N in `mbedtls_rsa_validate_params` --- include/mbedtls/rsa.h | 11 ++++++----- library/rsa.c | 26 ++++++++++++++++++++------ 2 files changed, 26 insertions(+), 11 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df0ade80c..46daac55f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -174,12 +174,13 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \param p_rng PRNG context for f_rng, or NULL * * \return - * - 0 if the following conditions are satisfied: - * - N = PQ if N,P,Q != NULL + * - 0 if the following conditions are satisfied + * if all relevant parameters are provided: + * - P prime if f_rng != NULL + * - Q prime if f_rng != NULL + * - 1 < N = PQ + * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 - * if D,E,P,Q != NULL - * - P prime if f_rng, P != NULL - * - Q prime if f_rng, Q != NULL * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments diff --git a/library/rsa.c b/library/rsa.c index 841f48976..b0ba1eb2c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -422,13 +422,13 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, #endif /* MBEDTLS_GENPRIME */ /* - * Step 2: Check that N = PQ + * Step 2: Check that 1 < N = PQ */ if( P != NULL && Q != NULL && N != NULL ) { MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; @@ -437,15 +437,29 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, } /* - * Step 3: Check that D, E are inverse modulo P-1 and Q-1 + * Step 3: Check and 1 < D, E < N if present. + */ + + if( N != NULL && D != NULL && E != NULL ) + { + if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 4: Check that D, E are inverse modulo P-1 and Q-1 */ if( P != NULL && Q != NULL && D != NULL && E != NULL ) { if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 ) + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) { ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; goto cleanup; From 7da7cb399e415ba68676964c1eecafbe0da9163f Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 11:29:11 +0300 Subject: [PATCH 321/493] Fix ssl_server2 sample application prompt FIx the type of server_addr parameter from %d to %s. Issue reported by Email by Bei Jin --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824..1285abcbd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -326,7 +326,7 @@ int main( void ) #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ - " server_addr=%%d default: (all interfaces)\n" \ + " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ From 967a60502e02fddd587ada912842d82c7505757f Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 322/493] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index ec9125961..b3d4d519a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,7 @@ Features Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. + * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. = mbed TLS 2.6.0 branch released 2017-08-10 From 558477d073655f1b956bcc334794ac082c436f34 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 5 Sep 2017 16:31:20 +0100 Subject: [PATCH 323/493] Add tests for non-reduced length encoding in PKCS1 v15 signatures This commit adds some tests to the RSA test suite verifying that RSA PKCS-v15 signatures with non-reduced length encodings are refuted. Details are provided via comments in the test suite data file. --- tests/suites/test_suite_rsa.data | 35 ++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index fc7d93588..e899a7988 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -140,6 +140,41 @@ RSA PKCS1 Verify v1.5 padding too short depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_INVALID_PADDING +# The following tests check whether the use of reduced length encodings (as mandated for DER in contrast to BER) is enforced in +# the verification of PKCS1 v1.5 signatures - this is relevant to prevent Bleichenbacher signature forgery attacks. +# The test data has been generated by signing a test file using `programs/pkey/rsa_sign` after making modifications +# to `mbedtls_rsa_rsassa_pkcs1_v15_encode` to force the use of non-reduced encodings in different places as indicated in the respective tests. +# See the documentation of `mbedtls_rsa_rsassa_pkcs1_v15_encode` for the layout of the relevant ASN.1 structure. +# Correct signature with DER-compliant reduced length encodings +RSA PKCS1 Verify v1.5 reduced length encoding +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"5B56096ECADA4DAC299FD3D6091C1BE4D7C4210086E61ADA6FFC267A690034DAFB3734035880B9E71CEB0331C32C8DE1A254D777DFE3C848AC7764907602452EC16FD8EB3664E2E682DB3AA8979059BFADFE6192D9029844C8CAF310552717DD5B5B36A9910CFABE5C54AC16F3A3461DEE730060981BD9B47EE8D6644963B7CA":0 + +# Non-reduced 1-byte length encoding in `DigestInfo` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #1 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"2FCF7FC1B60B3C083872B1BD9C666745921951A8A9E099FD629675F620B670713519C4A97B870591B97FE5C5DB2FC2A0A3FCB0016536D1205AA32BA8BFCF54ABD542C02F7FCEA3C3531D7A87C82ED5B151A9599F1BDB070A905F5B721DE3C22F8AC35034C607920CE0699D7F79E5913915F3A01856B5D30F9E68F0CD7856D40F":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 2-byte length encoding for `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #2 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"3C27512A8FDC973D856C0F288BE27D00D54FC0B359C520DA73A05156D98CDD6A83E6657BFA81D7B9716EEDFD98C08CD82F399298782782AE341D9AABCBB6B5F9C6552DE1D8B93047E1135032653F4F65A8937352E903864E008429E049680E3AA80F5DE1C7408C403011CEF4A3ECA549C027C8954BFBCA21F2A41C3EB0278029":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 3-byte length encoding for optional parameters in `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #3 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"24BEB8502F24E0D11D9C10CEE4435EA972CEC93C23936E815ED2DF41BECEDDE889AF85BBEAF1B8C6928913AC523EA1D6653832E9D4E74F55B76771EA84F5A607342C341A14AB258019F38DBAEE4B967C8C8D26D6AF2583D32988471BA38751B6A67BA3D1147619C266A9AAC34244740BB59CD9DB3AFF19438B04C619AB719123":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 4-byte length encoding in `digest` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #4 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"13172EF7362CF421103FE1893429FAE85F83636BA8AF545252599A39892E62CEC317DC47C1D6B19328B63CDFD02FA0B49CE7980504635251FF08C0A1308C64D6466DFBF1EF2BA49EFDD6C2C888A30870EC2DC0FA4D67FDE6631C85ED2CEF8EEBF5578C974CBA4A04034D9B579B420D6CA93E4BFC09E014542A0EFB902AF90C5E":MBEDTLS_ERR_RSA_VERIFY_FAILED + +# Non-reduced 3-byte length encoding for OID in `digestAlgorithm` ASN.1 element +RSA PKCS1 Verify v1.5 non-reduced length encoding #5 +depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 +mbedtls_rsa_pkcs1_verify:"7369676e617475726520746573740a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1024:16:"A1D46FBA2318F8DCEF16C280948B1CF27966B9B47225ED2989F8D74B45BD36049C0AAB5AD0FF003553BA843C8E12782FC5873BB89A3DC84B883D25666CD22BF3ACD5B675969F8BEBFBCAC93FDD927C7442B178B10D1DFF9398E52316AAE0AF74E594650BDC3C670241D418684593CDA1A7B9DC4F20D2FDC6F66344074003E211":16:"10001":"65DD518F63A2E289C035E9F2A9927BF5A6A74FF6FEFFF61AFCC52ED4A8A5B93534A3AD1709136306EE1379B47A4863BC6ED879E92CD6F99AA5B5F106102BDAE8DAFB15CF6EF00CB5FA63967706528DEE8876F3D04E8D75533009C73DA4C5744D20FFDB18EA78EE4D5D9D6F7BD3AFC2AD9A0EDDD56AA40AAEF789E6FB12AB6DE7":MBEDTLS_ERR_RSA_VERIFY_FAILED + RSA PKCS1 Sign #1 (SHA512, 1536 bits RSA) depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 mbedtls_rsa_pkcs1_sign:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"c8c67df894c882045ede26a9008ab09ea0672077d7bc71d412511cd93981ddde8f91b967da404056c39f105f7f239abdaff92923859920f6299e82b95bd5b8c959948f4a035cbd693ad83014294d349813d1ad57911a6355d0731fe3a034e9db":16:"f15147d0e7c04a1e3f37adde802cdc610999bf7ab0088434aaeda0c0ab3910b14d2ce56cb66bffd97552195fae8b061077e03920814d8b9cfb5a3958b3a82c2a7fc97e55db5978b47a922156eb8a3e55c06a54a45d1670abdfb995489c4d0051":16:"bd429bb7c3b00bbea19ba664c0f8172d1a73c3cfa05e2ed656d570c1590918bb7e372ed25e2cd71395ba0a9b1a30f3ee012ffb0546cab8e3581fe3e23f44ab57a8aee9717e71a936a580fa8572d450fb00339a6f6704b717df0c149a465bab768c61500cd93b61113ff3e4389167f7b2c8e3c0da2d4765286bee555b0bcb4998f59b14fad03180a17c8b4f69bcd1234f4ae85950137665ac2ba80b55cc9b1aafb454b83771aa755acd2a00e93ddb65e696dbed8bdca69fb5e0c5c2097b9cfe4b":16:"3":"93b6fa99485c116ca6efdd4202ea1cf49f4c6345fae692584413743ce5b65510e8e4690aee9a19ea1ff10d57f22aa3548d839f28a8525a34354e9e58e0f3947e056ce2554e21bf287e220b98db3b551258cd42b495e5d1a3bbc83c9d1a02f2a300ef6d866ea75108e44ebb3e16b47df2f6de28feb2be3874dbbf21599451082d86e9f2f462575a8185c69aa1f1fcb6a363c5d71aeba2103449eaf3845285291148d5f78d1646b8dc95cbcc4082f987d948b0e7d4e80b60595f8a7517584e1643":0 From 171a8f1c957f02fce452f9e27e58ef74b54e3a88 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:32:16 +0100 Subject: [PATCH 324/493] Move constant time memcmp for signature verification This commit replaces the ad-hoc code for constant-time double-checking the PKCS1 v1.5 RSA signature by an invocation of `mbedtls_safer_memcmp`. --- library/rsa.c | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index bdd2538c3..3cc90c0be 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -71,6 +71,20 @@ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } +/* constant-time buffer comparison */ +static inline int mbedtls_safer_memcmp( const void *a, const void *b, size_t n ) +{ + size_t i; + const unsigned char *A = (const unsigned char *) a; + const unsigned char *B = (const unsigned char *) b; + unsigned char diff = 0; + + for( i = 0; i < n; i++ ) + diff |= A[i] ^ B[i]; + + return( diff ); +} + /* * Initialize an RSA context */ @@ -1162,9 +1176,6 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, unsigned char *p = sig; const char *oid = NULL; unsigned char *sig_try = NULL, *verif = NULL; - size_t i; - unsigned char diff; - volatile unsigned char diff_no_optimize; int ret; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) @@ -1249,12 +1260,7 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, MBEDTLS_MPI_CHK( mbedtls_rsa_private( ctx, f_rng, p_rng, sig, sig_try ) ); MBEDTLS_MPI_CHK( mbedtls_rsa_public( ctx, sig_try, verif ) ); - /* Compare in constant time just in case */ - for( diff = 0, i = 0; i < ctx->len; i++ ) - diff |= verif[i] ^ sig[i]; - diff_no_optimize = diff; - - if( diff_no_optimize != 0 ) + if( mbedtls_safer_memcmp( verif, sig, ctx->len ) != 0 ) { ret = MBEDTLS_ERR_RSA_PRIVATE_FAILED; goto cleanup; From fdf38030de70b95a77205f17d65591f05e74be08 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:35:55 +0100 Subject: [PATCH 325/493] Outsource code for generating PKCS1 v1.5 encoding This commit moves the code preparing PKCS1 v1.5 encoded hashes from `mbedtls_rsa_rsassa_pkcs1_v15_sign` to a separate non-public function `rsa_rsassa_pkcs1_v15_encode`. This code-path will then be re-used by the signature verification function `mbetls_rsa_rsassa_pkcs1_v15_verify` in a later commit. --- library/rsa.c | 216 +++++++++++++++++++++++++++++++++++--------------- 1 file changed, 152 insertions(+), 64 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3cc90c0be..a93cdb1c4 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1160,6 +1160,138 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* * Implementation of the PKCS#1 v2.1 RSASSA-PKCS1-V1_5-SIGN function */ + +/* Construct a PKCS v1.5 encoding of a hashed message + * + * This is used both for signature generation and verification. + * + * Parameters: + * - md_alg: Identifies the hash algorithm used to generate the given hash; + * MBEDTLS_MD_NONE if raw data are signed. + * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. + * - hash: Buffer containing the hashed message. + * - sig_len: Length of the encoded message. + * - dst: Buffer to hold the encoded message. + * + * Assumptions: + * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE. + * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE. + * - dst points to a buffer of size at least sig_len. + * + */ +static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, + unsigned int hashlen, + const unsigned char *hash, + size_t sig_len, + unsigned char *dst ) +{ + size_t oid_size = 0; + size_t nb_pad = sig_len; + unsigned char *p = dst; + const char *oid = NULL; + + /* Are we signing hashed or raw data? */ + if( md_alg != MBEDTLS_MD_NONE ) + { + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); + if( md_info == NULL ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + hashlen = mbedtls_md_get_size( md_info ); + + /* Double-check that 8 + hashlen + oid_size can be used as a + * 1-byte ASN.1 length encoding and that there's no overflow. */ + if( 8 + hashlen + oid_size >= 0x80 || + 10 + hashlen < hashlen || + 10 + hashlen + oid_size < 10 + hashlen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * Static bounds check: + * - Need 10 bytes for five tag-length pairs. + * (Insist on 1-byte length encodings to protect against variants of + * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification) + * - Need hashlen bytes for hash + * - Need oid_size bytes for hash alg OID. + */ + if( nb_pad < 10 + hashlen + oid_size ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + nb_pad -= 10 + hashlen + oid_size; + } + else + { + if( nb_pad < hashlen ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + nb_pad -= hashlen; + } + + /* Signature header and padding delimiter */ + if( nb_pad < 3 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + nb_pad -= 3; + + /* Now nb_pad is the amount of memory to be filled + * with padding; must be at least 8 bytes. */ + if( nb_pad < 8 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* Write signature header and padding */ + *p++ = 0; + *p++ = MBEDTLS_RSA_SIGN; + memset( p, 0xFF, nb_pad ); + p += nb_pad; + *p++ = 0; + + /* Are we signing raw data? */ + if( md_alg == MBEDTLS_MD_NONE ) + { + memcpy( p, hash, hashlen ); + return( 0 ); + } + + /* Signing hashed data, add corresponding ASN.1 structure + * + * DigestInfo ::= SEQUENCE { + * digestAlgorithm DigestAlgorithmIdentifier, + * digest Digest } + * DigestAlgorithmIdentifier ::= AlgorithmIdentifier + * Digest ::= OCTET STRING + * + * Schematic: + * TAG-SEQ + LEN [ TAG-SEQ + LEN [ TAG-OID + LEN [ OID ] + * TAG-NULL + LEN [ NULL ] ] + * TAG-OCTET + LEN [ HASH ] ] + */ + *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; + *p++ = 0x08 + oid_size + hashlen; + *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; + *p++ = 0x04 + oid_size; + *p++ = MBEDTLS_ASN1_OID; + *p++ = oid_size; + memcpy( p, oid, oid_size ); + p += oid_size; + *p++ = MBEDTLS_ASN1_NULL; + *p++ = 0x00; + *p++ = MBEDTLS_ASN1_OCTET_STRING; + *p++ = hashlen; + memcpy( p, hash, hashlen ); + p += hashlen; + + /* Just a sanity-check, should be automatic + * after the initial bounds check. */ + if( p != dst + sig_len ) + { + mbedtls_zeroize( dst, sig_len ); + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + + return( 0 ); +} + /* * Do an RSA operation to sign the message digest */ @@ -1172,85 +1304,41 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, const unsigned char *hash, unsigned char *sig ) { - size_t nb_pad, olen, oid_size = 0; - unsigned char *p = sig; - const char *oid = NULL; - unsigned char *sig_try = NULL, *verif = NULL; int ret; + unsigned char *sig_try = NULL, *verif = NULL; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - olen = ctx->len; - nb_pad = olen - 3; + /* + * Prepare PKCS1-v1.5 encoding (padding and hash identifier) + */ - if( md_alg != MBEDTLS_MD_NONE ) - { - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - if( mbedtls_oid_get_oid_by_md( md_alg, &oid, &oid_size ) != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - nb_pad -= 10 + oid_size; - - hashlen = mbedtls_md_get_size( md_info ); - } - - nb_pad -= hashlen; - - if( ( nb_pad < 8 ) || ( nb_pad > olen ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - - *p++ = 0; - *p++ = MBEDTLS_RSA_SIGN; - memset( p, 0xFF, nb_pad ); - p += nb_pad; - *p++ = 0; - - if( md_alg == MBEDTLS_MD_NONE ) - { - memcpy( p, hash, hashlen ); - } - else - { - /* - * DigestInfo ::= SEQUENCE { - * digestAlgorithm DigestAlgorithmIdentifier, - * digest Digest } - * - * DigestAlgorithmIdentifier ::= AlgorithmIdentifier - * - * Digest ::= OCTET STRING - */ - *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x08 + oid_size + hashlen ); - *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = (unsigned char) ( 0x04 + oid_size ); - *p++ = MBEDTLS_ASN1_OID; - *p++ = oid_size & 0xFF; - memcpy( p, oid, oid_size ); - p += oid_size; - *p++ = MBEDTLS_ASN1_NULL; - *p++ = 0x00; - *p++ = MBEDTLS_ASN1_OCTET_STRING; - *p++ = hashlen; - memcpy( p, hash, hashlen ); - } - - if( mode == MBEDTLS_RSA_PUBLIC ) - return( mbedtls_rsa_public( ctx, sig, sig ) ); + if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, + ctx->len, sig ) ) != 0 ) + return( ret ); /* + * Call respective RSA primitive + */ + + if( mode == MBEDTLS_RSA_PUBLIC ) + { + /* Skip verification on a public key operation */ + return( mbedtls_rsa_public( ctx, sig, sig ) ); + } + + /* Private key operation + * * In order to prevent Lenstra's attack, make the signature in a * temporary buffer and check it before returning it. */ + sig_try = mbedtls_calloc( 1, ctx->len ); if( sig_try == NULL ) return( MBEDTLS_ERR_MPI_ALLOC_FAILED ); - verif = mbedtls_calloc( 1, ctx->len ); + verif = mbedtls_calloc( 1, ctx->len ); if( verif == NULL ) { mbedtls_free( sig_try ); From 64a8c0acd67a3fc97f3ddedd4c2f2a1a08fc3701 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:39:49 +0100 Subject: [PATCH 326/493] Verify PKCS1 v1.5 signature without parsing This commit modifies the PKCS1 v1.5 signature verification function `mbedtls_rsa_rsassa_pkcs1_v15_verify` to prepare the expected PKCS1-v1.5-encoded hash using the function also used by the signing routine `mbedtls_rsa_rsassa_pkcs1_v15_sign` and comparing it to the provided byte-string afterwards. This comes at the benefits of (1) avoiding any error-prone parsing, (2) removing the dependency of the RSA module on the ASN.1 parsing module, and (3) reducing code size. --- library/rsa.c | 141 +++++++++++++++----------------------------------- 1 file changed, 42 insertions(+), 99 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a93cdb1c4..811bf302e 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1559,121 +1559,64 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, const unsigned char *hash, const unsigned char *sig ) { - int ret; - size_t len, siglen, asn1_len; - unsigned char *p, *p0, *end; - mbedtls_md_type_t msg_md_alg; - const mbedtls_md_info_t *md_info; - mbedtls_asn1_buf oid; - unsigned char buf[MBEDTLS_MPI_MAX_SIZE]; + int ret = 0; + const size_t sig_len = ctx->len; + unsigned char *encoded = NULL, *encoded_expected = NULL; if( mode == MBEDTLS_RSA_PRIVATE && ctx->padding != MBEDTLS_RSA_PKCS_V15 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - siglen = ctx->len; + /* + * Prepare expected PKCS1 v1.5 encoding of hash. + */ - if( siglen < 16 || siglen > sizeof( buf ) ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + if( ( encoded = mbedtls_calloc( 1, sig_len ) ) == NULL || + ( encoded_expected = mbedtls_calloc( 1, sig_len ) ) == NULL ) + { + ret = MBEDTLS_ERR_MPI_ALLOC_FAILED; + goto cleanup; + } + + if( ( ret = rsa_rsassa_pkcs1_v15_encode( md_alg, hashlen, hash, sig_len, + encoded_expected ) ) != 0 ) + goto cleanup; + + /* + * Apply RSA primitive to get what should be PKCS1 encoded hash. + */ ret = ( mode == MBEDTLS_RSA_PUBLIC ) - ? mbedtls_rsa_public( ctx, sig, buf ) - : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, buf ); - + ? mbedtls_rsa_public( ctx, sig, encoded ) + : mbedtls_rsa_private( ctx, f_rng, p_rng, sig, encoded ); if( ret != 0 ) - return( ret ); - - p = buf; - - if( *p++ != 0 || *p++ != MBEDTLS_RSA_SIGN ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - - while( *p != 0 ) - { - if( p >= buf + siglen - 1 || *p != 0xFF ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - p++; - } - p++; /* skip 00 byte */ - - /* We've read: 00 01 PS 00 where PS must be at least 8 bytes */ - if( p - buf < 11 ) - return( MBEDTLS_ERR_RSA_INVALID_PADDING ); - - len = siglen - ( p - buf ); - - if( len == hashlen && md_alg == MBEDTLS_MD_NONE ) - { - if( memcmp( p, hash, hashlen ) == 0 ) - return( 0 ); - else - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - } - - md_info = mbedtls_md_info_from_type( md_alg ); - if( md_info == NULL ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - hashlen = mbedtls_md_get_size( md_info ); - - end = p + len; + goto cleanup; /* - * Parse the ASN.1 structure inside the PKCS#1 v1.5 structure. - * Insist on 2-byte length tags, to protect against variants of - * Bleichenbacher's forgery attack against lax PKCS#1v1.5 verification. + * Compare */ - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len + 2 != len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, - MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len + 6 + hashlen != len ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if( ( ret = mbedtls_safer_memcmp( encoded, encoded_expected, + sig_len ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_VERIFY_FAILED; + goto cleanup; + } - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); +cleanup: - oid.p = p; - p += oid.len; + if( encoded != NULL ) + { + mbedtls_zeroize( encoded, sig_len ); + mbedtls_free( encoded ); + } - if( mbedtls_oid_get_md_alg( &oid, &msg_md_alg ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); + if( encoded_expected != NULL ) + { + mbedtls_zeroize( encoded_expected, sig_len ); + mbedtls_free( encoded_expected ); + } - if( md_alg != msg_md_alg ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - /* - * assume the algorithm parameters must be NULL - */ - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_NULL ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - p0 = p; - if( ( ret = mbedtls_asn1_get_tag( &p, end, &asn1_len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - if( p != p0 + 2 || asn1_len != hashlen ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - if( memcmp( p, hash, hashlen ) != 0 ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - p += hashlen; - - if( p != end ) - return( MBEDTLS_ERR_RSA_VERIFY_FAILED ); - - return( 0 ); + return( ret ); } #endif /* MBEDTLS_PKCS1_V15 */ From c21a8db3fe9dfac6828144fe6a404f8d6036cea4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 6 Sep 2017 12:44:45 +0100 Subject: [PATCH 327/493] Adapt test suites to modified error codes As the new PKCS v1.5 verification function opaquely compares an expected encoding to the given one, it cannot distinguish multiple reasons of failure anymore and instead always returns MBEDTLS_ERR_RSA_VERIFY_FAILED. This necessitates some modifications to the expected return values of some tests verifying signatures with bad padding. --- tests/suites/test_suite_pk.data | 6 +++--- tests/suites/test_suite_rsa.data | 18 +++++++++--------- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data index f6ea378ff..cfb4281be 100644 --- a/tests/suites/test_suite_pk.data +++ b/tests/suites/test_suite_pk.data @@ -114,13 +114,13 @@ Verify ext RSA #8 (PKCS1 v2.1, RSASSA-PSS without options) depends_on:MBEDTLS_PKCS1_V21:MBEDTLS_SHA256_C pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSASSA_PSS:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA -Verify ext RSA #9 (PKCS1 v2.1, RSA with options) +Verify ext RSA #9 (PKCS1 v1.5, RSA with options) depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:MBEDTLS_MD_SHA256:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_PK_BAD_INPUT_DATA -Verify ext RSA #10 (PKCS1 v2.1, RSA without options) +Verify ext RSA #10 (PKCS1 v1.5, RSA without options) depends_on:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C -pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_INVALID_PADDING +pk_rsa_verify_ext_test_vec:"54657374206d657373616765":MBEDTLS_MD_SHA256:1024:16:"00dd118a9f99bab068ca2aea3b6a6d5997ed4ec954e40deecea07da01eaae80ec2bb1340db8a128e891324a5c5f5fad8f590d7c8cacbc5fe931dafda1223735279461abaa0572b761631b3a8afe7389b088b63993a0a25ee45d21858bab9931aedd4589a631b37fcf714089f856549f359326dd1e0e86dde52ed66b4a90bda4095":16:"010001":"0d2bdb0456a3d651d5bd48a4204493898f72cf1aaddd71387cc058bc3f4c235ea6be4010fd61b28e1fbb275462b53775c04be9022d38b6a2e0387dddba86a3f8554d2858044a59fddbd594753fc056fe33c8daddb85dc70d164690b1182209ff84824e0be10e35c379f2f378bf176a9f7cb94d95e44d90276a298c8810f741c9":MBEDTLS_PK_RSA:-1:MBEDTLS_RSA_SALT_LEN_ANY:MBEDTLS_ERR_RSA_VERIFY_FAILED Verify ext RSA #11 (PKCS1 v2.1, asking for ECDSA) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e899a7988..2dcdbc4a2 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -26,7 +26,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 # Bad padding after performing the public key operation -mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #8 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -38,7 +38,7 @@ mbedtls_rsa_pkcs1_verify:"647586ba587b09aa555d1b8da4cdf5c6e777e08859379ca4578901 RSA PKCS1 Verify v1.5 CAVS #10 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"55013a489e09b6553262aab59fb041b49437b86d52876f8e5d5e405b77ca0ff6ce8ea2dd75c7b3b411cf4445d56233c5b0ff0e58c49128d81b4fedd295e172d225c451e13defb34b87b7aea6d6f0d20f5c55feb71d2a789fa31f3d9ff47896adc16bec5ce0c9dda3fde190e08ca2451c01ff3091449887695f96dac97ad6a30e":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"10001":"dd82b7be791c454fbbf6f1de47cbe585a687e4e8bbae0b6e2a77f8ca4efd06d71498f9a74b931bd59c377e71daf708a624c51303f377006c676487bad57f7067b09b7bb94a6189119ab8cf7321c321b2dc7df565bfbec833a28b86625fb5fd6a035d4ed79ff0f9aee9fa78935eec65069439ee449d7f5249cdae6fdd6d8c2a63":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #11 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 @@ -82,11 +82,11 @@ mbedtls_rsa_pkcs1_verify:"a3edb0f52c6166d7b76e71634761f402337c3e9667549d00cd7877 RSA PKCS1 Verify v1.5 CAVS #21 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"ac58fd024208d7f045d81a56cd55aad40ab86b0d216ab55136c7027aca23ea13480a52c0dacce0d98139b25965aa4ff76a41dd92037195d24bc0750d52cb3467b48b7b3e71d852c5f82bd9ee85a8388ead5cd8bc38c3d4792e8daa9734a137d31963e245ad3217fad235f7dfd5584de0fe91c4526568588e08b60bdf1badd99f":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"a142b0d9456f8f4772675265a08613a66c416bd1ae712975c69d9ca5fb8c1be9c24359a04fd15460bf6136a8a11f13e3ce2de2171524f10cb715f0d71e3db15281ab99eadbe86cf8c5c518162c638ef27a4f7bfb4a1a3873f3c384a5b1c3b4966c837b9d8d192ac34e03943b7ae191355aa1ff3b9cd041bb2668f1f81cf0d015b3d3608cd9ac79398212c0f132f1bd45d47768b999fcf3c05fe2069593ceecedc851a7fc465abcfef0fabba9b9460153f6ba8723a5c6e766c83a446aef3ee327":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #22 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"027f767928a5821e2723d6f36c43e6b498b6f0b381852571794a096bd49f1c36a4d7bacec7ec402c24b970163169173bb930ec7fdc39bc9457dfc4ca051f5f28a64de1bbe007c22e8368ff9b117dbda17efd2fb73434bbbf5a4158df56813b8c904bb2e779de504dcd974a291568210d6f85810291606a1c0cd88d51ceadf98a":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA224:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"0676e64daaa18f4af46e9dfbe234db389b8a527b0fe1db97eb7f404e3155226cba70d318800f83160fa1aa19916e5c09f079331079f18cb8ab1a4b884cb28501824974f683ed2b9babae9f8c15bea30802805c6b2152119764811bbf5f3994d2e97fa2fe8c5ab15a23c14d7ae56be00eaa8bc26678481ff5ba59b0acfb0e43341bff9fc638e5625480a73dbc5d8d13bd2b9e64037c6b79df0c60869980c6a22ec46f80fb859cb4ee5d2032ac1fe538cfd85c70a7f33b4af50a93395917c2cfb6":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #23 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 @@ -118,11 +118,11 @@ mbedtls_rsa_pkcs1_verify:"f7857ce04bf4292ea1755f9e587822372f4dcdf10bddfc0ff498a8 RSA PKCS1 Verify v1.5 CAVS #30 depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"ca312774f2756ac2019f213a01a63c9a0b4a49ccafecf25e97a4c632668e3c77e664f4d7635241f25205e50c37061b02c546db8346fa597c3da8cfd44a827c5a4ff4ecfcd1797b39a1b215d9bbb93fdb6eb35bafbda427a5068888a6e19f86224b0897490491207e35ce39085668b10b4fb851b7dd9465c03869790ef38a61b5":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"ca312774f2756ac2019f213a01a63c9a0b4a49ccafecf25e97a4c632668e3c77e664f4d7635241f25205e50c37061b02c546db8346fa597c3da8cfd44a827c5a4ff4ecfcd1797b39a1b215d9bbb93fdb6eb35bafbda427a5068888a6e19f86224b0897490491207e35ce39085668b10b4fb851b7dd9465c03869790ef38a61b5":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"3":"a202c33eb831b9d8e818b6c3bcdb42818e1d9c22a06ddd73a17a21e49d18cda44df349a066477cae068e1a5d2b518b0885e889ef796ca9e6f42a69ac755b8a6405fbaef93fe0130d98de35d689addfee3eecd26658903f774bda481c3f40ee0e9569a3c3e2da7ad576c7de82159d933e36fa29cfef99367005e34ab5082d80f48276d37dabc88dbb023bd01585329d2ccf417f78ec508aaa29751007d31f1669296b981d44c8fa99130c5df7a071725b496859314aaf9baf0ebc780355914249":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #31 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"2abe079077290ceb6c80ac5c61062ce8da814b1fb99a1a9fb2860ed900e6541856ec64bf19c0d9d1cc2280b7cc50af3e3d2ad8e044945d44761ca60891dd72bd6aa26a33274ffcf7ae7d661b5e651135fcff21aaf06b4a2db18fe5827e0243884f2841760b9f1c65fbda870f7f0cfbd6ff484f0825e688614928f2d12d1e7080":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"2abe079077290ceb6c80ac5c61062ce8da814b1fb99a1a9fb2860ed900e6541856ec64bf19c0d9d1cc2280b7cc50af3e3d2ad8e044945d44761ca60891dd72bd6aa26a33274ffcf7ae7d661b5e651135fcff21aaf06b4a2db18fe5827e0243884f2841760b9f1c65fbda870f7f0cfbd6ff484f0825e688614928f2d12d1e7080":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"10001":"402631f3cddfb02cc4d9cb58ef1ab6726bd787a50e12e98567c9702bfdf47af85904aec5a2f6c5df9a10f08f90f93728eb090ae2ac21ded9f38faecd8195f3eb3d4107521b1cee956e7a214245b038adae912fa35ec97cb3bdc41352e8aaff80173561284cb740f999a3cd6653a6c3d5a3f911a416f41e2155083982c99eb5998a0a74d77f1ae999d901ee24a7f2c424179a3f92b07dc0b3498c1884e60677bee0175e810b426c4ad008d2743cd19b00b33177bf8be3fed7f7406e1bce0c2ea3":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #32 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -130,7 +130,7 @@ mbedtls_rsa_pkcs1_verify:"da9505809dc92cfd8e01a1857dde52df6677c40d98f4577c1659ca RSA PKCS1 Verify v1.5 CAVS #33 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"d0cd038c65b3acca45822eaf91ea5176e82043268876dec0b62e2abd619023b7023abc67c6b823cfef5447b8772f985ff7910d6cc87e6c23688ac6de1fee40bbe2da1a92770de92adaa427ace02fee571a0a0176fceb0c8f3eb72dde839ab201395625f5c0db8641ce19d7711212dec61733262c6ce4476c025e67a3d5bc01f3":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"2f30629c1117d013bb36e6099dee931dcaf0a1032b07ec23e2b262898a8945e569c9573d81e22bb0a5f8a28b0d7b8ff01367dd7f089c68ed1daa11cf53a96ee91b38e6b839b6e90bea34d14b78f5d2c7629b68c5b4f2ecfff66b483b2233cb14f95df533c867a2b610aebcdbb7ea3109aaf2f5762ab3edc2571deccc7da0c9a5b443ca2b924c0f18de7bbb736a08fed3916795018a436a3ae62c85d554a53a6d48623908e06e7d275f4251d3b3bd530bd11e155dcf2b5c2adf030cdf931ae749":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"d0cd038c65b3acca45822eaf91ea5176e82043268876dec0b62e2abd619023b7023abc67c6b823cfef5447b8772f985ff7910d6cc87e6c23688ac6de1fee40bbe2da1a92770de92adaa427ace02fee571a0a0176fceb0c8f3eb72dde839ab201395625f5c0db8641ce19d7711212dec61733262c6ce4476c025e67a3d5bc01f3":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA512:1536:16:"a59d9b7269b102b7be684ec5e28db79992e6d3231e77c90b78960c2638b35ef6dbdac1ac59e7249d96d426e7f99397eabc6b8903fe1942da580322b98bafacd81bb911c29666f83886a2a2864f3552044300e60cedd5a8c321c43e280413dc41673c39a11b98a885486f8187a70f270185c4c12bc48a1968305269776c070ef69d4913589a887c4d0f5e7dd58bd806d0d49a14a1762c38665cef4646ff13a0cd29c3a60460703c3d051d5b28c660bffb5f8bd43d495ffa64175f72b8abe5fddd":16:"11":"2f30629c1117d013bb36e6099dee931dcaf0a1032b07ec23e2b262898a8945e569c9573d81e22bb0a5f8a28b0d7b8ff01367dd7f089c68ed1daa11cf53a96ee91b38e6b839b6e90bea34d14b78f5d2c7629b68c5b4f2ecfff66b483b2233cb14f95df533c867a2b610aebcdbb7ea3109aaf2f5762ab3edc2571deccc7da0c9a5b443ca2b924c0f18de7bbb736a08fed3916795018a436a3ae62c85d554a53a6d48623908e06e7d275f4251d3b3bd530bd11e155dcf2b5c2adf030cdf931ae749":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #34 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 @@ -138,7 +138,7 @@ mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e9 RSA PKCS1 Verify v1.5 padding too short depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"AABBCC03020100FFFFFFFFFF1122330A0B0CCCDDDDDDDDDD":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"9292758453063D803DD603D5E777D7888ED1D5BF35786190FA2F23EBC0848AEADDA92CA6C3D80B32C4D109BE0F36D6AE7130B9CED7ACDF54CFC7555AC14EEBAB93A89813FBF3C4F8066D2D800F7C38A81AE31942917403FF4946B0A83D3D3E05EE57C6F5F5606FB5D4BC6CD34EE0801A5E94BB77B07507233A0BC7BAC8F90F79":16:"10001":"6edd56f397d9bc6d176bbe3d80946fc352ad6127b85b1d67d849c0a38cbde7222c5fafbb18dcef791178a8e15f5c8cd91869f8ca4b758c46ce3e229bf666d2e3e296544351bcb5db7e0004f6c0800f76a432071297e405759d4324d1cf1c412758be93a39f834e03dee59e28ac571ce2b0b3c8fe639979f516223b54027340a5":MBEDTLS_ERR_RSA_VERIFY_FAILED # The following tests check whether the use of reduced length encodings (as mandated for DER in contrast to BER) is enforced in # the verification of PKCS1 v1.5 signatures - this is relevant to prevent Bleichenbacher signature forgery attacks. @@ -193,7 +193,7 @@ mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e9 RSA PKCS1 Sign #2 Verify (Fail) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 -mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_INVALID_PADDING +mbedtls_rsa_pkcs1_verify:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA256:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"5aee2b9dbc02a6a2d87ff64a64165dc0b9ce70c79bab2d287939e2601c3223e0493988d5468731ae4edc7d5f5d449335c204fdb0e192c1915c9d694d3a61c3be14df79c4b34d6ac73707829024d263c94f9107fa93f3783de3965522336e18d1e01a142b5103451bb97839eaf2f44703a63050a36b78aef4072ea1a8daaaf1a2918fc03ee957a9c09efdc6287bcb4d6aec4723290294b249b3e3dc63157b560ad9c867323a73ebeb360cc9e482111643b0d86c4e33dcf170155590f0eba7d170789e84de336b7fe2f6cf485ddca94607a4ff379fc49d375c730249dd1a210e7dccd763d1c23c7532e769c6aa88e38e8654ff90f7b34df4c07ba90e89099ec1ed":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Sign #3 (SHA224, 2048 bits RSA) depends_on:MBEDTLS_SHA256_C:MBEDTLS_PKCS1_V15 From 2b2f898cbdebfd4e5b6f702ff3a62d4b008bedd3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 17:10:03 +0100 Subject: [PATCH 328/493] Streamline code-path in rsa_rsassa_pkcs1_v15_encode --- library/rsa.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 811bf302e..36a8d8880 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1229,15 +1229,14 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, nb_pad -= hashlen; } - /* Signature header and padding delimiter */ - if( nb_pad < 3 ) + /* Need space for signature header and padding delimiter (3 bytes), + * and 8 bytes for the minimal padding */ + if( nb_pad < 3 + 8 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); nb_pad -= 3; /* Now nb_pad is the amount of memory to be filled - * with padding; must be at least 8 bytes. */ - if( nb_pad < 8 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + * with padding, and at least 8 bytes long. */ /* Write signature header and padding */ *p++ = 0; From e58d38c66f5f2be0ec49d05070042ad174f28e49 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 27 Sep 2017 17:09:00 +0100 Subject: [PATCH 329/493] Minor improvements --- library/rsa.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 36a8d8880..3ccc7f8d7 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1167,26 +1167,26 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * * Parameters: * - md_alg: Identifies the hash algorithm used to generate the given hash; - * MBEDTLS_MD_NONE if raw data are signed. + * MBEDTLS_MD_NONE if raw data is signed. * - hashlen: Length of hash in case hashlen is MBEDTLS_MD_NONE. - * - hash: Buffer containing the hashed message. - * - sig_len: Length of the encoded message. + * - hash: Buffer containing the hashed message or the raw data. + * - dst_len: Length of the encoded message. * - dst: Buffer to hold the encoded message. * * Assumptions: * - hash has size hashlen if md_alg == MBEDTLS_MD_NONE. * - hash has size corresponding to md_alg if md_alg != MBEDTLS_MD_NONE. - * - dst points to a buffer of size at least sig_len. + * - dst points to a buffer of size at least dst_len. * */ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, unsigned int hashlen, const unsigned char *hash, - size_t sig_len, + size_t dst_len, unsigned char *dst ) { size_t oid_size = 0; - size_t nb_pad = sig_len; + size_t nb_pad = dst_len; unsigned char *p = dst; const char *oid = NULL; @@ -1282,9 +1282,9 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, /* Just a sanity-check, should be automatic * after the initial bounds check. */ - if( p != dst + sig_len ) + if( p != dst + dst_len ) { - mbedtls_zeroize( dst, sig_len ); + mbedtls_zeroize( dst, dst_len ); return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); } From 5178dcab121b638b221b2704c22ae01451b554dd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:29:37 +0100 Subject: [PATCH 330/493] Clarify parameter ownership in `mbedtls_rsa_import[_raw]` --- include/mbedtls/rsa.h | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 46daac55f..a655d0e46 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -332,6 +332,9 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, @@ -362,6 +365,9 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note The imported parameters are copied and need not be preserved + * for the lifetime of the RSA context being set up. + * * \return 0 if successful, non-zero error code on failure. */ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, From db13cefde229c750dd7712feb1aa6e99c251a77c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:31:05 +0100 Subject: [PATCH 331/493] Correct typo in RSA test suite data --- tests/suites/test_suite_rsa.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index ace4d397a..a1b84c975 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,4 +1,4 @@ - Date: Tue, 3 Oct 2017 14:32:56 +0100 Subject: [PATCH 332/493] Correct memory leak in `mbedtls_rsa_validate_crt` --- library/rsa.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index b0ba1eb2c..408ceb122 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -325,7 +325,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } @@ -344,7 +345,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } @@ -362,7 +364,8 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; } } From 8ba6ce4f4f4e6e3786f6a94fd2e4f654eca8bca4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:36:26 +0100 Subject: [PATCH 333/493] Rename `rsa_deduce_private` to `rsa_deduce_private_exponent` --- include/mbedtls/rsa.h | 6 ++++-- library/rsa.c | 16 +++++++++------- tests/suites/test_suite_rsa.data | 8 ++++---- tests/suites/test_suite_rsa.function | 13 +++++++------ 4 files changed, 24 insertions(+), 19 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index a655d0e46..df0e24ad9 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -129,8 +129,10 @@ int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, * \note This function does not check whether P and Q are primes. * */ -int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, mbedtls_mpi const *Q, - mbedtls_mpi const *E, mbedtls_mpi *D ); +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ); /** diff --git a/library/rsa.c b/library/rsa.c index 408ceb122..031dc2c43 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -78,7 +78,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: * - mbedtls_rsa_deduce_moduli - * - mbedtls_rsa_deduce_private + * - mbedtls_rsa_deduce_private_exponent * - mbedtls_rsa_deduce_crt * Each of these functions takes a set of core RSA parameters * and generates some other, or CRT related parameters. @@ -253,10 +253,10 @@ cleanup: * This is essentially a modular inversion. */ -int mbedtls_rsa_deduce_private( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) { int ret = 0; mbedtls_mpi K, L; @@ -681,8 +681,10 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are * guaranteed to be sane if this call succeeds. */ - if( ( ret = mbedtls_rsa_deduce_private( &ctx->P, &ctx->Q, - &ctx->E, &ctx->D ) ) != 0 ) + if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, + &ctx->Q, + &ctx->E, + &ctx->D ) ) != 0 ) { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index a1b84c975..1768c48d8 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -404,16 +404,16 @@ RSA Validate Params, non-prime, PRNG mbedtls_rsa_validate_params:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd18":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"":1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Deduce Private, toy example -mbedtls_rsa_deduce_private:10:"7":10:"11":10:"7":10:"13":0:0 +mbedtls_rsa_deduce_private_exponent:10:"7":10:"11":10:"7":10:"13":0:0 RSA Deduce Private, toy example, corrupted -mbedtls_rsa_deduce_private:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_rsa_deduce_private_exponent:10:"3":10:"5":10:"3":10:"3":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Private -mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 +mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":0:0 RSA Deduce Private, corrupted -mbedtls_rsa_deduce_private:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE +mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Moduli, toy example mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index b965bd65b..dbd1c0fbd 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -779,11 +779,11 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void mbedtls_rsa_deduce_private( int radix_P, char *input_P, - int radix_Q, char *input_Q, - int radix_E, char *input_E, - int radix_D, char *output_D, - int corrupt, int result ) +void mbedtls_rsa_deduce_private_exponent( int radix_P, char *input_P, + int radix_Q, char *input_Q, + int radix_E, char *input_E, + int radix_D, char *output_D, + int corrupt, int result ) { mbedtls_mpi P, Q, D, Dp, E, R, Rp; @@ -804,7 +804,8 @@ void mbedtls_rsa_deduce_private( int radix_P, char *input_P, } /* Try to deduce D from N, P, Q, E. */ - TEST_ASSERT( mbedtls_rsa_deduce_private( &P, &Q, &E, &D ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_private_exponent( &P, &Q, + &E, &D ) == result ); if( !corrupt ) { From 0f65e0ca03cdd49b2e7b514235d3693ae77eefd6 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:39:16 +0100 Subject: [PATCH 334/493] Rename `rsa_deduce_moduli` to `rsa_deduce_primes` --- include/mbedtls/rsa.h | 2 +- library/rsa.c | 6 +++--- tests/suites/test_suite_rsa.data | 8 ++++---- tests/suites/test_suite_rsa.function | 4 ++-- 4 files changed, 10 insertions(+), 10 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index df0e24ad9..044887749 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -104,7 +104,7 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, mbedtls_mpi const *D, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); diff --git a/library/rsa.c b/library/rsa.c index 031dc2c43..d14817c2c 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -77,7 +77,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_moduli + * - mbedtls_rsa_deduce_primes * - mbedtls_rsa_deduce_private_exponent * - mbedtls_rsa_deduce_crt * Each of these functions takes a set of core RSA parameters @@ -130,7 +130,7 @@ static void mbedtls_zeroize( void *v, size_t n ) { * of (a) and (b) above to attempt to factor N. * */ -int mbedtls_rsa_deduce_moduli( mbedtls_mpi const *N, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) @@ -659,7 +659,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, { /* This includes sanity checking of core parameters, * so no further checks necessary. */ - ret = mbedtls_rsa_deduce_moduli( &ctx->N, &ctx->D, &ctx->E, + ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, f_rng, p_rng, &ctx->P, &ctx->Q ); if( ret != 0 ) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 1768c48d8..8ca6445bc 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -416,16 +416,16 @@ RSA Deduce Private, corrupted mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE RSA Deduce Moduli, toy example -mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 +mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 RSA Deduce Moduli, toy example, corrupted -mbedtls_rsa_deduce_moduli:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Deduce Moduli -mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 +mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 RSA Deduce Moduli, corrupted -mbedtls_rsa_deduce_moduli:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA +mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index dbd1c0fbd..fc27353e7 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -723,7 +723,7 @@ exit: /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ -void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, +void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, int radix_D, char *input_D, int radix_E, char *input_E, int radix_P, char *output_P, @@ -756,7 +756,7 @@ void mbedtls_rsa_deduce_moduli( int radix_N, char *input_N, TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); /* Try to deduce P, Q from N, D, E only. */ - TEST_ASSERT( mbedtls_rsa_deduce_moduli( &N, &D, &E, mbedtls_ctr_drbg_random, + TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, mbedtls_ctr_drbg_random, &ctr_drbg, &P, &Q ) == result ); if( !corrupt ) From 17c3276a2e2f2983a341d2121678a5b80764e0f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 3 Oct 2017 14:56:04 +0100 Subject: [PATCH 335/493] Improve output on bad cmd line args in `programs/x509/cert_write` --- programs/x509/cert_write.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c index d04739389..9cc582d61 100644 --- a/programs/x509/cert_write.c +++ b/programs/x509/cert_write.c @@ -323,6 +323,7 @@ int main( int argc, char *argv[] ) if( opt.authority_identifier != 0 && opt.authority_identifier != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -332,6 +333,7 @@ int main( int argc, char *argv[] ) if( opt.subject_identifier != 0 && opt.subject_identifier != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -341,6 +343,7 @@ int main( int argc, char *argv[] ) if( opt.basic_constraints != 0 && opt.basic_constraints != 1 ) { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; } } @@ -355,32 +358,47 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "MD5" ) == 0 ) opt.md = MBEDTLS_MD_MD5; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "version" ) == 0 ) { opt.version = atoi( q ); if( opt.version < 1 || opt.version > 3 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } opt.version--; } else if( strcmp( p, "selfsign" ) == 0 ) { opt.selfsign = atoi( q ); if( opt.selfsign < 0 || opt.selfsign > 1 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "is_ca" ) == 0 ) { opt.is_ca = atoi( q ); if( opt.is_ca < 0 || opt.is_ca > 1 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "max_pathlen" ) == 0 ) { opt.max_pathlen = atoi( q ); if( opt.max_pathlen < -1 || opt.max_pathlen > 127 ) + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } } else if( strcmp( p, "key_usage" ) == 0 ) { @@ -404,7 +422,10 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "crl_sign" ) == 0 ) opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } q = r; } @@ -431,7 +452,10 @@ int main( int argc, char *argv[] ) else if( strcmp( q, "object_signing_ca" ) == 0 ) opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA; else + { + mbedtls_printf( "Invalid argument for option %s\n", p ); goto usage; + } q = r; } From 82759aa1c7d59e074eb9e2a0d28ca2a6b3ffb0fc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jun 2017 14:52:39 +0200 Subject: [PATCH 336/493] Note in README that GNU make is required Our README claims that we only use basic Make functionality, but in fact GNU make is required for conditional compilation. Document this. Addresses issue #967 --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 11b4ebf6a..624e03fe3 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,11 @@ Compiling There are currently four active build systems used within mbed TLS releases: - yotta -- Make +- GNU Make - CMake - Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) -The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. +The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. Yotta, as a build system, is slightly different from the other build systems: @@ -54,9 +54,9 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro ### Make -We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform. +We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. -In order to build from the source code using Make, just enter at the command line: +In order to build from the source code using GNU Make, just enter at the command line: make From ec82da4cb2fde14244fca2d8583a0159b49cdefa Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Oct 2017 10:52:50 +0200 Subject: [PATCH 337/493] Restored note about using minimum functionality in makefiles --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 624e03fe3..5ffd2ae56 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. +We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. + In order to build from the source code using GNU Make, just enter at the command line: make From 86e5230e548ae792bd2d8bd14483c2ac7479da9e Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 09:08:53 +0100 Subject: [PATCH 338/493] Adapt ChangeLog --- ChangeLog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index 4436237ae..8bf697a22 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,13 @@ Bugfix * Correct extraction of signature-type from PK instance in X.509 CRT and CSR writing routines that prevented these functions to work with alternative RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011. + * Don't print X.509 version tag for v1 CRT's, and omit extensions for + non-v3 CRT's. + +Changes + * Extend cert_write example program by options to set the CRT version + and the message digest. Further, allow enabling/disabling of authority + identifier, subject identifier and basic constraints extensions. = mbed TLS 2.6.0 branch released 2017-08-10 From 3cdc7119726013ed9d7b27b251da83808201cae3 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:09:31 +0100 Subject: [PATCH 339/493] Deprecate usage of RSA primitives with wrong key type Further, state explicitly that wrong key types need not be supported by alternative RSA implementations, and that those may instead return the newly introduced error code MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. --- include/mbedtls/rsa.h | 117 ++++++++++++++++++++++++++++++++++++++++-- library/error.c | 2 + 2 files changed, 115 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 7d7469d50..2ffb7ab3f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,6 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't provide the requested operation. */ /* * RSA constants @@ -250,6 +251,15 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -273,6 +283,15 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -299,6 +318,15 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * \param input buffer holding the data to be encrypted * \param output buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size @@ -327,13 +355,22 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -359,13 +396,22 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * * \note The input buffer must be as large as the size @@ -393,16 +439,25 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * \param output buffer that will hold the plaintext * \param output_max_len maximum length of the output buffer * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size ctx->len of ctx->N (eg. 128 bytes * if RSA-1024 is used) to be able to hold an arbitrary * decrypted message. If it is not large enough to hold - * the decryption of the particular ciphertext provided, + * the decryption of the particular ciphertext provided, * the function will return MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE. * - * \note The input buffer must be as large as the size + * \note The input buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). */ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, @@ -430,6 +485,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -460,6 +524,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -488,6 +561,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer that will hold the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PRIVATE. