mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 13:35:28 +00:00
Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits) Skip signature_algorithms ext if PSK only Fix bug in ssl_client2 reconnect option Cosmetics in ssl_server2 Improve debugging message. Fix net_usleep for durations greater than 1 second Use pk_load_file() in X509 Create ticket keys only if enabled Fix typo in #ifdef Clarify documentation a bit Fix comment on resumption Update comment from draft to RFC Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c Add recursion.pl to all.sh Allow x509_crt_verify_child() in recursion.pl Set a compile-time limit to X.509 chain length Fix 3DES -> DES in all.sh (+ time estimates) Add curves.pl to all.sh Rework all.sh to use MSan instead of valgrind Fix depends on individual curves in tests Add script to test depends on individual curves ... Conflicts: CMakeLists.txt programs/ssl/ssl_client2.c
This commit is contained in:
commit
edb7ed3a43
|
@ -4,26 +4,30 @@ project(POLARSSL C)
|
|||
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS "-Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wlogical-op")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3")
|
||||
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
|
||||
set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
|
||||
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code -Wno-documentation-deprecated-sync")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
|
||||
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
|
||||
set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
|
||||
set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
|
||||
set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
|
||||
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
|
||||
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan Check CheckFull"
|
||||
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
|
||||
FORCE)
|
||||
|
||||
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
|
||||
|
|
38
ChangeLog
38
ChangeLog
|
@ -14,16 +14,29 @@ API Changes
|
|||
|
||||
Reminder: bump SONAME for ABI change (FALLBACK_SCSV, session-hash, EtM)
|
||||
|
||||
Features
|
||||
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv)
|
||||
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
||||
* Add support for Encrypt-then-MAC (RFC 7366)
|
||||
|
||||
Security
|
||||
* NULL pointer dereference in the buffer-based allocator when the buffer is
|
||||
full and polarssl_free() is called (found by Jean-Philippe Aumasson)
|
||||
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
|
||||
not by default).
|
||||
* Fix remotely-triggerable uninitialised pointer dereference caused by
|
||||
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
|
||||
client certificate) (found using Codenomicon Defensics).
|
||||
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
|
||||
Features
|
||||
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv)
|
||||
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
||||
* Add support for Encrypt-then-MAC (RFC 7366)
|
||||
* Add function pk_check_pair() to test if public and private keys match.
|
||||
* Add x509_crl_parse_der().
|
||||
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
|
||||
length of an X.509 verification chain.
|
||||
|
||||
Bugfix
|
||||
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
||||
|
@ -31,6 +44,21 @@ Bugfix
|
|||
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
|
||||
if memory_buffer_alloc_init() was called with buf not aligned and len not
|
||||
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE.
|
||||
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
|
||||
by Julian Ospald).
|
||||
* Fix potential undefined behaviour in Camellia.
|
||||
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
|
||||
multiple of 8 (found by Gergely Budai).
|
||||
|
||||
Changes
|
||||
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
|
||||
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
|
||||
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
|
||||
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
|
||||
* Forbid repeated extensions in X.509 certificates.
|
||||
* debug_print_buf() now prints a text view in addition to hexadecimal.
|
||||
* Skip writing and parsing signature_algorithm extension if none of the
|
||||
key exchanges enabled needs certificates.
|
||||
|
||||
= PolarSSL 1.3.9 released 2014-10-20
|
||||
Security
|
||||
|
|
37
README.rst
37
README.rst
|
@ -2,6 +2,15 @@
|
|||
README for PolarSSL
|
||||
===================
|
||||
|
||||
Configuration
|
||||
=============
|
||||
|
||||
PolarSSL should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file *include/polarssl/config.h*, which is also the place where features can be selected.
|
||||
This file can be edited manually, or in a more programmatic way using the Perl
|
||||
script *scripts/config.pl* (use *--help* for usage instructions).
|
||||
|
||||
Compiler options can be set using standard variables such as *CC* and *CFLAGS* when using the Make and CMake build system (see below).