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PUBLIC and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the signing operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -522,6 +604,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -552,6 +643,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * @@ -580,6 +680,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx, * \param hash buffer holding the message digest * \param sig buffer holding the ciphertext * + * \deprecated It is deprecated and discouraged to call this function + * in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary + * are likely to remove the mode argument and have it implicitly + * set to MBEDTLS_RSA_PUBLIC. + * + * \note Alternative implementations of RSA need not support + * mode being set to MBEDTLS_RSA_PRIVATE and may instead + * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. + * * \return 0 if the verify operation was successful, * or an MBEDTLS_ERR_RSA_XXX error code * diff --git a/library/error.c b/library/error.c index db42381c4..0217767cc 100644 --- a/library/error.c +++ b/library/error.c @@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); + if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't provide the requested operation" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 1613715f6f6d3d97d4ef77987bae02d1d3de4c67 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:10:30 +0100 Subject: [PATCH 340/493] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index e199682ea..b7fb5d5d6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. +API Changes + * Deprecate usage of RSA primitives with non-matching key-type + (e.g., signing with a public key). + = mbed TLS 2.6.0 branch released 2017-08-10 Security From f8b56d4e411cca80ad3788f3fa3fe0741a9acd89 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 10:16:37 +0100 Subject: [PATCH 341/493] Adapt RSA test suite Don't expect alternative implementations to implement the RSA operations for wrong key-types. --- tests/suites/test_suite_rsa.function | 65 ++++++++++++++++++++-------- 1 file changed, 48 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index d48bc8595..a6bd7c124 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -59,9 +59,12 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig msg_len = unhexify( message_str, message_hex_string ); if( mbedtls_md_info_from_type( digest ) != NULL ) - TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), message_str, msg_len, hash_result ) == 0 ); + TEST_ASSERT( mbedtls_md( mbedtls_md_info_from_type( digest ), + message_str, msg_len, hash_result ) == 0 ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, digest, 0, hash_result, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, digest, 0, + hash_result, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -70,7 +73,8 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig } exit: - mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); + mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); + mbedtls_mpi_free( &H ); mbedtls_mpi_free( &G ); mbedtls_rsa_free( &ctx ); } /* END_CASE */ @@ -118,6 +122,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str ) { + int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char output[1000]; @@ -156,7 +161,9 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, unhexify( message_str, message_hex_string ); hash_len = unhexify( hash_result, hash_result_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, hash_len, hash_result, output ) == 0 ); + TEST_ASSERT( mbedtls_rsa_pkcs1_sign( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PRIVATE, MBEDTLS_MD_NONE, + hash_len, hash_result, output ) == 0 ); hexify( output_str, output, ctx.len ); @@ -168,13 +175,22 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, memset( output, 0x00, 1000 ); memset( output_str, 0x00, 1000 ); - TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, + res = mbedtls_rsa_rsaes_pkcs1_v15_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PRIVATE, - hash_len, hash_result, output ) == 0 ); + hash_len, hash_result, output ); - hexify( output_str, output, ctx.len ); +#if !defined(MBEDTLS_RSA_ALT) + TEST_ASSERT( res == 0 ); +#else + TEST_ASSERT( ( res == 0 ) || + ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); +#endif - TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + if( res == 0 ) + { + hexify( output_str, output, ctx.len ); + TEST_ASSERT( strcasecmp( (char *) output_str, result_hex_str ) == 0 ); + } } exit: @@ -189,6 +205,7 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, char *input_N, int radix_E, char *input_E, char *result_hex_str, int correct ) { + int res; unsigned char message_str[1000]; unsigned char hash_result[1000]; unsigned char result_str[1000]; @@ -219,15 +236,25 @@ void rsa_pkcs1_verify_raw( char *message_hex_string, char *hash_result_string, { int ok; - TEST_ASSERT( mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, + res = mbedtls_rsa_rsaes_pkcs1_v15_decrypt( &ctx, NULL, NULL, MBEDTLS_RSA_PUBLIC, - &olen, result_str, output, sizeof( output ) ) == 0 ); + &olen, result_str, output, sizeof( output ) ); - ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0; - if( correct == 0 ) - TEST_ASSERT( ok == 1 ); - else - TEST_ASSERT( ok == 0 ); +#if !defined(MBEDTLS_RSA_ALT) + TEST_ASSERT( res == 0 ); +#else + TEST_ASSERT( ( res == 0 ) || + ( res == MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION ) ); +#endif + + if( res == 0 ) + { + ok = olen == hash_len && memcmp( output, hash_result, olen ) == 0; + if( correct == 0 ) + TEST_ASSERT( ok == 1 ); + else + TEST_ASSERT( ok == 0 ); + } } exit: @@ -262,7 +289,9 @@ void mbedtls_rsa_pkcs1_encrypt( char *message_hex_string, int padding_mode, int msg_len = unhexify( message_str, message_hex_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_pseudo_rand, &rnd_info, + MBEDTLS_RSA_PUBLIC, msg_len, + message_str, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); @@ -300,7 +329,9 @@ void rsa_pkcs1_encrypt_bad_rng( char *message_hex_string, int padding_mode, msg_len = unhexify( message_str, message_hex_string ); - TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, MBEDTLS_RSA_PUBLIC, msg_len, message_str, output ) == result ); + TEST_ASSERT( mbedtls_rsa_pkcs1_encrypt( &ctx, &rnd_zero_rand, NULL, + MBEDTLS_RSA_PUBLIC, msg_len, + message_str, output ) == result ); if( result == 0 ) { hexify( output_str, output, ctx.len ); From bc389d1d3c8edd41a8d82c8e7d0c56b222853189 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 11:49:53 +0100 Subject: [PATCH 342/493] Extend scope of ERR_RSA_UNSUPPORTED_OPERATION error code --- include/mbedtls/rsa.h | 3 ++- library/error.c | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 2ffb7ab3f..562395f2b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,7 +48,8 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ -#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't provide the requested operation. */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, + e.g. because of security violations or lack of functionality */ /* * RSA constants diff --git a/library/error.c b/library/error.c index 0217767cc..66e6aa23c 100644 --- a/library/error.c +++ b/library/error.c @@ -332,7 +332,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't provide the requested operation" ); + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, "\ + "e.g. because of security violations or lack of functionality" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 7e304fcac93209450fd835a006405d3cf48f0216 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 5 Oct 2017 11:50:16 +0100 Subject: [PATCH 343/493] Move deprecation to separate section in ChangeLog --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index b7fb5d5d6..569f12f60 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,7 @@ Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. -API Changes +New deprecations * Deprecate usage of RSA primitives with non-matching key-type (e.g., signing with a public key). From 074c58f08bceeb50fd59c131ed54c07db356df37 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:33:34 +0100 Subject: [PATCH 344/493] Always print gmt_unix_time in TLS client Change ssl_parse_server_hello() so that the parsed first four random bytes from the ServerHello message are printed by the TLS client as a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The debug message will only be printed if debug_level is 3 or higher. Unconditionally enabling the debug print enabled testing of this value. --- library/ssl_cli.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 19bf021e2..544c8cf5c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1448,9 +1448,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; -#if defined(MBEDTLS_DEBUG_C) - uint32_t t; -#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); @@ -1553,13 +1550,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } -#if defined(MBEDTLS_DEBUG_C) - t = ( (uint32_t) buf[2] << 24 ) - | ( (uint32_t) buf[3] << 16 ) - | ( (uint32_t) buf[4] << 8 ) - | ( (uint32_t) buf[5] ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", + ( (uint32_t) buf[2] << 24 ) | + ( (uint32_t) buf[3] << 16 ) | + ( (uint32_t) buf[4] << 8 ) | + ( (uint32_t) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); From a46a58ab942c324c414d46bc78fb4eb4db26f4ee Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:38:07 +0100 Subject: [PATCH 345/493] Extend ssl-opt.h so that run_test takes function Extend the run_test function in ssl-opt.sh so that it accepts the -f and -F options. These parameters take an argument which is the name of a shell function that will be called by run_test and will be given the client input and output debug log. The idea is that these functions are defined by each test and they can be used to do some custom check beyon those allowed by the pattern matching capabilities of the run_test function. --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc6348..b349512cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -357,9 +357,11 @@ detect_dtls() { # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output # -u pattern lines after pattern must be unique in client output +# -f call shell function on client output # -S pattern pattern that must be absent in server output # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output +# -F call shell function on server output run_test() { NAME="$1" shift 1 @@ -546,6 +548,18 @@ run_test() { return fi ;; + "-F") + if ! $2 "$SRV_OUT"; then + fail "function call to '$2' failed on Server output" + return + fi + ;; + "-f") + if ! $2 "$CLI_OUT"; then + fail "function call to '$2' failed on Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 From ac36e382a97a54b06cca1f61f70eddc8c3904f4d Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:44:01 +0100 Subject: [PATCH 346/493] Add ssl-opt.sh test to check gmt_unix_time is good Add a test to ssl-opt.sh that parses the client and server debug output and then checks that the Unix timestamp in the ServerHello message is within acceptable bounds. --- tests/ssl-opt.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b349512cc..e23daeeaf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -321,6 +321,33 @@ wait_server_start() { fi } +# Given the client or server debug output, parse the unix timestamp that is +# included in the first 4 bytes of the random bytes and check that its within +# acceptable bounds +check_server_hello_time() { + # Extract the time from the debug (lvl 3) output of the client + SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + # Get the Unix timestamp for now + CUR_TIME=$(date +'%s') + THRESHOLD_IN_SECS=300 + + # Check if the ServerHello time was printed + if [ -z "$SERVER_HELLO_TIME" ]; then + return 1 + fi + + # Check the time in ServerHello is within acceptable bounds + if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minutes before now + return 1 + elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minues later than now + return 1 + else + return 0 + fi +} + # wait for client to terminate and set CLI_EXIT # must be called right after starting the client wait_client_done() { @@ -696,6 +723,21 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" +# Test current time in ServerHello +requires_config_enabled MBEDTLS_HAVE_TIME +run_test "Default, ServerHello contains gmt_unix_time" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -C "error" \ + -f "check_server_hello_time" \ + -F "check_server_hello_time" + # Test for uniqueness of IVs in AEAD ciphersuites run_test "Unique IV in GCM" \ "$P_SRV exchanges=20 debug_level=4" \ From 5987ef451ca75fa492cbd1e8c4a8d3fed5aaf42f Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 14 Sep 2017 12:41:29 +0100 Subject: [PATCH 347/493] Fix typos in ssl-opt.sh comments --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e23daeeaf..1a9482f10 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -322,7 +322,7 @@ wait_server_start() { } # Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that its within +# included in the first 4 bytes of the random bytes and check that it's within # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client @@ -341,7 +341,7 @@ check_server_hello_time() { # The time in ServerHello is at least 5 minutes before now return 1 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minues later than now + # The time in ServerHello is at least 5 minutes later than now return 1 else return 0 From acdae0cb33fe51e2693a92fa8a015bb784cac833 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 15 Sep 2017 15:49:24 +0100 Subject: [PATCH 348/493] Remove use of GNU sed features from ssl-opt.sh --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a9482f10..7fcca685b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -326,7 +326,7 @@ wait_server_start() { # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" # Get the Unix timestamp for now CUR_TIME=$(date +'%s') THRESHOLD_IN_SECS=300 From b04e2c3d8159493c118f9774e8f2588521aedd77 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 349/493] Allow comments in test data files --- ChangeLog | 3 +++ tests/scripts/generate_code.pl | 21 +++++++++++++++++++++ tests/suites/main_test.function | 19 ++++++++++++------- tests/suites/test_suite_md.data | 1 + tests/suites/test_suite_mdx.data | 1 + tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_shax.data | 1 + 7 files changed, 42 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index e199682ea..ab4c50db4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x released xxxx-xx-xx +Features + * Allow comments in test data files. + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. diff --git a/tests/scripts/generate_code.pl b/tests/scripts/generate_code.pl index 84e949dfa..a48631946 100755 --- a/tests/scripts/generate_code.pl +++ b/tests/scripts/generate_code.pl @@ -49,6 +49,27 @@ # file name is used to replace the symbol 'TESTCASE_FILENAME' in the main # code file above. # +# A test data file consists of a sequence of paragraphs separated by +# a single empty line. Line breaks may be in Unix (LF) or Windows (CRLF) +# format. Lines starting with the character '#' are ignored +# (the parser behaves as if they were not present). +# +# Each paragraph describes one test case and must consist of: (1) one +# line which is the test case name; (2) an optional line starting with +# the 11-character prefix "depends_on:"; (3) a line containing the test +# function to execute and its parameters. +# +# A depends_on: line consists of a list of compile-time options +# separated by the character ':', with no whitespace. The test case +# is executed only if this compilation option is enabled in config.h. +# +# The last line of each paragraph contains a test function name and +# a list of parameters separated by the character ':'. Running the +# test case calls this function with the specified parameters. Each +# parameter may either be an integer written in decimal or hexadecimal, +# or a string surrounded by double quotes which may not contain the +# ':' character. +# use strict; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index a7bb41de3..551f239d2 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -140,14 +140,19 @@ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - ret = fgets( buf, len, f ); - if( ret == NULL ) - return( -1 ); + buf[0] = '#'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; + while( buf[0] == '#' ) + { + ret = fgets( buf, len, f ); + if( ret == NULL ) + return( -1 ); + + if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) + buf[strlen(buf) - 1] = '\0'; + if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) + buf[strlen(buf) - 1] = '\0'; + } return( 0 ); } diff --git a/tests/suites/test_suite_md.data b/tests/suites/test_suite_md.data index 71d1f6dde..abd8e55d9 100644 --- a/tests/suites/test_suite_md.data +++ b/tests/suites/test_suite_md.data @@ -1,3 +1,4 @@ +# Tests of the generic message digest interface MD process mbedtls_md_process: diff --git a/tests/suites/test_suite_mdx.data b/tests/suites/test_suite_mdx.data index 2d403b410..3d063a477 100644 --- a/tests/suites/test_suite_mdx.data +++ b/tests/suites/test_suite_mdx.data @@ -1,3 +1,4 @@ +# Test MD2, MD4, MD5 and RIPEMD160 mbedtls_md2 Test vector RFC1319 #1 md2_text:"":"8350e5a3e24c153df2275c9f80692773" diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 5013ac8b0..fc7d93588 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -1,5 +1,6 @@ RSA PKCS1 Verify v1.5 CAVS #1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_PKCS1_V15 +# Good padding but wrong hash mbedtls_rsa_pkcs1_verify:"d6248c3e96b1a7e5fea978870fcc4c9786b4e5156e16b7faef4557d667f730b8bc4c784ef00c624df5309513c3a5de8ca94c2152e0459618666d3148092562ebc256ffca45b27fd2d63c68bd5e0a0aefbe496e9e63838a361b1db6fc272464f191490bf9c029643c49d2d9cd08833b8a70b4b3431f56fb1eb55ccd39e77a9c92":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"3203b7647fb7e345aa457681e5131777f1adc371f2fba8534928c4e52ef6206a856425d6269352ecbf64db2f6ad82397768cafdd8cd272e512d617ad67992226da6bc291c31404c17fd4b7e2beb20eff284a44f4d7af47fd6629e2c95809fa7f2241a04f70ac70d3271bb13258af1ed5c5988c95df7fa26603515791075feccd":MBEDTLS_ERR_RSA_VERIFY_FAILED RSA PKCS1 Verify v1.5 CAVS #2 @@ -24,6 +25,7 @@ mbedtls_rsa_pkcs1_verify:"44637d3b8de525fd589237bc81229c8966d3af24540850c2403633 RSA PKCS1 Verify v1.5 CAVS #7 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PKCS1_V15 +# Bad padding after performing the public key operation mbedtls_rsa_pkcs1_verify:"d03f12276f6ba7545b8fce719471bd253791878809694e8754f3b389f26c9253a758ed28b4c62535a8d5702d7a778731d5759ff2b3b39b192db680e791632918b6093c0e8ca25c2bf756a07fde4144a37f769fe4054455a45cb8cefe4462e7a9a45ce71f2189b4fef01b47aee8585d44dc9d6fa627a3e5f08801871731f234cd":MBEDTLS_RSA_PKCS_V15:MBEDTLS_MD_SHA384:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"d93a878c1ce86571590b0e43794b3edb23552797c4b8c9e3da4fe1cc4ac0566acd3b10541fe9a7a79f5ea4892d3069ca6903efb5c40c47eb8a9c781eb4249281d40c3d96aae16da1bb4daaece6a26eca5f41c062b4124a64fc9d340cba5ab0d1f5affff6515a87f0933774fd4322d2fa497cd6f708a429ca56dcb1fd3db623d0":MBEDTLS_ERR_RSA_INVALID_PADDING RSA PKCS1 Verify v1.5 CAVS #8 @@ -365,6 +367,7 @@ RSA Generate Key - 2048 bit key mbedtls_rsa_gen_key:2048:3:0 RSA Generate Key - 1025 bit key +# mbedtls_rsa_gen_key only supports even-sized keys mbedtls_rsa_gen_key:1025:3:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA PKCS1 Encrypt Bad RNG diff --git a/tests/suites/test_suite_shax.data b/tests/suites/test_suite_shax.data index ea2a18380..ee8074dc0 100644 --- a/tests/suites/test_suite_shax.data +++ b/tests/suites/test_suite_shax.data @@ -1,3 +1,4 @@ +# Test the operation of SHA-1 and SHA-2 SHA-1 Test Vector NIST CAVS #1 depends_on:MBEDTLS_SHA1_C mbedtls_sha1:"":"da39a3ee5e6b4b0d3255bfef95601890afd80709" From 964faeb6c4248a015df2375c26a864f53b93d8a8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 18:00:25 +0200 Subject: [PATCH 350/493] Cleaned up get_line for test data files Look, ma, a use for do...while! Also removed 1-3 calls to strlen. --- tests/suites/main_test.function | 24 ++++++++++++++++-------- 1 file changed, 16 insertions(+), 8 deletions(-) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 551f239d2..20add3c77 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -136,23 +136,31 @@ DISPATCH_FUNCTION "TESTCASE_FILENAME" +/** Retrieve one input line into buf, which must have room for len + * bytes. The trailing line break (if any) is stripped from the result. + * Lines beginning with the character '#' are skipped. Lines that are + * more than len-1 bytes long including the trailing line break are + * truncated; note that the following bytes remain in the input stream. + * + * \return 0 on success, -1 on error or end of file + */ int get_line( FILE *f, char *buf, size_t len ) { char *ret; - buf[0] = '#'; - - while( buf[0] == '#' ) + do { ret = fgets( buf, len, f ); if( ret == NULL ) return( -1 ); - - if( strlen( buf ) && buf[strlen(buf) - 1] == '\n' ) - buf[strlen(buf) - 1] = '\0'; - if( strlen( buf ) && buf[strlen(buf) - 1] == '\r' ) - buf[strlen(buf) - 1] = '\0'; } + while( buf[0] == '#' ); + + ret = buf + strlen( buf ); + if( ret-- > buf && *ret == '\n' ) + *ret = '\0'; + if( ret-- > buf && *ret == '\r' ) + *ret = '\0'; return( 0 ); } From e1a94a64042414b6c7a8af604ce5fd901f4fde09 Mon Sep 17 00:00:00 2001 From: Xinyu Chen Date: Tue, 22 Nov 2016 14:56:18 +0800 Subject: [PATCH 351/493] Correct the printf message of the DTLS handshake. Make it consistent with dtls_server.c --- programs/ssl/dtls_client.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index e18ee42a1..f271bad30 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -203,7 +203,7 @@ int main( int argc, char *argv[] ) /* * 4. Handshake */ - mbedtls_printf( " . Performing the SSL/TLS handshake..." ); + mbedtls_printf( " . Performing the DTLS handshake..." ); fflush( stdout ); do ret = mbedtls_ssl_handshake( &ssl ); From cb8d54b22d68e108b8ea0a5134d9a6f790afb6e1 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 23 Aug 2017 16:04:40 +0300 Subject: [PATCH 352/493] Fix typo in configs/README.txt file Fix typo in Readme file: ajust->adjust --- configs/README.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/README.txt b/configs/README.txt index e9867bc15..933fa7f21 100644 --- a/configs/README.txt +++ b/configs/README.txt @@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of them, you can pick one of the following methods: 1. Replace the default file include/mbedtls/config.h with the chosen one. - (Depending on your compiler, you may need to ajust the line with + (Depending on your compiler, you may need to adjust the line with #include "mbedtls/check_config.h" then.) 2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly. From b25c0c78cfacf535287d4a959426e8221dcc4ed9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 May 2017 11:24:30 +0100 Subject: [PATCH 353/493] Add test case calling ssl_set_hostname twice Add a test case calling ssl_set_hostname twice to test_suite_ssl. When run in CMake build mode ASan, this catches the current leak, but will hopefully be fine with the new version. --- tests/suites/test_suite_ssl.data | 3 +++ tests/suites/test_suite_ssl.function | 13 +++++++++++++ 2 files changed, 16 insertions(+) diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data index a39f6f09f..b92c1fe8a 100644 --- a/tests/suites/test_suite_ssl.data +++ b/tests/suites/test_suite_ssl.data @@ -54,3 +54,6 @@ ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd12340101":0 SSL DTLS replay: big jump then just delayed ssl_dtls_replay:"abcd12340000,abcd12340100":"abcd123400ff":0 + +SSL SET_HOSTNAME memory leak: call ssl_set_hostname twice +ssl_set_hostname_twice:"server0":"server1" diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function index 8d3448cbc..60683afee 100644 --- a/tests/suites/test_suite_ssl.function +++ b/tests/suites/test_suite_ssl.function @@ -40,3 +40,16 @@ void ssl_dtls_replay( char *prevs, char *new, int ret ) mbedtls_ssl_config_free( &conf ); } /* END_CASE */ + +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +void ssl_set_hostname_twice( char *hostname0, char *hostname1 ) +{ + mbedtls_ssl_context ssl; + mbedtls_ssl_init( &ssl ); + + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname0 ) == 0 ); + TEST_ASSERT( mbedtls_ssl_set_hostname( &ssl, hostname1 ) == 0 ); + + mbedtls_ssl_free( &ssl ); +} +/* END_CASE */ \ No newline at end of file From 947194e7cfe9e8c84eec2221ad67439ae6d0ed2f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:25:49 +0100 Subject: [PATCH 354/493] Make mbedtls_ssl_set_hostname safe to be called multiple times Zeroize and free previously set hostnames before overwriting them. Also, allow clearance of hostname by providing NULL parameter. --- library/ssl_tls.c | 55 +++++++++++++++++++++++++++++++---------------- 1 file changed, 37 insertions(+), 18 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b388156df..b837690c2 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6166,7 +6166,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, { conf->sig_hashes = hashes; } -#endif +#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */ #if defined(MBEDTLS_ECP_C) /* @@ -6177,32 +6177,51 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf, { conf->curve_list = curve_list; } -#endif +#endif /* MBEDTLS_ECP_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) { - size_t hostname_len; + /* Initialize to suppress unnecessary compiler warning */ + size_t hostname_len = 0; + + /* Check if new hostname is valid before + * making any change to current one */ + + if( hostname != NULL ) + { + hostname_len = strlen( hostname ); + + if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) + return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + } + + /* Now it's clear that we will overwrite the old hostname, + * so we can free it safely */ + + if( ssl->hostname != NULL ) + { + mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) ); + mbedtls_free( ssl->hostname ); + } + + /* Passing NULL as hostname shall clear the old one */ if( hostname == NULL ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + { + ssl->hostname = NULL; + } + else + { + ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - hostname_len = strlen( hostname ); + if( ssl->hostname == NULL ) + return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - if( hostname_len + 1 == 0 ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); + memcpy( ssl->hostname, hostname, hostname_len ); - if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN ) - return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA ); - - ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 ); - - if( ssl->hostname == NULL ) - return( MBEDTLS_ERR_SSL_ALLOC_FAILED ); - - memcpy( ssl->hostname, hostname, hostname_len ); - - ssl->hostname[hostname_len] = '\0'; + ssl->hostname[hostname_len] = '\0'; + } return( 0 ); } From 0446a39744fb4f6eeb1936a464ea3890fc4e7bcc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 12:59:32 +0100 Subject: [PATCH 355/493] Enhance documentation of mbedtls_ssl_set_hostname (1) Add missing error condition (2) Specify allowance and effect of of NULL hostname parameter (3) Describe effect of function on failure --- include/mbedtls/ssl.h | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index cc0007006..87ea00dbb 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1794,15 +1794,23 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, #if defined(MBEDTLS_X509_CRT_PARSE_C) /** - * \brief Set the hostname to check against the received server - * certificate. It sets the ServerName TLS extension too, - * if the extension is enabled. - * (client-side only) + * \brief Set or reset the hostname to check against the received + * server certificate. It sets the ServerName TLS extension, + * too, if that extension is enabled. (client-side only) * * \param ssl SSL context - * \param hostname the server hostname + * \param hostname the server hostname, may be NULL to clear hostname + + * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. + * + * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on + * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * too long input hostname. + * + * \post Hostname set to the one provided on success (cleared + * when NULL). On allocation failure hostname is cleared. + * On too long input failure, old hostname is unchanged. * - * \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ From 1a9a51c7cfec37271b064324883bbd03087d125c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 7 Apr 2017 13:02:16 +0100 Subject: [PATCH 356/493] Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog. Add a reference to the relevant RFC, adapt ChangeLog. --- ChangeLog | 2 ++ include/mbedtls/ssl.h | 5 ++--- library/ssl_cli.c | 8 ++++++++ library/ssl_tls.c | 2 +- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index ab4c50db4..8729c87e2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -198,6 +198,8 @@ Security team. #569 CVE-2017-2784 Bugfix + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h index 87ea00dbb..e98101e19 100644 --- a/include/mbedtls/ssl.h +++ b/include/mbedtls/ssl.h @@ -1804,13 +1804,12 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf, * \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN. * * \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on - * allocation failure, MBEDTLS_ERR_BAD_INPUT_DATA on + * allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on * too long input hostname. * - * \post Hostname set to the one provided on success (cleared + * Hostname set to the one provided on success (cleared * when NULL). On allocation failure hostname is cleared. * On too long input failure, old hostname is unchanged. - * */ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ); #endif /* MBEDTLS_X509_CRT_PARSE_C */ diff --git a/library/ssl_cli.c b/library/ssl_cli.c index a2b9f8cfe..19bf021e2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, } /* + * Sect. 3, RFC 6066 (TLS Extensions Definitions) + * + * In order to provide any of the server names, clients MAY include an + * extension of type "server_name" in the (extended) client hello. The + * "extension_data" field of this extension SHALL contain + * "ServerNameList" where: + * * struct { * NameType name_type; * select (name_type) { @@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl, * struct { * ServerName server_name_list<1..2^16-1> * } ServerNameList; + * */ *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF ); *p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF ); diff --git a/library/ssl_tls.c b/library/ssl_tls.c index b837690c2..10fff954c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6225,7 +6225,7 @@ int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname ) return( 0 ); } -#endif +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf, From 2c4f9460ea98ca0a1d5eefbd10cf6c33c3629b7e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Sat, 30 Sep 2017 23:39:46 +0100 Subject: [PATCH 357/493] Update ChangeLog for fix to #836 --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 8729c87e2..ad773c73a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -8,6 +8,8 @@ Features Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. + * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. + Found by projectgus and jethrogb, #836. = mbed TLS 2.6.0 branch released 2017-08-10 @@ -198,8 +200,6 @@ Security team. #569 CVE-2017-2784 Bugfix - * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. - Found by jethrogb, #836. * Fix output certificate verification flags set by x509_crt_verify_top() when traversing a chain of trusted CA. The issue would cause both flags, MBEDTLS_X509_BADCERT_NOT_TRUSTED and MBEDTLS_X509_BADCERT_EXPIRED, to be From 71f68c4043fe5cd9bab9e7d7cfdd953cb5c81192 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 26 Sep 2017 11:29:11 +0300 Subject: [PATCH 358/493] Fix ssl_server2 sample application prompt FIx the type of server_addr parameter from %d to %s. Issue reported by Email by Bei Jin --- programs/ssl/ssl_server2.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a25886824..1285abcbd 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -326,7 +326,7 @@ int main( void ) #define USAGE \ "\n usage: ssl_server2 param=<>...\n" \ "\n acceptable parameters:\n" \ - " server_addr=%%d default: (all interfaces)\n" \ + " server_addr=%%s default: (all interfaces)\n" \ " server_port=%%d default: 4433\n" \ " debug_level=%%d default: 0 (disabled)\n" \ " nbio=%%d default: 0 (blocking I/O)\n" \ From 16373a5933489c5f7d9a412f5c6a280aff31eb1e Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 359/493] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index ad773c73a..a89f2a467 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Bugfix as recommended in RFC 6347 Section 4.1.2.7. * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. + * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. = mbed TLS 2.6.0 branch released 2017-08-10 From 11cb578fda46941807c6d09fd790752c87f62cde Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 16 Jun 2017 14:52:39 +0200 Subject: [PATCH 360/493] Note in README that GNU make is required Our README claims that we only use basic Make functionality, but in fact GNU make is required for conditional compilation. Document this. Addresses issue #967 --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 11b4ebf6a..624e03fe3 100644 --- a/README.md +++ b/README.md @@ -14,11 +14,11 @@ Compiling There are currently four active build systems used within mbed TLS releases: - yotta -- Make +- GNU Make - CMake - Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) -The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. +The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. Yotta, as a build system, is slightly different from the other build systems: @@ -54,9 +54,9 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro ### Make -We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform. +We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. -In order to build from the source code using Make, just enter at the command line: +In order to build from the source code using GNU Make, just enter at the command line: make From 470edd031fce0aed8303d7add0f48c3c5abf9177 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 2 Oct 2017 10:52:50 +0200 Subject: [PATCH 361/493] Restored note about using minimum functionality in makefiles --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 624e03fe3..5ffd2ae56 100644 --- a/README.md +++ b/README.md @@ -56,6 +56,8 @@ For more details on the yotta/mbed OS edition of mbed TLS, including example pro We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools. +We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake. + In order to build from the source code using GNU Make, just enter at the command line: make From 6bce9cb5acbbdc56877e34126253703fdf744d20 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:33:34 +0100 Subject: [PATCH 362/493] Always print gmt_unix_time in TLS client Change ssl_parse_server_hello() so that the parsed first four random bytes from the ServerHello message are printed by the TLS client as a Unix timestamp regardless of whether MBEDTLS_DEBUG_C is defined. The debug message will only be printed if debug_level is 3 or higher. Unconditionally enabling the debug print enabled testing of this value. --- library/ssl_cli.c | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 19bf021e2..544c8cf5c 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -1448,9 +1448,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) #endif int handshake_failure = 0; const mbedtls_ssl_ciphersuite_t *suite_info; -#if defined(MBEDTLS_DEBUG_C) - uint32_t t; -#endif MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) ); @@ -1553,13 +1550,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl ) return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION ); } -#if defined(MBEDTLS_DEBUG_C) - t = ( (uint32_t) buf[2] << 24 ) - | ( (uint32_t) buf[3] << 16 ) - | ( (uint32_t) buf[4] << 8 ) - | ( (uint32_t) buf[5] ); - MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) ); -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", + ( (uint32_t) buf[2] << 24 ) | + ( (uint32_t) buf[3] << 16 ) | + ( (uint32_t) buf[4] << 8 ) | + ( (uint32_t) buf[5] ) ) ); memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 ); From 93993defd1afee80cfbca5ca13039da5bd55a891 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:38:07 +0100 Subject: [PATCH 363/493] Extend ssl-opt.h so that run_test takes function Extend the run_test function in ssl-opt.sh so that it accepts the -f and -F options. These parameters take an argument which is the name of a shell function that will be called by run_test and will be given the client input and output debug log. The idea is that these functions are defined by each test and they can be used to do some custom check beyon those allowed by the pattern matching capabilities of the run_test function. --- tests/ssl-opt.sh | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 280fc6348..b349512cc 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -357,9 +357,11 @@ detect_dtls() { # Options: -s pattern pattern that must be present in server output # -c pattern pattern that must be present in client output # -u pattern lines after pattern must be unique in client output +# -f call shell function on client output # -S pattern pattern that must be absent in server output # -C pattern pattern that must be absent in client output # -U pattern lines after pattern must be unique in server output +# -F call shell function on server output run_test() { NAME="$1" shift 1 @@ -546,6 +548,18 @@ run_test() { return fi ;; + "-F") + if ! $2 "$SRV_OUT"; then + fail "function call to '$2' failed on Server output" + return + fi + ;; + "-f") + if ! $2 "$CLI_OUT"; then + fail "function call to '$2' failed on Client output" + return + fi + ;; *) echo "Unknown test: $1" >&2 From b84c40b12f4db5f17f2b1623a79449d7ec3ad936 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 6 Sep 2017 15:44:01 +0100 Subject: [PATCH 364/493] Add ssl-opt.sh test to check gmt_unix_time is good Add a test to ssl-opt.sh that parses the client and server debug output and then checks that the Unix timestamp in the ServerHello message is within acceptable bounds. --- tests/ssl-opt.sh | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index b349512cc..e23daeeaf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -321,6 +321,33 @@ wait_server_start() { fi } +# Given the client or server debug output, parse the unix timestamp that is +# included in the first 4 bytes of the random bytes and check that its within +# acceptable bounds +check_server_hello_time() { + # Extract the time from the debug (lvl 3) output of the client + SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + # Get the Unix timestamp for now + CUR_TIME=$(date +'%s') + THRESHOLD_IN_SECS=300 + + # Check if the ServerHello time was printed + if [ -z "$SERVER_HELLO_TIME" ]; then + return 1 + fi + + # Check the time in ServerHello is within acceptable bounds + if [ $SERVER_HELLO_TIME -lt $(( $CUR_TIME - $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minutes before now + return 1 + elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then + # The time in ServerHello is at least 5 minues later than now + return 1 + else + return 0 + fi +} + # wait for client to terminate and set CLI_EXIT # must be called right after starting the client wait_client_done() { @@ -696,6 +723,21 @@ run_test "Default, DTLS" \ -s "Protocol is DTLSv1.2" \ -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" +# Test current time in ServerHello +requires_config_enabled MBEDTLS_HAVE_TIME +run_test "Default, ServerHello contains gmt_unix_time" \ + "$P_SRV debug_level=3" \ + "$P_CLI debug_level=3" \ + 0 \ + -s "Protocol is TLSv1.2" \ + -s "Ciphersuite is TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384" \ + -s "client hello v3, signature_algorithm ext: 6" \ + -s "ECDHE curve: secp521r1" \ + -S "error" \ + -C "error" \ + -f "check_server_hello_time" \ + -F "check_server_hello_time" + # Test for uniqueness of IVs in AEAD ciphersuites run_test "Unique IV in GCM" \ "$P_SRV exchanges=20 debug_level=4" \ From 3b1bdff28579e9537e5e2d2f165a3a01f011d9ff Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Thu, 14 Sep 2017 12:41:29 +0100 Subject: [PATCH 365/493] Fix typos in ssl-opt.sh comments --- tests/ssl-opt.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index e23daeeaf..1a9482f10 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -322,7 +322,7 @@ wait_server_start() { } # Given the client or server debug output, parse the unix timestamp that is -# included in the first 4 bytes of the random bytes and check that its within +# included in the first 4 bytes of the random bytes and check that it's within # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client @@ -341,7 +341,7 @@ check_server_hello_time() { # The time in ServerHello is at least 5 minutes before now return 1 elif [ $SERVER_HELLO_TIME -gt $(( $CUR_TIME + $THRESHOLD_IN_SECS )) ]; then - # The time in ServerHello is at least 5 minues later than now + # The time in ServerHello is at least 5 minutes later than now return 1 else return 0 From 67d8da522fa46270be593b8f6f38de0f748d8251 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 15 Sep 2017 15:49:24 +0100 Subject: [PATCH 366/493] Remove use of GNU sed features from ssl-opt.sh --- tests/ssl-opt.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 1a9482f10..7fcca685b 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -326,7 +326,7 @@ wait_server_start() { # acceptable bounds check_server_hello_time() { # Extract the time from the debug (lvl 3) output of the client - SERVER_HELLO_TIME="$(cat "$1" | sed -n 's/.*server hello, current time: \([0-9]\+\)$/\1/p')" + SERVER_HELLO_TIME="$(sed -n 's/.*server hello, current time: //p' < "$1")" # Get the Unix timestamp for now CUR_TIME=$(date +'%s') THRESHOLD_IN_SECS=300 From 21acb66cba6bd3ef6a12c9d65e43d1168ae2baee Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 6 Oct 2017 14:38:15 +0100 Subject: [PATCH 367/493] Correct typo: PBDFK -> PBKDF --- tests/suites/test_suite_pkparse.data | 72 ++++++++++++++-------------- 1 file changed, 36 insertions(+), 36 deletions(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index b0fd49bd7..df7c1407c 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -218,147 +218,147 @@ Parse RSA Key #37 (PKCS#8 encrypted SHA1-RC4-128 DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS12_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbe_sha1_4096_rc4_128.der":"PolarSSLTest":0 -Parse RSA Key #38 (PKCS#8 encrypted v2 PBDFK2 3DES) +Parse RSA Key #38 (PKCS#8 encrypted v2 PBKDF2 3DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTest":0 -Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBDFK2 3DES, wrong PW) +Parse RSA Key #38.1 (PKCS#8 encrypted v2 PBKDF2 3DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBDFK2 3DES, no PW) +Parse RSA Key #38.2 (PKCS#8 encrypted v2 PBKDF2 3DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #39 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit) +Parse RSA Key #39 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTest":0 -Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, wrong PW) +Parse RSA Key #39.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 2048-bit, no PW) +Parse RSA Key #39.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #40 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit) +Parse RSA Key #40 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTest":0 -Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, wrong PW) +Parse RSA Key #40.1 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBDFK2 3DES, 4096-bit, no PW) +Parse RSA Key #40.2 (PKCS#8 encrypted v2 PBKDF2 3DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #41 (PKCS#8 encrypted v2 PBDFK2 3DES DER) +Parse RSA Key #41 (PKCS#8 encrypted v2 PBKDF2 3DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTest":0 -Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, wrong PW) +Parse RSA Key #41.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, no PW) +Parse RSA Key #41.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #42 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit) +Parse RSA Key #42 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTest":0 -Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, wrong PW) +Parse RSA Key #42.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 2048-bit, no PW) +Parse RSA Key #42.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #43 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit) +Parse RSA Key #43 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTest":0 -Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, wrong PW) +Parse RSA Key #43.1 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBDFK2 3DES DER, 4096-bit, no PW) +Parse RSA Key #43.2 (PKCS#8 encrypted v2 PBKDF2 3DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_3des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #44 (PKCS#8 encrypted v2 PBDFK2 DES) +Parse RSA Key #44 (PKCS#8 encrypted v2 PBKDF2 DES) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTest":0 -Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBDFK2 DES, wrong PW) +Parse RSA Key #44.1 (PKCS#8 encrypted v2 PBKDF2 DES, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBDFK2 DES, no PW) +Parse RSA Key #44.2 (PKCS#8 encrypted v2 PBKDF2 DES, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #45 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit) +Parse RSA Key #45 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTest":0 -Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, wrong PW) +Parse RSA Key #45.1 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBDFK2 DES, 2048-bit, no PW) +Parse RSA Key #45.2 (PKCS#8 encrypted v2 PBKDF2 DES, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #46 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit) +Parse RSA Key #46 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTest":0 -Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, wrong PW) +Parse RSA Key #46.1 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBDFK2 DES, 4096-bit, no PW) +Parse RSA Key #46.2 (PKCS#8 encrypted v2 PBKDF2 DES, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.pem":"":MBEDTLS_ERR_PK_PASSWORD_REQUIRED -Parse RSA Key #47 (PKCS#8 encrypted v2 PBDFK2 DES DER) +Parse RSA Key #47 (PKCS#8 encrypted v2 PBKDF2 DES DER) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTest":0 -Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, wrong PW) +Parse RSA Key #47.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, no PW) +Parse RSA Key #47.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_1024_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #48 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit) +Parse RSA Key #48 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTest":0 -Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, wrong PW) +Parse RSA Key #48.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 2048-bit, no PW) +Parse RSA Key #48.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 2048-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_2048_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT -Parse RSA Key #49 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit) +Parse RSA Key #49 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTest":0 -Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, wrong PW) +Parse RSA Key #49.1 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, wrong PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"PolarSSLTes":MBEDTLS_ERR_PK_PASSWORD_MISMATCH -Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBDFK2 DES DER, 4096-bit, no PW) +Parse RSA Key #49.2 (PKCS#8 encrypted v2 PBKDF2 DES DER, 4096-bit, no PW) depends_on:MBEDTLS_DES_C:MBEDTLS_SHA1_C:MBEDTLS_PKCS5_C pk_parse_keyfile_rsa:"data_files/rsa_pkcs8_pbes2_pbkdf2_4096_des.der":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From def0339db2ffb08abb7e26db9d6523d584566f17 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 1 Oct 2017 16:42:29 +0100 Subject: [PATCH 368/493] Ensure failed test_suite output is sent to stdout The change modifies the template code in tests/suites/helpers.function and tests/suites/main.function so that error messages are printed to stdout instead of being discarded. This makes errors visible regardless of the --verbose flag being passed or not to the test suite programs. --- tests/suites/helpers.function | 19 +++++++++++++------ tests/suites/main_test.function | 24 +++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df85..cac104a3b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,15 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ /* Global variables */ -static int test_errors = 0; + +static struct +{ + int failed; + const char *test; + const char *filename; + int line_no; +} +test_info; /*----------------------------------------------------------------------------*/ @@ -395,10 +403,9 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) static void test_fail( const char *test, int line_no, const char* filename ) { - test_errors++; - if( test_errors == 1 ) - mbedtls_fprintf( stdout, "FAILED\n" ); - mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, - filename ); + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 20add3c77..120247e53 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -339,6 +339,9 @@ int main(int argc, const char *argv[]) testfile_count = 1; } + /* Initialize the struct that holds information about the last test */ + memset( &test_info, 0, sizeof( test_info ) ); + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; @@ -369,7 +372,7 @@ int main(int argc, const char *argv[]) if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf ); mbedtls_fprintf( stdout, " " ); for( i = strlen( buf ) + 1; i < 67; i++ ) mbedtls_fprintf( stdout, "." ); @@ -409,11 +412,11 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { - test_errors = 0; + test_info.failed = 0; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose @@ -467,9 +470,20 @@ int main(int argc, const char *argv[]) unmet_dep_count = 0; } - else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS ) { - mbedtls_fprintf( stdout, "PASS\n" ); + if( test_info.failed == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + } + else + { + total_errors++; + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", + test_info.test, test_info.line_no, + test_info.filename ); + } fflush( stdout ); } else if( ret == DISPATCH_INVALID_TEST_DATA ) From 3f50f511de4079ed492d589b7ffe761ad539a72c Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Sun, 1 Oct 2017 16:42:29 +0100 Subject: [PATCH 369/493] Ensure failed test_suite output is sent to stdout The change modifies the template code in tests/suites/helpers.function and tests/suites/main.function so that error messages are printed to stdout instead of being discarded. This makes errors visible regardless of the --verbose flag being passed or not to the test suite programs. --- tests/suites/helpers.function | 19 +++++++++++++------ tests/suites/main_test.function | 24 +++++++++++++++++++----- 2 files changed, 32 insertions(+), 11 deletions(-) diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 63815df85..cac104a3b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -99,7 +99,15 @@ typedef UINT32 uint32_t; /*----------------------------------------------------------------------------*/ /* Global variables */ -static int test_errors = 0; + +static struct +{ + int failed; + const char *test; + const char *filename; + int line_no; +} +test_info; /*----------------------------------------------------------------------------*/ @@ -395,10 +403,9 @@ static int rnd_pseudo_rand( void *rng_state, unsigned char *output, size_t len ) static void test_fail( const char *test, int line_no, const char* filename ) { - test_errors++; - if( test_errors == 1 ) - mbedtls_fprintf( stdout, "FAILED\n" ); - mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", test, line_no, - filename ); + test_info.failed = 1; + test_info.test = test; + test_info.line_no = line_no; + test_info.filename = filename; } diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 20add3c77..120247e53 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -339,6 +339,9 @@ int main(int argc, const char *argv[]) testfile_count = 1; } + /* Initialize the struct that holds information about the last test */ + memset( &test_info, 0, sizeof( test_info ) ); + /* Now begin to execute the tests in the testfiles */ for ( testfile_index = 0; testfile_index < testfile_count; @@ -369,7 +372,7 @@ int main(int argc, const char *argv[]) if( ( ret = get_line( file, buf, sizeof(buf) ) ) != 0 ) break; - mbedtls_fprintf( stdout, "%s%.66s", test_errors ? "\n" : "", buf ); + mbedtls_fprintf( stdout, "%s%.66s", test_info.failed ? "\n" : "", buf ); mbedtls_fprintf( stdout, " " ); for( i = strlen( buf ) + 1; i < 67; i++ ) mbedtls_fprintf( stdout, "." ); @@ -409,11 +412,11 @@ int main(int argc, const char *argv[]) break; cnt = parse_arguments( buf, strlen(buf), params ); } - + // If there are no unmet dependencies execute the test if( unmet_dep_count == 0 ) { - test_errors = 0; + test_info.failed = 0; #if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__)) /* Suppress all output from the library unless we're verbose @@ -467,9 +470,20 @@ int main(int argc, const char *argv[]) unmet_dep_count = 0; } - else if( ret == DISPATCH_TEST_SUCCESS && test_errors == 0 ) + else if( ret == DISPATCH_TEST_SUCCESS ) { - mbedtls_fprintf( stdout, "PASS\n" ); + if( test_info.failed == 0 ) + { + mbedtls_fprintf( stdout, "PASS\n" ); + } + else + { + total_errors++; + mbedtls_fprintf( stdout, "FAILED\n" ); + mbedtls_fprintf( stdout, " %s\n at line %d, %s\n", + test_info.test, test_info.line_no, + test_info.filename ); + } fflush( stdout ); } else if( ret == DISPATCH_INVALID_TEST_DATA ) From 86968c6dd1d5b272de78060a6dca7f7f2f961574 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 370/493] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a..31c42db05 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From 68b4d58bd8e4e4738bf7da84ee69df47823d4ec5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:39:10 +0100 Subject: [PATCH 371/493] Remove PRNG argument from `mbedtls_rsa_deduce_moduli` It is not necessary to pass a CSPRNG to `mbedtls_rsa_deduce_moduli`, as there exist well-working static strategies, and even if a PRNG is preferred, a non-secure one would be sufficient. Further, the implementation is changed to use a static strategy for the choice of candidates which according to some benchmarks even performs better than the previous one using random candidate choices. --- include/mbedtls/rsa.h | 6 ++---- library/rsa.c | 42 ++++++++++++++++++++---------------------- 2 files changed, 22 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 044887749..04175eb4f 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -89,8 +89,6 @@ extern "C" { * \param N RSA modulus N = PQ, with P, Q to be found * \param D RSA private exponent * \param E RSA public exponent - * \param f_rng PRNG to be used for randomization, or NULL - * \param p_rng PRNG context for f_rng, or NULL * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * @@ -105,8 +103,8 @@ extern "C" { * */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ); + mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ); /** * \brief Compute RSA private exponent from diff --git a/library/rsa.c b/library/rsa.c index d14817c2c..b932d977a 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -132,7 +132,6 @@ static void mbedtls_zeroize( void *v, size_t n ) { */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, mbedtls_mpi const *E, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng, mbedtls_mpi *P, mbedtls_mpi *Q ) { int ret = 0; @@ -140,13 +139,25 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, uint16_t attempt; /* Number of current attempt */ uint16_t iter; /* Number of squares computed in the current attempt */ - uint16_t bitlen_half; /* Half the bitsize of the modulus N */ uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* During factorization attempts, stores a random integer * in the range of [0,..,N] */ + const unsigned int primes[] = { 2, + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313 + }; + + const size_t num_primes = sizeof( primes ) / sizeof( *primes ); + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); @@ -179,31 +190,18 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, /* After this operation, T holds the largest odd divisor of DE - 1. */ MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); - /* This is used to generate a few numbers around N / 2 - * if no PRNG is provided. */ - if( f_rng == NULL ) - bitlen_half = mbedtls_mpi_bitlen( N ) / 2; - /* * Actual work */ - for( attempt = 0; attempt < 30; ++attempt ) + /* Skip trying 2 if N == 1 mod 8 */ + attempt = 0; + if( N->p[0] % 8 == 1 ) + attempt = 1; + + for( ; attempt < num_primes; ++attempt ) { - /* Generate some number in [0,N], either randomly - * if a PRNG is given, or try numbers around N/2 */ - if( f_rng != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &K, - mbedtls_mpi_size( N ), - f_rng, p_rng ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &K, 1 ) ) ; - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_l( &K, bitlen_half ) ) ; - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, attempt + 1 ) ); - } + mbedtls_mpi_lset( &K, primes[attempt] ); /* Check if gcd(K,N) = 1 */ MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); From 1e801f57064e21e9ab025896984ca94ec666a9e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:44:47 +0100 Subject: [PATCH 372/493] Clarify guarantees made by `rsa_complete` and `rsa_check_privkey` --- include/mbedtls/rsa.h | 65 ++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 26 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 04175eb4f..0c649073e 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -405,19 +405,16 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * * \return * - 0 if successful. In this case, it is guaranteed - * the functions \c mbedtls_rsa_check_pubkey resp. - * \c mbedtls_rsa_check_privkey pass in case of a - * public resp. private key. + * that the RSA context can be used for RSA operations + * without the risk of failure or crash. * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if the attempted * derivations failed. * - * \warning Implementations are *not* obliged to perform exhaustive - * validation of the imported parameters! - * In particular, parameters that are not needed by the - * implementation may be silently discarded and left unchecked. - * If the user mistrusts the given key material, he should - * employ other means for verification like the helper functions - * \c mbedtls_rsa_validate_params, \c mbedtls_rsa_validate_crt. + * \warning This function need not perform consistency checks + * for the imported parameters! In particular, parameters that + * are not needed by the implementation may be silently discarded + * and left unchecked. For the purpose of checking the consistency + * of the key material, see \c mbedtls_rsa_check_privkey. * */ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, @@ -581,25 +578,41 @@ int mbedtls_rsa_gen_key( mbedtls_rsa_context *ctx, int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); /** - * \brief Check if a context contains an RSA private key - * and perform basic sanity checks. + * \brief Check if a context contains an RSA private key + * and perform basic consistency checks. * - * \param ctx RSA context to be checked + * \param ctx RSA context to be checked * - * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. - * On success, it is guaranteed that enough information is - * present to perform RSA private and public key operations. + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. * - * \warning This function is *not* obliged to perform an exhaustive - * sanity check what would guarantee the internal parameters - * to match and \c mbedtls_rsa_private and \c mbedtls_rsa_public - * to be mutually inverse to each other. - * The reason is that for minimal non-CRT implementations - * using only N, D, E, for example, checking the validity - * would be computationally expensive. - * Users mistrusting their key material should use other - * means for verification; see the documentation of - * \c mbedtls_rsa_complete. + * \note This function performs checks substantiating + * the consistency of the key material used to setup + * the RSA context. In case of implementations saving + * all core RSA parameters, this might mean a consistency + * check in the sense of \c mbedtls_rsa_validate_params, + * while other implementations might perform an empirical + * check consisting of an encryption-decryption pair. + * + * \warning This function should catch accidental misconfigurations + * like swapping of parameters, but it cannot establish full + * trust in neither the quality nor the consistency of the key + * material that was used to setup the given RSA context: + * - Regarding consistency, note (see \c mbedtls_rsa_complete) + * that imported parameters irrelevant for the implementation + * might be silently dropped, in which case the present + * function doesn't have access to and hence cannot check them. + * If the user desires to check the consistency of the entire + * content of, say, an PKCS1-encoded RSA private key, he + * should use \c mbedtls_rsa_validate_params before setting + * up the RSA context. + * Further, if the implementation performs empirical checks, + * these checks will substantiate but not guarantee consistency. + * - Regarding quality, this function is not expected to perform + * extended quality assessments like checking that the prime + * factors are safe. Further, it is the user's responsibility to + * ensure trustworthiness of the source of his RSA parameters, + * a question going beyond what's effectively checkable + * by the library. * */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ); From 314adb6baa2cabf4244162da68c9733ece3afabc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Oct 2017 18:28:25 +0300 Subject: [PATCH 373/493] Address PR review comments 1) update ChangLog to have new feature in Features instead of Changes 2) Change MBEDTLS_ECDSA_ALT to function specific alternative definitions: MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and MBEDTLS_ECDSA_GENKEY_ALT --- ChangeLog | 9 ++-- include/mbedtls/config.h | 4 +- library/ecdsa.c | 105 +++++++++++++++++++------------------ library/version_features.c | 12 +++-- 4 files changed, 71 insertions(+), 59 deletions(-) diff --git a/ChangeLog b/ChangeLog index 94eba4208..040632cf4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,10 +36,13 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. - * Add support for alternative implementation for ECDSA, controlled by new - configuration flag MBEDTLS_ECDSA_ALT in config.h. + +Features + * Add support for alternative implementations for ECDSA, controlled by new + configuration flags MBEDTLS_ECDSA_SIGN_ALT, MBEDTLS_ECDSA_VERIFY_ALT and + MBEDTLS_ECDSDA_GENKEY_AT in config.h. The following functions from the ECDSA module can be replaced - with an alternative implementation: + with alternative implementation: mbedtls_ecdsa_sign(), mbedtls_ecdsa_verify() and mbedtls_ecdsa_genkey(). = mbed TLS 2.5.0 branch released 2017-05-17 diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 54dc2372d..7c06ec488 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,7 +238,6 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_ECDSA_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT @@ -295,6 +294,9 @@ //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT +//#define MBEDTLS_ECDSA_VERIFY_ALT +//#define MBEDTLS_ECDSA_SIGN_ALT +//#define MBEDTLS_ECDSA_GENKEY_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/ecdsa.c b/library/ecdsa.c index 804884bca..a241072c3 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -65,8 +65,7 @@ cleanup: return( ret ); } -#if !defined(MBEDTLS_ECDSA_ALT) - +#if !defined(MBEDTLS_ECDSA_SIGN_ALT) /* * Compute ECDSA signature of a hashed message (SEC1 4.1.3) * Obviously, compared to SEC1 4.1.3, we skip step 4 (hash message) @@ -155,8 +154,47 @@ cleanup: return( ret ); } +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#if defined(MBEDTLS_ECDSA_DETERMINISTIC) +/* + * Deterministic signature wrapper + */ +int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, + const mbedtls_mpi *d, const unsigned char *buf, size_t blen, + mbedtls_md_type_t md_alg ) +{ + int ret; + mbedtls_hmac_drbg_context rng_ctx; + unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; + size_t grp_len = ( grp->nbits + 7 ) / 8; + const mbedtls_md_info_t *md_info; + mbedtls_mpi h; + if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) + return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + + mbedtls_mpi_init( &h ); + mbedtls_hmac_drbg_init( &rng_ctx ); + + /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); + MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); + mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); + + ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, + mbedtls_hmac_drbg_random, &rng_ctx ); + +cleanup: + mbedtls_hmac_drbg_free( &rng_ctx ); + mbedtls_mpi_free( &h ); + + return( ret ); +} +#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ + +#if !defined(MBEDTLS_ECDSA_VERIFY_ALT) /* * Verify ECDSA signature of hashed message (SEC1 4.1.4) * Obviously, compared to SEC1 4.1.3, we skip step 2 (hash message) @@ -242,56 +280,7 @@ cleanup: return( ret ); } - -/* - * Generate key pair - */ -int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, - int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) -{ - return( mbedtls_ecp_group_load( &ctx->grp, gid ) || - mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); -} - -#endif /* MBEDTLS_ECDSA_ALT */ - -#if defined(MBEDTLS_ECDSA_DETERMINISTIC) -/* - * Deterministic signature wrapper - */ -int mbedtls_ecdsa_sign_det( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, - const mbedtls_mpi *d, const unsigned char *buf, size_t blen, - mbedtls_md_type_t md_alg ) -{ - int ret; - mbedtls_hmac_drbg_context rng_ctx; - unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES]; - size_t grp_len = ( grp->nbits + 7 ) / 8; - const mbedtls_md_info_t *md_info; - mbedtls_mpi h; - - if( ( md_info = mbedtls_md_info_from_type( md_alg ) ) == NULL ) - return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); - - mbedtls_mpi_init( &h ); - mbedtls_hmac_drbg_init( &rng_ctx ); - - /* Use private key and message hash (reduced) to initialize HMAC_DRBG */ - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( d, data, grp_len ) ); - MBEDTLS_MPI_CHK( derive_mpi( grp, &h, buf, blen ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_write_binary( &h, data + grp_len, grp_len ) ); - mbedtls_hmac_drbg_seed_buf( &rng_ctx, md_info, data, 2 * grp_len ); - - ret = mbedtls_ecdsa_sign( grp, r, s, d, buf, blen, - mbedtls_hmac_drbg_random, &rng_ctx ); - -cleanup: - mbedtls_hmac_drbg_free( &rng_ctx ); - mbedtls_mpi_free( &h ); - - return( ret ); -} -#endif /* MBEDTLS_ECDSA_DETERMINISTIC */ +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ /* * Convert a signature (given by context) to ASN.1 @@ -417,6 +406,18 @@ cleanup: return( ret ); } +#if !defined(MBEDTLS_ECDSA_GENKEY_ALT) +/* + * Generate key pair + */ +int mbedtls_ecdsa_genkey( mbedtls_ecdsa_context *ctx, mbedtls_ecp_group_id gid, + int (*f_rng)(void *, unsigned char *, size_t), void *p_rng ) +{ + return( mbedtls_ecp_group_load( &ctx->grp, gid ) || + mbedtls_ecp_gen_keypair( &ctx->grp, &ctx->d, &ctx->Q, f_rng, p_rng ) ); +} +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ + /* * Set context from an mbedtls_ecp_keypair */ diff --git a/library/version_features.c b/library/version_features.c index df7f957fe..2629098a6 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,9 +93,6 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_ECDSA_ALT) - "MBEDTLS_ECDSA_ALT", -#endif /* MBEDTLS_ECDSA_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ @@ -165,6 +162,15 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ +#if defined(MBEDTLS_ECDSA_VERIFY_ALT) + "MBEDTLS_ECDSA_VERIFY_ALT", +#endif /* MBEDTLS_ECDSA_VERIFY_ALT */ +#if defined(MBEDTLS_ECDSA_SIGN_ALT) + "MBEDTLS_ECDSA_SIGN_ALT", +#endif /* MBEDTLS_ECDSA_SIGN_ALT */ +#if defined(MBEDTLS_ECDSA_GENKEY_ALT) + "MBEDTLS_ECDSA_GENKEY_ALT", +#endif /* MBEDTLS_ECDSA_GENKEY_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From f9e184b9df9d72242fedb6ee94a59a6ef94e4329 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:49:26 +0100 Subject: [PATCH 374/493] Remove PRNG argument from `mbedtls_rsa_complete` --- include/mbedtls/rsa.h | 10 +--------- library/rsa.c | 14 +------------- tests/suites/test_suite_rsa.function | 16 +--------------- 3 files changed, 3 insertions(+), 37 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 0c649073e..c85e6c81d 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -382,8 +382,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * a set of imported core parameters. * * \param ctx Initialized RSA context to store parameters - * \param f_rng RNG function, or NULL - * \param p_rng RNG parameter, or NULL * * \note * - To setup an RSA public key, precisely N and E @@ -399,10 +397,6 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * - Alternative implementations need not support these * and may return \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA instead. * - * \note The PRNG is used for the probabilistic algorithm - * used in the derivation of P, Q from N, D, E. If it - * not present, a deterministic heuristic is used. - * * \return * - 0 if successful. In this case, it is guaranteed * that the RSA context can be used for RSA operations @@ -417,9 +411,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, * of the key material, see \c mbedtls_rsa_check_privkey. * */ -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); /** * \brief Export core parameters of an RSA key diff --git a/library/rsa.c b/library/rsa.c index b932d977a..66abcf72f 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -601,9 +601,7 @@ cleanup: return( 0 ); } -int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) +int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) { int ret = 0; @@ -658,7 +656,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, /* This includes sanity checking of core parameters, * so no further checks necessary. */ ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, - f_rng, p_rng, &ctx->P, &ctx->Q ); if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); @@ -666,15 +663,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx, } else if( d_missing ) { -#if defined(MBEDTLS_GENPRIME) - /* If a PRNG is provided, check if P, Q are prime. */ - if( f_rng != NULL && - ( ( ret = mbedtls_mpi_is_prime( &ctx->P, f_rng, p_rng ) ) != 0 || - ( ret = mbedtls_mpi_is_prime( &ctx->Q, f_rng, p_rng ) ) != 0 ) ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); - } -#endif /* MBEDTLS_GENPRIME */ /* Deduce private exponent. This includes double-checking of the result, * so together with the primality test above all core parameters are diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index fc27353e7..8b99eeda3 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -732,20 +732,11 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, { mbedtls_mpi N, P, Pp, Q, Qp, D, E; - mbedtls_entropy_context entropy; - mbedtls_ctr_drbg_context ctr_drbg; - const char *pers = "test_suite_rsa"; - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &Pp ); mbedtls_mpi_init( &Qp ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); - mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); - TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &D, radix_D, input_D ) == 0 ); TEST_ASSERT( mbedtls_mpi_read_string( &E, radix_E, input_E ) == 0 ); @@ -756,8 +747,7 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, TEST_ASSERT( mbedtls_mpi_add_int( &D, &D, 2 ) == 0 ); /* Try to deduce P, Q from N, D, E only. */ - TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, mbedtls_ctr_drbg_random, - &ctr_drbg, &P, &Q ) == result ); + TEST_ASSERT( mbedtls_rsa_deduce_primes( &N, &D, &E, &P, &Q ) == result ); if( !corrupt ) { @@ -767,14 +757,10 @@ void mbedtls_rsa_deduce_primes( int radix_N, char *input_N, } exit: - mbedtls_mpi_free( &N ); mbedtls_mpi_free( &P ); mbedtls_mpi_free( &Q ); mbedtls_mpi_free( &Pp ); mbedtls_mpi_free( &Qp ); mbedtls_mpi_free( &D ); mbedtls_mpi_free( &E ); - - mbedtls_ctr_drbg_free( &ctr_drbg ); - mbedtls_entropy_free( &entropy ); } /* END_CASE */ From 7f25f850ac563f9c375c7c26cb1f6c28d68ff9a7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 16:56:22 +0100 Subject: [PATCH 375/493] Adapt uses of `mbedtls_rsa_complete` to removed PRNG argument --- library/pkparse.c | 4 ++-- library/rsa.c | 2 +- programs/pkey/dh_server.c | 3 +-- programs/pkey/rsa_decrypt.c | 3 +-- programs/pkey/rsa_sign.c | 2 +- tests/suites/test_suite_pk.function | 2 +- tests/suites/test_suite_pkcs1_v15.function | 4 ++-- tests/suites/test_suite_pkcs1_v21.function | 4 ++-- tests/suites/test_suite_rsa.function | 20 ++++++++------------ 9 files changed, 19 insertions(+), 25 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index f0b9db320..57f966fe0 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -540,7 +540,7 @@ static int pk_get_rsapubkey( unsigned char **p, *p += len; - if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); if( *p != end ) @@ -745,7 +745,7 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, p += len; /* Complete the RSA private key */ - if( ( ret = mbedtls_rsa_complete( rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) goto cleanup; /* Check optional parameters */ diff --git a/library/rsa.c b/library/rsa.c index 66abcf72f..388b63426 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -2549,7 +2549,7 @@ int mbedtls_rsa_self_test( int verbose ) MBEDTLS_MPI_CHK( mbedtls_mpi_read_string( &K, 16, RSA_E ) ); MBEDTLS_MPI_CHK( mbedtls_rsa_import( &rsa, NULL, NULL, NULL, NULL, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa, NULL, NULL ) ); + MBEDTLS_MPI_CHK( mbedtls_rsa_complete( &rsa ) ); if( verbose != 0 ) mbedtls_printf( " RSA key validation: " ); diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c index 49066cd43..a8ee8fd3d 100644 --- a/programs/pkey/dh_server.c +++ b/programs/pkey/dh_server.c @@ -149,8 +149,7 @@ int main( void ) goto exit; } - if( ( ret = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", ret ); diff --git a/programs/pkey/rsa_decrypt.c b/programs/pkey/rsa_decrypt.c index 48275bc23..2da3fbf11 100644 --- a/programs/pkey/rsa_decrypt.c +++ b/programs/pkey/rsa_decrypt.c @@ -142,8 +142,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( return_val = mbedtls_rsa_complete( &rsa, mbedtls_ctr_drbg_random, - &ctr_drbg ) ) != 0 ) + if( ( return_val = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", return_val ); diff --git a/programs/pkey/rsa_sign.c b/programs/pkey/rsa_sign.c index ff6473632..89018cb76 100644 --- a/programs/pkey/rsa_sign.c +++ b/programs/pkey/rsa_sign.c @@ -115,7 +115,7 @@ int main( int argc, char *argv[] ) goto exit; } - if( ( ret = mbedtls_rsa_complete( &rsa, NULL, NULL ) ) != 0 ) + if( ( ret = mbedtls_rsa_complete( &rsa ) ) != 0 ) { mbedtls_printf( " failed\n ! mbedtls_rsa_complete returned %d\n\n", ret ); diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function index 58b6013d7..e84783667 100644 --- a/tests/suites/test_suite_pk.function +++ b/tests/suites/test_suite_pk.function @@ -361,7 +361,7 @@ void pk_rsa_decrypt_test_vec( char *cipher_hex, int mod, TEST_ASSERT( mbedtls_mpi_read_string( &Q, radix_Q, input_Q ) == 0 ); TEST_ASSERT( mbedtls_rsa_import( rsa, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( rsa ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( rsa, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( rsa ) == 0 ); /* decryption test */ memset( output, 0, sizeof( output ) ); diff --git a/tests/suites/test_suite_pkcs1_v15.function b/tests/suites/test_suite_pkcs1_v15.function index 1a06e4fba..7f8b1c82e 100644 --- a/tests/suites/test_suite_pkcs1_v15.function +++ b/tests/suites/test_suite_pkcs1_v15.function @@ -86,7 +86,7 @@ void pkcs1_rsaes_v15_decrypt( int mod, int radix_P, char *input_P, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -142,7 +142,7 @@ void pkcs1_rsassa_v15_sign( int mod, int radix_P, char *input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function index bd0993045..50da2ff1b 100644 --- a/tests/suites/test_suite_pkcs1_v21.function +++ b/tests/suites/test_suite_pkcs1_v21.function @@ -87,7 +87,7 @@ void pkcs1_rsaes_oaep_decrypt( int mod, int radix_P, char *input_P, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -143,7 +143,7 @@ void pkcs1_rsassa_pss_sign( int mod, int radix_P, char *input_P, int radix_Q, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( ( mod + 7 ) / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 8b99eeda3..87d15a859 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -47,7 +47,7 @@ void mbedtls_rsa_pkcs1_sign( char *message_hex_string, int padding_mode, int dig TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); msg_len = unhexify( message_str, message_hex_string ); @@ -146,7 +146,7 @@ void rsa_pkcs1_sign_raw( char *message_hex_string, char *hash_result_string, TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -363,7 +363,7 @@ void mbedtls_rsa_pkcs1_decrypt( char *message_hex_string, int padding_mode, int TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -471,7 +471,7 @@ void mbedtls_rsa_private( char *message_hex_string, int mod, int radix_P, char * TEST_ASSERT( mbedtls_rsa_import( &ctx, &N, &P, &Q, NULL, &E ) == 0 ); TEST_ASSERT( mbedtls_rsa_get_len( &ctx ) == (size_t) ( mod / 8 ) ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); unhexify( message_str, message_hex_string ); @@ -916,9 +916,7 @@ void mbedtls_rsa_import( int radix_N, char *input_N, have_E ? &E : NULL ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx, - mbedtls_ctr_drbg_random, - &ctr_drbg ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ @@ -1029,7 +1027,7 @@ void mbedtls_rsa_export( int radix_N, char *input_N, strlen( input_D ) ? &D : NULL, strlen( input_E ) ? &E : NULL ) == 0 ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); /* * Export parameters and compare to original ones. @@ -1220,7 +1218,7 @@ void mbedtls_rsa_export_raw( char *input_N, char *input_P, have_D ? bufD : NULL, lenD, have_E ? bufE : NULL, lenE ) == 0 ); - TEST_ASSERT( mbedtls_rsa_complete( &ctx, NULL, NULL ) == 0 ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == 0 ); /* * Export parameters and compare to original ones. @@ -1382,9 +1380,7 @@ void mbedtls_rsa_import_raw( char *input_N, ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx, - mbedtls_ctr_drbg_random, - &ctr_drbg ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ From a84c1cb3551fbab10c1100b5238b7f3283b2a399 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 10 Oct 2017 19:04:27 +0300 Subject: [PATCH 376/493] Address PR cpomments reviews 1) move the change into Features from Changes, in the changLog 2) Change the feature alternative configuration MBEDTLS_ECDH_ALT definition to function alternative defintions MBEDTLS_ECDH_COMPUTE_SHARED_ALT and MBEDTLS_ECDH_GEN_PUBLIC_ALT --- ChangeLog | 5 ++++- include/mbedtls/config.h | 3 ++- library/ecdh.c | 7 +++++-- library/version_features.c | 9 ++++++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/ChangeLog b/ChangeLog index 23698c233..76a27b666 100644 --- a/ChangeLog +++ b/ChangeLog @@ -36,8 +36,11 @@ Changes * Clarify ECDSA documentation and improve the sample code to avoid misunderstandings and potentially dangerous use of the API. Pointed out by Jean-Philippe Aumasson. + +Features * Add support for alternative implementation for ECDH, controlled by new - configuration flag MBEDTLS_ECDH_ALT in config.h. + configuration flags MBEDTLS_ECDH_COMPUTE_SHARED_ALT and + MBEDTLS_ECDH_GEN_PUBLIC_ALT in config.h. The following functions from the ECDH module can be replaced with an alternative implementation: mbedtls_ecdh_gen_public() and mbedtls_ecdh_compute_shared(). diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a29312a26..a151f77cc 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -238,7 +238,6 @@ //#define MBEDTLS_BLOWFISH_ALT //#define MBEDTLS_CAMELLIA_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_ECDH_ALT //#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT @@ -295,6 +294,8 @@ //#define MBEDTLS_AES_SETKEY_DEC_ALT //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT +//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/ecdh.c b/library/ecdh.c index b66cb5867..61380b693 100644 --- a/library/ecdh.c +++ b/library/ecdh.c @@ -38,7 +38,7 @@ #include -#if !defined(MBEDTLS_ECDH_ALT) +#if !defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) /* * Generate public key: simple wrapper around mbedtls_ecp_gen_keypair */ @@ -48,7 +48,9 @@ int mbedtls_ecdh_gen_public( mbedtls_ecp_group *grp, mbedtls_mpi *d, mbedtls_ecp { return mbedtls_ecp_gen_keypair( grp, d, Q, f_rng, p_rng ); } +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if !defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) /* * Compute shared secret (SEC1 3.3.1) */ @@ -82,7 +84,8 @@ cleanup: return( ret ); } -#endif /* MBEDTLS_ECDH_ALT */ +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ + /* * Initialize context */ diff --git a/library/version_features.c b/library/version_features.c index 7b08f04be..802832ce9 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -93,9 +93,6 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_ECDH_ALT) - "MBEDTLS_ECDH_ALT", -#endif /* MBEDTLS_ECDH_ALT */ #if defined(MBEDTLS_XTEA_ALT) "MBEDTLS_XTEA_ALT", #endif /* MBEDTLS_XTEA_ALT */ @@ -165,6 +162,12 @@ static const char *features[] = { #if defined(MBEDTLS_AES_DECRYPT_ALT) "MBEDTLS_AES_DECRYPT_ALT", #endif /* MBEDTLS_AES_DECRYPT_ALT */ +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + "MBEDTLS_ECDH_GEN_PUBLIC_ALT", +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) + "MBEDTLS_ECDH_GEN_PUBLIC_ALT", +#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From 134a082455a9d1405422a4afd40e7992d25530c1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:51:24 +0200 Subject: [PATCH 377/493] Fixed "config.pl get" for options with no value Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed for config.h lines with a comment at the end, but that broke the case of macros with an empty expansion. Support all cases. --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 406413bd5..4cf4ac8b8 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { + if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) { $value = $1; $done = 1; } From 58e5fdc0ca76029c48f9523b4e4d7af4ae71abd2 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:54:28 +0200 Subject: [PATCH 378/493] config.pl get: don't rewrite config.h; detect write errors scripts/config.pl would always rewrite config.h if it was reading it. This commit changes it to not modify the file when only reading is required, i.e. for the get command. Also, die if writing config.h fails (e.g. disk full). --- scripts/config.pl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 4cf4ac8b8..9fc606278 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -175,7 +175,10 @@ if ($action eq "realfull") { $no_exclude_re = join '|', @non_excluded; } -open my $config_write, '>', $config_file or die "write $config_file: $!\n"; +my $config_write = undef; +if ($action ne "get") { + open $config_write, '>', $config_file or die "write $config_file: $!\n"; +} my $done; for my $line (@config_lines) { @@ -211,7 +214,9 @@ for my $line (@config_lines) { } } - print $config_write $line; + if (defined $config_write) { + print $config_write $line or die "write $config_file: $!\n";; + } } # Did the set command work? @@ -223,10 +228,12 @@ if ($action eq "set"&& $force_option && !$done) { $line .= "\n"; $done = 1; - print $config_write $line; + print $config_write $line or die "write $config_file: $!\n"; } -close $config_write; +if (defined $config_write) { + close $config_write or die "close $config_file: $!\n"; +} if ($action eq "get") { if($done) { From ad8b9ec9e9924929752af3769a64b8867f5c39a6 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:56:18 +0200 Subject: [PATCH 379/493] config.pl get: be better behaved When printing an option's value, print a newline at the end. When the requested option is missing, fail with status 1 (the usual convention for "not found") rather than -1 (which has a system-dependent effect). --- scripts/config.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 9fc606278..b99140a37 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -56,7 +56,7 @@ Commands unset - Comments out the #define for the given symbol if present in the configuration file. get - Finds the #define for the given symbol, returning - an exitcode of 0 if the symbol is found, and -1 if + an exitcode of 0 if the symbol is found, and 1 if not. The value of the symbol is output if one is specified in the configuration file. full - Uncomments all #define's in the configuration file @@ -220,7 +220,7 @@ for my $line (@config_lines) { } # Did the set command work? -if ($action eq "set"&& $force_option && !$done) { +if ($action eq "set" && $force_option && !$done) { # If the force option was set, append the symbol to the end of the file my $line = "#define $name"; @@ -236,14 +236,14 @@ if (defined $config_write) { } if ($action eq "get") { - if($done) { + if ($done) { if ($value ne '') { - print $value; + print "$value\n"; } exit 0; } else { # If the symbol was not found, return an error - exit -1; + exit 1; } } From ae98d4aa397016e15ce2e2f8ba455322712157ec Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 11:26:45 +0200 Subject: [PATCH 380/493] Minor style fix --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index b99140a37..5a06a3338 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -215,7 +215,7 @@ for my $line (@config_lines) { } if (defined $config_write) { - print $config_write $line or die "write $config_file: $!\n";; + print $config_write $line or die "write $config_file: $!\n"; } } From e867489ff6cb06c51245410eb432532c37d56730 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 17:56:14 +0100 Subject: [PATCH 381/493] Remove outdated comments from `mbedtls_rsa_complete` --- library/rsa.c | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 388b63426..efc148956 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -653,8 +653,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( pq_missing ) { - /* This includes sanity checking of core parameters, - * so no further checks necessary. */ ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, &ctx->P, &ctx->Q ); if( ret != 0 ) @@ -663,10 +661,6 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) } else if( d_missing ) { - - /* Deduce private exponent. This includes double-checking of the result, - * so together with the primality test above all core parameters are - * guaranteed to be sane if this call succeeds. */ if( ( ret = mbedtls_rsa_deduce_private_exponent( &ctx->P, &ctx->Q, &ctx->E, @@ -676,11 +670,9 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) } } - /* In the remaining case of a public key, there's nothing to check for. */ - /* * Step 3: Deduce all additional parameters specific - * to our current RSA implementaiton. + * to our current RSA implementation. */ #if !defined(MBEDTLS_RSA_NO_CRT) From 705fc68d724e37d59aa4b2ed4d193ea1a92557be Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 10 Oct 2017 17:57:02 +0100 Subject: [PATCH 382/493] Unify sanity checks for RSA private and public keys --- library/rsa.c | 146 ++++++++++++++++++++++++++++++++++---------------- 1 file changed, 99 insertions(+), 47 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index efc148956..493cd1c12 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -139,7 +139,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, uint16_t attempt; /* Number of current attempt */ uint16_t iter; /* Number of squares computed in the current attempt */ - uint16_t order; /* Order of 2 in DE - 1 */ + uint16_t order; /* Order of 2 in DE - 1 */ mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* During factorization attempts, stores a random integer @@ -601,6 +601,89 @@ cleanup: return( 0 ); } +/* + * Checks whether the context fields are set in such a way + * that the RSA primitives will be able to execute without error. + * It does *not* make guarantees for consistency of the parameters. + */ +static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) +{ + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + + /* + * 1. Modular exponentiation needs positive, odd moduli. + */ + + /* Modular exponentiation wrt. N is always used for + * RSA public key operations. */ + if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } + +#if !defined(MBEDTLS_RSA_NO_CRT) + /* Modular exponentiation for P and Q is only + * used for private key operations and if CRT + * is used. */ + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->P, 0 ) == 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 || + mbedtls_mpi_get_bit( &ctx->Q, 0 ) == 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* !MBEDTLS_RSA_NO_CRT */ + + /* + * 2. Exponents must be positive + */ + + /* Always need E for public key operations */ + if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + +#if !defined(MBEDTLS_NO_CRT) + /* For private key operations, use D or DP & DQ + * as (unblinded) exponents. */ + if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); +#else + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) <= 0 || + mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) <= 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif /* MBEDTLS_RSA_NO_CRT */ + + /* Blinding shouldn't make exponents negative either, + * so check that P, Q >= 1 if that hasn't yet been + * done as part of 1. */ +#if defined(MBEDTLS_NO_CRT) + if( is_priv && + ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || + mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif + + /* It wouldn't lead to an error if it wasn't satisfied, + * but check for PQ >= 1 nonetheless. */ +#if !defined(MBEDTLS_NO_CRT) + if( is_priv && + mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) + { + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } +#endif + + return( 0 ); +} + int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) { int ret = 0; @@ -686,21 +769,10 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) #endif /* MBEDTLS_RSA_NO_CRT */ /* - * Step 3: Basic sanity check + * Step 3: Basic sanity checks */ - if( is_priv ) - { - if( ( ret = mbedtls_rsa_check_privkey( ctx ) ) != 0 ) - return( ret ); - } - else - { - if( ( ret = mbedtls_rsa_check_pubkey( ctx ) ) != 0 ) - return( ret ); - } - - return( 0 ); + return( rsa_check_context( ctx, is_priv ) ); } int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, @@ -960,20 +1032,8 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) - { + if( rsa_check_context( ctx, 0 /* public */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - } - - if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - - if( mbedtls_mpi_get_bit( &ctx->N, 0 ) == 0 || - mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - } if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) @@ -981,7 +1041,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } - if( mbedtls_mpi_bitlen( &ctx->E ) < 2 || + if( mbedtls_mpi_get_bit( &ctx->E, 0 ) == 0 || + mbedtls_mpi_bitlen( &ctx->E ) < 2 || mbedtls_mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); @@ -991,18 +1052,22 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) } /* - * Check a private RSA key + * Check for the consistency of all fields in an RSA private key context */ int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { - if( mbedtls_rsa_check_pubkey( ctx ) != 0 ) + if( mbedtls_rsa_check_pubkey( ctx ) != 0 || + rsa_check_context( ctx, 1 /* private */ ) != 0 ) + { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); + } if( mbedtls_rsa_validate_params( &ctx->N, &ctx->P, &ctx->Q, &ctx->D, &ctx->E, NULL, NULL ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } + #if !defined(MBEDTLS_RSA_NO_CRT) else if( mbedtls_rsa_validate_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ) != 0 ) @@ -1046,6 +1111,9 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, size_t olen; mbedtls_mpi T; + if( rsa_check_context( ctx, 0 /* public */ ) ) + return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + mbedtls_mpi_init( &T ); #if defined(MBEDTLS_THREADING_C) @@ -1162,24 +1230,8 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - /* Sanity-check that all relevant fields are at least set, - * but don't perform a full keycheck. */ - if( mbedtls_mpi_cmp_int( &ctx->N, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->P, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->Q, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->D, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->E, 0 ) == 0 ) - { + if( rsa_check_context( ctx, 1 /* private */ ) != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#if !defined(MBEDTLS_RSA_NO_CRT) - if( mbedtls_mpi_cmp_int( &ctx->DP, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->DQ, 0 ) == 0 || - mbedtls_mpi_cmp_int( &ctx->QP, 0 ) == 0 ) - { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); - } -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); From 04877a48d44fd561c67d9e6bfac7814b819ad92d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 10:01:33 +0100 Subject: [PATCH 383/493] Adapt `rsa_import` tests to weakened semantics of `rsa_complete` The tests now accept two result parameters, one for the expected result of the completion call, and one for the expected result of the subsequent sanity check. --- tests/suites/test_suite_rsa.data | 68 ++++++++++++++++------------ tests/suites/test_suite_rsa.function | 34 ++++++++------ 2 files changed, 60 insertions(+), 42 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 8ca6445bc..91aa1fd8c 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -428,88 +428,100 @@ RSA Deduce Moduli, corrupted mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Import (N,P,Q,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 + +RSA Import (N,P,Q,D,E), inconsistent +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (N,P,Q,D,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 + +RSA Import (N,P,Q,D,E), successive, inconsistent +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC3672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import (-,P,Q,D,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 RSA Import (-,P,Q,D,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,-,-,D,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":0:1:0:0 RSA Import (N,-,-,D,E), succesive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:1:0:0 RSA Import (N,P,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:0 RSA Import (N,P,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:0 RSA Import (-,P,Q,-,E) -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:0 RSA Import (-,P,Q,-,E), successive -mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0 +mbedtls_rsa_import:16:"":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:0 RSA Import (N,-,Q,-,E) -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,Q,-,E), successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import (N,-,-,-,E), complete public key -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":0:0:0:0 RSA Import (N,-,-,-,E), complete public key, successive -mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0 +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"3":1:0:0:0 + +RSA Import (N,-,-,-,E), complete public key, corrupted +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"4":0:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 + +RSA Import (N,-,-,-,E), complete public key, successive, corrupted +mbedtls_rsa_import:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"":16:"":16:"":16:"4":1:0:MBEDTLS_ERR_RSA_KEY_CHECK_FAILED:0 RSA Import Raw (N,P,Q,D,E), complete private key -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (N,P,Q,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (-,P,Q,D,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (-,P,Q,D,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (N,-,-,D,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":0:1:0:0 RSA Import Raw (N,-,-,D,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":"03":1:1:0:0 RSA Import Raw (N,P,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:0 RSA Import Raw (N,P,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:0 RSA Import Raw (-,P,Q,-,E) -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:0 RSA Import Raw (-,P,Q,-,E), successive -mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0 +mbedtls_rsa_import_raw:"":"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:0 RSA Import Raw (N,-,Q,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":0:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,Q,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:MBEDTLS_ERR_RSA_BAD_INPUT_DATA +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":"":"03":1:1:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA RSA Import Raw (N,-,-,-,E) -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":0:0:0:0 RSA Import Raw (N,-,-,-,E), successive -mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0 +mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0:0 RSA Export (N,P,Q,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 87d15a859..9ee8ea1fe 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -831,7 +831,8 @@ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_E, char *input_E, int successive, int is_priv, - int result ) + int res_check, + int res_complete ) { mbedtls_mpi N, P, Q, D, E; mbedtls_rsa_context ctx; @@ -916,17 +917,19 @@ void mbedtls_rsa_import( int radix_N, char *input_N, have_E ? &E : NULL ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ - if( result == 0 ) + if( res_complete == 0 ) { - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - /* Did we expect a full private key to be setup? */ if( is_priv ) - TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); + else + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); + + if( res_check != 0 ) + goto exit; buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); @@ -1294,7 +1297,8 @@ void mbedtls_rsa_import_raw( char *input_N, char *input_D, char *input_E, int successive, int is_priv, - int result ) + int res_check, + int res_complete ) { unsigned char bufN[1000]; unsigned char bufP[1000]; @@ -1380,17 +1384,19 @@ void mbedtls_rsa_import_raw( char *input_N, ( lenE > 0 ) ? bufE : NULL, lenE ) == 0 ); } - TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == result ); + TEST_ASSERT( mbedtls_rsa_complete( &ctx ) == res_complete ); /* On expected success, perform some public and private * key operations to check if the key is working properly. */ - if( result == 0 ) + if( res_complete == 0 ) { - TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == 0 ); - - /* Did we expect a full private key to be setup? */ if( is_priv ) - TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == 0 ); + TEST_ASSERT( mbedtls_rsa_check_privkey( &ctx ) == res_check ); + else + TEST_ASSERT( mbedtls_rsa_check_pubkey( &ctx ) == res_check ); + + if( res_check != 0 ) + goto exit; buf_orig = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); buf_enc = mbedtls_calloc( 1, mbedtls_rsa_get_len( &ctx ) ); From a565f54c4c0edf84ef598648e0fdb9a6d5f8f037 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 11:00:19 +0100 Subject: [PATCH 384/493] Introduce new files rsa_internal.