|
||||
|
||||
Compiling
|
||||
=========
|
||||
|
||||
|
@ -39,7 +48,7 @@ In order to build the source using CMake, just enter at the command line::
|
|||
|
||||
make
|
||||
|
||||
There are 5 different active build modes specified within the CMake buildsystem:
|
||||
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
|
||||
|
||||
- Release.
|
||||
This generates the default code without any unnecessary information in the binary files.
|
||||
|
@ -49,13 +58,30 @@ There are 5 different active build modes specified within the CMake buildsystem:
|
|||
This generates code coverage information in addition to debug information.
|
||||
- ASan.
|
||||
This instruments the code with AddressSanitizer to check for memory errors.
|
||||
(This includes LeakSanitizer, with recent version of gcc and clang.)
|
||||
(With recent version of clang, this mode also intruments the code with
|
||||
UndefinedSanitizer to check for undefined behaviour.)
|
||||
- ASanDbg.
|
||||
Same as ASan but slower, with debug information and better stack traces.
|
||||
- MemSan.
|
||||
This intruments the code with MemorySanitizer to check for uninitialised
|
||||
memory reads. Experimental, needs recent clang on Linux/x86_64.
|
||||
- MemSanDbg.
|
||||
Same as ASan but slower, with debug information, better stack traces and
|
||||
origin tracking.
|
||||
- Check.
|
||||
This activates more compiler warnings and treats them as errors.
|
||||
This activates the compiler warnings that depend on optimisation and treats
|
||||
all warnings as errors.
|
||||
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line:
|
||||
|
||||
cmake -D CMAKE_BUILD_TYPE:String="Debug" .
|
||||
|
||||
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
|
||||
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
|
||||
|
||||
In order to run the tests, enter::
|
||||
|
||||
make test
|
||||
|
@ -77,6 +103,13 @@ Tests
|
|||
|
||||
PolarSSL includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
|
||||
|
||||
For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available:
|
||||
|
||||
- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
|
||||
- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
|
||||
- *tests/scripts/test-ref-configs.pl* test builds in various reduced configurations.
|
||||
- *tests/scripts/all.sh* runs a combination of the above tests with various build options (eg ASan).
|
||||
|
||||
Configurations
|
||||
==============
|
||||
|
||||
|
|
|
@ -18,7 +18,7 @@ them, you can pick one of the following methods:
|
|||
|
||||
Or, using cmake:
|
||||
|
||||
rm CMakeCache.txt
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE='<foo.h>'" cmake .
|
||||
make
|
||||
|
||||
|
|
|
@ -781,6 +781,18 @@
|
|||
*/
|
||||
#define POLARSSL_SELF_TEST
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_AEAD_RANDOM_IV
|
||||
*
|
||||
* Generate a random IV rather than using the record sequence number as a
|
||||
* nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
|
||||
*
|
||||
* Using the sequence number is generally recommended.
|
||||
*
|
||||
* Uncomment this macro to always use random IVs with AEAD ciphersuites.
|
||||
*/
|
||||
//#define POLARSSL_SSL_AEAD_RANDOM_IV
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
|
@ -974,8 +986,7 @@
|
|||
/**
|
||||
* \def POLARSSL_SSL_ALPN
|
||||
*
|
||||
* Enable support for Application Layer Protocol Negotiation.
|
||||
* draft-ietf-tls-applayerprotoneg-05
|
||||
* Enable support for RFC 7301 Application Layer Protocol Negotiation.
|
||||
*
|
||||
* Comment this macro to disable support for ALPN.