[ch] for RSA helper functions This commit splits off the RSA helper functions into separate headers and compilation units to have a clearer separation of the public RSA interface, intended to be used by end-users, and the helper functions which are publicly provided only for the benefit of designers of alternative RSA implementations. --- include/mbedtls/config.h | 2 + include/mbedtls/rsa.h | 156 --------- include/mbedtls/rsa_internal.h | 219 ++++++++++++ library/CMakeLists.txt | 1 + library/Makefile | 6 +- library/rsa.c | 475 +-------------------------- library/rsa_internal.c | 471 ++++++++++++++++++++++++++ tests/suites/test_suite_rsa.function | 1 + 8 files changed, 700 insertions(+), 631 deletions(-) create mode 100644 include/mbedtls/rsa_internal.h create mode 100644 library/rsa_internal.c diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index ec004f5b3..a93b0aae2 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1650,6 +1650,7 @@ * library/ecp.c * library/ecdsa.c * library/rsa.c + * library/rsa_internal.c * library/ssl_tls.c * * This module is required for RSA, DHM and ECC (ECDH, ECDSA) support. @@ -2263,6 +2264,7 @@ * Enable the RSA public-key cryptosystem. * * Module: library/rsa.c + * library/rsa_internal.c * Caller: library/ssl_cli.c * library/ssl_srv.c * library/ssl_tls.c diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c85e6c81d..eab8e0dfe 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -74,162 +74,6 @@ extern "C" { #endif -/** - * Helper functions for RSA-related operations on MPI's. - */ - -/** - * \brief Compute RSA prime moduli P, Q from public modulus N=PQ - * and a pair of private and public key. - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param N RSA modulus N = PQ, with P, Q to be found - * \param D RSA private exponent - * \param E RSA public exponent - * \param P Pointer to MPI holding first prime factor of N on success - * \param Q Pointer to MPI holding second prime factor of N on success - * - * \return - * - 0 if successful. In this case, P and Q constitute a - * factorization of N. - * - A non-zero error code otherwise. - * - * \note It is neither checked that P, Q are prime nor that - * D, E are modular inverses wrt. P-1 and Q-1. For that, - * use the helper function \c mbedtls_rsa_validate_params. - * - */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, - mbedtls_mpi *P, mbedtls_mpi *Q ); - -/** - * \brief Compute RSA private exponent from - * prime moduli and public key. - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of RSA modulus - * \param Q Second prime factor of RSA modulus - * \param E RSA public exponent - * \param D Pointer to MPI holding the private exponent on success. - * - * \return - * - 0 if successful. In this case, D is set to a simultaneous - * modular inverse of E modulo both P-1 and Q-1. - * - A non-zero error code otherwise. - * - * \note This function does not check whether P and Q are primes. - * - */ -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ); - - -/** - * \brief Generate RSA-CRT parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of N - * \param Q Second prime factor of N - * \param D RSA private exponent - * \param DP Output variable for D modulo P-1 - * \param DQ Output variable for D modulo Q-1 - * \param QP Output variable for the modular inverse of Q modulo P. - * - * \return 0 on success, non-zero error code otherwise. - * - * \note This function does not check whether P, Q are - * prime and whether D is a valid private exponent. - * - */ -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ); - - -/** - * \brief Check validity of core RSA parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param N RSA modulus N = PQ - * \param P First prime factor of N - * \param Q Second prime factor of N - * \param D RSA private exponent - * \param E RSA public exponent - * \param f_rng PRNG to be used for primality check, or NULL - * \param p_rng PRNG context for f_rng, or NULL - * - * \return - * - 0 if the following conditions are satisfied - * if all relevant parameters are provided: - * - P prime if f_rng != NULL - * - Q prime if f_rng != NULL - * - 1 < N = PQ - * - 1 < D, E < N - * - D and E are modular inverses modulo P-1 and Q-1 - * - A non-zero error code otherwise. - * - * \note The function can be used with a restricted set of arguments - * to perform specific checks only. E.g., calling it with - * (-,P,-,-,-) and a PRNG amounts to a primality check for P. - */ -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ); - -/** - * \brief Check validity of RSA CRT parameters - * - * \note This is a 'static' helper function not operating on - * an RSA context. Alternative implementations need not - * overwrite it. - * - * \param P First prime factor of RSA modulus - * \param Q Second prime factor of RSA modulus - * \param D RSA private exponent - * \param DP MPI to check for D modulo P-1 - * \param DQ MPI to check for D modulo P-1 - * \param QP MPI to check for the modular inverse of Q modulo P. - * - * \return - * - 0 if the following conditions are satisfied: - * - D = DP mod P-1 if P, D, DP != NULL - * - Q = DQ mod P-1 if P, D, DQ != NULL - * - QP = Q^-1 mod P if P, Q, QP != NULL - * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, - * potentially including \c MBEDTLS_ERR_MPI_XXX if some - * MPI calculations failed. - * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient - * data was provided to check DP, DQ or QP. - * - * \note The function can be used with a restricted set of arguments - * to perform specific checks only. E.g., calling it with the - * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. - */ -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); - -/** - * Implementation of RSA interface - */ - #if !defined(MBEDTLS_RSA_ALT) /** diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h new file mode 100644 index 000000000..235347046 --- /dev/null +++ b/include/mbedtls/rsa_internal.h @@ -0,0 +1,219 @@ +/** + * \file rsa_internal.h + * + * \brief Context-independent RSA helper functions + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + * + * + * This file declares some RSA-related helper functions useful when + * implementing the RSA interface. They are public and provided in a + * separate compilation unit in order to make it easy for designers of + * alternative RSA implementations to use them in their code, as it is + * conceived that the functionality they provide will be necessary + * for most complete implementations. + * + * End-users of Mbed TLS not intending to re-implement the RSA functionality + * are not expected to get into the need of making use of these functions directly, + * but instead should be able to make do with the implementation of the RSA module. + * + * There are two classes of helper functions: + * (1) Parameter-generating helpers. These are: + * - mbedtls_rsa_deduce_primes + * - mbedtls_rsa_deduce_private_exponent + * - mbedtls_rsa_deduce_crt + * Each of these functions takes a set of core RSA parameters + * and generates some other, or CRT related parameters. + * (2) Parameter-checking helpers. These are: + * - mbedtls_rsa_validate_params + * - mbedtls_rsa_validate_crt + * They take a set of core or CRT related RSA parameters + * and check their validity. + * + */ + +#ifndef MBEDTLS_RSA_INTERNAL_H +#define MBEDTLS_RSA_INTERNAL_H + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#include "bignum.h" + +#if defined(MBEDTLS_RSA_C) + +#ifdef __cplusplus +extern "C" { +#endif + + +/** + * \brief Compute RSA prime moduli P, Q from public modulus N=PQ + * and a pair of private and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ, with P, Q to be found + * \param D RSA private exponent + * \param E RSA public exponent + * \param P Pointer to MPI holding first prime factor of N on success + * \param Q Pointer to MPI holding second prime factor of N on success + * + * \return + * - 0 if successful. In this case, P and Q constitute a + * factorization of N. + * - A non-zero error code otherwise. + * + * \note It is neither checked that P, Q are prime nor that + * D, E are modular inverses wrt. P-1 and Q-1. For that, + * use the helper function \c mbedtls_rsa_validate_params. + * + */ +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, + mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ); + +/** + * \brief Compute RSA private exponent from + * prime moduli and public key. + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param E RSA public exponent + * \param D Pointer to MPI holding the private exponent on success. + * + * \return + * - 0 if successful. In this case, D is set to a simultaneous + * modular inverse of E modulo both P-1 and Q-1. + * - A non-zero error code otherwise. + * + * \note This function does not check whether P and Q are primes. + * + */ +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ); + + +/** + * \brief Generate RSA-CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param DP Output variable for D modulo P-1 + * \param DQ Output variable for D modulo Q-1 + * \param QP Output variable for the modular inverse of Q modulo P. + * + * \return 0 on success, non-zero error code otherwise. + * + * \note This function does not check whether P, Q are + * prime and whether D is a valid private exponent. + * + */ +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ); + + +/** + * \brief Check validity of core RSA parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param N RSA modulus N = PQ + * \param P First prime factor of N + * \param Q Second prime factor of N + * \param D RSA private exponent + * \param E RSA public exponent + * \param f_rng PRNG to be used for primality check, or NULL + * \param p_rng PRNG context for f_rng, or NULL + * + * \return + * - 0 if the following conditions are satisfied + * if all relevant parameters are provided: + * - P prime if f_rng != NULL + * - Q prime if f_rng != NULL + * - 1 < N = PQ + * - 1 < D, E < N + * - D and E are modular inverses modulo P-1 and Q-1 + * - A non-zero error code otherwise. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with + * (-,P,-,-,-) and a PRNG amounts to a primality check for P. + */ +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ); + +/** + * \brief Check validity of RSA CRT parameters + * + * \note This is a 'static' helper function not operating on + * an RSA context. Alternative implementations need not + * overwrite it. + * + * \param P First prime factor of RSA modulus + * \param Q Second prime factor of RSA modulus + * \param D RSA private exponent + * \param DP MPI to check for D modulo P-1 + * \param DQ MPI to check for D modulo P-1 + * \param QP MPI to check for the modular inverse of Q modulo P. + * + * \return + * - 0 if the following conditions are satisfied: + * - D = DP mod P-1 if P, D, DP != NULL + * - Q = DQ mod P-1 if P, D, DQ != NULL + * - QP = Q^-1 mod P if P, Q, QP != NULL + * - \c MBEDTLS_ERR_RSA_KEY_CHECK_FAILED if check failed, + * potentially including \c MBEDTLS_ERR_MPI_XXX if some + * MPI calculations failed. + * - \c MBEDTLS_ERR_RSA_BAD_INPUT_DATA if insufficient + * data was provided to check DP, DQ or QP. + * + * \note The function can be used with a restricted set of arguments + * to perform specific checks only. E.g., calling it with the + * parameters (P, -, D, DP, -, -) will check DP = D mod P-1. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); + + +#endif /* MBEDTLS_RSA_C */ + +#endif /* rsa_internal.h */ diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 7a9f185e2..49f037c8c 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -48,6 +48,7 @@ set(src_crypto platform.c ripemd160.c rsa.c + rsa_internal.c sha1.c sha256.c sha512.c diff --git a/library/Makefile b/library/Makefile index 28f92315a..541d47fe9 100644 --- a/library/Makefile +++ b/library/Makefile @@ -59,9 +59,9 @@ OBJS_CRYPTO= aes.o aesni.o arc4.o \ padlock.o pem.o pk.o \ pk_wrap.o pkcs12.o pkcs5.o \ pkparse.o pkwrite.o platform.o \ - ripemd160.o rsa.o sha1.o \ - sha256.o sha512.o threading.o \ - timing.o version.o \ + ripemd160.o rsa_internal.o rsa.o \ + sha1.o sha256.o sha512.o \ + threading.o timing.o version.o \ version_features.o xtea.o OBJS_X509= certs.o pkcs11.o x509.o \ diff --git a/library/rsa.c b/library/rsa.c index 493cd1c12..83e2b2be3 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -46,6 +46,7 @@ #if defined(MBEDTLS_RSA_C) #include "mbedtls/rsa.h" +#include "mbedtls/rsa_internal.h" #include "mbedtls/oid.h" #include @@ -67,483 +68,13 @@ #define mbedtls_free free #endif +#if !defined(MBEDTLS_RSA_ALT) + /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0; } -/* - * Context-independent RSA helper functions. - * - * There are two classes of helper functions: - * (1) Parameter-generating helpers. These are: - * - mbedtls_rsa_deduce_primes - * - mbedtls_rsa_deduce_private_exponent - * - mbedtls_rsa_deduce_crt - * Each of these functions takes a set of core RSA parameters - * and generates some other, or CRT related parameters. - * (2) Parameter-checking helpers. These are: - * - mbedtls_rsa_validate_params - * - mbedtls_rsa_validate_crt - * They take a set of core or CRT related RSA parameters - * and check their validity. - * - * The helper functions do not use the RSA context structure - * and therefore do not need to be replaced when providing - * an alternative RSA implementation. - * - * Their main purpose is to provide common MPI operations in the context - * of RSA that can be easily shared across multiple implementations. - */ - -/* - * - * Given the modulus N=PQ and a pair of public and private - * exponents E and D, respectively, factor N. - * - * Setting F := lcm(P-1,Q-1), the idea is as follows: - * - * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) - * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the - * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four - * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) - * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime - * factors of N. - * - * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same - * construction still applies since (-)^K is the identity on the set of - * roots of 1 in Z/NZ. - * - * The public and private key primitives (-)^E and (-)^D are mutually inverse - * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. - * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. - * Splitting L = 2^t * K with K odd, we have - * - * DE - 1 = FL = (F/2) * (2^(t+1)) * K, - * - * so (F / 2) * K is among the numbers - * - * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord - * - * where ord is the order of 2 in (DE - 1). - * We can therefore iterate through these numbers apply the construction - * of (a) and (b) above to attempt to factor N. - * - */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *D, mbedtls_mpi const *E, - mbedtls_mpi *P, mbedtls_mpi *Q ) -{ - int ret = 0; - - uint16_t attempt; /* Number of current attempt */ - uint16_t iter; /* Number of squares computed in the current attempt */ - - uint16_t order; /* Order of 2 in DE - 1 */ - - mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ - mbedtls_mpi K; /* During factorization attempts, stores a random integer - * in the range of [0,..,N] */ - - const unsigned int primes[] = { 2, - 3, 5, 7, 11, 13, 17, 19, 23, - 29, 31, 37, 41, 43, 47, 53, 59, - 61, 67, 71, 73, 79, 83, 89, 97, - 101, 103, 107, 109, 113, 127, 131, 137, - 139, 149, 151, 157, 163, 167, 173, 179, - 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313 - }; - - const size_t num_primes = sizeof( primes ) / sizeof( *primes ); - - if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || - mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - } - - /* - * Initializations and temporary changes - */ - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &T ); - - /* T := DE - 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - - if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) - { - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - goto cleanup; - } - - /* After this operation, T holds the largest odd divisor of DE - 1. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); - - /* - * Actual work - */ - - /* Skip trying 2 if N == 1 mod 8 */ - attempt = 0; - if( N->p[0] % 8 == 1 ) - attempt = 1; - - for( ; attempt < num_primes; ++attempt ) - { - mbedtls_mpi_lset( &K, primes[attempt] ); - - /* Check if gcd(K,N) = 1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) - continue; - - /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... - * and check whether they have nontrivial GCD with N. */ - MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, - Q /* temporarily use Q for storing Montgomery - * multiplication helper values */ ) ); - - for( iter = 1; iter < order; ++iter ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); - - if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && - mbedtls_mpi_cmp_mpi( P, N ) == -1 ) - { - /* - * Have found a nontrivial divisor P of N. - * Set Q := N / P. - */ - - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); - } - } - - ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &T ); - return( ret ); -} - -/* - * Given P, Q and the public exponent E, deduce D. - * This is essentially a modular inversion. - */ - -int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, - mbedtls_mpi const *Q, - mbedtls_mpi const *E, - mbedtls_mpi *D ) -{ - int ret = 0; - mbedtls_mpi K, L; - - if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 0 ) == 0 ) - { - return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); - } - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* Temporarily put K := P-1 and L := Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - - /* Temporarily put D := gcd(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); - - /* K := LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); - - /* Compute modular inverse of E in LCM(P-1, Q-1) */ - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - return( ret ); -} - -/* - * Check that RSA CRT parameters are in accordance with core parameters. - */ - -int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, const mbedtls_mpi *DP, - const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) -{ - int ret = 0; - - mbedtls_mpi K, L; - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* Check that DP - D == 0 mod P - 1 */ - if( DP != NULL ) - { - if( P == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); - - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* Check that DQ - D == 0 mod Q - 1 */ - if( DQ != NULL ) - { - if( Q == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); - - if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* Check that QP * Q - 1 == 0 mod P */ - if( QP != NULL ) - { - if( P == NULL || Q == NULL ) - { - ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; - goto cleanup; - } - - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - -cleanup: - - /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && - ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && - ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) - { - ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - } - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - return( ret ); -} - -/* - * Check that core RSA parameters are sane. - */ - -int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, - const mbedtls_mpi *Q, const mbedtls_mpi *D, - const mbedtls_mpi *E, - int (*f_rng)(void *, unsigned char *, size_t), - void *p_rng ) -{ - int ret = 0; - mbedtls_mpi K, L; - - mbedtls_mpi_init( &K ); - mbedtls_mpi_init( &L ); - - /* - * Step 1: If PRNG provided, check that P and Q are prime - */ - -#if defined(MBEDTLS_GENPRIME) - if( f_rng != NULL && P != NULL && - ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - if( f_rng != NULL && Q != NULL && - ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } -#else - ((void) f_rng); - ((void) p_rng); -#endif /* MBEDTLS_GENPRIME */ - - /* - * Step 2: Check that 1 < N = PQ - */ - - if( P != NULL && Q != NULL && N != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); - if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* - * Step 3: Check and 1 < D, E < N if present. - */ - - if( N != NULL && D != NULL && E != NULL ) - { - if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || - mbedtls_mpi_cmp_int( E, 1 ) <= 0 || - mbedtls_mpi_cmp_mpi( D, N ) >= 0 || - mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - - /* - * Step 4: Check that D, E are inverse modulo P-1 and Q-1 - */ - - if( P != NULL && Q != NULL && D != NULL && E != NULL ) - { - if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || - mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - /* Compute DE-1 mod P-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - - /* Compute DE-1 mod Q-1 */ - MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); - if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) - { - ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - goto cleanup; - } - } - -cleanup: - - mbedtls_mpi_free( &K ); - mbedtls_mpi_free( &L ); - - /* Wrap MPI error codes by RSA check failure error code */ - if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) - { - ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; - } - - return( ret ); -} - -int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, - const mbedtls_mpi *D, mbedtls_mpi *DP, - mbedtls_mpi *DQ, mbedtls_mpi *QP ) -{ - int ret = 0; - mbedtls_mpi K; - mbedtls_mpi_init( &K ); - - /* DP = D mod P-1 */ - if( DP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); - } - - /* DQ = D mod Q-1 */ - if( DQ != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); - MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); - } - - /* QP = Q^{-1} mod P */ - if( QP != NULL ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); - } - -cleanup: - mbedtls_mpi_free( &K ); - - return( ret ); -} - - -/* - * Default RSA interface implementation - */ - -#if !defined(MBEDTLS_RSA_ALT) - int mbedtls_rsa_import( mbedtls_rsa_context *ctx, const mbedtls_mpi *N, const mbedtls_mpi *P, const mbedtls_mpi *Q, diff --git a/library/rsa_internal.c b/library/rsa_internal.c new file mode 100644 index 000000000..879e2d5d7 --- /dev/null +++ b/library/rsa_internal.c @@ -0,0 +1,471 @@ +/* + * Helper functions for the RSA module + * + * Copyright (C) 2006-2017, ARM Limited, All Rights Reserved + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This file is part of mbed TLS (https://tls.mbed.org) + * + */ + +#if !defined(MBEDTLS_CONFIG_FILE) +#include "mbedtls/config.h" +#else +#include MBEDTLS_CONFIG_FILE +#endif + +#if defined(MBEDTLS_RSA_C) + +#include "mbedtls/rsa.h" +#include "mbedtls/bignum.h" +#include "mbedtls/rsa_internal.h" + +/* + * Compute RSA prime factors from public and private exponents + * + * Summary of algorithm: + * Setting F := lcm(P-1,Q-1), the idea is as follows: + * + * (a) For any 1 <= X < N with gcd(X,N)=1, we have X^F = 1 modulo N, so X^(F/2) + * is a square root of 1 in Z/NZ. Since Z/NZ ~= Z/PZ x Z/QZ by CRT and the + * square roots of 1 in Z/PZ and Z/QZ are +1 and -1, this leaves the four + * possibilities X^(F/2) = (+-1, +-1). If it happens that X^(F/2) = (-1,+1) + * or (+1,-1), then gcd(X^(F/2) + 1, N) will be equal to one of the prime + * factors of N. + * + * (b) If we don't know F/2 but (F/2) * K for some odd (!) K, then the same + * construction still applies since (-)^K is the identity on the set of + * roots of 1 in Z/NZ. + * + * The public and private key primitives (-)^E and (-)^D are mutually inverse + * bijections on Z/NZ if and only if (-)^(DE) is the identity on Z/NZ, i.e. + * if and only if DE - 1 is a multiple of F, say DE - 1 = F * L. + * Splitting L = 2^t * K with K odd, we have + * + * DE - 1 = FL = (F/2) * (2^(t+1)) * K, + * + * so (F / 2) * K is among the numbers + * + * (DE - 1) >> 1, (DE - 1) >> 2, ..., (DE - 1) >> ord + * + * where ord is the order of 2 in (DE - 1). + * We can therefore iterate through these numbers apply the construction + * of (a) and (b) above to attempt to factor N. + * + */ +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, + mbedtls_mpi const *D, mbedtls_mpi const *E, + mbedtls_mpi *P, mbedtls_mpi *Q ) +{ + int ret = 0; + + uint16_t attempt; /* Number of current attempt */ + uint16_t iter; /* Number of squares computed in the current attempt */ + + uint16_t order; /* Order of 2 in DE - 1 */ + + mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ + mbedtls_mpi K; /* Temporary holding the current candidate */ + + const unsigned int primes[] = { 2, + 3, 5, 7, 11, 13, 17, 19, 23, + 29, 31, 37, 41, 43, 47, 53, 59, + 61, 67, 71, 73, 79, 83, 89, 97, + 101, 103, 107, 109, 113, 127, 131, 137, + 139, 149, 151, 157, 163, 167, 173, 179, + 181, 191, 193, 197, 199, 211, 223, 227, + 229, 233, 239, 241, 251, 257, 263, 269, + 271, 277, 281, 283, 293, 307, 311, 313 + }; + + const size_t num_primes = sizeof( primes ) / sizeof( *primes ); + + if( P == NULL || Q == NULL || P->p != NULL || Q->p != NULL ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( N, 0 ) <= 0 || + mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + /* + * Initializations and temporary changes + */ + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &T ); + + /* T := DE - 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); + + if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) + { + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + goto cleanup; + } + + /* After this operation, T holds the largest odd divisor of DE - 1. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_shift_r( &T, order ) ); + + /* + * Actual work + */ + + /* Skip trying 2 if N == 1 mod 8 */ + attempt = 0; + if( N->p[0] % 8 == 1 ) + attempt = 1; + + for( ; attempt < num_primes; ++attempt ) + { + mbedtls_mpi_lset( &K, primes[attempt] ); + + /* Check if gcd(K,N) = 1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + if( mbedtls_mpi_cmp_int( P, 1 ) != 0 ) + continue; + + /* Go through K^T + 1, K^(2T) + 1, K^(4T) + 1, ... + * and check whether they have nontrivial GCD with N. */ + MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &K, &K, &T, N, + Q /* temporarily use Q for storing Montgomery + * multiplication helper values */ ) ); + + for( iter = 1; iter < order; ++iter ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); + + if( mbedtls_mpi_cmp_int( P, 1 ) == 1 && + mbedtls_mpi_cmp_mpi( P, N ) == -1 ) + { + /* + * Have found a nontrivial divisor P of N. + * Set Q := N / P. + */ + + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( Q, NULL, N, P ) ); + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); + } + } + + ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &T ); + return( ret ); +} + +/* + * Given P, Q and the public exponent E, deduce D. + * This is essentially a modular inversion. + */ +int mbedtls_rsa_deduce_private_exponent( mbedtls_mpi const *P, + mbedtls_mpi const *Q, + mbedtls_mpi const *E, + mbedtls_mpi *D ) +{ + int ret = 0; + mbedtls_mpi K, L; + + if( D == NULL || mbedtls_mpi_cmp_int( D, 0 ) != 0 ) + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 0 ) == 0 ) + { + return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA ); + } + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Temporarily put K := P-1 and L := Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + + /* Temporarily put D := gcd(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( D, &K, &L ) ); + + /* K := LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &L ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_div_mpi( &K, NULL, &K, D ) ); + + /* Compute modular inverse of E in LCM(P-1, Q-1) */ + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( D, E, &K ) ); + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + +/* + * Check that RSA CRT parameters are in accordance with core parameters. + */ +int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, const mbedtls_mpi *DP, + const mbedtls_mpi *DQ, const mbedtls_mpi *QP ) +{ + int ret = 0; + + mbedtls_mpi K, L; + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* Check that DP - D == 0 mod P - 1 */ + if( DP != NULL ) + { + if( P == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DP, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* Check that DQ - D == 0 mod Q - 1 */ + if( DQ != NULL ) + { + if( Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_mpi( &L, DQ, D ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &L, &L, &K ) ); + + if( mbedtls_mpi_cmp_int( &L, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* Check that QP * Q - 1 == 0 mod P */ + if( QP != NULL ) + { + if( P == NULL || Q == NULL ) + { + ret = MBEDTLS_ERR_RSA_BAD_INPUT_DATA; + goto cleanup; + } + + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, QP, Q ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, P ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + +cleanup: + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && + ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED && + ret != MBEDTLS_ERR_RSA_BAD_INPUT_DATA ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + return( ret ); +} + +/* + * Check that core RSA parameters are sane. + */ +int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, + const mbedtls_mpi *Q, const mbedtls_mpi *D, + const mbedtls_mpi *E, + int (*f_rng)(void *, unsigned char *, size_t), + void *p_rng ) +{ + int ret = 0; + mbedtls_mpi K, L; + + mbedtls_mpi_init( &K ); + mbedtls_mpi_init( &L ); + + /* + * Step 1: If PRNG provided, check that P and Q are prime + */ + +#if defined(MBEDTLS_GENPRIME) + if( f_rng != NULL && P != NULL && + ( ret = mbedtls_mpi_is_prime( P, f_rng, p_rng ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + if( f_rng != NULL && Q != NULL && + ( ret = mbedtls_mpi_is_prime( Q, f_rng, p_rng ) ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } +#else + ((void) f_rng); + ((void) p_rng); +#endif /* MBEDTLS_GENPRIME */ + + /* + * Step 2: Check that 1 < N = PQ + */ + + if( P != NULL && Q != NULL && N != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, P, Q ) ); + if( mbedtls_mpi_cmp_int( N, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( &K, N ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 3: Check and 1 < D, E < N if present. + */ + + if( N != NULL && D != NULL && E != NULL ) + { + if ( mbedtls_mpi_cmp_int( D, 1 ) <= 0 || + mbedtls_mpi_cmp_int( E, 1 ) <= 0 || + mbedtls_mpi_cmp_mpi( D, N ) >= 0 || + mbedtls_mpi_cmp_mpi( E, N ) >= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + + /* + * Step 4: Check that D, E are inverse modulo P-1 and Q-1 + */ + + if( P != NULL && Q != NULL && D != NULL && E != NULL ) + { + if( mbedtls_mpi_cmp_int( P, 1 ) <= 0 || + mbedtls_mpi_cmp_int( Q, 1 ) <= 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + /* Compute DE-1 mod P-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + + /* Compute DE-1 mod Q-1 */ + MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, D, E ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, &K, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &L, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, &L ) ); + if( mbedtls_mpi_cmp_int( &K, 0 ) != 0 ) + { + ret = MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + goto cleanup; + } + } + +cleanup: + + mbedtls_mpi_free( &K ); + mbedtls_mpi_free( &L ); + + /* Wrap MPI error codes by RSA check failure error code */ + if( ret != 0 && ret != MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ) + { + ret += MBEDTLS_ERR_RSA_KEY_CHECK_FAILED; + } + + return( ret ); +} + +int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, + const mbedtls_mpi *D, mbedtls_mpi *DP, + mbedtls_mpi *DQ, mbedtls_mpi *QP ) +{ + int ret = 0; + mbedtls_mpi K; + mbedtls_mpi_init( &K ); + + /* DP = D mod P-1 */ + if( DP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, P, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DP, D, &K ) ); + } + + /* DQ = D mod Q-1 */ + if( DQ != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &K, Q, 1 ) ); + MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( DQ, D, &K ) ); + } + + /* QP = Q^{-1} mod P */ + if( QP != NULL ) + { + MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( QP, Q, P ) ); + } + +cleanup: + mbedtls_mpi_free( &K ); + + return( ret ); +} + +#endif /* MBEDTLS_RSA_C */ diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 9ee8ea1fe..3f892f71c 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -1,5 +1,6 @@ /* BEGIN_HEADER */ #include "mbedtls/rsa.h" +#include "mbedtls/rsa_internal.h" #include "mbedtls/md2.h" #include "mbedtls/md4.h" #include "mbedtls/md5.h" From 8dd73e62d21dc47d8b520ab23795885ff3f1d4bc Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Oct 2017 15:58:26 +0300 Subject: [PATCH 385/493] Parse Signature Algorithm ext when renegotiating Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension. --- ChangeLog | 3 +++ library/ssl_srv.c | 7 ++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b3d4d519a..c4e3998d0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,9 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Parse signature algorithm extension when renegotiating. Previously, + renegotiated handshakes would only accept signatures using SHA-1 + regardless of the peer's preferences, or fail if SHA-1 was disabled. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce..37f415dd1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1694,11 +1694,8 @@ read_record_header: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - break; -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); if( ret != 0 ) return( ret ); From 88f5808c135485308fdaeebeafb18a7490a3585b Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 5 Oct 2017 12:29:42 +0100 Subject: [PATCH 386/493] Renegotiation: Add tests for SigAlg ext parsing This commit adds regression tests for the bug when we didn't parse the Signature Algorithm extension when renegotiating. (By nature, this bug affected only the server) The tests check for the fallback hash (SHA1) in the server log to detect that the Signature Algorithm extension hasn't been parsed at least in one of the handshakes. A more direct way of testing is not possible with the current test framework, since the Signature Algorithm extension is parsed in the first handshake and any corresponding debug message is present in the logs. --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fcca685b..64f26a0cf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1470,6 +1470,40 @@ run_test "Renegotiation: server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ From 14a00c057845fc914440cc5b30638021ce9b3719 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 12:58:23 +0100 Subject: [PATCH 387/493] Add early detection of bad parameters in `mbedtls_deduce_primes` --- library/rsa_internal.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 879e2d5d7..4d688e09d 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -169,6 +169,11 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &K, &K, &K ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); } + + if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) + { + break; + } } ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; From 7643d4e30c887c5ce1ed46893e7423f8ac97c3e8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 15:53:02 +0100 Subject: [PATCH 388/493] Fix number of loop iterations in `mbedtls_deduce_primes` The number of loop iterations per candidate in `mbedtls_deduce_primes` was off by one. This commit corrects this and removes a toy non-example from the RSA test suite, as it seems difficult to have the function fail on small values of N even if D,E are corrupted. --- library/rsa_internal.c | 2 +- tests/suites/test_suite_rsa.data | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 4d688e09d..292fc1320 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -148,7 +148,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, Q /* temporarily use Q for storing Montgomery * multiplication helper values */ ) ); - for( iter = 1; iter < order; ++iter ) + for( iter = 1; iter <= order; ++iter ) { MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 91aa1fd8c..e7012b077 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -418,9 +418,6 @@ mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842d RSA Deduce Moduli, toy example mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 -RSA Deduce Moduli, toy example, corrupted -mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA - RSA Deduce Moduli mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 From 5d42b53e512029bd310d6bd909b27aed8f7a6132 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 15:58:00 +0100 Subject: [PATCH 389/493] Enhance documentation and performance of `mbedtls_rsa_deduce_primes` --- library/rsa_internal.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 292fc1320..3b54fdee7 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -150,6 +150,11 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, for( iter = 1; iter <= order; ++iter ) { + /* If we reach 1 prematurely, there's no point + * in continuing to square K */ + if( mbedtls_mpi_cmp_int( &K, 1 ) == 0 ) + break; + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( &K, &K, 1 ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_gcd( P, &K, N ) ); @@ -170,6 +175,13 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &K, &K, N ) ); } + /* + * If we get here, then either we prematurely aborted the loop because + * we reached 1, or K holds primes[attempt]^(DE - 1) mod N, which must + * be 1 if D,E,N were consistent. + * Check if that's the case and abort if not, to avoid very long, + * yet eventually failing, computations if N,D,E were not sane. + */ if( mbedtls_mpi_cmp_int( &K, 1 ) != 0 ) { break; From b82a5b554c2c55d591296f60b6ff9438af212016 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:10:23 +0100 Subject: [PATCH 390/493] Fix typos and mixup related to RSA_NO_CRT --- library/rsa.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 83e2b2be3..3913e61d9 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -176,7 +176,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) if( mbedtls_mpi_cmp_int( &ctx->E, 0 ) <= 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); -#if !defined(MBEDTLS_NO_CRT) +#if defined(MBEDTLS_RSA_NO_CRT) /* For private key operations, use D or DP & DQ * as (unblinded) exponents. */ if( is_priv && mbedtls_mpi_cmp_int( &ctx->D, 0 ) <= 0 ) @@ -193,7 +193,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) /* Blinding shouldn't make exponents negative either, * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ -#if defined(MBEDTLS_NO_CRT) +#if defined(MBEDTLS_RSA_NO_CRT) if( is_priv && ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) @@ -204,7 +204,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) /* It wouldn't lead to an error if it wasn't satisfied, * but check for PQ >= 1 nonetheless. */ -#if !defined(MBEDTLS_NO_CRT) +#if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv && mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) { From e167fe6a53eaded3a23d41f5b13cde3b6db043fb Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:42:56 +0100 Subject: [PATCH 391/493] Correct pkparse test case to lead to failure for MBEDTLS_RSA_NO_CRT The test case parses an RSA private key with N=P=Q=D=E=1 and expects a failure from the PK layer. With the weakened semantics of `mbedtls_rsa_complete`, the latter won't throw an error on that key in case if MBEDTLS_RSA_NO_CRT is set. This commit modifies the test case to use N=2 which is rejected by `mbedtls_rsa_complete` regardless of whether MBEDTLS_RSA_NO_CRT is set or not. --- tests/suites/test_suite_pkparse.data | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data index 9c0edbb51..473148cd1 100644 --- a/tests/suites/test_suite_pkparse.data +++ b/tests/suites/test_suite_pkparse.data @@ -225,4 +225,4 @@ Key ASN1 (RSAPrivateKey, values present, length mismatch) pk_parse_key_rsa:"301c02010002010102010102010102010102010102010102010102010100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT Key ASN1 (RSAPrivateKey, values present, check_privkey fails) -pk_parse_key_rsa:"301b020100020101020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT +pk_parse_key_rsa:"301b020100020102020101020101020101020101020101020101020101":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT From efa14e8b0c126f688260b3e721344f8fa82ef858 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 11 Oct 2017 19:45:19 +0100 Subject: [PATCH 392/493] Reduce number of MPI's used in `pk_parse_key_pkcs1_der` As the optional RSA parameters DP, DQ and QP are effectively discarded (they are only considered for their length to ensure that the key fills the entire buffer), it is not necessary to read them into separate MPI's. --- library/pkparse.c | 18 +++++++----------- 1 file changed, 7 insertions(+), 11 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 57f966fe0..805d5a358 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -661,11 +661,8 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, size_t len; unsigned char *p, *end; - mbedtls_mpi DP, DQ, QP; - - mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); - mbedtls_mpi_init( &QP ); + mbedtls_mpi T; + mbedtls_mpi_init( &T ); p = (unsigned char *) key; end = p + keylen; @@ -749,9 +746,9 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, goto cleanup; /* Check optional parameters */ - if( ( ret = mbedtls_asn1_get_mpi( &p, end, &DP ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &DQ ) ) != 0 || - ( ret = mbedtls_asn1_get_mpi( &p, end, &QP ) ) != 0 ) + if( ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 || + ( ret = mbedtls_asn1_get_mpi( &p, end, &T ) ) != 0 ) goto cleanup; if( p != end ) @@ -762,12 +759,11 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, cleanup: - mbedtls_mpi_free( &DP ); - mbedtls_mpi_free( &DQ ); - mbedtls_mpi_free( &QP ); + mbedtls_mpi_free( &T ); if( ret != 0 ) { + /* Wrap error code if it's coming from a lower level */ if( ( ret & 0xff80 ) == 0 ) ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; else From dfd15b344477481431208a0046a60a0957cf6d6c Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 09:14:09 +0100 Subject: [PATCH 393/493] Add toy example triggering early abort in `mbedtls_rsa_deduce_primes` --- tests/suites/test_suite_rsa.data | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index e7012b077..33d6a731b 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -415,8 +415,11 @@ mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842d RSA Deduce Private, corrupted mbedtls_rsa_deduce_private_exponent:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":1:MBEDTLS_ERR_MPI_NOT_ACCEPTABLE -RSA Deduce Moduli, toy example -mbedtls_rsa_deduce_primes:10:"15":10:"3":10:"3":10:"3":10:"5":0:0 +RSA Deduce Primes, toy example +mbedtls_rsa_deduce_primes:10:"35":10:"5":10:"5":10:"5":10:"7":0:0 + +RSA Deduce Primes, toy example, corrupted +mbedtls_rsa_deduce_primes:10:"35":10:"5":10:"5":10:"5":10:"7":1:MBEDTLS_ERR_MPI_BAD_INPUT_DATA RSA Deduce Moduli mbedtls_rsa_deduce_primes:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":0:0 From 08f055eb4fc3541e7d8dca8710dd10d0efd2eb0d Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 10:53:58 +0100 Subject: [PATCH 394/493] Don't remove CRT parameters from RSA context for ABI compatibility Albeit possible without conflicts now, this has to wait for the next ABI changing releaese. --- include/mbedtls/rsa.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index eab8e0dfe..c0a3a8e43 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -97,18 +97,18 @@ typedef struct mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ -#if !defined(MBEDTLS_RSA_NO_CRT) + /* DP,DQ,QP are not used in NO_CRT but temporarily kept for ABI + * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi RN; /*!< cached R^2 mod N */ -#if !defined(MBEDTLS_RSA_NO_CRT) + /* RP, RQ are not used in NO_CRT but temporarily kept for ABI + * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ -#endif /* MBEDTLS_RSA_NO_CRT */ mbedtls_mpi Vi; /*!< cached blinding value */ mbedtls_mpi Vf; /*!