|
||||
*/
|
||||
|
@ -2306,6 +2317,9 @@
|
|||
/* Debug options */
|
||||
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
|
||||
|
||||
/* X509 options */
|
||||
//#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
|
||||
/* \} name SECTION: Module configuration options */
|
||||
|
||||
#include "check_config.h"
|
||||
|
|
|
@ -413,6 +413,8 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
|
|||
* \param buf $(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
*
|
||||
* \note buf is updated to point right after the ECPoint on exit
|
||||
*
|
||||
* \return O if successful,
|
||||
* POLARSSL_ERR_MPI_XXX if initialization failed
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
|
@ -479,6 +481,8 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
|
|||
* \param buf &(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
*
|
||||
* \note buf is updated to point right after ECParameters on exit
|
||||
*
|
||||
* \return O if successful,
|
||||
* POLARSSL_ERR_MPI_XXX if initialization failed
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
|
@ -635,6 +639,18 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
|||
int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check a public-private key pair
|
||||
*
|
||||
* \param pub Keypair structure holding a public key
|
||||
* \param prv Keypair structure holding a private (plus public) key
|
||||
*
|
||||
* \return 0 if successfull (keys are valid and match), or
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA, or
|
||||
* a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code.
|
||||
*/
|
||||
int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv );
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
|
|
@ -177,6 +177,9 @@ typedef struct
|
|||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Check public-private key pair */
|
||||
int (*check_pair_func)( const void *pub, const void *prv );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
|
@ -426,6 +429,16 @@ int pk_encrypt( pk_context *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check if a public-private pair of keys matches.
|
||||
*
|
||||
* \param pub Context holding a public key.
|
||||
* \param prv Context holding a private (and public) key.
|
||||
*
|
||||
* \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
|
||||
*/
|
||||
int pk_check_pair( const pk_context *pub, const pk_context *prv );
|
||||
|
||||
/**
|
||||
* \brief Export debug information
|
||||
*
|
||||
|
@ -625,6 +638,14 @@ int pk_write_pubkey( unsigned char **p, unsigned char *start,
|
|||
const pk_context *key );
|
||||
#endif /* POLARSSL_PK_WRITE_C */
|
||||
|
||||
/*
|
||||
* Internal module functions. You probably do not want to use these unless you
|
||||
* know you do.
|
||||
*/
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
int pk_load_file( const char *path, unsigned char **buf, size_t *n );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
|
|
@ -99,10 +99,8 @@ typedef struct
|
|||
mpi RP; /*!< cached R^2 mod P */
|
||||
mpi RQ; /*!< cached R^2 mod Q */
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi Vi; /*!< cached blinding value */
|
||||
mpi Vf; /*!< cached un-blinding value */
|
||||
#endif
|
||||
|
||||
int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
|
||||
RSA_PKCS_v21 for OAEP/PSS */
|
||||
|
@ -191,6 +189,17 @@ int rsa_check_pubkey( const rsa_context *ctx );
|
|||
*/
|
||||
int rsa_check_privkey( const rsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Check a public-private RSA key pair.
|
||||
* Check each of the contexts, and make sure they match.
|
||||
*
|
||||
* \param pub RSA context holding the public key
|
||||
* \param prv RSA context holding the private key
|
||||
*
|
||||
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
|
||||
*/
|
||||
int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv );
|
||||
|
||||
/**
|
||||
* \brief Do an RSA public key operation
|
||||
*
|
||||
|
|
|
@ -491,7 +491,7 @@ union _ssl_premaster_secret
|
|||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
|
||||
#endif
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
|
||||
+ POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
|
||||
#endif
|
||||
|
@ -1204,6 +1204,7 @@ void ssl_set_bio( ssl_context *ssl,
|
|||
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
|
||||
int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Set the underlying BIO callbacks for write, read and
|
||||
* read-with-timeout.
|
||||
|
@ -1380,7 +1381,8 @@ void ssl_set_handshake_timeout( ssl_context *ssl, uint32_t min, uint32_t max );
|
|||
|
||||
/**
|
||||
* \brief Set the session cache callbacks (server-side only)
|
||||
* If not set, no session resuming is done.
|
||||
* If not set, no session resuming is done (except if session
|
||||
* tickets are enabled too).
|
||||
*
|
||||
* The session cache has the responsibility to check for stale
|
||||
* entries based on timeout. See RFC 5246 for recommendations.
|
||||
|
@ -1418,7 +1420,9 @@ void ssl_set_handshake_timeout( ssl_context *ssl, uint32_t min, uint32_t max );
|
|||
void ssl_set_session_cache( ssl_context *ssl,
|
||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Request resumption of session (client-side only)
|
||||
* Session data is copied from presented session structure.