< cached un-blinding value */ From ebd2c024dc90527b9fd019b9f096b2e1283fd5f7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 10:54:53 +0100 Subject: [PATCH 395/493] Don't require P,Q in `rsa_private` if neither CRT nor blinding used --- library/rsa.c | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 3913e61d9..5366abc22 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -137,8 +137,15 @@ cleanup: * that the RSA primitives will be able to execute without error. * It does *not* make guarantees for consistency of the parameters. */ -static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) +static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, + int blinding_needed ) { +#if !defined(MBEDTLS_RSA_NO_CRT) + /* blinding_needed is only used for NO_CRT to decide whether + * P,Q need to be present or not. */ + ((void) blinding_needed); +#endif + if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); @@ -194,7 +201,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv ) * so check that P, Q >= 1 if that hasn't yet been * done as part of 1. */ #if defined(MBEDTLS_RSA_NO_CRT) - if( is_priv && + if( is_priv && blinding_needed && ( mbedtls_mpi_cmp_int( &ctx->P, 0 ) <= 0 || mbedtls_mpi_cmp_int( &ctx->Q, 0 ) <= 0 ) ) { @@ -303,7 +310,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) * Step 3: Basic sanity checks */ - return( rsa_check_context( ctx, is_priv ) ); + return( rsa_check_context( ctx, is_priv, 1 ) ); } int mbedtls_rsa_export_raw( const mbedtls_rsa_context *ctx, @@ -563,7 +570,7 @@ cleanup: */ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) { - if( rsa_check_context( ctx, 0 /* public */ ) != 0 ) + if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || @@ -588,7 +595,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) int mbedtls_rsa_check_privkey( const mbedtls_rsa_context *ctx ) { if( mbedtls_rsa_check_pubkey( ctx ) != 0 || - rsa_check_context( ctx, 1 /* private */ ) != 0 ) + rsa_check_context( ctx, 1 /* private */, 1 /* blinding */ ) != 0 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } @@ -642,7 +649,7 @@ int mbedtls_rsa_public( mbedtls_rsa_context *ctx, size_t olen; mbedtls_mpi T; - if( rsa_check_context( ctx, 0 /* public */ ) ) + if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); mbedtls_mpi_init( &T ); @@ -761,8 +768,11 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, mbedtls_mpi *DQ = &ctx->DQ; #endif - if( rsa_check_context( ctx, 1 /* private */ ) != 0 ) + if( rsa_check_context( ctx, 1 /* private key checks */, + f_rng != NULL /* blinding y/n */ ) != 0 ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 ); mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R ); From d22b78bf128cee65c2d78ffb2376327ca416a69f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 11:42:17 +0100 Subject: [PATCH 396/493] Switch to old model for alternative implementations --- include/mbedtls/rsa.h | 27 ++++++++++++++++----------- include/mbedtls/rsa_internal.h | 5 ----- 2 files changed, 16 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index c0a3a8e43..55209b0dc 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -68,14 +68,15 @@ * The above constants may be used even if the RSA module is compile out, * eg for alternative (PKCS#11) RSA implemenations in the PK layers. */ -#if defined(MBEDTLS_RSA_C) + +#if !defined(MBEDTLS_RSA_ALT) +// Regular implementation +// #ifdef __cplusplus extern "C" { #endif -#if !defined(MBEDTLS_RSA_ALT) - /** * \brief RSA context structure * @@ -125,12 +126,6 @@ typedef struct } mbedtls_rsa_context; -#else - -#include "rsa_alt.h" - -#endif /* MBEDTLS_RSA_ALT */ - /** * \brief Initialize an RSA context * @@ -928,6 +923,18 @@ int mbedtls_rsa_copy( mbedtls_rsa_context *dst, const mbedtls_rsa_context *src ) */ void mbedtls_rsa_free( mbedtls_rsa_context *ctx ); +#ifdef __cplusplus +} +#endif + +#else /* MBEDTLS_RSA_ALT */ +#include "rsa_alt.h" +#endif /* MBEDTLS_RSA_ALT */ + +#ifdef __cplusplus +extern "C" { +#endif + /** * \brief Checkup routine * @@ -939,6 +946,4 @@ int mbedtls_rsa_self_test( int verbose ); } #endif -#endif /* MBEDTLS_RSA_C */ - #endif /* rsa.h */ diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 235347046..080f09f7a 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -58,8 +58,6 @@ #include "bignum.h" -#if defined(MBEDTLS_RSA_C) - #ifdef __cplusplus extern "C" { #endif @@ -213,7 +211,4 @@ int mbedtls_rsa_validate_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, const mbedtls_mpi *D, const mbedtls_mpi *DP, const mbedtls_mpi *DQ, const mbedtls_mpi *QP ); - -#endif /* MBEDTLS_RSA_C */ - #endif /* rsa_internal.h */ From 3226d36d6170c36ef966b46779bcb53ca45d5182 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 12 Oct 2017 14:17:48 +0300 Subject: [PATCH 397/493] Fix typo in configuration Change duplicate of MBEDTLS_ECDH_GEN_PUBLIC_ALT to MBEDTLS_ECDH_COMPUTE_SHARED_ALT --- include/mbedtls/config.h | 2 +- library/version_features.c | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index a151f77cc..a6003b7d1 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -295,7 +295,7 @@ //#define MBEDTLS_AES_ENCRYPT_ALT //#define MBEDTLS_AES_DECRYPT_ALT //#define MBEDTLS_ECDH_GEN_PUBLIC_ALT -//#define MBEDTLS_ECDH_GEN_PUBLIC_ALT +//#define MBEDTLS_ECDH_COMPUTE_SHARED_ALT /** * \def MBEDTLS_ECP_INTERNAL_ALT diff --git a/library/version_features.c b/library/version_features.c index 802832ce9..d7acae39f 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -165,9 +165,9 @@ static const char *features[] = { #if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) "MBEDTLS_ECDH_GEN_PUBLIC_ALT", #endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ -#if defined(MBEDTLS_ECDH_GEN_PUBLIC_ALT) - "MBEDTLS_ECDH_GEN_PUBLIC_ALT", -#endif /* MBEDTLS_ECDH_GEN_PUBLIC_ALT */ +#if defined(MBEDTLS_ECDH_COMPUTE_SHARED_ALT) + "MBEDTLS_ECDH_COMPUTE_SHARED_ALT", +#endif /* MBEDTLS_ECDH_COMPUTE_SHARED_ALT */ #if defined(MBEDTLS_ECP_INTERNAL_ALT) "MBEDTLS_ECP_INTERNAL_ALT", #endif /* MBEDTLS_ECP_INTERNAL_ALT */ From 854244abbf0f1f465cfa65607a6214f1509cf617 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 16:26:37 +0100 Subject: [PATCH 398/493] Adapt ChangeLog --- ChangeLog | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c9..c65e5c5cc 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,23 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Enhancement + * Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In + particular, don't require P,Q if neither CRT nor blinding are + used. Reported and fix proposed independently by satur9nine and sliai + on GitHub. + +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + += mbed TLS x.x.x branch released xxxx-xx-xx + Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() and the context struct mbedtls_platform_context to perform From 106637fc2d654ef2032f78746be0291affb66b84 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 21 Nov 2016 15:38:02 +0000 Subject: [PATCH 399/493] Correctly handle leap year in x509_date_is_valid() This patch ensures that invalid dates on leap years with 100 or 400 years intervals are handled correctly. --- ChangeLog | 3 +++ library/x509.c | 14 ++++++++++---- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index c4e3998d0..e7abd5ce6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix leap year calculation in x509_date_is_valid() to ensure that invalid + dates on leap years with 100 and 400 intervals are handled correctly. Found + by Nicholas Wilson. #694 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/x509.c b/library/x509.c index e94a8a329..371d6da1d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,9 +496,10 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *t) +static int x509_date_is_valid(const mbedtls_x509_time *t ) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; + int month_len; CHECK_RANGE( 0, 9999, t->year ); CHECK_RANGE( 0, 23, t->hour ); @@ -508,17 +509,22 @@ static int x509_date_is_valid(const mbedtls_x509_time *t) switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, t->day ); + month_len = 31; break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, t->day ); + month_len = 30; break; case 2: - CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); + if( ( !( t->year % 4 ) && t->year % 100 ) || + !( t->year % 400 ) ) + month_len = 29; + else + month_len = 28; break; default: return( ret ); } + CHECK_RANGE( 1, month_len, t->day ); return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b8c902e23..a49137bb7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,3 +1670,18 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 +X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 + +X509 Get time (Generalized Time year multiple of 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 + +X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 From 47e7b56fb6c06ca3c30b44f9a0c324f1e43c5900 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 6 Oct 2017 17:05:24 +0100 Subject: [PATCH 400/493] Improve leap year test names in x509parse.data --- tests/suites/test_suite_x509parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a49137bb7..d4cc11a08 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,15 +1670,15 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 -X509 Get time (Generalized Time year multiple of 400) +X509 Get time (Generalized Time, year multiple of 400 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 From 77f1b109ec205a6f5866169cc3523da57c21815e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:24:44 +0100 Subject: [PATCH 401/493] Fix typo in asn1.h --- include/mbedtls/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 082832c87..e159e57ea 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -59,7 +59,7 @@ /** * \name DER constants - * These constants comply with DER encoded the ANS1 type tags. + * These constants comply with the DER encoded ASN.1 type tags. * DER encoding uses hexadecimal representation. * An example DER sequence is:\n * - 0x02 -- tag indicating INTEGER From 4552bf75582d375dee3baee498f9b79c9e5a3774 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 402/493] Allow comments in test data files --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index a89f2a467..b932145f7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,6 @@ mbed TLS ChangeLog (Sorted per branch, date) -= mbed TLS x.x.x released xxxx-xx-xx += mbed TLS x.x.x branch released xxxx-xx-xx Features * Allow comments in test data files. From bd9d42c236df565f9439aeffef4b2f2f87a29516 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Wed, 12 Jul 2017 14:04:40 +0100 Subject: [PATCH 403/493] Fix typo and bracketing in macro args --- library/net_sockets.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/library/net_sockets.c b/library/net_sockets.c index 80be6ec6a..31c42db05 100644 --- a/library/net_sockets.c +++ b/library/net_sockets.c @@ -63,8 +63,8 @@ #endif #endif /* _MSC_VER */ -#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0) -#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0) +#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 ) +#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 ) #define close(fd) closesocket(fd) static int wsa_init_done = 0; @@ -85,7 +85,7 @@ static int wsa_init_done = 0; #endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */ /* Some MS functions want int and MSVC warns if we pass size_t, - * but the standard fucntions use socklen_t, so cast only for MSVC */ + * but the standard functions use socklen_t, so cast only for MSVC */ #if defined(_MSC_VER) #define MSVC_INT_CAST (int) #else From f0f55ccb7226e2930d70b56e63269f9b07f81e94 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:51:24 +0200 Subject: [PATCH 404/493] Fixed "config.pl get" for options with no value Between 2.5.0 and 2.6.0, "scripts/config.pl get MBEDTLS_XXX" was fixed for config.h lines with a comment at the end, but that broke the case of macros with an empty expansion. Support all cases. --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index 406413bd5..4cf4ac8b8 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -205,7 +205,7 @@ for my $line (@config_lines) { $done = 1; } } elsif (!$done && $action eq "get") { - if ($line =~ /^\s*#define\s*$name\s*([^\s]+)\s*\b/) { + if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) { $value = $1; $done = 1; } From 01f57e351c2c229377994b0b583d53e73eee0957 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:54:28 +0200 Subject: [PATCH 405/493] config.pl get: don't rewrite config.h; detect write errors scripts/config.pl would always rewrite config.h if it was reading it. This commit changes it to not modify the file when only reading is required, i.e. for the get command. Also, die if writing config.h fails (e.g. disk full). --- scripts/config.pl | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 4cf4ac8b8..9fc606278 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -175,7 +175,10 @@ if ($action eq "realfull") { $no_exclude_re = join '|', @non_excluded; } -open my $config_write, '>', $config_file or die "write $config_file: $!\n"; +my $config_write = undef; +if ($action ne "get") { + open $config_write, '>', $config_file or die "write $config_file: $!\n"; +} my $done; for my $line (@config_lines) { @@ -211,7 +214,9 @@ for my $line (@config_lines) { } } - print $config_write $line; + if (defined $config_write) { + print $config_write $line or die "write $config_file: $!\n";; + } } # Did the set command work? @@ -223,10 +228,12 @@ if ($action eq "set"&& $force_option && !$done) { $line .= "\n"; $done = 1; - print $config_write $line; + print $config_write $line or die "write $config_file: $!\n"; } -close $config_write; +if (defined $config_write) { + close $config_write or die "close $config_file: $!\n"; +} if ($action eq "get") { if($done) { From d98e9e85771435ff1a45de76e147f0350b695bbe Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 9 Oct 2017 16:56:18 +0200 Subject: [PATCH 406/493] config.pl get: be better behaved When printing an option's value, print a newline at the end. When the requested option is missing, fail with status 1 (the usual convention for "not found") rather than -1 (which has a system-dependent effect). --- scripts/config.pl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 9fc606278..b99140a37 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -56,7 +56,7 @@ Commands unset - Comments out the #define for the given symbol if present in the configuration file. get - Finds the #define for the given symbol, returning - an exitcode of 0 if the symbol is found, and -1 if + an exitcode of 0 if the symbol is found, and 1 if not. The value of the symbol is output if one is specified in the configuration file. full - Uncomments all #define's in the configuration file @@ -220,7 +220,7 @@ for my $line (@config_lines) { } # Did the set command work? -if ($action eq "set"&& $force_option && !$done) { +if ($action eq "set" && $force_option && !$done) { # If the force option was set, append the symbol to the end of the file my $line = "#define $name"; @@ -236,14 +236,14 @@ if (defined $config_write) { } if ($action eq "get") { - if($done) { + if ($done) { if ($value ne '') { - print $value; + print "$value\n"; } exit 0; } else { # If the symbol was not found, return an error - exit -1; + exit 1; } } From 8ca0e8fdff8c946f27d65c73e9751b414fc7bf95 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 11:26:45 +0200 Subject: [PATCH 407/493] Minor style fix --- scripts/config.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/config.pl b/scripts/config.pl index b99140a37..5a06a3338 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -215,7 +215,7 @@ for my $line (@config_lines) { } if (defined $config_write) { - print $config_write $line or die "write $config_file: $!\n";; + print $config_write $line or die "write $config_file: $!\n"; } } From 73a381772b3290487c9d010dce0a6c8dc13f66b7 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 3 Oct 2017 15:58:26 +0300 Subject: [PATCH 408/493] Parse Signature Algorithm ext when renegotiating Signature algorithm extension was skipped when renegotiation was in progress, causing the signature algorithm not to be known when renegotiating, and failing the handshake. Fix removes the renegotiation step check before parsing the extension. --- ChangeLog | 3 +++ library/ssl_srv.c | 7 ++----- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index b932145f7..7a81383f9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,6 +11,9 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Parse signature algorithm extension when renegotiating. Previously, + renegotiated handshakes would only accept signatures using SHA-1 + regardless of the peer's preferences, or fail if SHA-1 was disabled. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_srv.c b/library/ssl_srv.c index f137c3dce..37f415dd1 100644 --- a/library/ssl_srv.c +++ b/library/ssl_srv.c @@ -1694,11 +1694,8 @@ read_record_header: #if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED) case MBEDTLS_TLS_EXT_SIG_ALG: - MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); -#if defined(MBEDTLS_SSL_RENEGOTIATION) - if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) - break; -#endif + MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) ); + ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size ); if( ret != 0 ) return( ret ); From b0f148c0ab742acd45b16996b3605eb1a29e07ee Mon Sep 17 00:00:00 2001 From: Janos Follath Date: Thu, 5 Oct 2017 12:29:42 +0100 Subject: [PATCH 409/493] Renegotiation: Add tests for SigAlg ext parsing This commit adds regression tests for the bug when we didn't parse the Signature Algorithm extension when renegotiating. (By nature, this bug affected only the server) The tests check for the fallback hash (SHA1) in the server log to detect that the Signature Algorithm extension hasn't been parsed at least in one of the handshakes. A more direct way of testing is not possible with the current test framework, since the Signature Algorithm extension is parsed in the first handshake and any corresponding debug message is present in the logs. --- tests/ssl-opt.sh | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 7fcca685b..64f26a0cf 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1470,6 +1470,40 @@ run_test "Renegotiation: server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -S "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + +# Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that +# the server did not parse the Signature Algorithm extension. This test is valid only if an MD +# algorithm stronger than SHA-1 is enabled in config.h +run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ + "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ + "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ + 0 \ + -c "client hello, adding renegotiation extension" \ + -s "received TLS_EMPTY_RENEGOTIATION_INFO" \ + -s "found renegotiation extension" \ + -s "server hello, secure renegotiation extension" \ + -c "found renegotiation extension" \ + -c "=> renegotiate" \ + -s "=> renegotiate" \ + -s "write hello request" \ + -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? + run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ From 735b37eeef5f300d458ebe60381e979c8aa2a5ae Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Mon, 21 Nov 2016 15:38:02 +0000 Subject: [PATCH 410/493] Correctly handle leap year in x509_date_is_valid() This patch ensures that invalid dates on leap years with 100 or 400 years intervals are handled correctly. --- ChangeLog | 3 +++ library/x509.c | 14 ++++++++++---- tests/suites/test_suite_x509parse.data | 15 +++++++++++++++ 3 files changed, 28 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index 7a81383f9..ded60d39f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -14,6 +14,9 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix leap year calculation in x509_date_is_valid() to ensure that invalid + dates on leap years with 100 and 400 intervals are handled correctly. Found + by Nicholas Wilson. #694 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/x509.c b/library/x509.c index e94a8a329..371d6da1d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -496,9 +496,10 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res ) return( 0 ); } -static int x509_date_is_valid(const mbedtls_x509_time *t) +static int x509_date_is_valid(const mbedtls_x509_time *t ) { int ret = MBEDTLS_ERR_X509_INVALID_DATE; + int month_len; CHECK_RANGE( 0, 9999, t->year ); CHECK_RANGE( 0, 23, t->hour ); @@ -508,17 +509,22 @@ static int x509_date_is_valid(const mbedtls_x509_time *t) switch( t->mon ) { case 1: case 3: case 5: case 7: case 8: case 10: case 12: - CHECK_RANGE( 1, 31, t->day ); + month_len = 31; break; case 4: case 6: case 9: case 11: - CHECK_RANGE( 1, 30, t->day ); + month_len = 30; break; case 2: - CHECK_RANGE( 1, 28 + (t->year % 4 == 0), t->day ); + if( ( !( t->year % 4 ) && t->year % 100 ) || + !( t->year % 400 ) ) + month_len = 29; + else + month_len = 28; break; default: return( ret ); } + CHECK_RANGE( 1, month_len, t->day ); return( 0 ); } diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index b8c902e23..a49137bb7 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,3 +1670,18 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 +X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 + +X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 + +X509 Get time (Generalized Time year multiple of 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 + +X509 Get time (Generalized Time invalid leap year not multiple of 4, 100 or 400) +depends_on:MBEDTLS_X509_USE_C +x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19910229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 From 60100d09ee03ddf2c4e65ebf79cc4df9716d8bfe Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 6 Oct 2017 17:05:24 +0100 Subject: [PATCH 411/493] Improve leap year test names in x509parse.data --- tests/suites/test_suite_x509parse.data | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index a49137bb7..d4cc11a08 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -1670,15 +1670,15 @@ X509 Get time (UTC invalid character in sec) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0011302359n0Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time invalid leap year multiple of 4 and 100) +X509 Get time (Generalized Time, year multiple of 100 but not 400 is not a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19000229000000Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0 -X509 Get time (Generalized Time year multiple of 4 and not multiple of 100) +X509 Get time (Generalized Time, year multiple of 4 but not 100 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"19920229000000Z":0:1992:2:29:0:0:0 -X509 Get time (Generalized Time year multiple of 400) +X509 Get time (Generalized Time, year multiple of 400 is a leap year) depends_on:MBEDTLS_X509_USE_C x509_get_time:MBEDTLS_ASN1_GENERALIZED_TIME:"20000229000000Z":0:2000:2:29:0:0:0 From 9fb02057a53f86060a0d0843b4214156d7a07dd4 Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Fri, 25 Aug 2017 17:24:44 +0100 Subject: [PATCH 412/493] Fix typo in asn1.h --- include/mbedtls/asn1.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h index 082832c87..e159e57ea 100644 --- a/include/mbedtls/asn1.h +++ b/include/mbedtls/asn1.h @@ -59,7 +59,7 @@ /** * \name DER constants - * These constants comply with DER encoded the ANS1 type tags. + * These constants comply with the DER encoded ASN.1 type tags. * DER encoding uses hexadecimal representation. * An example DER sequence is:\n * - 0x02 -- tag indicating INTEGER From 085c10afdba433ace0bcebf73ebd7277822c9d5e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 29 Sep 2017 15:45:12 +0200 Subject: [PATCH 413/493] Allow comments in test data files --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f..303190ea0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,9 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx +Features + * Allow comments in test data files. + Features * Allow comments in test data files. From 6f63db7ed5cd3ae664273540b0a7d7b6119641b7 Mon Sep 17 00:00:00 2001 From: Simon Butcher Date: Mon, 2 Oct 2017 19:12:54 +0100 Subject: [PATCH 414/493] Fix changelog for ssl_server2.c usage fix --- ChangeLog | 3 --- 1 file changed, 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index 303190ea0..ded60d39f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,9 +2,6 @@ mbed TLS ChangeLog (Sorted per branch, date) = mbed TLS x.x.x branch released xxxx-xx-xx -Features - * Allow comments in test data files. - Features * Allow comments in test data files. From c36aab69b5e392833a3d85f726fc28887e4732a8 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:15:06 +0100 Subject: [PATCH 415/493] Swap D,E parameters in mbedtls_rsa_deduce_primes --- include/mbedtls/rsa_internal.h | 6 +++--- library/rsa.c | 2 +- library/rsa_internal.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 080f09f7a..3b351c916 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -72,8 +72,8 @@ extern "C" { * overwrite it. * * \param N RSA modulus N = PQ, with P, Q to be found - * \param D RSA private exponent * \param E RSA public exponent + * \param D RSA private exponent * \param P Pointer to MPI holding first prime factor of N on success * \param Q Pointer to MPI holding second prime factor of N on success * @@ -87,8 +87,8 @@ extern "C" { * use the helper function \c mbedtls_rsa_validate_params. * */ -int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *D, - mbedtls_mpi const *E, +int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi const *E, + mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q ); /** diff --git a/library/rsa.c b/library/rsa.c index 5366abc22..bf24a09b1 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -274,7 +274,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( pq_missing ) { - ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->D, &ctx->E, + ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, &ctx->P, &ctx->Q ); if( ret != 0 ) return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 3b54fdee7..f65f0dfcf 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -66,7 +66,7 @@ * */ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, - mbedtls_mpi const *D, mbedtls_mpi const *E, + mbedtls_mpi const *E, mbedtls_mpi const *D, mbedtls_mpi *P, mbedtls_mpi *Q ) { int ret = 0; From 4055a3a16f9721da7c530f2bc797b833021dea8a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:15:26 +0100 Subject: [PATCH 416/493] Shorten prime array in mbedtls_rsa_deduce_primes --- library/rsa_internal.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index f65f0dfcf..5e35dbf60 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -79,15 +79,14 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, mbedtls_mpi T; /* Holds largest odd divisor of DE - 1 */ mbedtls_mpi K; /* Temporary holding the current candidate */ - const unsigned int primes[] = { 2, + const unsigned char primes[] = { 2, 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37, 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83, 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139, 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197, 199, 211, 223, 227, - 229, 233, 239, 241, 251, 257, 263, 269, - 271, 277, 281, 283, 293, 307, 311, 313 + 229, 233, 239, 241, 251 }; const size_t num_primes = sizeof( primes ) / sizeof( *primes ); From f8c028a2fbb3b22f759b82606f8ce2d0734efa97 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 09:20:57 +0100 Subject: [PATCH 417/493] Minor corrections --- include/mbedtls/rsa_internal.h | 4 ++-- library/rsa.c | 2 +- library/rsa_internal.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index 3b351c916..e7ddd98a7 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -30,7 +30,7 @@ * * End-users of Mbed TLS not intending to re-implement the RSA functionality * are not expected to get into the need of making use of these functions directly, - * but instead should be able to make do with the implementation of the RSA module. + * but instead should be able to use the functions declared in rsa.h. * * There are two classes of helper functions: * (1) Parameter-generating helpers. These are: @@ -163,7 +163,7 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * if all relevant parameters are provided: * - P prime if f_rng != NULL * - Q prime if f_rng != NULL - * - 1 < N = PQ + * - 1 < N = P * Q * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 * - A non-zero error code otherwise. diff --git a/library/rsa.c b/library/rsa.c index bf24a09b1..793167339 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -210,7 +210,7 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, #endif /* It wouldn't lead to an error if it wasn't satisfied, - * but check for PQ >= 1 nonetheless. */ + * but check for QP >= 1 nonetheless. */ #if !defined(MBEDTLS_RSA_NO_CRT) if( is_priv && mbedtls_mpi_cmp_int( &ctx->QP, 0 ) <= 0 ) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index 5e35dbf60..e28ca50b3 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -370,7 +370,7 @@ int mbedtls_rsa_validate_params( const mbedtls_mpi *N, const mbedtls_mpi *P, #endif /* MBEDTLS_GENPRIME */ /* - * Step 2: Check that 1 < N = PQ + * Step 2: Check that 1 < N = P * Q */ if( P != NULL && Q != NULL && N != NULL ) From 68767a6e88efb74d2afa6ec13f0be2a7bf47ddaf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:13:31 +0100 Subject: [PATCH 418/493] Improve documentation in mbedtls_rsa_check_privkey --- include/mbedtls/rsa.h | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 55209b0dc..dc2319ca6 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -416,13 +416,11 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code. * - * \note This function performs checks substantiating - * the consistency of the key material used to setup - * the RSA context. In case of implementations saving - * all core RSA parameters, this might mean a consistency - * check in the sense of \c mbedtls_rsa_validate_params, - * while other implementations might perform an empirical - * check consisting of an encryption-decryption pair. + * \note The consistency checks performed by this function not only + * ensure that \c mbedtls_rsa_private can be called successfully + * on the given context, but that the various parameters are + * mutually consistent with high probability, in the sense that + * \c mbedtls_rsa_public and \c mbedtls_rsa_private are inverses. * * \warning This function should catch accidental misconfigurations * like swapping of parameters, but it cannot establish full From 554c32dae6532ae3543a23199ab21c476cd06db1 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:21:53 +0100 Subject: [PATCH 419/493] Mention validate_params does primality tests only if GENPRIME def'd --- include/mbedtls/rsa_internal.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa_internal.h b/include/mbedtls/rsa_internal.h index e7ddd98a7..7e6a2ecd9 100644 --- a/include/mbedtls/rsa_internal.h +++ b/include/mbedtls/rsa_internal.h @@ -161,11 +161,12 @@ int mbedtls_rsa_deduce_crt( const mbedtls_mpi *P, const mbedtls_mpi *Q, * \return * - 0 if the following conditions are satisfied * if all relevant parameters are provided: - * - P prime if f_rng != NULL - * - Q prime if f_rng != NULL + * - P prime if f_rng != NULL (%) + * - Q prime if f_rng != NULL (%) * - 1 < N = P * Q * - 1 < D, E < N * - D and E are modular inverses modulo P-1 and Q-1 + * (%) This is only done if MBEDTLS_GENPRIME is defined. * - A non-zero error code otherwise. * * \note The function can be used with a restricted set of arguments From e2a73c13cfe55fc4aa761d03f04fef2e994daa4a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:22:47 +0100 Subject: [PATCH 420/493] Enhancement of ChangeLog entry --- ChangeLog | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/ChangeLog b/ChangeLog index c65e5c5cc..7433dd7c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,9 +13,15 @@ API Changes independent setup and export of RSA contexts. Most notably, mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup RSA + needs of the implementation automatically. This allows to setup private RSA contexts from keys consisting of N,D,E only, even if P,Q are needed for the purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + +New deprecations + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. = mbed TLS x.x.x branch released xxxx-xx-xx @@ -321,7 +327,7 @@ Security * Fix potential integer overflow to buffer overflow in mbedtls_rsa_rsaes_pkcs1_v15_encrypt and mbedtls_rsa_rsaes_oaep_encrypt (not triggerable remotely in (D)TLS). - * Fix a potential integer underflow to buffer overread in + * Fix a potential integer underflow to buffer overread in mbedtls_rsa_rsaes_oaep_decrypt. It is not triggerable remotely in SSL/TLS. @@ -341,7 +347,7 @@ Bugfix * Fix an issue that caused valid certificates to be rejected whenever an expired or not yet valid certificate was parsed before a valid certificate in the trusted certificate list. - * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the + * Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the buffer after DER certificates to be included in the raw representation. * Fix issue that caused a hang when generating RSA keys of odd bitlength * Fix bug in mbedtls_rsa_rsaes_pkcs1_v15_encrypt that made null pointer @@ -1597,7 +1603,7 @@ Security Changes * Allow enabling of dummy error_strerror() to support some use-cases * Debug messages about padding errors during SSL message decryption are - disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL + disabled by default and can be enabled with POLARSSL_SSL_DEBUG_ALL * Sending of security-relevant alert messages that do not break interoperability can be switched on/off with the flag POLARSSL_SSL_ALL_ALERT_MESSAGES @@ -1626,7 +1632,7 @@ Bugfix Changes * Added p_hw_data to ssl_context for context specific hardware acceleration data - * During verify trust-CA is only checked for expiration and CRL presence + * During verify trust-CA is only checked for expiration and CRL presence Bugfixes * Fixed client authentication compatibility @@ -1924,9 +1930,9 @@ Features with random data (Fixed ticket #10) Changes - * Debug print of MPI now removes leading zero octets and + * Debug print of MPI now removes leading zero octets and displays actual bit size of the value. - * x509parse_key() (and as a consequence x509parse_keyfile()) + * x509parse_key() (and as a consequence x509parse_keyfile()) does not zeroize memory in advance anymore. Use rsa_init() before parsing a key or keyfile! @@ -1948,7 +1954,7 @@ Features printing of X509 CRLs from file Changes - * Parsing of PEM files moved to separate module (Fixes + * Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding @@ -2091,7 +2097,7 @@ Bug fixes * Fixed HMAC-MD2 by modifying md2_starts(), so that the required HMAC ipad and opad variables are not cleared. (found by code coverage tests) - * Prevented use of long long in bignum if + * Prevented use of long long in bignum if POLARSSL_HAVE_LONGLONG not defined (found by Giles Bathgate). * Fixed incorrect handling of negative strings in @@ -2132,7 +2138,7 @@ Bug fixes * Made definition of net_htons() endian-clean for big endian systems (Found by Gernot). * Undefining POLARSSL_HAVE_ASM now also handles prevents asm in - padlock and timing code. + padlock and timing code. * Fixed an off-by-one buffer allocation in ssl_set_hostname() responsible for crashes and unwanted behaviour. * Added support for Certificate Revocation List (CRL) parsing. @@ -2306,4 +2312,3 @@ XySSL ChangeLog who maintains the Debian package :-) = Version 0.1 released on 2006-11-01 - From 580869dae8d27198e5c37f7484a73f3f0cdd091b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:29:18 +0100 Subject: [PATCH 421/493] Handle RSA_EXPORT_UNSUPPORTED error code in strerror --- library/error.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/library/error.c b/library/error.c index dd2db0c45..90a38455b 100644 --- a/library/error.c +++ b/library/error.c @@ -331,6 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" ); if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); + if( use_ret == -(MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED) ) + mbedtls_snprintf( buf, buflen, "RSA - The requested parameter export is not possible/allowed" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From fc8fbfa059940da9689caba22cc1a2533d342f23 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 10:31:15 +0100 Subject: [PATCH 422/493] Switch to gender neutral wording in rsa.h --- include/mbedtls/rsa.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index dc2319ca6..da86d16f3 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -430,8 +430,8 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ); * that imported parameters irrelevant for the implementation * might be silently dropped, in which case the present * function doesn't have access to and hence cannot check them. - * If the user desires to check the consistency of the entire - * content of, say, an PKCS1-encoded RSA private key, he + * If you want to check the consistency of the entire + * content of, say, an PKCS1-encoded RSA private key, you * should use \c mbedtls_rsa_validate_params before setting * up the RSA context. * Further, if the implementation performs empirical checks, From b4ff0aafd96b3bf5f94a86a970911ff7ee4822f9 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 11:03:04 +0100 Subject: [PATCH 423/493] Swap branches accepting/refusing renegotiation in in ssl_read --- library/ssl_tls.c | 51 +++++++++++++++++++++++------------------------ 1 file changed, 25 insertions(+), 26 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index de2490ced..2443a8629 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6921,11 +6921,32 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) #endif /* MBEDTLS_SSL_SRV_C */ /* Determine whether renegotiation attempt should be accepted */ + if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || + ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && + ssl->conf->allow_legacy_renegotiation == + MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) ) + { + /* + * Accept renegotiation request + */ - if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || - ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && - ssl->conf->allow_legacy_renegotiation == - MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) + /* DTLS clients need to know renego is server-initiated */ +#if defined(MBEDTLS_SSL_PROTO_DTLS) + if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && + ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) + { + ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; + } +#endif + ret = ssl_start_renegotiation( ssl ); + if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && + ret != 0 ) + { + MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); + return( ret ); + } + } + else { /* * Refuse renegotiation @@ -6963,28 +6984,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) return( MBEDTLS_ERR_SSL_INTERNAL_ERROR ); } } - else - { - /* - * Accept renegotiation request - */ - - /* DTLS clients need to know renego is server-initiated */ -#if defined(MBEDTLS_SSL_PROTO_DTLS) - if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM && - ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT ) - { - ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING; - } -#endif - ret = ssl_start_renegotiation( ssl ); - if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO && - ret != 0 ) - { - MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret ); - return( ret ); - } - } return( MBEDTLS_ERR_SSL_WANT_READ ); } From 21df7f90d225ca717b9a558260053a712dbc8957 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 17 Oct 2017 11:03:26 +0100 Subject: [PATCH 424/493] Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake messages in `mbedtls_ssl_read` (expecting application data) lead to the connection being closed. This commit fixes this, restricting the `MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting renegotiation requests and aborting renegotiation attempts after too many unexpected records have been received. --- library/ssl_tls.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 2443a8629..89eba056c 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -6878,7 +6878,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } -#if defined(MBEDTLS_SSL_RENEGOTIATION) if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE ) { MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) ); @@ -6920,6 +6919,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } #endif /* MBEDTLS_SSL_SRV_C */ +#if defined(MBEDTLS_SSL_RENEGOTIATION) /* Determine whether renegotiation attempt should be accepted */ if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED || ( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION && @@ -6947,6 +6947,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) } } else +#endif /* MBEDTLS_SSL_RENEGOTIATION */ { /* * Refuse renegotiation @@ -6987,6 +6988,7 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len ) return( MBEDTLS_ERR_SSL_WANT_READ ); } +#if defined(MBEDTLS_SSL_RENEGOTIATION) else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING ) { if( ssl->conf->renego_max_records >= 0 ) From 6851b10ec779772472f50415682abf635251c260 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 14:57:48 +0100 Subject: [PATCH 425/493] Note that disabling SSL_RENEGO doesn't open door for renego attack --- include/mbedtls/config.h | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 47c719640..69e997f85 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -1155,6 +1155,13 @@ * misuse/misunderstand. * * Comment this to disable support for renegotiation. + * + * \note Even if this option is disabled, both client and server are aware + * of the Renegotiation Indication Extension (RFC 5746) used to + * prevent the SSL renegotiation attack (see RFC 5746 Sect. 1). + * (See \c mbedtls_ssl_conf_legacy_renegotiation for the + * configuration of this extension). + * */ #define MBEDTLS_SSL_RENEGOTIATION From 40f8b512210f542e3fd3c34c9c95addba039d6b7 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 14:58:55 +0100 Subject: [PATCH 426/493] Add comments on the use of the renego SCSV and the renego ext --- library/ssl_cli.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/library/ssl_cli.c b/library/ssl_cli.c index 544c8cf5c..335379fe2 100644 --- a/library/ssl_cli.c +++ b/library/ssl_cli.c @@ -134,6 +134,9 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl, *olen = 0; + /* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the + * initial ClientHello, in which case also adding the renegotiation + * info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */ if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS ) return; @@ -971,6 +974,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl ) ext_len += olen; #endif + /* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added + * even if MBEDTLS_SSL_RENEGOTIATION is not defined. */ #if defined(MBEDTLS_SSL_RENEGOTIATION) ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen ); ext_len += olen; From 6a2436493f2f78c7b9af01fa4c5e96f0b215c47b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:18:45 +0100 Subject: [PATCH 427/493] Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh --- tests/ssl-opt.sh | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 64f26a0cf..6c336045d 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1431,6 +1431,7 @@ run_test "Max fragment length: DTLS client, larger message" \ # Tests for renegotiation +# Renegotiation SCSV always added, regardless of SSL_RENEGOTIATION run_test "Renegotiation: none, for reference" \ "$P_SRV debug_level=3 exchanges=2 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2" \ @@ -1444,6 +1445,7 @@ run_test "Renegotiation: none, for reference" \ -S "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1457,6 +1459,7 @@ run_test "Renegotiation: client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1473,6 +1476,7 @@ run_test "Renegotiation: server-initiated" \ # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in config.h +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1490,6 +1494,7 @@ run_test "Renegotiation: Signature Algorithms parsing, client-initiated" \ # Checks that no Signature Algorithm with SHA-1 gets negotiated. Negotiating SHA-1 would mean that # the server did not parse the Signature Algorithm extension. This test is valid only if an MD # algorithm stronger than SHA-1 is enabled in config.h +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1504,6 +1509,7 @@ run_test "Renegotiation: Signature Algorithms parsing, server-initiated" \ -s "write hello request" \ -S "client hello v3, signature_algorithm ext: 2" # Is SHA-1 negotiated? +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: double" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 auth_mode=optional renegotiate=1" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1517,6 +1523,7 @@ run_test "Renegotiation: double" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: client-initiated, server-rejected" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=0 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1532,6 +1539,7 @@ run_test "Renegotiation: client-initiated, server-rejected" \ -c "SSL - Unexpected message at ServerHello in renegotiation" \ -c "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, default" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=0" \ @@ -1547,6 +1555,7 @@ run_test "Renegotiation: server-initiated, client-rejected, default" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=-1 auth_mode=optional" \ @@ -1564,6 +1573,7 @@ run_test "Renegotiation: server-initiated, client-rejected, not enforced" \ -S "failed" # delay 2 for 1 alert record + 1 application data record +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=2 auth_mode=optional" \ @@ -1580,6 +1590,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 2" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -1595,6 +1606,7 @@ run_test "Renegotiation: server-initiated, client-rejected, delay 0" \ -s "write hello request" \ -s "SSL - An unexpected message was received from our peer" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ "$P_SRV debug_level=3 exchanges=2 renegotiation=1 renegotiate=1 \ renego_delay=0 auth_mode=optional" \ @@ -1611,6 +1623,7 @@ run_test "Renegotiation: server-initiated, client-accepted, delay 0" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, just below period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=2 renegotiation=1" \ @@ -1628,6 +1641,7 @@ run_test "Renegotiation: periodic, just below period" \ -S "failed" # one extra exchange to be able to complete renego +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, just above period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -1644,6 +1658,7 @@ run_test "Renegotiation: periodic, just above period" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, two times period" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=1 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=7 renegotiation=1" \ @@ -1660,6 +1675,7 @@ run_test "Renegotiation: periodic, two times period" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: periodic, above period, disabled" \ "$P_SRV debug_level=3 exchanges=9 renegotiation=0 renego_period=3 auth_mode=optional" \ "$P_CLI debug_level=3 exchanges=4 renegotiation=1" \ @@ -1676,6 +1692,7 @@ run_test "Renegotiation: periodic, above period, disabled" \ -S "SSL - An unexpected message was received from our peer" \ -S "failed" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: nbio, client-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1689,6 +1706,7 @@ run_test "Renegotiation: nbio, client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: nbio, server-initiated" \ "$P_SRV debug_level=3 nbio=2 exchanges=2 renegotiation=1 renegotiate=1 auth_mode=optional" \ "$P_CLI debug_level=3 nbio=2 exchanges=2 renegotiation=1" \ @@ -1702,6 +1720,7 @@ run_test "Renegotiation: nbio, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: openssl server, client-initiated" \ "$O_SRV -www" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1714,6 +1733,7 @@ run_test "Renegotiation: openssl server, client-initiated" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server strict, client-initiated" \ "$G_SRV --priority=NORMAL:%SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1726,6 +1746,7 @@ run_test "Renegotiation: gnutls server strict, client-initiated" \ -c "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -1738,6 +1759,7 @@ run_test "Renegotiation: gnutls server unsafe, client-initiated default" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -1751,6 +1773,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated no legacy" \ -C "HTTP/1.0 200 [Oo][Kk]" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ "$G_SRV --priority=NORMAL:%DISABLE_SAFE_RENEGOTIATION" \ "$P_CLI debug_level=3 exchanges=1 renegotiation=1 renegotiate=1 \ @@ -1763,6 +1786,7 @@ run_test "Renegotiation: gnutls server unsafe, client-inititated legacy" \ -C "error" \ -c "HTTP/1.0 200 [Oo][Kk]" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, client-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ @@ -1776,6 +1800,7 @@ run_test "Renegotiation: DTLS, client-initiated" \ -s "=> renegotiate" \ -S "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, server-initiated" \ "$P_SRV debug_level=3 dtls=1 exchanges=2 renegotiation=1 renegotiate=1" \ "$P_CLI debug_level=3 dtls=1 exchanges=2 renegotiation=1 \ @@ -1790,6 +1815,7 @@ run_test "Renegotiation: DTLS, server-initiated" \ -s "=> renegotiate" \ -s "write hello request" +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, renego_period overflow" \ "$P_SRV debug_level=3 dtls=1 exchanges=4 renegotiation=1 renego_period=18446462598732840962 auth_mode=optional" \ "$P_CLI debug_level=3 dtls=1 exchanges=4 renegotiation=1" \ @@ -1801,9 +1827,10 @@ run_test "Renegotiation: DTLS, renego_period overflow" \ -s "record counter limit reached: renegotiate" \ -c "=> renegotiate" \ -s "=> renegotiate" \ - -s "write hello request" \ + -s "write hello request" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "Renegotiation: DTLS, gnutls server, client-initiated" \ "$G_SRV -u --mtu 4096" \ "$P_CLI debug_level=3 dtls=1 exchanges=1 renegotiation=1 renegotiate=1" \ @@ -3696,6 +3723,7 @@ run_test "DTLS reassembly: more fragmentation, nbio (gnutls server)" \ -C "error" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 dtls=1 renegotiation=1 renegotiate=1" \ @@ -3709,6 +3737,7 @@ run_test "DTLS reassembly: fragmentation, renego (gnutls server)" \ -s "Extra-header:" requires_gnutls +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS reassembly: fragmentation, nbio, renego (gnutls server)" \ "$G_SRV -u --mtu 256" \ "$P_CLI debug_level=3 nbio=2 dtls=1 renegotiation=1 renegotiate=1" \ @@ -3953,6 +3982,7 @@ run_test "DTLS proxy: 3d, min handshake, resumption, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3967,6 +3997,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3981,6 +4012,7 @@ run_test "DTLS proxy: 3d, min handshake, client-initiated renego, nbio" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ @@ -3996,6 +4028,7 @@ run_test "DTLS proxy: 3d, min handshake, server-initiated renego" \ -c "HTTP/1.0 200 OK" client_needs_more_time 4 +requires_config_enabled MBEDTLS_SSL_RENEGOTIATION run_test "DTLS proxy: 3d, min handshake, server-initiated renego, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ "$P_SRV dtls=1 hs_timeout=250-10000 tickets=0 auth_mode=none \ From 134c2ab891d35f8a27e71f4773ca97902fd0dbb0 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:29:50 +0100 Subject: [PATCH 428/493] Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh --- tests/scripts/all.