|
||||
|
@ -1434,6 +1438,7 @@ void ssl_set_session_cache( ssl_context *ssl,
|
|||
* \sa ssl_get_session()
|
||||
*/
|
||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/**
|
||||
* \brief Set the list of allowed ciphersuites and the preference
|
||||
|
@ -2011,6 +2016,7 @@ int ssl_get_record_expansion( const ssl_context *ssl );
|
|||
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Save session in order to resume it later (client-side only)
|
||||
* Session data is copied to presented session structure.
|
||||
|
@ -2028,6 +2034,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
|||
* \sa ssl_set_session()
|
||||
*/
|
||||
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/**
|
||||
* \brief Perform the SSL handshake
|
||||
|
|
|
@ -233,7 +233,9 @@ extern "C" {
|
|||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
|
||||
|
||||
/* Reminder: update _ssl_premaster_secret when adding a new key exchange */
|
||||
/* Reminder: update _ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED below.
|
||||
*/
|
||||
typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||
POLARSSL_KEY_EXCHANGE_RSA,
|
||||
|
@ -248,6 +250,17 @@ typedef enum {
|
|||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
} key_exchange_type_t;
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#endif
|
||||
|
||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
|
||||
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||
|
|
|
@ -45,6 +45,18 @@
|
|||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(POLARSSL_X509_MAX_INTERMEDIATE_CA)
|
||||
/**
|
||||
* Maximum number of intermediate CAs in a verification chain.
|
||||
* That is, maximum length of the chain, excluding the end-entity certificate
|
||||
* and the trusted root certificate.
|
||||
*
|
||||
* Set this to a low value to prevent an adversary from making you waste
|
||||
* resources verifying an overlong certificate chain.
|
||||
*/
|
||||
#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name X509 Error codes
|
||||
* \{
|
||||
|
@ -295,7 +307,6 @@ int x509_get_serial( unsigned char **p, const unsigned char *end,
|
|||
x509_buf *serial );
|
||||
int x509_get_ext( unsigned char **p, const unsigned char *end,
|
||||
x509_buf *ext, int tag );
|
||||
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
|
||||
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
|
||||
pk_type_t pk_alg, md_type_t md_alg,
|
||||
const void *sig_opts );
|
||||
|
|
|
@ -100,11 +100,23 @@ typedef struct _x509_crl
|
|||
x509_crl;
|
||||
|
||||
/**
|
||||
* \brief Parse one or more CRLs and add them
|
||||
* to the chained list
|
||||
* \brief Parse a DER-encoded CRL and append it to the chained list
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the CRL data
|
||||
* \param buf buffer holding the CRL data in DER format
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509_crl_parse_der( x509_crl *chain,
|
||||
const unsigned char *buf, size_t buflen );
|
||||
/**
|
||||
* \brief Parse one or more CRLs and append them to the chained list
|
||||
*
|
||||
* \note Mutliple CRLs are accepted only if using PEM format
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the CRL data in PEM or DER format
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
|
@ -113,11 +125,12 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
|
|||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/**
|
||||
* \brief Load one or more CRLs and add them
|
||||
* to the chained list
|
||||
* \brief Load one or more CRLs and append them to the chained list
|
||||
*
|
||||
* \note Mutliple CRLs are accepted only if using PEM format
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the CRLs from
|
||||
* \param path filename to read the CRLs from (in PEM or DER encoding)
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
|
|
|
@ -79,12 +79,11 @@ set(libs ws2_32)
|
|||
endif(WIN32)
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
|
||||
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wno-documentation-deprecated-sync -Wunreachable-code")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