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index d9c5bbfa4..c768bdd16 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -326,6 +326,19 @@ OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min tests/ssl-opt.sh +msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make + +msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s +make test + +msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min +tests/ssl-opt.sh + msg "build: cmake, full config, clang, C99" # ~ 50s cleanup cp "$CONFIG_H" "$CONFIG_BAK" From 479e8e24e615f3002d13f08bc9da35f567be0e3a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 12 Oct 2017 15:39:45 +0100 Subject: [PATCH 429/493] Adapt ChangeLog --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index c4e3998d0..ef2078824 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix handling of handshake messages in mbedtls_ssl_read in case + MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp. = mbed TLS 2.6.0 branch released 2017-08-10 From e1a9a4a82651ff43cf2cea7bc95867c590a99716 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 17 Oct 2017 18:15:41 +0300 Subject: [PATCH 430/493] Fix crash when calling `mbedtls_ssl_cache_free` twice Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104 --- ChangeLog | 2 ++ library/ssl_cache.c | 7 +++++++ 2 files changed, 9 insertions(+) diff --git a/ChangeLog b/ChangeLog index c4e3998d0..44c2f78eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,8 @@ Bugfix * Parse signature algorithm extension when renegotiating. Previously, renegotiated handshakes would only accept signatures using SHA-1 regardless of the peer's preferences, or fail if SHA-1 was disabled. + * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by + MilenkoMitrovic, #1104 = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/ssl_cache.c b/library/ssl_cache.c index c771d7fe2..d34bc3d63 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -43,6 +43,11 @@ #include +/* Implementation that should never be optimized out by the compiler */ +static void mbedtls_zeroize( void *v, size_t n ) { + volatile unsigned char *p = v; while( n-- ) *p++ = 0; +} + void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); @@ -321,6 +326,8 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &cache->mutex ); #endif + + mbedtls_zeroize( cache, sizeof(mbedtls_ssl_cache_context) ); } #endif /* MBEDTLS_SSL_CACHE_C */ From 005939db984168406d8fed04874379677cdd630f Mon Sep 17 00:00:00 2001 From: RonEld Date: Tue, 17 Oct 2017 20:19:48 +0300 Subject: [PATCH 431/493] update README file (#1144) * update README file update VS 2010 as the minimal version of required Visual Studio * Rephrase the MS VS requirement Rephrase the VS version sentence --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5ffd2ae56..75639e930 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ There are currently four active build systems used within mbed TLS releases: - yotta - GNU Make - CMake -- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010) +- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later) The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically. From 9cfabe3597d1fadf5ed7791973d1490c98719157 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 18 Oct 2017 14:42:01 +0100 Subject: [PATCH 432/493] Use a conservative excess of the maximum fragment length in tests This leads to graceful test failure instead of crash when run on the previous code. --- tests/ssl-opt.sh | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 4865043b2..d4096e744 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -1322,7 +1322,7 @@ run_test "Max fragment length: enabled, default" \ requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: enabled, default, larger message" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 request_size=20000" \ + "$P_CLI debug_level=3 request_size=16385" \ 0 \ -c "Maximum fragment length is 16384" \ -s "Maximum fragment length is 16384" \ @@ -1330,14 +1330,14 @@ run_test "Max fragment length: enabled, default, larger message" \ -S "found max fragment length extension" \ -S "server hello, max_fragment_length extension" \ -C "found max_fragment_length extension" \ - -c "20000 bytes written in 2 fragments" \ + -c "16385 bytes written in 2 fragments" \ -s "16384 bytes read" \ - -s "3616 bytes read" + -s "1 bytes read" requires_config_enabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length, DTLS: enabled, default, larger message" \ "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + "$P_CLI debug_level=3 dtls=1 request_size=16385" \ 1 \ -c "Maximum fragment length is 16384" \ -s "Maximum fragment length is 16384" \ @@ -1350,18 +1350,18 @@ run_test "Max fragment length, DTLS: enabled, default, larger message" \ requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length: disabled, larger message" \ "$P_SRV debug_level=3" \ - "$P_CLI debug_level=3 request_size=20000" \ + "$P_CLI debug_level=3 request_size=16385" \ 0 \ -C "Maximum fragment length is 16384" \ -S "Maximum fragment length is 16384" \ - -c "20000 bytes written in 2 fragments" \ + -c "16385 bytes written in 2 fragments" \ -s "16384 bytes read" \ - -s "3616 bytes read" + -s "1 bytes read" requires_config_disabled MBEDTLS_SSL_MAX_FRAGMENT_LENGTH run_test "Max fragment length DTLS: disabled, larger message" \ "$P_SRV debug_level=3 dtls=1" \ - "$P_CLI debug_level=3 dtls=1 request_size=20000" \ + "$P_CLI debug_level=3 dtls=1 request_size=16385" \ 1 \ -C "Maximum fragment length is 16384" \ -S "Maximum fragment length is 16384" \ From 3319555b7cbdd0ee2eeef3983bd0c28251e3f1cf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 25 Oct 2017 17:04:10 +0100 Subject: [PATCH 433/493] Improve documentation of mbedtls_rsa_import[_raw] --- include/mbedtls/rsa.h | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index da86d16f3..5e7fdca6b 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -171,6 +171,10 @@ void mbedtls_rsa_init( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note See the documentation of \c mbedtls_rsa_complete for more + * information on which parameters are necessary to setup + * a private or public RSA key. + * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * @@ -204,6 +208,10 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, * and complete the provided information to a ready-for-use * public or private RSA key. * + * \note See the documentation of \c mbedtls_rsa_complete for more + * information on which parameters are necessary to setup + * a private or public RSA key. + * * \note The imported parameters are copied and need not be preserved * for the lifetime of the RSA context being set up. * From 22360825ae64374fb897d366c39f6704a56441b4 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Sun, 29 Oct 2017 17:53:52 +0200 Subject: [PATCH 434/493] Address PR review comments set `cache->chain` to NULL, instead of setting the whole structure to zero. --- library/ssl_cache.c | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/library/ssl_cache.c b/library/ssl_cache.c index d34bc3d63..47867f132 100644 --- a/library/ssl_cache.c +++ b/library/ssl_cache.c @@ -43,11 +43,6 @@ #include -/* Implementation that should never be optimized out by the compiler */ -static void mbedtls_zeroize( void *v, size_t n ) { - volatile unsigned char *p = v; while( n-- ) *p++ = 0; -} - void mbedtls_ssl_cache_init( mbedtls_ssl_cache_context *cache ) { memset( cache, 0, sizeof( mbedtls_ssl_cache_context ) ); @@ -326,8 +321,7 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache ) #if defined(MBEDTLS_THREADING_C) mbedtls_mutex_free( &cache->mutex ); #endif - - mbedtls_zeroize( cache, sizeof(mbedtls_ssl_cache_context) ); + cache->chain = NULL; } #endif /* MBEDTLS_SSL_CACHE_C */ From c7acb913ce1ccd2fa6c10b9b113735cc4995772b Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 30 Oct 2017 17:03:57 +0200 Subject: [PATCH 435/493] Change Arm Trademarks Change the Arm Trademarks according to updated Trademarks --- README.md | 38 +++++++++++++++++++------------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 5ffd2ae56..378db1dd3 100644 --- a/README.md +++ b/README.md @@ -1,17 +1,17 @@ -README for mbed TLS +README for Mbed TLS =================== Configuration ------------- -mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). +Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions). Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below). Compiling --------- -There are currently four active build systems used within mbed TLS releases: +There are currently four active build systems used within Mbed TLS releases: - yotta - GNU Make @@ -23,15 +23,15 @@ The main systems used for development are CMake and GNU Make. Those systems are Yotta, as a build system, is slightly different from the other build systems: - it provides a minimalistic configuration file by default -- depending on the yotta target, features of mbed OS may be used in examples and tests +- depending on the yotta target, features of Mbed OS may be used in examples and tests The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls. ### Yotta -[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). +[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing). -Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with: +Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with: yotta install mbedtls @@ -39,18 +39,18 @@ and build it with: yotta build -If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: +If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running: yotta/create-module.sh -This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: +This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual: cd yotta/module yotta build In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/). -For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). +For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md). ### Make @@ -78,9 +78,9 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`. -Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. +Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue. -In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb). +In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb). ### CMake @@ -143,7 +143,7 @@ We've included example programs for a lot of different features and uses in `pro Tests ----- -mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. +Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function. For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available: @@ -158,14 +158,14 @@ Configurations We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt` -Porting mbed TLS +Porting Mbed TLS ---------------- -mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful: +Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful: -- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) -- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) -- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) +- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS) +- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on) +- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls) Contributing ------------ @@ -176,12 +176,12 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. ### Making a Contribution 1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug. -2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. +2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis. 3. Write a test which shows that the bug was fixed or that the feature works as expected. 4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :) From 9d22619a13493e335bac7f6c0cf25e42aaffab36 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Mon, 30 Oct 2017 18:39:47 +0200 Subject: [PATCH 436/493] Change Arm Trademarks to the issue template Change the Trademarks to the issue template document --- .github/issue_template.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/issue_template.md b/.github/issue_template.md index 33f68fba1..5e9d83d4f 100644 --- a/.github/issue_template.md +++ b/.github/issue_template.md @@ -8,7 +8,7 @@ Note: This is just a template, so feel free to use/remove the unnecessary things ## Bug **OS** -mbed-OS|linux|windows| +Mbed OS|linux|windows| **mbed TLS build:** Version: x.x.x or git commit id @@ -38,4 +38,4 @@ Version: ## Question -**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)** +**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)** From 2ac96620f35b4e0592272b40adf0da65f3772875 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 1 Nov 2017 14:19:50 +0200 Subject: [PATCH 437/493] change URL Change URL from developer.mbed.org to os.mbed.com --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 378db1dd3..788c77853 100644 --- a/README.md +++ b/README.md @@ -176,7 +176,7 @@ We gratefully accept bug reports and contributions from the community. There are - We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission. - As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted. -To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. +To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given. ### Making a Contribution From c64a48bec792634ee299f50f059f6d42d435e9d1 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 17 Nov 2017 17:09:17 +0000 Subject: [PATCH 438/493] Add checks for private parameter in mbedtls_ecdsa_sign() --- library/ecdsa.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/library/ecdsa.c b/library/ecdsa.c index 4156f3c3c..8892317bf 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -81,6 +81,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s, if( grp->N.p == NULL ) return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA ); + /* Make sure d is in range 1..n-1 */ + if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 ) + return( MBEDTLS_ERR_ECP_INVALID_KEY ); + mbedtls_ecp_point_init( &R ); mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t ); From f5bcbede92348364addf91b81be9a34585df42ef Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Fri, 17 Nov 2017 17:09:31 +0000 Subject: [PATCH 439/493] Add tests for invalid private parameters in mbedtls_ecdsa_sign() --- tests/suites/test_suite_ecdsa.data | 45 ++++++++++++++++++++++++-- tests/suites/test_suite_ecdsa.function | 13 +++++--- 2 files changed, 50 insertions(+), 8 deletions(-) diff --git a/tests/suites/test_suite_ecdsa.data b/tests/suites/test_suite_ecdsa.data index d9640765e..19c51d35b 100644 --- a/tests/suites/test_suite_ecdsa.data +++ b/tests/suites/test_suite_ecdsa.data @@ -20,15 +20,15 @@ ecdsa_prim_random:MBEDTLS_ECP_DP_SECP521R1 ECDSA primitive rfc 4754 p256 depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":0 ECDSA primitive rfc 4754 p384 depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":0 ECDSA primitive rfc 4754 p521 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED -ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660" +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA1":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":0 ECDSA write-read random #1 depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED @@ -250,3 +250,42 @@ ECDSA deterministic test vector rfc 6979 p521 mbedtls_sha512 depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED:MBEDTLS_SHA512_C ecdsa_det_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75CAA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83538":MBEDTLS_MD_SHA512:"test":"13E99020ABF5CEE7525D16B69B229652AB6BDF2AFFCAEF38773B4B7D08725F10CDB93482FDCC54EDCEE91ECA4166B2A7C6265EF0CE2BD7051B7CEF945BABD47EE6D":"1FBD0013C674AA79CB39849527916CE301C66EA7CE8B80682786AD60F98F7E78A19CA69EFF5C57400E3B3A0AD66CE0978214D13BAF4E9AC60752F7B155E2DE4DCE3" +ECDSA zero private parameter p192 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B15":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9C":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p192 +depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP192R1:"6FAB034934E4C0FC9AE67F5B5659A9D7D1FEFD187EE09FD41":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B15":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61":"98C6BD12B23EAF5E2A2045132086BE3EB8EBD62ABF6698FF":"57A22B07DEA9530F8DE9471B1DC6624472E8E2844BC25B64":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D5":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p224 +depends_on:MBEDTLS_ECP_DP_SECP224R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP224R1:"F220266E1105BFE3083E03EC7A3A654651F45E37167E88600BF257C11":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D5":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"22226F9D40A96E19C4A301CE5B74B115303C0F3A4FD30FC257FB57AC":"66D1CDD83E3AF75605DD6E2FEFF196D30AA7ED7A2EDF7AF475403D69":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p256 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"0":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p256 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP256R1:"DC51D3866A15BACDE33D96F992FCA99DA7E6EF0934E7097559C27F1614C88A7F1":"2442A5CC0ECD015FA3CA31DC8E2BBC70BF42D60CBCA20085E0822CB04235E970":"6FC98BD7E50211A4A27102FA3549DF79EBCB4BF246B80945CDDFE7D509BBFD7D":"9E56F509196784D963D1C0A401510EE7ADA3DCC5DEE04B154BF61AF1D5A6DECE":"BA7816BF8F01CFEA414140DE5DAE2223B00361A396177A9CB410FF61F20015AD":"CB28E0999B9C7715FD0A80D8E47A77079716CBBF917DD72E97566EA1C066957C":"86FA3BB4E26CAD5BF90B7F81899256CE7594BB1EA0C89212748BFF3B3D5B0315":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"0":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p384 +depends_on:MBEDTLS_ECP_DP_SECP384R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP384R1:"10BEB646634BA87735D77AE4809A0EBEA865535DE4C1E1DCB692E84708E81A5AF62E528C38B2A81B35309668D73524D9F":"96281BF8DD5E0525CA049C048D345D3082968D10FEDF5C5ACA0C64E6465A97EA5CE10C9DFEC21797415710721F437922":"447688BA94708EB6E2E4D59F6AB6D7EDFF9301D249FE49C33096655F5D502FAD3D383B91C5E7EDAA2B714CC99D5743CA":"B4B74E44D71A13D568003D7489908D564C7761E229C58CBFA18950096EB7463B854D7FA992F934D927376285E63414FA":"CB00753F45A35E8BB5A03D699AC65007272C32AB0EDED1631A8B605A43FF5BED8086072BA1E7CC2358BAECA134C825A7":"FB017B914E29149432D8BAC29A514640B46F53DDAB2C69948084E2930F1C8F7E08E07C9C63F2D21A07DCB56A6AF56EB3":"B263A1305E057F984D38726A1B46874109F417BCA112674C528262A40A629AF1CBB9F516CE0FA7D2FF630863A00E8B9F":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA zero private parameter p521 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":MBEDTLS_ERR_ECP_INVALID_KEY + +ECDSA private parameter greater than n p521 +depends_on:MBEDTLS_ECP_DP_SECP521R1_ENABLED +ecdsa_prim_test_vectors:MBEDTLS_ECP_DP_SECP521R1:"0065FDA3409451DCAB0A0EAD45495112A3D813C17BFD34BDF8C1209D7DF5849120597779060A7FF9D704ADF78B570FFAD6F062E95C7E0C5D5481C5B153B48B375FA11":"0151518F1AF0F563517EDD5485190DF95A4BF57B5CBA4CF2A9A3F6474725A35F7AFE0A6DDEB8BEDBCD6A197E592D40188901CECD650699C9B5E456AEA5ADD19052A8":"006F3B142EA1BFFF7E2837AD44C9E4FF6D2D34C73184BBAD90026DD5E6E85317D9DF45CAD7803C6C20035B2F3FF63AFF4E1BA64D1C077577DA3F4286C58F0AEAE643":"00C1C2B305419F5A41344D7E4359933D734096F556197A9B244342B8B62F46F9373778F9DE6B6497B1EF825FF24F42F9B4A4BD7382CFC3378A540B1B7F0C1B956C2F":"DDAF35A193617ABACC417349AE20413112E6FA4E89A97EA20A9EEEE64B55D39A2192992A274FC1A836BA3C23A3FEEBBD454D4423643CE80E2A9AC94FA54CA49F":"0154FD3836AF92D0DCA57DD5341D3053988534FDE8318FC6AAAAB68E2E6F4339B19F2F281A7E0B22C269D93CF8794A9278880ED7DBB8D9362CAEACEE544320552251":"017705A7030290D1CEB605A9A1BB03FF9CDD521E87A696EC926C8C10C8362DF4975367101F67D1CF9BCCBF2F3D239534FA509E70AAC851AE01AAC68D62F866472660":MBEDTLS_ERR_ECP_INVALID_KEY diff --git a/tests/suites/test_suite_ecdsa.function b/tests/suites/test_suite_ecdsa.function index 88e07a9e6..b73095388 100644 --- a/tests/suites/test_suite_ecdsa.function +++ b/tests/suites/test_suite_ecdsa.function @@ -42,7 +42,7 @@ exit: /* BEGIN_CASE */ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, char *k_str, char *hash_str, char *r_str, - char *s_str ) + char *s_str, int result ) { mbedtls_ecp_group grp; mbedtls_ecp_point Q; @@ -80,12 +80,15 @@ void ecdsa_prim_test_vectors( int id, char *d_str, char *xQ_str, char *yQ_str, } TEST_ASSERT( mbedtls_ecdsa_sign( &grp, &r, &s, &d, hash, hlen, - rnd_buffer_rand, &rnd_info ) == 0 ); + rnd_buffer_rand, &rnd_info ) == result ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); - TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); + if ( result == 0) + { + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &r, &r_check ) == 0 ); + TEST_ASSERT( mbedtls_mpi_cmp_mpi( &s, &s_check ) == 0 ); - TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + TEST_ASSERT( mbedtls_ecdsa_verify( &grp, hash, hlen, &Q, &r_check, &s_check ) == 0 ); + } exit: mbedtls_ecp_group_free( &grp ); From 36ba8b683a5795675a3de94c6bb811fa38e4bad5 Mon Sep 17 00:00:00 2001 From: Darryl Green Date: Tue, 21 Nov 2017 09:55:33 +0000 Subject: [PATCH 440/493] Add changelog for mbedtls_ecdsa_sign fix --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index ded60d39f..f350f5940 100644 --- a/ChangeLog +++ b/ChangeLog @@ -17,6 +17,8 @@ Bugfix * Fix leap year calculation in x509_date_is_valid() to ensure that invalid dates on leap years with 100 and 400 intervals are handled correctly. Found by Nicholas Wilson. #694 + * Add a check for invalid private parameters in mbedtls_ecdsa_sign. + Reported by Yolan Romailler. = mbed TLS 2.6.0 branch released 2017-08-10 From a0748019f1e56c6e19b8156f62cd08fbd7960aa8 Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Tue, 28 Nov 2017 16:48:51 +0200 Subject: [PATCH 441/493] Change KB to kB Change KB to kB, as this is the proper way to write kilo bytes --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index d88bc57ee..6b70b58e3 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 8397f5e4a..92d90122d 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 KB/s, 32 cycles/byte - SHA-256 : 1957 KB/s, 59 cycles/byte - SHA-512 : 587 KB/s, 200 cycles/byte - AES-CBC-128 : 1359 KB/s, 86 cycles/byte - AES-CBC-192 : 1183 KB/s, 99 cycles/byte - AES-CBC-256 : 1048 KB/s, 111 cycles/byte - AES-GCM-128 : 421 KB/s, 279 cycles/byte - AES-GCM-192 : 403 KB/s, 292 cycles/byte - AES-GCM-256 : 385 KB/s, 305 cycles/byte - AES-CCM-128 : 542 KB/s, 216 cycles/byte - AES-CCM-192 : 484 KB/s, 242 cycles/byte - AES-CCM-256 : 437 KB/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 KB/s, 117 cycles/byte - CTR_DRBG (PR) : 705 KB/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 KB/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 KB/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 KB/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 KB/s, 637 cycles/byte + SHA-1 : 3644 kB/s, 32 cycles/byte + SHA-256 : 1957 kB/s, 59 cycles/byte + SHA-512 : 587 kB/s, 200 cycles/byte + AES-CBC-128 : 1359 kB/s, 86 cycles/byte + AES-CBC-192 : 1183 kB/s, 99 cycles/byte + AES-CBC-256 : 1048 kB/s, 111 cycles/byte + AES-GCM-128 : 421 kB/s, 279 cycles/byte + AES-GCM-192 : 403 kB/s, 292 cycles/byte + AES-GCM-256 : 385 kB/s, 305 cycles/byte + AES-CCM-128 : 542 kB/s, 216 cycles/byte + AES-CCM-192 : 484 kB/s, 242 cycles/byte + AES-CCM-256 : 437 kB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 kB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 kB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 kB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 kB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 kB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 kB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index 36cfc0e27..44e66d9bc 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu KB/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From d742b748388e550e2f5ba3f03c6aa10fc3a7dc6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 28 Nov 2017 17:40:56 +0100 Subject: [PATCH 442/493] Add ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 40b4fae44..a65b7ae87 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,7 @@ Bugfix Found by redplait #590 * Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random. Reported and fix suggested by guidovranken in #740 + * Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024 Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() From 0728d69d6d1a096d77d95824cabedfb1b86a9bfa Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Wed, 29 Nov 2017 12:08:35 +0200 Subject: [PATCH 443/493] Change kB to KiB Change the style of the units to KiB, according to https://docs.mbed.com/docs/writing-and-publishing-guides/en/latest/units/ --- programs/test/benchmark.c | 2 +- yotta/data/example-benchmark/README.md | 36 +++++++++++++------------- yotta/data/example-benchmark/main.cpp | 2 +- 3 files changed, 20 insertions(+), 20 deletions(-) diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c index 6b70b58e3..a2677af7b 100644 --- a/programs/test/benchmark.c +++ b/programs/test/benchmark.c @@ -126,7 +126,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\n", \ + mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\n", \ ii * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \ } while( 0 ) diff --git a/yotta/data/example-benchmark/README.md b/yotta/data/example-benchmark/README.md index 92d90122d..3b66916e5 100644 --- a/yotta/data/example-benchmark/README.md +++ b/yotta/data/example-benchmark/README.md @@ -56,24 +56,24 @@ To build and run this example you must have: {{start}} - SHA-1 : 3644 kB/s, 32 cycles/byte - SHA-256 : 1957 kB/s, 59 cycles/byte - SHA-512 : 587 kB/s, 200 cycles/byte - AES-CBC-128 : 1359 kB/s, 86 cycles/byte - AES-CBC-192 : 1183 kB/s, 99 cycles/byte - AES-CBC-256 : 1048 kB/s, 111 cycles/byte - AES-GCM-128 : 421 kB/s, 279 cycles/byte - AES-GCM-192 : 403 kB/s, 292 cycles/byte - AES-GCM-256 : 385 kB/s, 305 cycles/byte - AES-CCM-128 : 542 kB/s, 216 cycles/byte - AES-CCM-192 : 484 kB/s, 242 cycles/byte - AES-CCM-256 : 437 kB/s, 268 cycles/byte - CTR_DRBG (NOPR) : 1002 kB/s, 117 cycles/byte - CTR_DRBG (PR) : 705 kB/s, 166 cycles/byte - HMAC_DRBG SHA-1 (NOPR) : 228 kB/s, 517 cycles/byte - HMAC_DRBG SHA-1 (PR) : 210 kB/s, 561 cycles/byte - HMAC_DRBG SHA-256 (NOPR) : 212 kB/s, 557 cycles/byte - HMAC_DRBG SHA-256 (PR) : 185 kB/s, 637 cycles/byte + SHA-1 : 3644 KiB/s, 32 cycles/byte + SHA-256 : 1957 KiB/s, 59 cycles/byte + SHA-512 : 587 KiB/s, 200 cycles/byte + AES-CBC-128 : 1359 KiB/s, 86 cycles/byte + AES-CBC-192 : 1183 KiB/s, 99 cycles/byte + AES-CBC-256 : 1048 KiB/s, 111 cycles/byte + AES-GCM-128 : 421 KiB/s, 279 cycles/byte + AES-GCM-192 : 403 KiB/s, 292 cycles/byte + AES-GCM-256 : 385 KiB/s, 305 cycles/byte + AES-CCM-128 : 542 KiB/s, 216 cycles/byte + AES-CCM-192 : 484 KiB/s, 242 cycles/byte + AES-CCM-256 : 437 KiB/s, 268 cycles/byte + CTR_DRBG (NOPR) : 1002 KiB/s, 117 cycles/byte + CTR_DRBG (PR) : 705 KiB/s, 166 cycles/byte + HMAC_DRBG SHA-1 (NOPR) : 228 KiB/s, 517 cycles/byte + HMAC_DRBG SHA-1 (PR) : 210 KiB/s, 561 cycles/byte + HMAC_DRBG SHA-256 (NOPR) : 212 KiB/s, 557 cycles/byte + HMAC_DRBG SHA-256 (PR) : 185 KiB/s, 637 cycles/byte RSA-2048 : 41 ms/ public RSA-2048 : 1349 ms/private RSA-4096 : 134 ms/ public diff --git a/yotta/data/example-benchmark/main.cpp b/yotta/data/example-benchmark/main.cpp index 44e66d9bc..d13cde550 100644 --- a/yotta/data/example-benchmark/main.cpp +++ b/yotta/data/example-benchmark/main.cpp @@ -229,7 +229,7 @@ do { \ CODE; \ } \ \ - mbedtls_printf( "%9lu kB/s, %9lu cycles/byte\r\n", \ + mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\r\n", \ i * BUFSIZE / 1024, \ ( mbedtls_timing_hardclock() - tsc ) / ( j * BUFSIZE ) ); \ } while( 0 ) From c5380649d94e69764e261548087e365262cf4e2e Mon Sep 17 00:00:00 2001 From: Andres Amaya Garcia Date: Tue, 28 Nov 2017 19:57:51 +0000 Subject: [PATCH 444/493] Change value of MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE Change the value of the error MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE to 0x0023 to ensure the errors in the AES module are all in a continuous range. --- include/mbedtls/aes.h | 5 ++++- include/mbedtls/error.h | 2 +- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h index 660ec2add..f1c3d3a8c 100644 --- a/include/mbedtls/aes.h +++ b/include/mbedtls/aes.h @@ -36,9 +36,12 @@ #define MBEDTLS_AES_ENCRYPT 1 #define MBEDTLS_AES_DECRYPT 0 +/* Error codes in range 0x0020-0x0022 */ #define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */ #define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */ -#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x006E /**< Feature not available, e.g. unsupported AES key size. */ + +/* Error codes in range 0x0023-0x0023 */ +#define MBEDTLS_ERR_AES_FEATURE_UNAVAILABLE -0x0023 /**< Feature not available, e.g. unsupported AES key size. */ #if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ !defined(inline) && !defined(__cplusplus) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 8dfeb6221..5fffb0d22 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -52,7 +52,7 @@ * GCM 2 0x0012-0x0014 * BLOWFISH 2 0x0016-0x0018 * THREADING 3 0x001A-0x001E - * AES 2 0x0020-0x0022 0x006E-0x006E + * AES 2 0x0020-0x0022 0x0023-0x0023 * CAMELLIA 2 0x0024-0x0026 * XTEA 1 0x0028-0x0028 * BASE64 2 0x002A-0x002C From 832f349f93af536128789f6efc914d88b735197c Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2017 11:42:12 +0100 Subject: [PATCH 445/493] Fix build without MBEDTLS_FS_IO Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is disabled in the configuration. Introduced by e7707228b4c696549017fbf0fcb5aaae552e4bde Merge remote-tracking branch 'upstream-public/pr/1062' into development --- library/pkparse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 968c83fa0..387111f09 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -60,12 +60,15 @@ #define mbedtls_free free #endif -#if defined(MBEDTLS_FS_IO) +#if defined(MBEDTLS_FS_IO) || \ + defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { volatile unsigned char *p = v; while( n-- ) *p++ = 0; } +#endif +#if defined(MBEDTLS_FS_IO) /* * Load all data from a file into a given buffer. * From da519251d45e7f62951c6b76852c4f31eed9bb46 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 30 Nov 2017 13:22:04 +0100 Subject: [PATCH 446/493] Add --no-yotta option to all.sh The Yotta tools break in some environments and it's useful to be able to run the rest of all.sh nonetheless. --- tests/scripts/all.sh | 23 ++++++++++++++++------- 1 file changed, 16 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 838b54124..77deecbc9 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -36,6 +36,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 RELEASE=0 +YOTTA=1 # Default commands, can be overriden by the environment : ${OPENSSL:="openssl"} @@ -61,6 +62,7 @@ usage() printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" printf " -s|--seed\t\tInteger seed value to use for this test run.\n" printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" + printf " --no-yotta\t\tSkip yotta build\n" printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" @@ -138,6 +140,9 @@ while [ $# -gt 0 ]; do --release-test|-r) RELEASE=1 ;; + --no-yotta) + YOTTA=0 + ;; --out-of-source-dir) shift OUT_OF_SOURCE_DIR="$1" @@ -183,12 +188,14 @@ while [ $# -gt 0 ]; do done if [ $FORCE -eq 1 ]; then - rm -rf yotta/module "$OUT_OF_SOURCE_DIR" + if [ $YOTTA -eq 1 ]; then + rm -rf yotta/module "$OUT_OF_SOURCE_DIR" + fi git checkout-index -f -q $CONFIG_H cleanup else - if [ -d yotta/module ]; then + if [ $YOTTA -eq 1 ] && [ -d yotta/module ]; then err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" echo "You can either delete your work and retry, or force the test to overwrite the" echo "test by rerunning the script as: $0 --force" @@ -283,11 +290,13 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh -# Note - use of yotta is deprecated, and yotta also requires armcc to be on the -# path, and uses whatever version of armcc it finds there. -msg "build: create and build yotta module" # ~ 30s -cleanup -tests/scripts/yotta-build.sh +if [ $YOTTA -ne 0 ]; then + # Note - use of yotta is deprecated, and yotta also requires armcc to be + # on the path, and uses whatever version of armcc it finds there. + msg "build: create and build yotta module" # ~ 30s + cleanup + tests/scripts/yotta-build.sh +fi msg "build: cmake, gcc, ASan" # ~ 1 min 50s cleanup From b592f322913580ba10ff469ab49c92f54020c1bb Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Dec 2017 23:30:43 +0100 Subject: [PATCH 447/493] Added ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index e8d1da5c9..7fa5389ec 100644 --- a/ChangeLog +++ b/ChangeLog @@ -41,6 +41,7 @@ Bugfix * Fix a potential integer overflow in the version verification for DER encoded X509 certificates. The overflow would enable maliciously constructed certificates to bypass the certificate verification check. + * Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64. Changes * Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of From 8acce8517595f83067091850f3a472c70d3a1fd4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 1 Dec 2017 23:46:40 +0100 Subject: [PATCH 448/493] Added ChangeLog entry --- ChangeLog | 1 + 1 file changed, 1 insertion(+) diff --git a/ChangeLog b/ChangeLog index 0f7bae519..34a1aa8c6 100644 --- a/ChangeLog +++ b/ChangeLog @@ -67,6 +67,7 @@ Bugfix digits. Found and fixed by Guido Vranken. * Fix unlisted DES configuration dependency in some pkparse test cases. Found by inestlerode. #555 + * Fix incorrect unit in benchmark output. #850 Features * Exposed parts of the Elliptic Curve Point internal interface, to provide From 86ffd80456f154b7a44b512d3e9aae23653bae6f Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 20:04:13 +0100 Subject: [PATCH 449/493] Register new error code in error.h --- include/mbedtls/error.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 31591e2d6..d51bcdec3 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -75,7 +75,7 @@ * PKCS5 2 4 (Started from top) * DHM 3 9 * PK 3 14 (Started from top) - * RSA 4 9 + * RSA 4 10 * ECP 4 8 (Started from top) * MD 5 4 * CIPHER 6 6 From 1434a365a64e7f95626f8ffa0fb08d912a1119fd Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 13 Dec 2017 11:24:49 +0000 Subject: [PATCH 450/493] Don't split error code description across multiple lines --- include/mbedtls/rsa.h | 3 +-- library/error.c | 3 +-- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 562395f2b..d04e71d58 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -48,8 +48,7 @@ #define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */ #define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */ #define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */ -#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, - e.g. because of security violations or lack of functionality */ +#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */ /* * RSA constants diff --git a/library/error.c b/library/error.c index 66e6aa23c..23e4953fc 100644 --- a/library/error.c +++ b/library/error.c @@ -332,8 +332,7 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) ) mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" ); if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) ) - mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, "\ - "e.g. because of security violations or lack of functionality" ); + mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" ); #endif /* MBEDTLS_RSA_C */ #if defined(MBEDTLS_SSL_TLS_C) From 418b536028a29dada69440186266a4a2f763dc34 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Dec 2017 18:58:42 +0100 Subject: [PATCH 451/493] wait_server_start: minor efficiency improvement In wait_server_start, fork less. When lsof is present, call it on the expected process. This saves a few percent of execution time on a lightly loaded machine. Also, sleep for a short duration rather than using a tight loop. --- tests/ssl-opt.sh | 54 +++++++++++++++++++++--------------------------- 1 file changed, 23 insertions(+), 31 deletions(-) diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 326dcad64..fa785a4f1 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -286,40 +286,32 @@ has_mem_err() { fi } -# wait for server to start: two versions depending on lsof availability -wait_server_start() { - if which lsof >/dev/null 2>&1; then - START_TIME=$( date +%s ) - DONE=0 - - # make a tight loop, server usually takes less than 1 sec to start +# Wait for process $2 to be listening on port $1 +if type lsof >/dev/null 2>/dev/null; then + wait_server_start() { + START_TIME=$(date +%s) if [ "$DTLS" -eq 1 ]; then - while [ $DONE -eq 0 ]; do - if lsof -nbi UDP:"$SRV_PORT" 2>/dev/null | grep UDP >/dev/null - then - DONE=1 - elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - DONE=1 - fi - done + proto=UDP else - while [ $DONE -eq 0 ]; do - if lsof -nbi TCP:"$SRV_PORT" 2>/dev/null | grep LISTEN >/dev/null - then - DONE=1 - elif [ $(( $( date +%s ) - $START_TIME )) -gt $DOG_DELAY ]; then - echo "SERVERSTART TIMEOUT" - echo "SERVERSTART TIMEOUT" >> $SRV_OUT - DONE=1 - fi - done + proto=TCP fi - else + # Make a tight loop, server normally takes less than 1s to start. + while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do + if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then + echo "SERVERSTART TIMEOUT" + echo "SERVERSTART TIMEOUT" >> $SRV_OUT + break + fi + # Linux and *BSD support decimal arguments to sleep. On other + # OSes this may be a tight loop. + sleep 0.1 2>/dev/null || true + done + } +else + wait_server_start() { sleep "$START_DELAY" - fi -} + } +fi # Given the client or server debug output, parse the unix timestamp that is # included in the first 4 bytes of the random bytes and check that it's within @@ -466,7 +458,7 @@ run_test() { echo "$SRV_CMD" > $SRV_OUT provide_input | $SRV_CMD >> $SRV_OUT 2>&1 & SRV_PID=$! - wait_server_start + wait_server_start "$SRV_PORT" "$SRV_PID" echo "$CLI_CMD" > $CLI_OUT eval "$CLI_CMD" >> $CLI_OUT 2>&1 & From 12c49c7f7cccdf16f443b55bcc145d372d1e10d1 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 14 Dec 2017 19:02:00 +0100 Subject: [PATCH 452/493] compat.sh: use wait_server_start Port wait_server_start from ssl-opt.sh to compat.sh, instead of just using "sleep 1". This solves the problem that on a heavily loaded machine, sleep 1 is sometimes not enough (we had CI failures because of this). This is also faster on a lightly-loaded machine (execution time reduced from ~8min to ~6min on my machine). --- tests/compat.sh | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/tests/compat.sh b/tests/compat.sh index c5074cb7e..958d61854 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -866,6 +866,33 @@ has_mem_err() { fi } +# Wait for process $2 to be listening on port $1 +if type lsof >/dev/null 2>/dev/null; then + wait_server_start() { + START_TIME=$(date +%s) + if is_dtls "$MODE"; then + proto=UDP + else + proto=TCP + fi + while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do + if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then + echo "SERVERSTART TIMEOUT" + echo "SERVERSTART TIMEOUT" >> $SRV_OUT + break + fi + # Linux and *BSD support decimal arguments to sleep. On other + # OSes this may be a tight loop. + sleep 0.1 2>/dev/null || true + done + } +else + wait_server_start() { + sleep 1 + } +fi + + # start_server # also saves name and command start_server() { @@ -895,7 +922,7 @@ start_server() { while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 & PROCESS_ID=$! - sleep 1 + wait_server_start "$PORT" "$PROCESS_ID" } # terminate the running server From a0af95f052fa734c662dfe420d3e34e6ed777ed5 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 20:10:46 +0200 Subject: [PATCH 453/493] Timing: fix mbedtls_set_alarm(0) on Unix/POSIX The POSIX/Unix implementation of mbedtls_set_alarm did not set the mbedtls_timing_alarmed flag when called with 0, which was inconsistent with what the documentation implied and with the Windows behavior. --- ChangeLog | 1 + library/timing.c | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/ChangeLog b/ChangeLog index b3d4d519a..bfba279b9 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. + * Fix mbedtls_timing_alarm(0) on Unix. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/library/timing.c b/library/timing.c index a7c7ff027..4576f317d 100644 --- a/library/timing.c +++ b/library/timing.c @@ -315,6 +315,12 @@ void mbedtls_set_alarm( int seconds ) mbedtls_timing_alarmed = 0; signal( SIGALRM, sighandler ); alarm( seconds ); + if( seconds == 0 ) + { + /* alarm(0) cancelled any previous pending alarm, but the + handler won't fire, so raise the flag straight away. */ + mbedtls_timing_alarmed = 1; + } } #endif /* _WIN32 && !EFIX64 && !EFI32 */ From a9edc4805b5e73885eb3ca1e9fe905e7321c226a Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 19:46:45 +0200 Subject: [PATCH 454/493] timing interface documentation: minor clarifications --- include/mbedtls/timing.h | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index ae7a713e7..579de3310 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -1,7 +1,7 @@ /** * \file timing.h * - * \brief Portable interface to the CPU cycle counter + * \brief Portable interface to timeouts and to the CPU cycle counter * * Copyright (C) 2006-2015, ARM Limited, All Rights Reserved * SPDX-License-Identifier: Apache-2.0 @@ -65,6 +65,9 @@ extern volatile int mbedtls_timing_alarmed; * \warning This is only a best effort! Do not rely on this! * In particular, it is known to be unreliable on virtual * machines. + * + * \note This value starts at an unspecified origin and + * may wrap around. */ unsigned long mbedtls_timing_hardclock( void ); @@ -73,6 +76,8 @@ unsigned long mbedtls_timing_hardclock( void ); * * \param val points to a timer structure * \param reset if set to 1, the timer is restarted + * + * \return Elapsed time in ms (before the reset, if there is a reset) */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); @@ -80,6 +85,7 @@ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int * \brief Setup an alarm clock * * \param seconds delay before the "mbedtls_timing_alarmed" flag is set + * (must be >=0) * * \warning Only one alarm at a time is supported. In a threaded * context, this means one for the whole process, not one per @@ -91,11 +97,15 @@ void mbedtls_set_alarm( int seconds ); * \brief Set a pair of delays to watch * (See \c mbedtls_timing_get_delay().) * - * \param data Pointer to timing data + * \param data Pointer to timing data. * Must point to a valid \c mbedtls_timing_delay_context struct. * \param int_ms First (intermediate) delay in milliseconds. + * The effect if int_ms > fin_ms is unspecified. * \param fin_ms Second (final) delay in milliseconds. * Pass 0 to cancel the current delay. + * + * \note To set a single delay, either use \c mbedtls_timing_set_timer + * directly or use this function with int_ms == fin_ms. */ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); @@ -106,7 +116,7 @@ void mbedtls_timing_set_delay( void *data, uint32_t int_ms, uint32_t fin_ms ); * \param data Pointer to timing data * Must point to a valid \c mbedtls_timing_delay_context struct. * - * \return -1 if cancelled (fin_ms = 0) + * \return -1 if cancelled (fin_ms = 0), * 0 if none of the delays are passed, * 1 if only the intermediate delay is passed, * 2 if the final delay is passed. From d92f0aa3bec86b7b74cd4c7372b9a4b5323b0cfc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 16 Oct 2017 19:33:06 +0200 Subject: [PATCH 455/493] mbedtls_timing_get_timer: don't use uninitialized memory mbedtls_timing_get_timer with reset=1 is called both to initialize a timer object and to reset an already-initialized object. In an initial call, the content of the data structure is indeterminate, so the code should not read from it. This could crash if signed overflows trap, for example. As a consequence, on reset, we can't return the previously elapsed time as was previously done on Windows. Return 0 as was done on Unix. --- ChangeLog | 1 + include/mbedtls/timing.h | 13 ++++++++++-- library/timing.c | 45 ++++++++++++++++++++-------------------- 3 files changed, 35 insertions(+), 24 deletions(-) diff --git a/ChangeLog b/ChangeLog index bfba279b9..2061be0f2 100644 --- a/ChangeLog +++ b/ChangeLog @@ -10,6 +10,7 @@ Bugfix Found by projectgus and jethrogb, #836. * Fix usage help in ssl_server2 example. Found and fixed by Bei Lin. * Fix mbedtls_timing_alarm(0) on Unix. + * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. = mbed TLS 2.6.0 branch released 2017-08-10 diff --git a/include/mbedtls/timing.h b/include/mbedtls/timing.h index 579de3310..bfb8579a0 100644 --- a/include/mbedtls/timing.h +++ b/include/mbedtls/timing.h @@ -75,9 +75,18 @@ unsigned long mbedtls_timing_hardclock( void ); * \brief Return the elapsed time in milliseconds * * \param val points to a timer structure - * \param reset if set to 1, the timer is restarted + * \param reset If 0, query the elapsed time. Otherwise (re)start the timer. * - * \return Elapsed time in ms (before the reset, if there is a reset) + * \return Elapsed time since the previous reset in ms. When + * restarting, this is always 0. + * + * \note To initialize a timer, call this function with reset=1. + * + * Determining the elapsed time and resetting the timer is not + * atomic on all platforms, so after the sequence + * `{ get_timer(1); ...; time1 = get_timer(1); ...; time2 = + * get_timer(0) }` the value time1+time2 is only approximately + * the delay since the first reset. */ unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ); diff --git a/library/timing.c b/library/timing.c index 4576f317d..a6067d06d 100644 --- a/library/timing.c +++ b/library/timing.c @@ -244,21 +244,23 @@ volatile int mbedtls_timing_alarmed = 0; unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { - unsigned long delta; - LARGE_INTEGER offset, hfreq; struct _hr_time *t = (struct _hr_time *) val; - QueryPerformanceCounter( &offset ); - QueryPerformanceFrequency( &hfreq ); - - delta = (unsigned long)( ( 1000 * - ( offset.QuadPart - t->start.QuadPart ) ) / - hfreq.QuadPart ); - if( reset ) + { QueryPerformanceCounter( &t->start ); - - return( delta ); + return( 0 ); + } + else + { + unsigned long delta; + LARGE_INTEGER now, hfreq; + QueryPerformanceCounter( &now ); + QueryPerformanceFrequency( &hfreq ); + delta = (unsigned long)( ( now.QuadPart - t->start.QuadPart ) * 1000ul + / hfreq.QuadPart ); + return( delta ); + } } /* It's OK to use a global because alarm() is supposed to be global anyway */ @@ -285,23 +287,22 @@ void mbedtls_set_alarm( int seconds ) unsigned long mbedtls_timing_get_timer( struct mbedtls_timing_hr_time *val, int reset ) { - unsigned long delta; - struct timeval offset; struct _hr_time *t = (struct _hr_time *) val; - gettimeofday( &offset, NULL ); - if( reset ) { - t->start.tv_sec = offset.tv_sec; - t->start.tv_usec = offset.tv_usec; + gettimeofday( &t->start, NULL ); return( 0 ); } - - delta = ( offset.tv_sec - t->start.tv_sec ) * 1000 - + ( offset.tv_usec - t->start.tv_usec ) / 1000; - - return( delta ); + else + { + unsigned long delta; + struct timeval now; + gettimeofday( &now, NULL ); + delta = ( now.tv_sec - t->start.tv_sec ) * 1000ul + + ( now.tv_usec - t->start.tv_usec ) / 1000; + return( delta ); + } } static void sighandler( int signum ) From 0827d5c07d35cb60bcb5b09a06187852c4edd3c9 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 20:09:26 +0200 Subject: [PATCH 456/493] Timing self test: print some diagnosis information Print some not-very-nice-looking but helpful diagnosis information if the timing selftest fails. Since the failures tend to be due to heavy system load that's hard to reproduce, this information is necessary to understand what's going on. --- library/timing.c | 39 ++++++++++++++++++++------------------- 1 file changed, 20 insertions(+), 19 deletions(-) diff --git a/library/timing.c b/library/timing.c index a6067d06d..744e1e790 100644 --- a/library/timing.c +++ b/library/timing.c @@ -385,13 +385,21 @@ static void busy_msleep( unsigned long msec ) (void) j; } -#define FAIL do \ -{ \ - if( verbose != 0 ) \ - mbedtls_printf( "failed\n" ); \ - \ - return( 1 ); \ -} while( 0 ) +#define FAIL do \ + { \ + if( verbose != 0 ) \ + { \ + mbedtls_printf( "failed at line %d\n", __LINE__ ); \ + mbedtls_printf( " cycles=%lu ratio=%lu millisecs=%lu secs=%lu hardfail=%d a=%lu b=%lu\n", \ + cycles, ratio, millisecs, secs, hardfail, \ + (unsigned long) a, (unsigned long) b ); \ + mbedtls_printf( " elapsed(hires)=%lu elapsed(ctx)=%lu status(ctx)=%d\n", \ + mbedtls_timing_get_timer( &hires, 0 ), \ + mbedtls_timing_get_timer( &ctx.timer, 0 ), \ + mbedtls_timing_get_delay( &ctx ) ); \ + } \ + return( 1 ); \ + } while( 0 ) /* * Checkup routine @@ -401,17 +409,16 @@ static void busy_msleep( unsigned long msec ) */ int mbedtls_timing_self_test( int verbose ) { - unsigned long cycles, ratio; - unsigned long millisecs, secs; - int hardfail; + unsigned long cycles = 0, ratio = 0; + unsigned long millisecs = 0, secs = 0; + int hardfail = 0; struct mbedtls_timing_hr_time hires; - uint32_t a, b; + uint32_t a = 0, b = 0; mbedtls_timing_delay_context ctx; if( verbose != 0 ) mbedtls_printf( " TIMING tests note: will take some time!