|
||||
if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
|
|
@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
|
|||
if( cur->next == NULL )
|
||||
return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
|
||||
|
||||
memset( cur->next, 0, sizeof( asn1_sequence ) );
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
|
|
@ -327,6 +327,8 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head,
|
|||
return( NULL );
|
||||
}
|
||||
|
||||
memcpy( cur->oid.p, oid, oid_len );
|
||||
|
||||
cur->val.len = val_len;
|
||||
cur->val.p = polarssl_malloc( val_len );
|
||||
if( cur->val.p == NULL )
|
||||
|
@ -336,8 +338,6 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head,
|
|||
return( NULL );
|
||||
}
|
||||
|
||||
memcpy( cur->oid.p, oid, oid_len );
|
||||
|
||||
cur->next = *head;
|
||||
*head = cur;
|
||||
}
|
||||
|
|
|
@ -304,14 +304,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
|
|||
I0 = x[0] ^ k[0];
|
||||
I1 = x[1] ^ k[1];
|
||||
|
||||
I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
|
||||
(SBOX2((I0 >> 16) & 0xFF) << 16) |
|
||||
(SBOX3((I0 >> 8) & 0xFF) << 8) |
|
||||
(SBOX4((I0 ) & 0xFF) );
|
||||
I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
|
||||
(SBOX3((I1 >> 16) & 0xFF) << 16) |
|
||||
(SBOX4((I1 >> 8) & 0xFF) << 8) |
|
||||
(SBOX1((I1 ) & 0xFF) );
|
||||
I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX4((I0 ) & 0xFF) );
|
||||
I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX1((I1 ) & 0xFF) );
|
||||
|
||||
I0 ^= (I1 << 8) | (I1 >> 24);
|
||||
I1 ^= (I0 << 16) | (I0 >> 16);
|
||||
|
|
|
@ -123,6 +123,7 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
|||
unsigned char *buf, size_t len )
|
||||
{
|
||||
char str[512];
|
||||
char txt[17];
|
||||
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
|
@ -138,6 +139,7 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
|||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
for( i = 0; i < len; i++ )
|
||||
{
|
||||
if( i >= 4096 )
|
||||
|
@ -147,9 +149,11 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
|||
{
|
||||
if( i > 0 )
|
||||
{
|
||||
snprintf( str + idx, maxlen - idx, "\n" );
|
||||
snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
}
|
||||
|
||||
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
|
||||
|
@ -162,11 +166,15 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
|||
|
||||
idx += snprintf( str + idx, maxlen - idx, " %02x",
|
||||
(unsigned int) buf[i] );
|
||||
txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
|
||||
}
|
||||
|
||||
if( len > 0 )
|
||||
{
|
||||
snprintf( str + idx, maxlen - idx, "\n" );
|
||||
for( /* i = i */; i % 16 != 0; i++ )
|
||||
idx += snprintf( str + idx, maxlen - idx, " " );
|
||||
|
||||
snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
}
|
||||
}
|
||||
|
|
|
@ -333,7 +333,7 @@ cleanup:
|
|||
#if POLARSSL_ECP_MAX_BYTES > 124
|
||||
#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
|
||||
#endif
|
||||
#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
|
||||
#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
|
||||
|
||||
/*
|
||||
* Convert a signature (given by context) to ASN.1
|
||||
|
|
|
@ -1897,6 +1897,48 @@ int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
|
|||
return( ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check a public-private key pair
|
||||
*/
|
||||
int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv )
|
||||
{
|
||||
int ret;
|
||||
ecp_point Q;
|
||||
ecp_group grp;
|
||||
|
||||
if( pub->grp.id == POLARSSL_ECP_DP_NONE ||
|
||||
pub->grp.id != prv->grp.id ||
|
||||
mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
|
||||
mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
|
||||
mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
|
||||
{
|
||||
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
ecp_point_init( &Q );
|
||||
ecp_group_init( &grp );
|
||||
|
||||
/* ecp_mul() needs a non-const group... */
|
||||
ecp_group_copy( &grp, &prv->grp );
|