\n" ); - if( verbose != 0 ) mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); @@ -428,12 +435,7 @@ int mbedtls_timing_self_test( int verbose ) /* For some reason on Windows it looks like alarm has an extra delay * (maybe related to creating a new thread). Allow some room here. */ if( millisecs < 800 * secs || millisecs > 1200 * secs + 300 ) - { - if( verbose != 0 ) - mbedtls_printf( "failed\n" ); - - return( 1 ); - } + FAIL; } if( verbose != 0 ) @@ -482,7 +484,6 @@ int mbedtls_timing_self_test( int verbose ) * On a 4Ghz 32-bit machine the cycle counter wraps about once per second; * since the whole test is about 10ms, it shouldn't happen twice in a row. */ - hardfail = 0; hard_test: if( hardfail > 1 ) From 319ac801a84b899890e797c65b475f01fe560254 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Dec 2017 14:57:18 +0100 Subject: [PATCH 457/493] selftest: refactor to separate the list of tests from the logic No behavior change. --- programs/test/selftest.c | 368 ++++++++++++++------------------------- 1 file changed, 130 insertions(+), 238 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 1941ad051..16ff3102d 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -107,8 +107,8 @@ static int run_test_snprintf( void ) * self-test. If this fails, we attempt the test anyway, so no error is passed * back. */ -#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) && \ - defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) +#if defined(MBEDTLS_SELF_TEST) && defined(MBEDTLS_ENTROPY_C) +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) static void create_entropy_seed_file( void ) { int result; @@ -136,8 +136,130 @@ static void create_entropy_seed_file( void ) } #endif +int mbedtls_entropy_self_test_wrapper( int verbose ) +{ +#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) + create_entropy_seed_file( ); +#endif + return( mbedtls_entropy_self_test( verbose ) ); +} +#endif + +#if defined(MBEDTLS_SELF_TEST) +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) +int mbedtls_memory_buffer_alloc_free_and_self_test( int verbose ) +{ + if( verbose != 0 ) + { +#if defined(MBEDTLS_MEMORY_DEBUG) + mbedtls_memory_buffer_alloc_status( ); +#endif + } + mbedtls_memory_buffer_alloc_free( ); + return( mbedtls_memory_buffer_alloc_self_test( verbose ) ); +} +#endif + +typedef struct +{ + const char *name; + int ( *function )( int ); +} selftest_t; + +const selftest_t selftests[] = +{ +#if defined(MBEDTLS_MD2_C) + {"md2", mbedtls_md2_self_test}, +#endif +#if defined(MBEDTLS_MD4_C) + {"md4", mbedtls_md4_self_test}, +#endif +#if defined(MBEDTLS_MD5_C) + {"md5", mbedtls_md5_self_test}, +#endif +#if defined(MBEDTLS_RIPEMD160_C) + {"ripemd160", mbedtls_ripemd160_self_test}, +#endif +#if defined(MBEDTLS_SHA1_C) + {"sha1", mbedtls_sha1_self_test}, +#endif +#if defined(MBEDTLS_SHA256_C) + {"sha256", mbedtls_sha256_self_test}, +#endif +#if defined(MBEDTLS_SHA512_C) + {"sha512", mbedtls_sha512_self_test}, +#endif +#if defined(MBEDTLS_ARC4_C) + {"arc4", mbedtls_arc4_self_test}, +#endif +#if defined(MBEDTLS_DES_C) + {"des", mbedtls_des_self_test}, +#endif +#if defined(MBEDTLS_AES_C) + {"aes", mbedtls_aes_self_test}, +#endif +#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) + {"gcm", mbedtls_gcm_self_test}, +#endif +#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) + {"ccm", mbedtls_ccm_self_test}, +#endif +#if defined(MBEDTLS_CMAC_C) + {"cmac", mbedtls_cmac_self_test}, +#endif +#if defined(MBEDTLS_BASE64_C) + {"base64", mbedtls_base64_self_test}, +#endif +#if defined(MBEDTLS_BIGNUM_C) + {"mpi", mbedtls_mpi_self_test}, +#endif +#if defined(MBEDTLS_RSA_C) + {"rsa", mbedtls_rsa_self_test}, +#endif +#if defined(MBEDTLS_X509_USE_C) + {"x509", mbedtls_x509_self_test}, +#endif +#if defined(MBEDTLS_XTEA_C) + {"xtea", mbedtls_xtea_self_test}, +#endif +#if defined(MBEDTLS_CAMELLIA_C) + {"camellia", mbedtls_camellia_self_test}, +#endif +#if defined(MBEDTLS_CTR_DRBG_C) + {"ctr_drbg", mbedtls_ctr_drbg_self_test}, +#endif +#if defined(MBEDTLS_HMAC_DRBG_C) + {"hmac_drbg", mbedtls_hmac_drbg_self_test}, +#endif +#if defined(MBEDTLS_ECP_C) + {"ecp", mbedtls_ecp_self_test}, +#endif +#if defined(MBEDTLS_ECJPAKE_C) + {"ecjpake", mbedtls_ecjpake_self_test}, +#endif +#if defined(MBEDTLS_DHM_C) + {"dhm", mbedtls_dhm_self_test}, +#endif +#if defined(MBEDTLS_ENTROPY_C) + {"entropy", mbedtls_entropy_self_test_wrapper}, +#endif +#if defined(MBEDTLS_PKCS5_C) + {"pkcs5", mbedtls_pkcs5_self_test}, +#endif +/* Slower test after the faster ones */ +#if defined(MBEDTLS_TIMING_C) + {"timing", mbedtls_timing_self_test}, +#endif +/* Heap test comes last */ +#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) + {"memory_buffer_alloc", mbedtls_memory_buffer_alloc_free_and_self_test}, +#endif + {NULL, NULL} +}; + int main( int argc, char *argv[] ) { + const selftest_t *test; int v, suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; @@ -182,244 +304,14 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif -#if defined(MBEDTLS_MD2_C) - if( mbedtls_md2_self_test( v ) != 0 ) + for( test = selftests; test->name != NULL; test++ ) { - suites_failed++; + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; } - suites_tested++; -#endif - -#if defined(MBEDTLS_MD4_C) - if( mbedtls_md4_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_MD5_C) - if( mbedtls_md5_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_RIPEMD160_C) - if( mbedtls_ripemd160_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA1_C) - if( mbedtls_sha1_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA256_C) - if( mbedtls_sha256_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_SHA512_C) - if( mbedtls_sha512_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ARC4_C) - if( mbedtls_arc4_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_DES_C) - if( mbedtls_des_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_AES_C) - if( mbedtls_aes_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C) - if( mbedtls_gcm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C) - if( mbedtls_ccm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CMAC_C) - if( ( mbedtls_cmac_self_test( v ) ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_BASE64_C) - if( mbedtls_base64_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_BIGNUM_C) - if( mbedtls_mpi_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_RSA_C) - if( mbedtls_rsa_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_X509_USE_C) - if( mbedtls_x509_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_XTEA_C) - if( mbedtls_xtea_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CAMELLIA_C) - if( mbedtls_camellia_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_CTR_DRBG_C) - if( mbedtls_ctr_drbg_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_HMAC_DRBG_C) - if( mbedtls_hmac_drbg_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ECP_C) - if( mbedtls_ecp_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ECJPAKE_C) - if( mbedtls_ecjpake_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_DHM_C) - if( mbedtls_dhm_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_ENTROPY_C) - -#if defined(MBEDTLS_ENTROPY_NV_SEED) && !defined(MBEDTLS_NO_PLATFORM_ENTROPY) - create_entropy_seed_file(); -#endif - - if( mbedtls_entropy_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -#if defined(MBEDTLS_PKCS5_C) - if( mbedtls_pkcs5_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - -/* Slow tests last */ - -#if defined(MBEDTLS_TIMING_C) - if( mbedtls_timing_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif - - if( v != 0 ) - { -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_MEMORY_DEBUG) - mbedtls_memory_buffer_alloc_status(); -#endif - } - -#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) - mbedtls_memory_buffer_alloc_free(); - if( mbedtls_memory_buffer_alloc_self_test( v ) != 0 ) - { - suites_failed++; - } - suites_tested++; -#endif #else mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); From c82fbb4e14faf3ee3006e978d21fb231767a37dc Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 15 Dec 2017 15:01:27 +0100 Subject: [PATCH 458/493] selftest: allow running a subset of the tests If given command line arguments, interpret them as test names and only run those tests. --- ChangeLog | 2 ++ programs/test/selftest.c | 43 +++++++++++++++++++++++++++++++++++----- 2 files changed, 40 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 2061be0f2..80e44dd63 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ mbed TLS ChangeLog (Sorted per branch, date) Features * Allow comments in test data files. + * The selftest program can execute a subset of the tests based on command + line arguments. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/programs/test/selftest.c b/programs/test/selftest.c index 16ff3102d..fc3b0eba0 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -256,10 +256,14 @@ const selftest_t selftests[] = #endif {NULL, NULL} }; +#endif /* MBEDTLS_SELF_TEST */ int main( int argc, char *argv[] ) { +#if defined(MBEDTLS_SELF_TEST) const selftest_t *test; +#endif /* MBEDTLS_SELF_TEST */ + char **argp = argc >= 1 ? argv + 1 : argv; int v, suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; @@ -287,10 +291,11 @@ int main( int argc, char *argv[] ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } - if( argc == 2 && ( strcmp( argv[1], "--quiet" ) == 0 || + if( argc >= 2 && ( strcmp( argv[1], "--quiet" ) == 0 || strcmp( argv[1], "-q" ) == 0 ) ) { v = 0; + ++argp; } else { @@ -304,13 +309,41 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif - for( test = selftests; test->name != NULL; test++ ) + if( *argp != NULL ) { - if( test->function( v ) != 0 ) + /* Run the specified tests */ + for( ; *argp != NULL; argp++ ) { - suites_failed++; + for( test = selftests; test->name != NULL; test++ ) + { + if( !strcmp( *argp, test->name ) ) + { + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; + break; + } + } + if( test->name == NULL ) + { + mbedtls_printf( " Test suite %s not available -> failed\n\n", *argp ); + suites_failed++; + } + } + } + else + { + /* Run all the tests */ + for( test = selftests; test->name != NULL; test++ ) + { + if( test->function( v ) != 0 ) + { + suites_failed++; + } + suites_tested++; } - suites_tested++; } #else From ff79d27f5ceb30ea7438f1c172b9a9f80692a18b Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Dec 2017 18:09:27 +0100 Subject: [PATCH 459/493] selftest: allow excluding a subset of the tests E.g. "selftest -x timing" runs all the self-tests except timing. --- programs/test/selftest.c | 49 ++++++++++++++++++++++++++++++---------- 1 file changed, 37 insertions(+), 12 deletions(-) diff --git a/programs/test/selftest.c b/programs/test/selftest.c index fc3b0eba0..72a37342f 100644 --- a/programs/test/selftest.c +++ b/programs/test/selftest.c @@ -263,8 +263,10 @@ int main( int argc, char *argv[] ) #if defined(MBEDTLS_SELF_TEST) const selftest_t *test; #endif /* MBEDTLS_SELF_TEST */ - char **argp = argc >= 1 ? argv + 1 : argv; - int v, suites_tested = 0, suites_failed = 0; + char **argp; + int v = 1; /* v=1 for verbose mode */ + int exclude_mode = 0; + int suites_tested = 0, suites_failed = 0; #if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C) && defined(MBEDTLS_SELF_TEST) unsigned char buf[1000000]; #endif @@ -291,17 +293,24 @@ int main( int argc, char *argv[] ) mbedtls_exit( MBEDTLS_EXIT_FAILURE ); } - if( argc >= 2 && ( strcmp( argv[1], "--quiet" ) == 0 || - strcmp( argv[1], "-q" ) == 0 ) ) + for( argp = argv + ( argc >= 1 ? 1 : argc ); *argp != NULL; ++argp ) { - v = 0; - ++argp; + if( strcmp( *argp, "--quiet" ) == 0 || + strcmp( *argp, "-q" ) == 0 ) + { + v = 0; + } + else if( strcmp( *argp, "--exclude" ) == 0 || + strcmp( *argp, "-x" ) == 0 ) + { + exclude_mode = 1; + } + else + break; } - else - { - v = 1; + + if( v != 0 ) mbedtls_printf( "\n" ); - } #if defined(MBEDTLS_SELF_TEST) @@ -309,7 +318,7 @@ int main( int argc, char *argv[] ) mbedtls_memory_buffer_alloc_init( buf, sizeof(buf) ); #endif - if( *argp != NULL ) + if( *argp != NULL && exclude_mode == 0 ) { /* Run the specified tests */ for( ; *argp != NULL; argp++ ) @@ -335,9 +344,24 @@ int main( int argc, char *argv[] ) } else { - /* Run all the tests */ + /* Run all the tests except excluded ones */ for( test = selftests; test->name != NULL; test++ ) { + if( exclude_mode ) + { + char **excluded; + for( excluded = argp; *excluded != NULL; ++excluded ) + { + if( !strcmp( *excluded, test->name ) ) + break; + } + if( *excluded ) + { + if( v ) + mbedtls_printf( " Skip: %s\n", test->name ); + continue; + } + } if( test->function( v ) != 0 ) { suites_failed++; @@ -347,6 +371,7 @@ int main( int argc, char *argv[] ) } #else + (void) exclude_mode; mbedtls_printf( " MBEDTLS_SELF_TEST not defined.\n" ); #endif From 8064bf3adf0298873ed4f6bc0dd89ee6efae3959 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 10 Oct 2017 19:56:06 +0200 Subject: [PATCH 460/493] New timing unit tests New set of unit tests for the timing module, instead of just running the selftest function. The selftest function sometimes fails on a heavily loaded machine (such as a typical continuous integration system). Because of the all-in-one nature of the test and because the exact load pattern can be hard to reproduce, it is difficult to diagnose failures of CI runs with selftest. The new tests are more separated and I strove to point out potential failure modes in comments. * mbedtls_timing_hardclock: not tested. This function gives so few guarantees that there isn't much to test, and it is hard to test reliably because clock cycles don't easily relate to time in any remotely portable way. This function isn't used in the library anyway, it's only there for benchmark programs. * mbedtls_timing_get_timer: tested by setting a timer and verifying that it reaches its target, and by verifying that a timer started later than another always has a smaller elapsed time. * mbedtls_set_alarm: tested by setting an alarm, busy-waiting for it and measuring the elapsed time with a timer. * mbedtls_timing_set_delay, mbedtls_timing_get_delay: tested by setting a delay object and watching it go through its two delay values, using a timer to check that the delays are passed at the expected time. The tests pass under light to moderate load, but some of them can be defeated with sufficiently heavy load. This is unavoidable since the test process to be effectively suspended for any length of time, making us think that a timer has gone on for too long. --- ChangeLog | 1 + tests/suites/test_suite_timing.data | 40 ++- tests/suites/test_suite_timing.function | 309 +++++++++++++++++++++++- 3 files changed, 345 insertions(+), 5 deletions(-) diff --git a/ChangeLog b/ChangeLog index 80e44dd63..d69f5c5bb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,7 @@ Features * Allow comments in test data files. * The selftest program can execute a subset of the tests based on command line arguments. + * New unit tests for timing. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 3ba79a476..02677d126 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -1,2 +1,38 @@ -Timing selftest -timing_selftest: +Timing: basic timer operation +timing_timer_simple: + +Timing: timer reset +timing_timer_reset: + +Timing: two parallel timers, delay 0 +timing_two_timers:0: + +Timing: two parallel timers, delay 100 +timing_two_timers:100: + +Timing: two parallel timers, delay 1000 +timing_two_timers:1000: + +Timing: two parallel timers, delay 10000 +timing_two_timers:10000: + +Timing: delay 0ms, 0ms +timing_delay:0:0: + +Timing: delay 0ms, 50ms +timing_delay:0:50: + +Timing: delay 50ms, 50ms +timing_delay:50:50: + +Timing: delay 50ms, 100ms +timing_delay:50:100: + +Timing: delay 50ms, 200ms +timing_delay:50:200: + +Timing: alarm in 0 second +timing_alarm:0: + +Timing: alarm in 1 second +timing_alarm:1: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 5882f85d7..53e0ac328 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -1,5 +1,43 @@ /* BEGIN_HEADER */ + +/* This test module exercises the timing module. One of the expected failure + modes is for timers to never expire, which could lead to an infinite loop. + The function timing_timer_simple is protected against this failure mode and + checks that timers do expire. Other functions will terminate if their + timers do expire. Therefore it is recommended to run timing_timer_simple + first and run other test functions only if that timing_timer_simple + succeeded. */ + +#include + #include "mbedtls/timing.h" + +/* Wait this many milliseconds for a short timing test. This duration + should be large enough that, in practice, if you read the timer + value twice in a row, it won't have jumped by that much. */ +#define TIMING_SHORT_TEST_MS 100 + +/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many + iterations. This value needs to be large enough to accommodate fast + platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20 + million iterations in 50ms). The only motivation to keep this value low is + to avoid having an infinite loop if the timer functions are not implemented + correctly. Ideally this value should be based on the processor speed but we + don't have this information! */ +#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8 + +/* alarm(0) must fire in no longer than this amount of time. */ +#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS + +static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms, + unsigned long actual_ms ) +{ + return( fin_ms == 0 ? -1 : + actual_ms >= fin_ms ? 2 : + actual_ms >= int_ms ? 1 : + 0 ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -7,9 +45,274 @@ * END_DEPENDENCIES */ -/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ -void timing_selftest() +/* BEGIN_CASE */ +void timing_timer_simple( ) { - TEST_ASSERT( mbedtls_timing_self_test( 1 ) == 0 ); + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + unsigned long new_millis = 0; + unsigned long iterations = 0; + /* Start the timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + /* Busy-wait loop for a few milliseconds. */ + do + { + new_millis = mbedtls_timing_get_timer( &timer, 0 ); + ++iterations; + /* Check that the timer didn't go backwards */ + TEST_ASSERT( new_millis >= millis ); + millis = new_millis; + } + while( millis < TIMING_SHORT_TEST_MS && + iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX ); + /* The wait duration should have been large enough for at least a + few runs through the loop, even on the slowest realistic platform. */ + TEST_ASSERT( iterations >= 2 ); + /* The wait duration shouldn't have overflowed the iteration count. */ + TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX ); + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); } /* END_CASE */ + +/* BEGIN_CASE */ +void timing_timer_reset( ) +{ + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + unsigned long iterations = 0; + /* Start the timer. Timers are always reset to 0. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); + /* Busy-wait loop for a few milliseconds */ + do + { + ++iterations; + millis = mbedtls_timing_get_timer( &timer, 0 ); + } + while( millis < TIMING_SHORT_TEST_MS ); + + /* Reset the timer and check that it has restarted. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); + /* Read the timer immediately after reset. It should be 0 or close + to it. */ + TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS ); + return; + +exit: + /* No cleanup needed, but show some diagnostic information, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_two_timers( int delta ) +{ + struct mbedtls_timing_hr_time timer1, timer2; + unsigned long millis1, millis2; + + /* Start the first timer and wait for a short time. */ + (void) mbedtls_timing_get_timer( &timer1, 1 ); + do + { + millis1 = mbedtls_timing_get_timer( &timer1, 0 ); + } + while( millis1 < TIMING_SHORT_TEST_MS ); + + /* Do a short busy-wait, so that the difference between timer1 and timer2 + doesn't practically always end up being very close to a whole number of + milliseconds. */ + while( delta > 0 ) + --delta; + + /* Start the second timer and compare it with the first. */ + mbedtls_timing_get_timer( &timer2, 1 ); + do + { + millis1 = mbedtls_timing_get_timer( &timer1, 0 ); + millis2 = mbedtls_timing_get_timer( &timer2, 0 ); + /* The first timer should always be ahead of the first. */ + TEST_ASSERT( millis1 > millis2 ); + /* The timers shouldn't drift apart, i.e. millis2-millis1 should stay + roughly constant, but this is hard to test reliably, especially in + a busy environment such as an overloaded continuous integration + system, so we don't test it it. */ + } + while( millis2 < TIMING_SHORT_TEST_MS ); + + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", + millis1, mbedtls_timing_get_timer( &timer1, 0 ), + millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_alarm( int seconds ) +{ + struct mbedtls_timing_hr_time timer; + unsigned long millis = 0; + /* We check that about the desired number of seconds has elapsed. Be + slightly liberal with the lower bound, so as to allow platforms where + the alarm (with second resolution) and the timer (with millisecond + resolution) are based on different clocks. Be very liberal with the + upper bound, because the platform might be busy. */ + unsigned long millis_min = ( seconds > 0 ? + seconds * 900 : + 0 ); + unsigned long millis_max = ( seconds > 0 ? + seconds * 1100 + 400 : + TIMING_ALARM_0_DELAY_MS ); + unsigned long iterations = 0; + + /* Set an alarm and count how long it takes with a timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + mbedtls_set_alarm( seconds ); + + if( seconds > 0 ) + { + /* We set the alarm for at least 1 second. It should not have fired + immediately, even on a slow and busy platform. */ + TEST_ASSERT( !mbedtls_timing_alarmed ); + } + /* A 0-second alarm should fire quickly, but we don't guarantee that it + fires immediately, so mbedtls_timing_alarmed may or may not be set at + this point. */ + + /* Busy-wait until the alarm rings */ + do + { + ++iterations; + millis = mbedtls_timing_get_timer( &timer, 0 ); + } + while( !mbedtls_timing_alarmed && millis <= millis_max ); + + TEST_ASSERT( mbedtls_timing_alarmed ); + TEST_ASSERT( millis >= millis_min ); + TEST_ASSERT( millis <= millis_max ); + + mbedtls_timing_alarmed = 0; + return; + +exit: + /* Show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", + mbedtls_timing_alarmed, + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); + /* Cleanup */ + mbedtls_timing_alarmed = 0; +} +/* END_CASE */ + +/* BEGIN_CASE */ +void timing_delay( int int_ms, int fin_ms ) +{ + /* This function assumes that if int_ms is nonzero then it is large + enough that we have time to read all timers at least once in an + interval of time lasting int_ms milliseconds, and likewise for (fin_ms + - int_ms). So don't call it with arguments that are too small. */ + + mbedtls_timing_delay_context delay; + struct mbedtls_timing_hr_time timer; + unsigned long delta; /* delay started between timer=0 and timer=delta */ + unsigned long before = 0, after = 0; + unsigned long iterations = 0; + int status = -2; + int saw_status_1 = 0; + int warn_inconclusive = 0; + + assert( int_ms >= 0 ); + assert( fin_ms >= 0 ); + + /* Start a reference timer. Program a delay, and verify that the status of + the delay is consistent with the time given by the reference timer. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + mbedtls_timing_set_delay( &delay, int_ms, fin_ms ); + /* Set delta to an upper bound for the interval between the start of timer + and the start of delay. Reading timer after starting delay gives us an + upper bound for the interval, rounded to a 1ms precision. Since this + might have been rounded down, but we need an upper bound, we add 1. */ + delta = mbedtls_timing_get_timer( &timer, 0 ) + 1; + + status = mbedtls_timing_get_delay( &delay ); + if( fin_ms == 0 ) + { + /* Cancelled timer. Just check the correct status for this case. */ + TEST_ASSERT( status == -1 ); + return; + } + + /* Initially, none of the delays must be passed yet if they're nonzero. + This could fail for very small values of int_ms and fin_ms, where "very + small" depends how fast and how busy the platform is. */ + if( int_ms > 0 ) + { + TEST_ASSERT( status == 0 ); + } + else + { + TEST_ASSERT( status == 1 ); + } + + do + { + unsigned long delay_min, delay_max; + int status_min, status_max; + ++iterations; + before = mbedtls_timing_get_timer( &timer, 0 ); + status = mbedtls_timing_get_delay( &delay ); + after = mbedtls_timing_get_timer( &timer, 0 ); + /* At a time between before and after, the delay's status was status. + Check that this is consistent given that the delay was started + between times 0 and delta. */ + delay_min = ( before > delta ? before - delta : 0 ); + status_min = expected_delay_status( int_ms, fin_ms, delay_min ); + delay_max = after; + status_max = expected_delay_status( int_ms, fin_ms, delay_max ); + TEST_ASSERT( status >= status_min ); + TEST_ASSERT( status <= status_max ); + if( status == 1 ) + saw_status_1 = 1; + } + while ( before <= fin_ms + delta && status != 2 ); + + /* Since we've waited at least fin_ms, the delay must have fully + expired. */ + TEST_ASSERT( status == 2 ); + + /* If the second delay is more than the first, then there must have been a + point in time when the first delay was passed but not the second delay. + This could fail for very small values of (fin_ms - int_ms), where "very + small" depends how fast and how busy the platform is. In practice, this + is the test that's most likely to fail on a heavily loaded machine. */ + if( fin_ms > int_ms ) + { + warn_inconclusive = 1; + TEST_ASSERT( saw_status_1 ); + } + + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", + delta, before, after, status, iterations ); + if( warn_inconclusive ) + mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); + } +/* END_CASE */ From 078f1a1512fec6e73f5aa318e68b41165f7d9f07 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 11 Oct 2017 16:13:13 +0200 Subject: [PATCH 461/493] Unit test for mbedtls_timing_hardclock Do test mbedtls_timing_hardclock. We can't reliably test much about it, but at least test that it doesn't crash, isn't constant, and doesn't look completely random. --- tests/suites/test_suite_timing.data | 3 ++ tests/suites/test_suite_timing.function | 42 +++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 02677d126..4dddcf7fc 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -36,3 +36,6 @@ timing_alarm:0: Timing: alarm in 1 second timing_alarm:1: + +Timing: hardclock +timing_hardclock: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 53e0ac328..71fe7edfc 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -316,3 +316,45 @@ exit: mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); } /* END_CASE */ + +/* BEGIN_CASE */ +void timing_hardclock( ) +{ + /* We make very few guarantees about mbedtls_timing_hardclock: its rate is + platform-dependent, it can wrap around. So there isn't much we can + test. But we do at least test that it doesn't crash, stall or return + completely nonsensical values. */ + + struct mbedtls_timing_hr_time timer; + unsigned long hardclock0, hardclock1, delta1; + + hardclock0 = mbedtls_timing_hardclock( ); + /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms + resolution and unspecified precision, waiting 1ms might be a very small + delay that's rounded up. */ + (void) mbedtls_timing_get_timer( &timer, 1 ); + while( mbedtls_timing_get_timer( &timer, 0 ) < 2 ) + /*busy-wait loop*/; + hardclock1 = mbedtls_timing_hardclock( ); + + /* Although the hardclock counter can wrap around, the difference + (hardclock1 - hardclock0) is taken modulo the type size, so it is + correct as long as the counter only wrapped around at most once. We + further require the difference to be nonzero (after a wait of more than + 1ms, the counter must have changed), and not to be overly large (after + a wait of less than 3ms, plus time lost because other processes were + scheduled on the CPU). If the hardclock counter runs at 4GHz, then + 1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine) + allows 250ms. */ + delta1 = hardclock1 - hardclock0; + TEST_ASSERT( delta1 > 0 ); + TEST_ASSERT( delta1 < 1000000000 ); + return; + +exit: + /* No cleanup needed, but show some diagnostic iterations, because timing + problems can be hard to reproduce. */ + mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", + hardclock0, hardclock1 ); +} +/* END_CASE */ From 2a26d620fb4fe186a98e6f4864c658549f4b9913 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 18 Oct 2017 20:00:32 +0200 Subject: [PATCH 462/493] Timing unit tests: more protection against infinite loops If timing_timer_simple fails because it detects that timers are likely to never expire (e.g. going backward or not incrementing), skip all tests that rely on timers. --- tests/suites/test_suite_timing.function | 77 +++++++++++++++++++------ 1 file changed, 60 insertions(+), 17 deletions(-) diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 71fe7edfc..1610155fb 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -38,6 +38,14 @@ static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms, 0 ); } +/* Some conditions in timing_timer_simple suggest that timers are unreliable. + Most other test cases rely on timers to terminate, and could loop + indefinitely if timers are too broken. So if timing_timer_simple detected a + timer that risks not terminating (going backwards, or not reaching the + desired count in the alloted clock cycles), set this flag to immediately + fail those other tests without running any timers. */ +static int timers_are_badly_broken = 0; + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -73,6 +81,15 @@ void timing_timer_simple( ) return; exit: + if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX || + new_millis < millis ) + { + /* The timer was very unreliable: it didn't increment and the loop ran + out, or it went backwards. Other tests that use timers might go + into an infinite loop, so we'll skip them. */ + timers_are_badly_broken = 1; + } + /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n", @@ -87,6 +104,11 @@ void timing_timer_reset( ) struct mbedtls_timing_hr_time timer; unsigned long millis = 0; unsigned long iterations = 0; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Start the timer. Timers are always reset to 0. */ TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); /* Busy-wait loop for a few milliseconds */ @@ -107,9 +129,10 @@ void timing_timer_reset( ) exit: /* No cleanup needed, but show some diagnostic information, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); } /* END_CASE */ @@ -117,7 +140,11 @@ exit: void timing_two_timers( int delta ) { struct mbedtls_timing_hr_time timer1, timer2; - unsigned long millis1, millis2; + unsigned long millis1 = 0, millis2 = 0; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); /* Start the first timer and wait for a short time. */ (void) mbedtls_timing_get_timer( &timer1, 1 ); @@ -153,9 +180,10 @@ void timing_two_timers( int delta ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", - millis1, mbedtls_timing_get_timer( &timer1, 0 ), - millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", + millis1, mbedtls_timing_get_timer( &timer1, 0 ), + millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); } /* END_CASE */ @@ -177,6 +205,10 @@ void timing_alarm( int seconds ) TIMING_ALARM_0_DELAY_MS ); unsigned long iterations = 0; + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Set an alarm and count how long it takes with a timer. */ (void) mbedtls_timing_get_timer( &timer, 1 ); mbedtls_set_alarm( seconds ); @@ -209,10 +241,11 @@ void timing_alarm( int seconds ) exit: /* Show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", - mbedtls_timing_alarmed, - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", + mbedtls_timing_alarmed, + millis, mbedtls_timing_get_timer( &timer, 0 ), + iterations ); /* Cleanup */ mbedtls_timing_alarmed = 0; } @@ -228,7 +261,7 @@ void timing_delay( int int_ms, int fin_ms ) mbedtls_timing_delay_context delay; struct mbedtls_timing_hr_time timer; - unsigned long delta; /* delay started between timer=0 and timer=delta */ + unsigned long delta = 0; /* delay started between timer=0 and timer=delta */ unsigned long before = 0, after = 0; unsigned long iterations = 0; int status = -2; @@ -238,6 +271,10 @@ void timing_delay( int int_ms, int fin_ms ) assert( int_ms >= 0 ); assert( fin_ms >= 0 ); + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); + /* Start a reference timer. Program a delay, and verify that the status of the delay is consistent with the time given by the reference timer. */ (void) mbedtls_timing_get_timer( &timer, 1 ); @@ -310,8 +347,9 @@ void timing_delay( int int_ms, int fin_ms ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", - delta, before, after, status, iterations ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", + delta, before, after, status, iterations ); if( warn_inconclusive ) mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); } @@ -326,7 +364,11 @@ void timing_hardclock( ) completely nonsensical values. */ struct mbedtls_timing_hr_time timer; - unsigned long hardclock0, hardclock1, delta1; + unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1; + + /* Skip this test if it looks like timers don't work at all, to avoid an + infinite loop below. */ + TEST_ASSERT( !timers_are_badly_broken ); hardclock0 = mbedtls_timing_hardclock( ); /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms @@ -354,7 +396,8 @@ void timing_hardclock( ) exit: /* No cleanup needed, but show some diagnostic iterations, because timing problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", - hardclock0, hardclock1 ); + if( !timers_are_badly_broken ) + mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", + hardclock0, hardclock1 ); } /* END_CASE */ From 0f59b130a95a9990fb1f00a5f457d4bad0c23d41 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 17 Oct 2017 19:39:04 +0200 Subject: [PATCH 463/493] Timing self test: increased tolerance mbedtls_timing_self_test fails annoyingly often when running on a busy machine such as can be expected of a continous integration system. Increase the tolerances in the delay test, to reduce the chance of failures that are only due to missing a deadline on a busy machine. --- library/timing.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/timing.c b/library/timing.c index 744e1e790..115204dce 100644 --- a/library/timing.c +++ b/library/timing.c @@ -450,19 +450,19 @@ int mbedtls_timing_self_test( int verbose ) { mbedtls_timing_set_delay( &ctx, a, a + b ); - busy_msleep( a - a / 8 ); + busy_msleep( a - a / 4 ); if( mbedtls_timing_get_delay( &ctx ) != 0 ) FAIL; - busy_msleep( a / 4 ); + busy_msleep( a / 2 ); if( mbedtls_timing_get_delay( &ctx ) != 1 ) FAIL; - busy_msleep( b - a / 8 - b / 8 ); + busy_msleep( b - a / 4 - b / 4 ); if( mbedtls_timing_get_delay( &ctx ) != 1 ) FAIL; - busy_msleep( b / 4 ); + busy_msleep( b / 2 ); if( mbedtls_timing_get_delay( &ctx ) != 2 ) FAIL; } From 8873bcc4def433aa0edfbe260083f32f04aa097e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Fri, 27 Oct 2017 18:42:32 +0200 Subject: [PATCH 464/493] Timing self test: increased duration Increase the duration of the self test, otherwise it tends to fail on a busy machine even with the recently upped tolerance. But run the loop only once, it's enough for a simple smoke test. --- ChangeLog | 3 ++- library/timing.c | 30 ++++++++++++------------------ 2 files changed, 14 insertions(+), 19 deletions(-) diff --git a/ChangeLog b/ChangeLog index d69f5c5bb..d7101c070 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,7 +6,8 @@ Features * Allow comments in test data files. * The selftest program can execute a subset of the tests based on command line arguments. - * New unit tests for timing. + * New unit tests for timing. Improve the self-test to be more robust + when run on a heavily-loaded machine. Bugfix * Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times. diff --git a/library/timing.c b/library/timing.c index 115204dce..f0d1a7840 100644 --- a/library/timing.c +++ b/library/timing.c @@ -444,28 +444,22 @@ int mbedtls_timing_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " TIMING test #2 (set/get_delay ): " ); - for( a = 200; a <= 400; a += 200 ) { - for( b = 200; b <= 400; b += 200 ) - { - mbedtls_timing_set_delay( &ctx, a, a + b ); + a = 800; + b = 400; + mbedtls_timing_set_delay( &ctx, a, a + b ); /* T = 0 */ - busy_msleep( a - a / 4 ); - if( mbedtls_timing_get_delay( &ctx ) != 0 ) - FAIL; + busy_msleep( a - a / 4 ); /* T = a - a/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 0 ) + FAIL; - busy_msleep( a / 2 ); - if( mbedtls_timing_get_delay( &ctx ) != 1 ) - FAIL; + busy_msleep( a / 4 + b / 4 ); /* T = a + b/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 1 ) + FAIL; - busy_msleep( b - a / 4 - b / 4 ); - if( mbedtls_timing_get_delay( &ctx ) != 1 ) - FAIL; - - busy_msleep( b / 2 ); - if( mbedtls_timing_get_delay( &ctx ) != 2 ) - FAIL; - } + busy_msleep( b ); /* T = a + b + b/4 */ + if( mbedtls_timing_get_delay( &ctx ) != 2 ) + FAIL; } mbedtls_timing_set_delay( &ctx, 0, 0 ); From ada3ee8b9d0dab22714d5de13d9ac9d1cb76cfcd Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 20 Dec 2017 22:31:17 +0100 Subject: [PATCH 465/493] Timing self test: shorten redundant tests We don't need to test multiple delays in a self-test. Save 5s of busy-wait. --- library/timing.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/library/timing.c b/library/timing.c index f0d1a7840..6df137d2d 100644 --- a/library/timing.c +++ b/library/timing.c @@ -422,8 +422,9 @@ int mbedtls_timing_self_test( int verbose ) if( verbose != 0 ) mbedtls_printf( " TIMING test #1 (set_alarm / get_timer): " ); - for( secs = 1; secs <= 3; secs++ ) { + secs = 1; + (void) mbedtls_timing_get_timer( &hires, 1 ); mbedtls_set_alarm( (int) secs ); From 621080d7c68370dca67cfe387508abe685304e3e Mon Sep 17 00:00:00 2001 From: Ron Eldor Date: Thu, 21 Dec 2017 10:57:43 +0200 Subject: [PATCH 466/493] Fix compilation issue weh self test defined 1. Surround the generate keys with `#if ! defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST)` to resolve build issue when `MBEDTLS_SELF_TEST` is defined for alternative CMAC as well 2. Update ChangeLog --- ChangeLog | 6 ++++++ library/cmac.c | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 13de8672c..5d43296db 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,11 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS x.x.x branch released xxxx-xx-xx + +Changes + * Add hardware acceleration support for cmac, with the configuration definition + of `MBEDTLS_CMAC_ALT`. Submitted by stevew817 + = mbed TLS 2.4.2 branch released 2017-03-08 Security diff --git a/library/cmac.c b/library/cmac.c index 5575d5c8d..d3581d589 100644 --- a/library/cmac.c +++ b/library/cmac.c @@ -65,7 +65,7 @@ #endif /* MBEDTLS_SELF_TEST */ #endif /* MBEDTLS_PLATFORM_C */ -#if !defined(MBEDTLS_CMAC_ALT) +#if !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) /* Implementation that should never be optimized out by the compiler */ static void mbedtls_zeroize( void *v, size_t n ) { @@ -166,7 +166,9 @@ exit: return( ret ); } +#endif /* !defined(MBEDTLS_CMAC_ALT) || defined(MBEDTLS_SELF_TEST) */ +#if !defined(MBEDTLS_CMAC_ALT) static void cmac_xor_block( unsigned char *output, const unsigned char *input1, const unsigned char *input2, const size_t block_size ) From 0d44573e8baf101bfccfcf9d3a6aeadc4c3187fd Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 09:28:39 +0000 Subject: [PATCH 467/493] Add option to do baremetal configuration. --- scripts/config.pl | 44 +++++++++++++++++++++++++++++++++++++++----- 1 file changed, 39 insertions(+), 5 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 5a06a3338..8c1aa08dd 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -63,6 +63,7 @@ Commands excluding some reserved symbols, until the 'Module configuration options' section realfull - Uncomments all #define's with no exclusions + baremetal - Set configuration suitable for baremetal build. Options -f | --file - The file or file path for the configuration file @@ -94,11 +95,34 @@ MBEDTLS_PKCS11_C _ALT\s*$ ); +# Things that should be disabled in "baremetal" +my @excluded_baremetal = qw( +MBEDTLS_NET_C +MBEDTLS_TIMING_C +MBEDTLS_FS_IO +MBEDTLS_ENTROPY_NV_SEED +MBEDTLS_HAVE_TIME +MBEDTLS_HAVE_TIME_DATE +MBEDTLS_DEPRECATED_WARNING +MBEDTLS_HAVEGE_C +MBEDTLS_THREADING_C +MBEDTLS_THREADING_PTHREAD +MBEDTLS_MEMORY_BACKTRACE +MBEDTLS_MEMORY_BUFFER_ALLOC_C +MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_PLATFORM_FPRINTF_ALT +); + # Things that should be enabled in "full" even if they match @excluded my @non_excluded = qw( PLATFORM_[A-Z0-9]+_ALT ); +# Things that should be enabled in "baremetal" +my @non_excluded_baremetal = qw( +MBEDTLS_NO_PLATFORM_ENTROPY +); + # Process the command line arguments my $force_option = 0; @@ -123,7 +147,7 @@ while ($arg = shift) { # ...else assume it's a command $action = $arg; - if ($action eq "full" || $action eq "realfull") { + if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) { # No additional parameters die $usage if @ARGV; @@ -166,7 +190,12 @@ open my $config_read, '<', $config_file or die "read $config_file: $!\n"; my @config_lines = <$config_read>; close $config_read; -my ($exclude_re, $no_exclude_re); +# Add required baremetal symbols to the list that is included. +if ( $action eq "baremetal" ) { + @non_excluded = ( @non_excluded, @non_excluded_baremetal ); +} + +my ($exclude_re, $no_exclude_re, $exclude_baremetal_re); if ($action eq "realfull") { $exclude_re = qr/^$/; $no_exclude_re = qr/./; @@ -174,6 +203,9 @@ if ($action eq "realfull") { $exclude_re = join '|', @excluded; $no_exclude_re = join '|', @non_excluded; } +if ( $action eq "baremetal" ) { + $exclude_baremetal_re = join '|', @excluded_baremetal; +} my $config_write = undef; if ($action ne "get") { @@ -182,17 +214,19 @@ if ($action ne "get") { my $done; for my $line (@config_lines) { - if ($action eq "full" || $action eq "realfull") { + if ($action eq "full" || $action eq "realfull" || $action eq "baremetal" ) { if ($line =~ /name SECTION: Module configuration options/) { $done = 1; } if (!$done && $line =~ m!^//\s?#define! && - ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) { + ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) && + ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) { $line =~ s!^//\s?!!; } if (!$done && $line =~ m!^\s?#define! && - ! ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) ) { + ! ( ( $line !~ /$exclude_re/ || $line =~ /$no_exclude_re/ ) && + ( $action ne "baremetal" || ( $line !~ /$exclude_baremetal_re/ ) ) ) ) { $line =~ s!^!//!; } } elsif ($action eq "unset") { From 7ad603e662cd67ed675aff1870e2db7eb32c6ade Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 23:22:20 +0100 Subject: [PATCH 468/493] all.sh: indent --- tests/scripts/all.sh | 128 +++++++++++++++++++++---------------------- 1 file changed, 64 insertions(+), 64 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 77deecbc9..4decbb1cb 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -252,9 +252,9 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ - "i686-w64-mingw32-gcc" + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ + "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ + "i686-w64-mingw32-gcc" # # Test Suites to be executed @@ -461,42 +461,42 @@ msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build) make test if uname -a | grep -F Linux >/dev/null; then -msg "build/test: make shared" # ~ 40s -cleanup -make SHARED=1 all check + msg "build/test: make shared" # ~ 40s + cleanup + make SHARED=1 all check fi if uname -a | grep -F x86_64 >/dev/null; then -msg "build: i386, make, gcc" # ~ 30s -cleanup -CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + msg "build: i386, make, gcc" # ~ 30s + cleanup + CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make -msg "build: gcc, force 32-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + msg "build: gcc, force 32-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make -msg "build: gcc, force 64-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + msg "build: gcc, force 64-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make -msg "test: gcc, force 64-bit compilation" -make test + msg "test: gcc, force 64-bit compilation" + make test -msg "build: gcc, force 64-bit compilation" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + msg "build: gcc, force 64-bit compilation" + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -599,49 +599,49 @@ WINDOWS_BUILD=1 make clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then -msg "build: MSan (clang)" # ~ 1 min 20s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm -CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . -make + msg "build: MSan (clang)" # ~ 1 min 20s + cleanup + cp "$CONFIG_H" "$CONFIG_BAK" + scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm + CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . + make -msg "test: main suites (MSan)" # ~ 10s -make test + msg "test: main suites (MSan)" # ~ 10s + make test -msg "test: ssl-opt.sh (MSan)" # ~ 1 min -tests/ssl-opt.sh + msg "test: ssl-opt.sh (MSan)" # ~ 1 min + tests/ssl-opt.sh -# Optional part(s) + # Optional part(s) -if [ "$MEMORY" -gt 0 ]; then - msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh -fi + if [ "$MEMORY" -gt 0 ]; then + msg "test: compat.sh (MSan)" # ~ 6 min 20s + tests/compat.sh + fi else # no MemSan -msg "build: Release (clang)" -cleanup -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . -make + msg "build: Release (clang)" + cleanup + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . + make -msg "test: main suites valgrind (Release)" -make memcheck + msg "test: main suites valgrind (Release)" + make memcheck -# Optional part(s) -# Currently broken, programs don't seem to receive signals -# under valgrind on OS X + # Optional part(s) + # Currently broken, programs don't seem to receive signals + # under valgrind on OS X -if [ "$MEMORY" -gt 0 ]; then - msg "test: ssl-opt.sh --memcheck (Release)" - tests/ssl-opt.sh --memcheck -fi + if [ "$MEMORY" -gt 0 ]; then + msg "test: ssl-opt.sh --memcheck (Release)" + tests/ssl-opt.sh --memcheck + fi -if [ "$MEMORY" -gt 1 ]; then - msg "test: compat.sh --memcheck (Release)" - tests/compat.sh --memcheck -fi + if [ "$MEMORY" -gt 1 ]; then + msg "test: compat.sh --memcheck (Release)" + tests/compat.sh --memcheck + fi fi # MemSan From 709346aed8d9683c2a4fffa1110d1fa877eb4616 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Sun, 10 Dec 2017 23:43:39 +0100 Subject: [PATCH 469/493] all.sh: cleaned up usage output --- tests/scripts/all.sh | 115 ++++++++++++++++++++++++------------------- 1 file changed, 63 insertions(+), 52 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 4decbb1cb..0931012a4 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -56,22 +56,28 @@ fi usage() { - printf "Usage: $0\n" - printf " -h|--help\t\tPrint this help.\n" - printf " -m|--memory\t\tAdditional optional memory tests.\n" - printf " -f|--force\t\tForce the tests to overwrite any modified files.\n" - printf " -s|--seed\t\tInteger seed value to use for this test run.\n" - printf " -r|--release-test\t\tRun this script in release mode. This fixes the seed value to 1.\n" - printf " --no-yotta\t\tSkip yotta build\n" - printf " --out-of-source-dir=\t\tDirectory used for CMake out-of-source build tests." - printf " --openssl=\t\tPath to OpenSSL executable to use for most tests.\n" - printf " --openssl-legacy=\t\tPath to OpenSSL executable to use for legacy tests e.g. SSLv3.\n" - printf " --gnutls-cli=\t\tPath to GnuTLS client executable to use for most tests.\n" - printf " --gnutls-serv=\t\tPath to GnuTLS server executable to use for most tests.\n" - printf " --gnutls-legacy-cli=\t\tPath to GnuTLS client executable to use for legacy tests.\n" - printf " --gnutls-legacy-serv=\t\tPath to GnuTLS server executable to use for legacy tests.\n" - printf " --armc5-bin-dir=\t\tPath to the ARM Compiler 5 bin directory.\n" - printf " --armc6-bin-dir=\t\tPath to the ARM Compiler 6 bin directory.\n" + cat < Directory used for CMake out-of-source build tests. + -r|--release-test Run this script in release mode. This fixes the seed value to 1. + -s|--seed Integer seed value to use for this test run. + +Tool path options: + --armc5-bin-dir= ARM Compiler 5 bin directory. + --armc6-bin-dir= ARM Compiler 6 bin directory. + --gnutls-cli= GnuTLS client executable to use for most tests. + --gnutls-serv= GnuTLS server executable to use for most tests. + --gnutls-legacy-cli= GnuTLS client executable to use for legacy tests. + --gnutls-legacy-serv= GnuTLS server executable to use for legacy tests. + --openssl= OpenSSL executable to use for most tests. + --openssl-legacy= OpenSSL executable to use for legacy tests e.g. SSLv3. +EOF } # remove built files as well as the cmake cache/config @@ -127,42 +133,21 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in - --memory|-m*) - MEMORY=${1#-m} + --armc5-bin-dir) + shift + ARMC5_BIN_DIR="$1" + ;; + --armc6-bin-dir) + shift + ARMC6_BIN_DIR="$1" ;; --force|-f) FORCE=1 ;; - --seed|-s) - shift - SEED="$1" - ;; - --release-test|-r) - RELEASE=1 - ;; - --no-yotta) - YOTTA=0 - ;; - --out-of-source-dir) - shift - OUT_OF_SOURCE_DIR="$1" - ;; - --openssl) - shift - OPENSSL="$1" - ;; - --openssl-legacy) - shift - OPENSSL_LEGACY="$1" - ;; --gnutls-cli) shift GNUTLS_CLI="$1" ;; - --gnutls-serv) - shift - GNUTLS_SERV="$1" - ;; --gnutls-legacy-cli) shift GNUTLS_LEGACY_CLI="$1" @@ -171,17 +156,43 @@ while [ $# -gt 0 ]; do shift GNUTLS_LEGACY_SERV="$1" ;; - --armc5-bin-dir) + --gnutls-serv) shift - ARMC5_BIN_DIR="$1" + GNUTLS_SERV="$1" ;; - --armc6-bin-dir) - shift - ARMC6_BIN_DIR="$1" - ;; - --help|-h|*) + --help|-h) usage - exit 1 + exit + ;; + --memory|-m) + MEMORY=1 + ;; + --no-yotta) + YOTTA=0 + ;; + --openssl) + shift + OPENSSL="$1" + ;; + --openssl-legacy) + shift + OPENSSL_LEGACY="$1" + ;; + --out-of-source-dir) + shift + OUT_OF_SOURCE_DIR="$1" + ;; + --release-test|-r) + RELEASE=1 + ;; + --seed|-s) + shift + SEED="$1" + ;; + *) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 ;; esac shift From 7c6521688ac2af9af845f329ede5fb8fffa7f22d Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Mon, 11 Dec 2017 00:01:40 +0100 Subject: [PATCH 470/493] all.sh: --keep-going mode Add --keep-going mode to all.sh. In this mode, if a test fails, keep running the subsequent tests. If a build fails, skip any tests of this build and move on to the next tests. Errors in infrastructure, such as git or cmake runs, remain fatal. Print an error summary at the end of the run, and return a nonzero code if there was any failure. In known terminal types, use color to highlight errors. On a fatal signal, interrupt the run and report the errors so far. --- tests/scripts/all.sh | 174 ++++++++++++++++++++++++++++++++----------- 1 file changed, 130 insertions(+), 44 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0931012a4..923932f21 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -35,6 +35,7 @@ CONFIG_BAK="$CONFIG_H.bak" MEMORY=0 FORCE=0 +KEEP_GOING=0 RELEASE=0 YOTTA=1 @@ -62,6 +63,7 @@ Usage: $0 [OPTION]... General options: -f|--force Force the tests to overwrite any modified files. + -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --no-yotta Skip yotta build. --out-of-source-dir= Directory used for CMake out-of-source build tests. @@ -83,7 +85,7 @@ EOF # remove built files as well as the cmake cache/config cleanup() { - make clean + command make clean find . -name yotta -prune -o -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} \+ rm -f include/Makefile include/mbedtls/Makefile programs/*/Makefile @@ -95,7 +97,21 @@ cleanup() fi } -trap cleanup INT TERM HUP +# Executed on exit. May be redefined depending on command line options. +final_report () { + : +} + +fatal_signal () { + cleanup + final_report $1 + trap - $1 + kill -$1 $$ +} + +trap 'fatal_signal HUP' HUP +trap 'fatal_signal INT' INT +trap 'fatal_signal TERM' TERM msg() { @@ -104,6 +120,7 @@ msg() echo "* $1 " printf "* "; date echo "******************************************************************" + current_section=$1 } armc6_build_test() @@ -164,6 +181,9 @@ while [ $# -gt 0 ]; do usage exit ;; + --keep-going|-k) + KEEP_GOING=1 + ;; --memory|-m) MEMORY=1 ;; @@ -221,7 +241,6 @@ else fi if ! git diff-files --quiet include/mbedtls/config.h; then - echo $? err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " echo "You can either delete or preserve your work, or force the test by rerunning the" echo "script as: $0 --force" @@ -229,6 +248,71 @@ else fi fi +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + failure_summary= + failure_count=0 + start_red= + end_color= + if [ -t 1 ]; then + case "$TERM" in + *color*|cygwin|linux|rxvt*|screen|[Eex]term*) + start_red=$(printf '\033[31m') + end_color=$(printf '\033[0m') + ;; + esac + fi + record_status () { + if "$@"; then + last_status=0 + else + last_status=$? + text="$current_section: $* -> $last_status" + failure_summary="$failure_summary +$text" + failure_count=$((failure_count + 1)) + echo "${start_red}^^^^$text^^^^${end_color}" + fi + } + make () { + case "$*" in + *test|*check) + if [ $build_status -eq 0 ]; then + record_status command make "$@" + else + echo "(skipped because the build failed)" + fi + ;; + *) + record_status command make "$@" + build_status=$last_status + ;; + esac + } + final_report () { + if [ $failure_count -gt 0 ]; then + echo + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + echo "${start_red}FAILED: $failure_count${end_color}$failure_summary" + echo "!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!" + elif [ -z "${1-}" ]; then + echo "SUCCESS :)" + fi + if [ -n "${1-}" ]; then + echo "Killed by SIG$1." + fi + } +else + record_status () { + "$@" + } +fi +if_build_succeeded () { + if [ $build_status -eq 0 ]; then + record_status "$@" + fi +} + if [ $RELEASE -eq 1 ]; then # Fix the seed value to 1 to ensure that the tests are deterministic. SEED=1 @@ -306,7 +390,7 @@ if [ $YOTTA -ne 0 ]; then # on the path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup - tests/scripts/yotta-build.sh + record_status tests/scripts/yotta-build.sh fi msg "build: cmake, gcc, ASan" # ~ 1 min 50s @@ -318,16 +402,16 @@ msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "test: ssl-opt.sh (ASan build)" # ~ 1 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -tests/scripts/test-ref-configs.pl +if_build_succeeded tests/scripts/test-ref-configs.pl msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min make msg "test: compat.sh (ASan build)" # ~ 6 min -tests/compat.sh +if_build_succeeded tests/compat.sh msg "build: Default + SSLv3 (ASan build)" # ~ 6 min cleanup @@ -340,11 +424,11 @@ msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s make test msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' -OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' +if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' +if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min cleanup @@ -357,7 +441,7 @@ msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build make test msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min -tests/ssl-opt.sh +if_build_succeeded tests/ssl-opt.sh msg "build: cmake, full config, clang, C99" # ~ 50s cleanup @@ -365,30 +449,30 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' make +make CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic' msg "test: main suites (full config)" # ~ 5s -CFLAGS='-Werror -Wall -Wextra' make test +make CFLAGS='-Werror -Wall -Wextra' test msg "test: ssl-opt.sh default (full config)" # ~ 1s -tests/ssl-opt.sh -f Default +if_build_succeeded tests/ssl-opt.sh -f Default msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' +if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' msg "test/build: curves.pl (gcc)" # ~ 4 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Debug . -tests/scripts/curves.pl +if_build_succeeded tests/scripts/curves.pl msg "test/build: key-exchanges (gcc)" # ~ 1 min cleanup cmake -D CMAKE_BUILD_TYPE:String=Check . -tests/scripts/key-exchanges.pl +if_build_succeeded tests/scripts/key-exchanges.pl msg "build: Unix make, -Os (gcc)" # ~ 30s cleanup -CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' # Full configuration build, without platform support, file IO and net sockets. # This should catch missing mbedtls_printf definitions, and by disabling file @@ -410,8 +494,8 @@ scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C scripts/config.pl unset MBEDTLS_FS_IO # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, # to re-enable platform integration features otherwise disabled in C99 builds -CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' make lib programs -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make test +make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test # catch compile bugs in _uninit functions msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s @@ -420,21 +504,21 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_SRV_C -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). @@ -444,7 +528,7 @@ cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' make lib +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib msg "build: default config except MFL extension (ASan build)" # ~ 30s cleanup @@ -454,7 +538,7 @@ CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . make msg "test: ssl-opt.sh, MFL-related tests" -tests/ssl-opt.sh -f "Max fragment length" +if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" cleanup @@ -480,7 +564,7 @@ fi if uname -a | grep -F x86_64 >/dev/null; then msg "build: i386, make, gcc" # ~ 30s cleanup - CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' msg "build: gcc, force 32-bit compilation" cleanup @@ -488,7 +572,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' msg "build: gcc, force 64-bit compilation" cleanup @@ -496,7 +580,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' msg "test: gcc, force 64-bit compilation" make test @@ -507,7 +591,7 @@ if uname -a | grep -F x86_64 >/dev/null; then scripts/config.pl unset MBEDTLS_HAVE_ASM scripts/config.pl unset MBEDTLS_AESNI_C scripts/config.pl unset MBEDTLS_PADLOCK_C - CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' make + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' fi # x86_64 msg "build: arm-none-eabi-gcc, make" # ~ 10s @@ -525,7 +609,7 @@ scripts/config.pl unset MBEDTLS_THREADING_PTHREAD scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s cleanup @@ -543,7 +627,7 @@ scripts/config.pl unset MBEDTLS_THREADING_C scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' make lib +make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib echo "Checking that software 64-bit division is not required" ! grep __aeabi_uldiv library/*.o @@ -567,7 +651,7 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' make lib +make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib make clean # ARM Compiler 6 - Target ARMv7-A @@ -589,23 +673,23 @@ msg "build: allow SHA1 in certificates by default" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -CFLAGS='-Werror -Wall -Wextra' make +make CFLAGS='-Werror -Wall -Wextra' msg "test: allow SHA1 in certificates by default" make test -tests/ssl-opt.sh -f SHA-1 +if_build_succeeded tests/ssl-opt.sh -f SHA-1 msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs # note Make tests only builds the tests, but doesn't run them -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 make tests -WINDOWS_BUILD=1 make clean +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests +make WINDOWS_BUILD=1 clean msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make lib programs -CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 make tests -WINDOWS_BUILD=1 make clean +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs +make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests +make WINDOWS_BUILD=1 clean # MemSan currently only available on Linux 64 bits if uname -a | grep 'Linux.*x86_64' >/dev/null; then @@ -621,13 +705,13 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then make test msg "test: ssl-opt.sh (MSan)" # ~ 1 min - tests/ssl-opt.sh + if_build_succeeded tests/ssl-opt.sh # Optional part(s) if [ "$MEMORY" -gt 0 ]; then msg "test: compat.sh (MSan)" # ~ 6 min 20s - tests/compat.sh + if_build_succeeded tests/compat.sh fi else # no MemSan @@ -646,12 +730,12 @@ else # no MemSan if [ "$MEMORY" -gt 0 ]; then msg "test: ssl-opt.sh --memcheck (Release)" - tests/ssl-opt.sh --memcheck + if_build_succeeded tests/ssl-opt.sh --memcheck fi if [ "$MEMORY" -gt 1 ]; then msg "test: compat.sh --memcheck (Release)" - tests/compat.sh --memcheck + if_build_succeeded tests/compat.sh --memcheck fi fi # MemSan @@ -671,3 +755,5 @@ rm -rf "$OUT_OF_SOURCE_DIR" msg "Done, cleaning up" cleanup + +final_report From 2a22a8041c4ec02774269a0944c4af1739f7984e Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Dec 2017 15:19:00 +0100 Subject: [PATCH 471/493] all.sh: add --yotta to go with --no-yotta Add --yotta which is currently a no-op but may not remain so if we decide to make no-yotta the default in the future. --- tests/scripts/all.sh | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 923932f21..ae991f13d 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -65,10 +65,11 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. - --no-yotta Skip yotta build. + --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. -r|--release-test Run this script in release mode. This fixes the seed value to 1. -s|--seed Integer seed value to use for this test run. + --yotta Build yotta module (on by default). Tool path options: --armc5-bin-dir= ARM Compiler 5 bin directory. @@ -209,6 +210,9 @@ while [ $# -gt 0 ]; do shift SEED="$1" ;; + --yotta) + YOTTA=1 + ;; *) echo >&2 "Unknown option: $1" echo >&2 "Run $0 --help for usage." @@ -226,7 +230,7 @@ if [ $FORCE -eq 1 ]; then cleanup else - if [ $YOTTA -eq 1 ] && [ -d yotta/module ]; then + if [ $YOTTA -ne 0 ] && [ -d yotta/module ]; then err_msg "Warning - there is an existing yotta module in the directory 'yotta/module'" echo "You can either delete your work and retry, or force the test to overwrite the" echo "test by rerunning the script as: $0 --force" From bca6ab9d38dccbcf024c43d3979c0feda8751281 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 19 Dec 2017 18:24:31 +0100 Subject: [PATCH 472/493] all.sh: new option --no-armcc With this option, don't run anything that requires armcc or yotta, so the script can run offline. --- tests/scripts/all.sh | 65 +++++++++++++++++++++++++++----------------- 1 file changed, 40 insertions(+), 25 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index ae991f13d..c9c790c80 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -37,6 +37,7 @@ MEMORY=0 FORCE=0 KEEP_GOING=0 RELEASE=0 +RUN_ARMCC=1 YOTTA=1 # Default commands, can be overriden by the environment @@ -65,6 +66,8 @@ General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. + --armcc Run ARM Compiler builds (on by default). + --no-armcc Skip ARM Compiler builds. --no-yotta Skip yotta module build. --out-of-source-dir= Directory used for CMake out-of-source build tests. -r|--release-test Run this script in release mode. This fixes the seed value to 1. @@ -124,15 +127,17 @@ msg() current_section=$1 } -armc6_build_test() -{ - FLAGS="$1" +if [ $RUN_ARMCC -ne 0 ]; then + armc6_build_test() + { + FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" - ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib - make clean -} + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS='-xc -std=c99' make lib + make clean + } +fi err_msg() { @@ -151,6 +156,9 @@ check_tools() while [ $# -gt 0 ]; do case "$1" in + --armcc) + RUN_ARMCC=1 + ;; --armc5-bin-dir) shift ARMC5_BIN_DIR="$1" @@ -188,6 +196,9 @@ while [ $# -gt 0 ]; do --memory|-m) MEMORY=1 ;; + --no-armcc) + RUN_ARMCC=0 + ;; --no-yotta) YOTTA=0 ;; @@ -352,8 +363,10 @@ export GNUTLS_SERV="$GNUTLS_SERV" # Make sure the tools we need are available. check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$GNUTLS_CLI" "$GNUTLS_SERV" \ "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" \ - "i686-w64-mingw32-gcc" + "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" +if [ $RUN_ARMCC -ne 0 ]; then + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" +fi # # Test Suites to be executed @@ -389,9 +402,9 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh -if [ $YOTTA -ne 0 ]; then - # Note - use of yotta is deprecated, and yotta also requires armcc to be - # on the path, and uses whatever version of armcc it finds there. +if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then + # Note - use of yotta is deprecated, and yotta also requires armcc to be on the + # path, and uses whatever version of armcc it finds there. msg "build: create and build yotta module" # ~ 30s cleanup record_status tests/scripts/yotta-build.sh @@ -655,23 +668,25 @@ scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib -make clean +if [ $RUN_ARMCC -ne 0 ]; then + make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib + make clean -# ARM Compiler 6 - Target ARMv7-A -armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" + # ARM Compiler 6 - Target ARMv7-A + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a" -# ARM Compiler 6 - Target ARMv7-M -armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" + # ARM Compiler 6 - Target ARMv7-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv7-m" -# ARM Compiler 6 - Target ARMv8-A - AArch32 -armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch32 + armc6_build_test "--target=arm-arm-none-eabi -march=armv8.2-a" -# ARM Compiler 6 - Target ARMv8-M -armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" + # ARM Compiler 6 - Target ARMv8-M + armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main" -# ARM Compiler 6 - Target ARMv8-A - AArch64 -armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" + # ARM Compiler 6 - Target ARMv8-A - AArch64 + armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" +fi msg "build: allow SHA1 in certificates by default" cleanup From c3c3a68e747a07e6a7d9333972962b6f6574dd08 Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 15:19:53 +0000 Subject: [PATCH 473/493] Update usage description --- scripts/config.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/config.pl b/scripts/config.pl index 8c1aa08dd..d07b130a7 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -45,7 +45,7 @@ my $config_file = "include/mbedtls/config.h"; my $usage = < | --file ] [-o | --force] [set | unset | get | - full | realfull] + full | realfull | baremetal] Commands set [] - Uncomments or adds a #define for the to @@ -63,7 +63,7 @@ Commands excluding some reserved symbols, until the 'Module configuration options' section realfull - Uncomments all #define's with no exclusions - baremetal - Set configuration suitable for baremetal build. + baremetal - Sets full configuration suitable for baremetal build. Options -f | --file - The file or file path for the configuration file From c4e9694d43999f9e607266a75e9394cd0158594c Mon Sep 17 00:00:00 2001 From: Azim Khan Date: Thu, 21 Dec 2017 15:22:37 +0000 Subject: [PATCH 474/493] Add MBEDTLS_NO_UDBL_DIVISION to excludes of full config --- scripts/config.pl | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.pl b/scripts/config.pl index d07b130a7..76ca4709c 100755 --- a/scripts/config.pl +++ b/scripts/config.pl @@ -92,6 +92,7 @@ MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3 MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION MBEDTLS_ZLIB_SUPPORT MBEDTLS_PKCS11_C +MBEDTLS_NO_UDBL_DIVISION _ALT\s*$ ); From 192c72f7a12cac724150c0bebd0f224722c1ff63 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 21 Dec 2017 15:59:21 +0100 Subject: [PATCH 475/493] all.sh: add some documentation --- tests/scripts/all.sh | 90 ++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 83 insertions(+), 7 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c9c790c80..2ea31dbc2 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -4,20 +4,78 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2014-2016, ARM Limited, All Rights Reserved -# +# Copyright (c) 2014-2017, ARM Limited, All Rights Reserved + + + +################################################################ +#### Documentation +################################################################ + # Purpose +# ------- # # To run all tests possible or available on the platform. # +# Notes for users +# --------------- +# # Warning: the test is destructive. It includes various build modes and # configurations, and can and will arbitrarily change the current CMake -# configuration. After this script has been run, the CMake cache will be lost -# and CMake will no longer be initialised. +# configuration. The following files must be committed into git: +# * include/mbedtls/config.h +# * Makefile, library/Makefile, programs/Makefile, tests/Makefile +# After running this script, the CMake cache will be lost and CMake +# will no longer be initialised. # -# The script assumes the presence of gcc and clang (recent enough for using -# ASan with gcc and MemSan with clang, or valgrind) are available, as well as -# cmake and a "good" find. +# The script assumes the presence of a number of tools: +# * Basic Unix tools (Windows users note: a Unix-style find must be before +# the Windows find in the PATH) +# * Perl +# * GNU Make +# * CMake +# * GCC and Clang (recent enough for using ASan with gcc and MemSan with clang, or valgrind) +# * arm-gcc and mingw-gcc +# * ArmCC 5 and ArmCC 6, unless invoked with --no-armcc +# * Yotta build dependencies, unless invoked with --no-yotta +# * OpenSSL and GnuTLS command line tools, recent enough for the +# interoperability tests. If they don't support SSLv3 then a legacy +# version of these tools must be present as well (search for LEGACY +# below). +# See the invocation of check_tools below for details. +# +# This script must be invoked from the toplevel directory of a git +# working copy of Mbed TLS. +# +# Note that the output is not saved. You may want to run +# script -c tests/scripts/all.sh +# or +# tests/scripts/all.sh >all.log 2>&1 +# +# Notes for maintainers +# --------------------- +# +# The tests are roughly in order from fastest to slowest. This doesn't +# have to be exact, but in general you should add slower tests towards +# the end and fast checks near the beginning. +# +# Sanity checks have the following form: +# 1. msg "short description of what is about to be done" +# 2. run sanity check (failure stops the script) +# +# Build or build-and-test steps have the following form: +# 1. msg "short description of what is about to be done" +# 2. cleanup +# 3. preparation (config.pl, cmake, ...) (failure stops the script) +# 4. make +# 5. Run tests if relevant. All tests must be prefixed with +# if_build_successful for the sake of --keep-going. + + + +################################################################ +#### Initialization and command line parsing +################################################################ # Abort on errors (and uninitialised variables) set -eu @@ -368,6 +426,12 @@ if [ $RUN_ARMCC -ne 0 ]; then check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" fi + + +################################################################ +#### Basic checks +################################################################ + # # Test Suites to be executed # @@ -402,6 +466,12 @@ msg "test: doxygen warnings" # ~ 3s cleanup tests/scripts/doxygen.sh + + +################################################################ +#### Build and test many configurations and targets +################################################################ + if [ $RUN_ARMCC -ne 0 ] && [ $YOTTA -ne 0 ]; then # Note - use of yotta is deprecated, and yotta also requires armcc to be on the # path, and uses whatever version of armcc it finds there. @@ -772,6 +842,12 @@ make test cd "$MBEDTLS_ROOT_DIR" rm -rf "$OUT_OF_SOURCE_DIR" + + +################################################################ +#### Termination +################################################################ + msg "Done, cleaning up" cleanup From 25b96ea2daeed8f0e4a1a58540ea9c455b6678fa Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 21 Dec 2017 17:45:11 +0000 Subject: [PATCH 476/493] Remove comment on potential future removal of non-CRT fields --- include/mbedtls/rsa.h | 4 ---- 1 file changed, 4 deletions(-) diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index 5e7fdca6b..33ff4e3fb 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -98,16 +98,12 @@ typedef struct mbedtls_mpi P; /*!< 1st prime factor */ mbedtls_mpi Q; /*!< 2nd prime factor */ - /* DP,DQ,QP are not used in NO_CRT but temporarily kept for ABI - * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi DP; /*!< D % (P - 1) */ mbedtls_mpi DQ; /*!< D % (Q - 1) */ mbedtls_mpi QP; /*!< 1 / (Q % P) */ mbedtls_mpi RN; /*!< cached R^2 mod N */ - /* RP, RQ are not used in NO_CRT but temporarily kept for ABI - * compatibility. Will be removed on next ABI changing release. */ mbedtls_mpi RP; /*!< cached R^2 mod P */ mbedtls_mpi RQ; /*!< cached R^2 mod Q */ From f40cdf9971679f59cf7bc1722139bc218219db96 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Dec 2017 11:03:27 +0000 Subject: [PATCH 477/493] Add dependency of new RSA tests on presence of strong entropy source During the work on the RSA change the issue was brought up, and a fix was provided on development, that some RSA tests use CTR DRBG and depend on the presence of a strong entropy source to succeed. The RSA work introduced more tests using CTR DRBG, and the dependency needs to be added for them, too. --- tests/suites/test_suite_rsa.function | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index e305c4337..f501222d1 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -847,7 +847,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_import( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -1121,7 +1121,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_validate_params( int radix_N, char *input_N, int radix_P, char *input_P, int radix_Q, char *input_Q, @@ -1315,7 +1315,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C */ +/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */ void mbedtls_rsa_import_raw( char *input_N, char *input_P, char *input_Q, char *input_D, char *input_E, From a47023e4d55bef26a5b25409b266e1dccc77de97 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 22 Dec 2017 17:08:03 +0000 Subject: [PATCH 478/493] Incorporate comments on merge commit * Correct order of sections in ChangeLog * Restore unintentionally removed whitespace and formatting improvements. * Consistently rename MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED to MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION in rsa.h documentation. --- ChangeLog | 35 ++++++++++++++-------------- include/mbedtls/rsa.h | 20 ++++++++-------- tests/suites/test_suite_rsa.function | 5 ++-- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/ChangeLog b/ChangeLog index 4a60b2abd..cf2c882b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -15,6 +15,23 @@ Security Features * Allow comments in test data files. +API Changes + * Extend RSA interface by multiple functions allowing structure- + independent setup and export of RSA contexts. Most notably, + mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting + up RSA contexts from partial key material and having them completed to the + needs of the implementation automatically. This allows to setup private RSA + contexts from keys consisting of N,D,E only, even if P,Q are needed for the + purpose or CRT and/or blinding. + * The configuration option MBEDTLS_RSA_ALT can be used to define alternative + implementations of the RSA interface declared in rsa.h. + +New deprecations + * Deprecate usage of RSA primitives with non-matching key-type + (e.g., signing with a public key). + * Direct manipulation of structure fields of RSA contexts is deprecated. + Users are advised to use the extended RSA API instead. + Bugfix * Fix ssl_parse_record_header() to silently discard invalid DTLS records as recommended in RFC 6347 Section 4.1.2.7. @@ -57,23 +74,6 @@ Bugfix * Fix crash when calling mbedtls_ssl_cache_free() twice. Found by MilenkoMitrovic, #1104 -New deprecations - * Direct manipulation of structure fields of RSA contexts is deprecated. - Users are advised to use the extended RSA API instead. - * Deprecate usage of RSA primitives with non-matching key-type - (e.g., signing with a public key). - -API Changes - * Extend RSA interface by multiple functions allowing structure- - independent setup and export of RSA contexts. Most notably, - mbedtls_rsa_import and mbedtls_rsa_complete are introduced for setting - up RSA contexts from partial key material and having them completed to the - needs of the implementation automatically. This allows to setup private RSA - contexts from keys consisting of N,D,E only, even if P,Q are needed for the - purpose or CRT and/or blinding. - * The configuration option MBEDTLS_RSA_ALT can be used to define alternative - implementations of the RSA interface declared in rsa.h. - Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority @@ -95,7 +95,6 @@ Security * Reliably wipe sensitive data after use in the AES example applications programs/aes/aescrypt2 and programs/aes/crypt_and_hash. Found by Laurent Simon. ->>>>>>> development Features * Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown() diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h index e41264310..d7503ac83 100644 --- a/include/mbedtls/rsa.h +++ b/include/mbedtls/rsa.h @@ -274,11 +274,11 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ); * exporting the requested parameters * cannot be done because of a lack of functionality * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. * In this case, the RSA context stays intact and can * be continued to be used. * - * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -319,11 +319,11 @@ int mbedtls_rsa_export( const mbedtls_rsa_context *ctx, * exporting the requested parameters * cannot be done because of a lack of functionality * or because of security policies, the error code - * \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED is returned. + * \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION is returned. * In this case, the RSA context stays intact and can * be continued to be used. * - * \note Reasons for returning \c MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED + * \note Reasons for returning \c MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION * would be the following: Firstly, it might be that an * alternative RSA implementation is in use which stores * the key externally, and which either cannot or should not @@ -525,7 +525,7 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -557,7 +557,7 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -592,7 +592,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PRIVATE and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer must be as large as the size * of ctx->N (eg. 128 bytes if RSA-1024 is used). @@ -629,7 +629,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes @@ -670,7 +670,7 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes @@ -713,7 +713,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx, * mode being set to MBEDTLS_RSA_PUBLIC and may instead * return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION. * - * \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code + * \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code * * \note The output buffer length \c output_max_len should be * as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index f501222d1..639bcb89d 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -729,8 +729,9 @@ void mbedtls_rsa_gen_key( int nrbits, int exponent, int result) mbedtls_entropy_init( &entropy ); mbedtls_rsa_init ( &ctx, 0, 0 ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, + &entropy, (const unsigned char *) pers, + strlen( pers ) ) == 0 ); TEST_ASSERT( mbedtls_rsa_gen_key( &ctx, mbedtls_ctr_drbg_random, &ctr_drbg, nrbits, exponent ) == result ); if( result == 0 ) From 618d091f2af41c2c60117b6c7fef080687dedc81 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:04:19 +0100 Subject: [PATCH 479/493] Add ChangeLog entry for CCM_ALT Edit the CMAC_ALT ChangeLog entry to mention CCM_ALT which was added in a sister PR and is being merged together. Use full name rather than Github id as attribution. Move the entry under "Features" for better consistency with historical practice. --- ChangeLog | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index 6377e7f5d..d9e9dc89e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,8 @@ Features line arguments. * New unit tests for timing. Improve the self-test to be more robust when run on a heavily-loaded machine. + * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, + MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs. New deprecations * Deprecate usage of RSA primitives with non-matching key-type @@ -71,8 +73,6 @@ Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. - * Add hardware acceleration support for cmac, with the configuration definition - of `MBEDTLS_CMAC_ALT`. Submitted by stevew817 = mbed TLS 2.6.0 branch released 2017-08-10 From 8e09d8f6a5d1b8543ee5fb6e782df88179575ad4 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:09:42 +0100 Subject: [PATCH 480/493] Add full stop to ChangeLog entry --- ChangeLog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 32056b80f..365a713b7 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,7 +21,7 @@ Features * Add alternative implementation support for CCM and CMAC (MBEDTLS_CCM_ALT, MBEDTLS_CMAC_ALT). Submitted by Steve Cooreman, Silicon Labs. * Add support for alternative implementations of GCM, selected by the - configuration flag MBEDTLS_GCM_ALT in config.h + configuration flag MBEDTLS_GCM_ALT. New deprecations * Deprecate usage of RSA primitives with non-matching key-type From ec9c626b75aecd99663695d53460c6a79d5c6d44 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Tue, 2 Jan 2018 16:27:50 +0100 Subject: [PATCH 481/493] ChangeLog entry for PR #964 --- ChangeLog | 3 +++ 1 file changed, 3 insertions(+) diff --git a/ChangeLog b/ChangeLog index 365a713b7..2284f3427 100644 --- a/ChangeLog +++ b/ChangeLog @@ -70,11 +70,14 @@ Bugfix MilenkoMitrovic, #1104 * Fix mbedtls_timing_alarm(0) on Unix. * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. + * Fix possible memory leaks in mbedtls_gcm_self_test(). + * Added missing return code checks in mbedtls_aes_self_test(). Changes * Extend cert_write example program by options to set the CRT version and the message digest. Further, allow enabling/disabling of authority identifier, subject identifier and basic constraints extensions. + * Only run AES-192 self-test if AES-192 is available. Fixes #963. = mbed TLS 2.6.0 branch released 2017-08-10 From 4952e7a8d6792253b61ab2f94a8017e58ad38f1a Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 09:27:40 +0000 Subject: [PATCH 482/493] Add explicit type cast to avoid truncation warning `mbedtls_rsa_deduce_primes` implicitly casts the result of a call to `mbedtls_mpi_lsb` to a `uint16_t`. This is safe because of the size of MPI's used in the library, but still may have compilers complain about it. This commit makes the cast explicit. --- library/rsa_internal.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/library/rsa_internal.c b/library/rsa_internal.c index e28ca50b3..507009f13 100644 --- a/library/rsa_internal.c +++ b/library/rsa_internal.c @@ -114,7 +114,7 @@ int mbedtls_rsa_deduce_primes( mbedtls_mpi const *N, MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, D, E ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &T, &T, 1 ) ); - if( ( order = mbedtls_mpi_lsb( &T ) ) == 0 ) + if( ( order = (uint16_t) mbedtls_mpi_lsb( &T ) ) == 0 ) { ret = MBEDTLS_ERR_MPI_BAD_INPUT_DATA; goto cleanup; From e963efa1101aeb65cf1749c3a61e84e186519142 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 3 Jan 2018 10:03:43 +0000 Subject: [PATCH 483/493] Don't limit RSA_NO_CRT test in all.sh to 64-bit systems Compilation and test for the `MBEDTLS_RSA_NO_CRT` option were previously guarded by a check for 64-bit systems, for which there is no reason. This commit moves both outside of the guard. --- tests/scripts/all.sh | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 33c17e2d3..cfe305ffd 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -471,15 +471,6 @@ msg "build: i386, make, gcc" # ~ 30s cleanup CC=gcc CFLAGS='-Werror -Wall -Wextra -m32' make -msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make - -msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" -make test - msg "build: gcc, force 32-bit compilation" cleanup cp "$CONFIG_H" "$CONFIG_BAK" @@ -592,6 +583,15 @@ msg "test: allow SHA1 in certificates by default" make test tests/ssl-opt.sh -f SHA-1 +msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +cleanup +cp "$CONFIG_H" "$CONFIG_BAK" +scripts/config.pl set MBEDTLS_RSA_NO_CRT +CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make + +msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" +make test + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s cleanup CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs From 88683b2c6d82edf6ec146f813b79442d8e14a3f4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Thu, 4 Jan 2018 18:26:54 +0000 Subject: [PATCH 484/493] Correct all.sh and config.h after merge commit - Adapt the change in all.sh to the new keep-going mode - Restore alphabetical order of configuration flags for alternative implementations in config.h and rebuild library/version_features.c --- include/mbedtls/config.h | 4 ++-- library/version_features.c | 12 ++++++------ tests/scripts/all.sh | 2 +- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 5b2c4ada5..269085d32 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -269,16 +269,16 @@ //#define MBEDTLS_CCM_ALT //#define MBEDTLS_CMAC_ALT //#define MBEDTLS_DES_ALT -//#define MBEDTLS_RSA_ALT //#define MBEDTLS_GCM_ALT -//#define MBEDTLS_XTEA_ALT //#define MBEDTLS_MD2_ALT //#define MBEDTLS_MD4_ALT //#define MBEDTLS_MD5_ALT //#define MBEDTLS_RIPEMD160_ALT +//#define MBEDTLS_RSA_ALT //#define MBEDTLS_SHA1_ALT //#define MBEDTLS_SHA256_ALT //#define MBEDTLS_SHA512_ALT +//#define MBEDTLS_XTEA_ALT /* * When replacing the elliptic curve module, pleace consider, that it is * implemented with two .c files: diff --git a/library/version_features.c b/library/version_features.c index cdb41616e..71ec12545 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -105,15 +105,9 @@ static const char *features[] = { #if defined(MBEDTLS_DES_ALT) "MBEDTLS_DES_ALT", #endif /* MBEDTLS_DES_ALT */ -#if defined(MBEDTLS_RSA_ALT) - "MBEDTLS_RSA_ALT", -#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_GCM_ALT) "MBEDTLS_GCM_ALT", #endif /* MBEDTLS_GCM_ALT */ -#if defined(MBEDTLS_XTEA_ALT) - "MBEDTLS_XTEA_ALT", -#endif /* MBEDTLS_XTEA_ALT */ #if defined(MBEDTLS_MD2_ALT) "MBEDTLS_MD2_ALT", #endif /* MBEDTLS_MD2_ALT */ @@ -126,6 +120,9 @@ static const char *features[] = { #if defined(MBEDTLS_RIPEMD160_ALT) "MBEDTLS_RIPEMD160_ALT", #endif /* MBEDTLS_RIPEMD160_ALT */ +#if defined(MBEDTLS_RSA_ALT) + "MBEDTLS_RSA_ALT", +#endif /* MBEDTLS_RSA_ALT */ #if defined(MBEDTLS_SHA1_ALT) "MBEDTLS_SHA1_ALT", #endif /* MBEDTLS_SHA1_ALT */ @@ -135,6 +132,9 @@ static const char *features[] = { #if defined(MBEDTLS_SHA512_ALT) "MBEDTLS_SHA512_ALT", #endif /* MBEDTLS_SHA512_ALT */ +#if defined(MBEDTLS_XTEA_ALT) + "MBEDTLS_XTEA_ALT", +#endif /* MBEDTLS_XTEA_ALT */ #if defined(MBEDTLS_ECP_ALT) "MBEDTLS_ECP_ALT", #endif /* MBEDTLS_ECP_ALT */ diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 6ffd38687..b1d9add2b 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -771,7 +771,7 @@ msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc CFLAGS='-Werror -Wall -Werror -O0' make +make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" make test From efeef6cf03797cdfc729dc026341a1bae6cd7217 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:07:47 +0000 Subject: [PATCH 485/493] Correct typo in bignum.h --- include/mbedtls/bignum.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h index 456a80420..0b4001542 100644 --- a/include/mbedtls/bignum.h +++ b/include/mbedtls/bignum.h @@ -70,7 +70,7 @@ * Maximum size of MPIs allowed in bits and bytes for user-MPIs. * ( Default: 512 bytes => 4096 bits, Maximum tested: 2048 bytes => 16384 bits ) * - * Note: Calculations can results temporarily in larger MPIs. So the number + * Note: Calculations can temporarily result in larger MPIs. So the number * of limbs required (MBEDTLS_MPI_MAX_LIMBS) is higher. */ #define MBEDTLS_MPI_MAX_SIZE 1024 /**< Maximum number of bytes for usable MPIs. */ From 895c5ab88e10d5de13e932eaeb6ba04651c76f8b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:08:09 +0000 Subject: [PATCH 486/493] Preserve old behavior by checking public key in RSA parsing function The function `pk_get_rsapubkey` originally performed some basic sanity checks (e.g. on the size of public exponent) on the parsed RSA public key by a call to `mbedtls_rsa_check_pubkey`. This check was dropped because it is not possible to thoroughly check full parameter sanity (i.e. that (-)^E is a bijection on Z/NZ). Still, for the sake of not silently changing existing behavior, this commit puts back the call to `mbedtls_rsa_check_pubkey`. --- library/pkparse.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/library/pkparse.c b/library/pkparse.c index 159b485eb..f97d89ea1 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -543,8 +543,11 @@ static int pk_get_rsapubkey( unsigned char **p, *p += len; - if( ( ret = mbedtls_rsa_complete( rsa ) ) != 0 ) + if( mbedtls_rsa_complete( rsa ) != 0 || + mbedtls_rsa_check_pubkey( rsa ) != 0 ) + { return( MBEDTLS_ERR_PK_INVALID_PUBKEY ); + } if( *p != end ) return( MBEDTLS_ERR_PK_INVALID_PUBKEY + From 3a760a1857cc933512519616f4d6220c56c457bc Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 08:14:49 +0000 Subject: [PATCH 487/493] Add size check for RSA modulus to `mbedtls_rsa_complete` The function `mbedtls_rsa_complete` is supposed to guarantee that RSA operations will complete without failure. In contrast, it does not ensure consistency of parameters, which is the task of the checking functions `rsa_check_pubkey` and `rsa_check_privkey`. Previously, the maximum allowed size of the RSA modulus was checked in `mbedtls_rsa_check_pubkey`. However, exceeding this size would lead to failure of some RSA operations, hence this check belongs to `mbedtls_rsa_complete` rather than `mbedtls_rsa_check_pubkey`. This commit moves it accordingly. --- library/rsa.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index 793167339..ad1ef6db2 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -146,8 +146,11 @@ static int rsa_check_context( mbedtls_rsa_context const *ctx, int is_priv, ((void) blinding_needed); #endif - if( ctx->len != mbedtls_mpi_size( &ctx->N ) ) + if( ctx->len != mbedtls_mpi_size( &ctx->N ) || + ctx->len > MBEDTLS_MPI_MAX_SIZE ) + { return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA ); + } /* * 1. Modular exponentiation needs positive, odd moduli. @@ -573,8 +576,7 @@ int mbedtls_rsa_check_pubkey( const mbedtls_rsa_context *ctx ) if( rsa_check_context( ctx, 0 /* public */, 0 /* no blinding */ ) != 0 ) return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); - if( mbedtls_mpi_bitlen( &ctx->N ) < 128 || - mbedtls_mpi_bitlen( &ctx->N ) > MBEDTLS_MPI_MAX_BITS ) + if( mbedtls_mpi_bitlen( &ctx->N ) < 128 ) { return( MBEDTLS_ERR_RSA_KEY_CHECK_FAILED ); } From d485c319a518b27fd0c3f89ea1d041e3f964a512 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 5 Jan 2018 13:03:53 +0000 Subject: [PATCH 488/493] Make small corrections to all.sh Correct gcc flags in !MBEDTLS_SSL_CLI_C test (preexisting) and build and test for RSA_NO_CRT in ASan mode. --- tests/scripts/all.sh | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index b1d9add2b..b559af8e1 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -605,7 +605,7 @@ cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full scripts/config.pl unset MBEDTLS_SSL_CLI_C -make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' +make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' # Note, C99 compliance can also be tested with the sockets support disabled, # as that requires a POSIX platform (which isn't the same as C99). @@ -767,11 +767,12 @@ msg "test: allow SHA1 in certificates by default" make test if_build_succeeded tests/ssl-opt.sh -f SHA-1 -msg "build: default config, MBEDTLS_RSA_NO_CRT, make, gcc" +msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min cleanup cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl set MBEDTLS_RSA_NO_CRT -make CC=gcc CFLAGS='-Werror -Wall -Werror -O0' +CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . +make msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" make test From d4d60579e4550d034a884d1a413942fbe36a8625 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 07:12:01 +0000 Subject: [PATCH 489/493] Address issues found by coverity 1) `mbedtls_rsa_import_raw` used an uninitialized return value when it was called without any input parameters. While not sensible, this is allowed and should be a succeeding no-op. 2) The MPI test for prime generation missed a return value check for a call to `mbedtls_mpi_shift_r`. This is neither critical nor new but should be fixed. 3) Both the RSA keygeneration example program and the RSA test suites contained code initializing an RSA context after a potentially failing call to CTR DRBG initialization, leaving the corresponding RSA context free call in the cleanup section of the respective function orphaned. While this defect existed before, Coverity picked up on it again because of newly introduced MPI's that were also wrongly initialized only after the call to CTR DRBG init. The commit fixes both the old and the new issue by moving the initializtion of both the RSA context and all MPI's prior to the first potentially failing call. --- library/rsa.c | 2 +- programs/pkey/rsa_genkey.c | 9 ++++----- tests/suites/test_suite_mpi.function | 3 ++- tests/suites/test_suite_rsa.data | 3 +++ tests/suites/test_suite_rsa.function | 7 +++---- 5 files changed, 13 insertions(+), 11 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index ad1ef6db2..7e921fd54 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -104,7 +104,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, unsigned char const *D, size_t D_len, unsigned char const *E, size_t E_len ) { - int ret; + int ret = 0; if( N != NULL ) { diff --git a/programs/pkey/rsa_genkey.c b/programs/pkey/rsa_genkey.c index 3dae0a6c8..939921761 100644 --- a/programs/pkey/rsa_genkey.c +++ b/programs/pkey/rsa_genkey.c @@ -71,6 +71,10 @@ int main( void ) const char *pers = "rsa_genkey"; mbedtls_ctr_drbg_init( &ctr_drbg ); + mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); + mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); + mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); + mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); mbedtls_printf( "\n . Seeding the random number generator..." ); fflush( stdout ); @@ -87,11 +91,6 @@ int main( void ) mbedtls_printf( " ok\n . Generating the RSA key [ %d-bit ]...", KEY_SIZE ); fflush( stdout ); - mbedtls_rsa_init( &rsa, MBEDTLS_RSA_PKCS_V15, 0 ); - mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); - mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &DP ); - mbedtls_mpi_init( &DQ ); mbedtls_mpi_init( &QP ); - if( ( ret = mbedtls_rsa_gen_key( &rsa, mbedtls_ctr_drbg_random, &ctr_drbg, KEY_SIZE, EXPONENT ) ) != 0 ) { diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index b94c88980..6ae27af5b 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -830,7 +830,8 @@ void mbedtls_mpi_gen_prime( int bits, int safe, int ref_ret ) TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); if( safe ) { - mbedtls_mpi_shift_r( &X, 1 ); /* X = ( X - 1 ) / 2 */ + /* X = ( X - 1 ) / 2 */ + TEST_ASSERT( mbedtls_mpi_shift_r( &X, 1 ) == 0 ); TEST_ASSERT( mbedtls_mpi_is_prime( &X, rnd_std_rand, NULL ) == 0 ); } } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index 46046119d..2747da726 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -526,6 +526,9 @@ mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f RSA Import Raw (N,-,-,-,E), successive mbedtls_rsa_import_raw:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":"":"":"":"03":1:0:0:0 +RSA Import Raw (-,-,-,-,-) +mbedtls_rsa_import_raw:"":"":"":"":"":0:0:0:MBEDTLS_ERR_RSA_BAD_INPUT_DATA + RSA Export (N,P,Q,D,E) mbedtls_rsa_export:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"3":1:0 diff --git a/tests/suites/test_suite_rsa.function b/tests/suites/test_suite_rsa.function index 639bcb89d..ee3516ad1 100644 --- a/tests/suites/test_suite_rsa.function +++ b/tests/suites/test_suite_rsa.function @@ -878,17 +878,16 @@ void mbedtls_rsa_import( int radix_N, char *input_N, const int have_E = ( strlen( input_E ) > 0 ); mbedtls_ctr_drbg_init( &ctr_drbg ); - mbedtls_entropy_init( &entropy ); - TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, - (const unsigned char *) pers, strlen( pers ) ) == 0 ); - mbedtls_rsa_init( &ctx, 0, 0 ); mbedtls_mpi_init( &N ); mbedtls_mpi_init( &P ); mbedtls_mpi_init( &Q ); mbedtls_mpi_init( &D ); mbedtls_mpi_init( &E ); + TEST_ASSERT( mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func, &entropy, + (const unsigned char *) pers, strlen( pers ) ) == 0 ); + if( have_N ) TEST_ASSERT( mbedtls_mpi_read_string( &N, radix_N, input_N ) == 0 ); From adb0b2e935618e51e33346ccb278c8341f38ab08 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:35:11 +0000 Subject: [PATCH 490/493] Update Visual Studio project files This commit updates the Visual Studio project file `visualc/VS2010/mbedTLS.vcxproj` to add the newly introduced `rsa_internal.h` and `rsa_internal.c`. --- visualc/VS2010/mbedTLS.vcxproj | 2 ++ 1 file changed, 2 insertions(+) diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 65730cd41..f13f83cc1 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -199,6 +199,7 @@ + @@ -267,6 +268,7 @@ + From 997e2184c55c47bf5e89195de73a8259bca42486 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 10 Jan 2018 10:39:20 +0000 Subject: [PATCH 491/493] Adapt ChangeLog --- ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/ChangeLog b/ChangeLog index 0061fe87d..d81d59673 100644 --- a/ChangeLog +++ b/ChangeLog @@ -97,6 +97,10 @@ Bugfix * Fix use of uninitialized memory in mbedtls_timing_get_timer when reset=1. * Fix possible memory leaks in mbedtls_gcm_self_test(). * Added missing return code checks in mbedtls_aes_self_test(). + * Fix issues in RSA key generation program programs/x509/rsa_genkey and the + RSA test suite where the failure of CTR DRBG initialization lead to + freeing an RSA context and several MPI's without proper initialization + beforehand. Changes * Extend cert_write example program by options to set the CRT version From 87ae197f3e63ba43b9d54639f38a9b66b86c51c5 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Mon, 15 Jan 2018 15:27:56 +0000 Subject: [PATCH 492/493] Add explicit uint truncation casts This commit adds some explicit downcasts from `size_t` to `uint8_t` in the RSASSA signature encoding function `rsa_rsassa_pkcs1_v15_encode`. The truncation is safe as it has been checked beforehand that the respective values are in the range of a `uint8_t`. --- library/rsa.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index a171fa6d0..8c0d8c360 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1628,17 +1628,17 @@ static int rsa_rsassa_pkcs1_v15_encode( mbedtls_md_type_t md_alg, * TAG-OCTET + LEN [ HASH ] ] */ *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = 0x08 + oid_size + hashlen; + *p++ = (unsigned char)( 0x08 + oid_size + hashlen ); *p++ = MBEDTLS_ASN1_SEQUENCE | MBEDTLS_ASN1_CONSTRUCTED; - *p++ = 0x04 + oid_size; + *p++ = (unsigned char)( 0x04 + oid_size ); *p++ = MBEDTLS_ASN1_OID; - *p++ = oid_size; + *p++ = (unsigned char) oid_size; memcpy( p, oid, oid_size ); p += oid_size; *p++ = MBEDTLS_ASN1_NULL; *p++ = 0x00; *p++ = MBEDTLS_ASN1_OCTET_STRING; - *p++ = hashlen; + *p++ = (unsigned char) hashlen; memcpy( p, hash, hashlen ); p += hashlen; From 5098400d7118197189fa21172b5ce0ba0a9d4eb8 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Wed, 17 Jan 2018 08:01:37 +0100 Subject: [PATCH 493/493] Add ChangeLog entry --- ChangeLog | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ChangeLog b/ChangeLog index d81d59673..a6fa6bbda 100644 --- a/ChangeLog +++ b/ChangeLog @@ -111,6 +111,8 @@ Changes used. Reported and fix proposed independently by satur9nine and sliai on GitHub. * Only run AES-192 self-test if AES-192 is available. Fixes #963. + * Tighten the RSA PKCS#1 v1.5 signature verification code and remove the + undeclared dependency of the RSA module on the ASN.1 module. = mbed TLS 2.6.0 branch released 2017-08-10