||||
|
||||
/* Also checks d is valid */
|
||||
MPI_CHK( ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
|
||||
|
||||
if( mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
|
||||
mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
|
||||
mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
|
||||
{
|
||||
ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
ecp_point_free( &Q );
|
||||
ecp_group_free( &grp );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
|
|
@ -541,12 +541,12 @@ int net_set_nonblock( int fd )
|
|||
void net_usleep( unsigned long usec )
|
||||
{
|
||||
struct timeval tv;
|
||||
tv.tv_sec = 0;
|
||||
tv.tv_sec = usec / 1000000;
|
||||
#if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \
|
||||
( defined(__APPLE__) && defined(__MACH__) ) )
|
||||
tv.tv_usec = (suseconds_t) usec;
|
||||
tv.tv_usec = (suseconds_t) usec % 1000000;
|
||||
#else
|
||||
tv.tv_usec = usec;
|
||||
tv.tv_usec = usec % 1000000;
|
||||
#endif
|
||||
select( 0, NULL, NULL, NULL, &tv );
|
||||
}
|
||||
|
|
26
library/pk.c
26
library/pk.c
|
@ -300,6 +300,32 @@ int pk_encrypt( pk_context *ctx,
|
|||
output, olen, osize, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check public-private key pair
|
||||
*/
|
||||
int pk_check_pair( const pk_context *pub, const pk_context *prv )
|
||||
{
|
||||
if( pub == NULL || pub->pk_info == NULL ||
|
||||
prv == NULL || prv->pk_info == NULL ||
|
||||
prv->pk_info->check_pair_func == NULL )
|
||||
{
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( prv->pk_info->type == POLARSSL_PK_RSA_ALT )
|
||||
{
|
||||
if( pub->pk_info->type != POLARSSL_PK_RSA )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
}
|
||||
else
|
||||
{
|
||||
if( pub->pk_info != prv->pk_info )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get key size in bits
|
||||
*/
|
||||
|
|
|
@ -117,14 +117,21 @@ static int rsa_encrypt_wrap( void *ctx,
|
|||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
((void) osize);
|
||||
|
||||
*olen = ((rsa_context *) ctx)->len;
|
||||
|
||||
if( *olen > osize )
|
||||
return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
|
||||
return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
|
||||
f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
|
||||
}
|
||||
|
||||
static int rsa_check_pair_wrap( const void *pub, const void *prv )
|
||||
{
|
||||
return( rsa_check_pub_priv( (const rsa_context *) pub,
|
||||
(const rsa_context *) prv ) );
|
||||
}
|
||||
|
||||
static void *rsa_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
|
||||
|
@ -163,6 +170,7 @@ const pk_info_t rsa_info = {
|
|||
rsa_sign_wrap,
|
||||
rsa_decrypt_wrap,
|
||||
rsa_encrypt_wrap,
|
||||
rsa_check_pair_wrap,
|
||||
rsa_alloc_wrap,
|
||||
rsa_free_wrap,
|
||||
rsa_debug,
|
||||
|
@ -234,6 +242,12 @@ static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
|
|||
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
|
||||
static int eckey_check_pair( const void *pub, const void *prv )
|
||||
{
|
||||
return( ecp_check_pub_priv( (const ecp_keypair *) pub,
|
||||
(const ecp_keypair *) prv ) );
|
||||
}
|
||||
|
||||
static void *eckey_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
|
||||
|
@ -271,6 +285,7 @@ const pk_info_t eckey_info = {
|
|||
#endif
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair,
|
||||
eckey_alloc_wrap,
|
||||
eckey_free_wrap,
|
||||
eckey_debug,
|
||||
|
@ -294,6 +309,7 @@ const pk_info_t eckeydh_info = {
|
|||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair,
|
||||
eckey_alloc_wrap, /* Same underlying key structure */
|
||||
eckey_free_wrap, /* Same underlying key structure */
|
||||
eckey_debug, /* Same underlying key structure */
|
||||
|
@ -367,6 +383,7 @@ const pk_info_t ecdsa_info = {
|
|||
ecdsa_sign_wrap,
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair, /* Compatible key structures */
|
||||
ecdsa_alloc_wrap,
|
||||
ecdsa_free_wrap,
|
||||
eckey_debug, /* Compatible key structures */
|
||||
|
@ -419,6 +436,36 @@ static int rsa_alt_decrypt_wrap( void *ctx,
|
|||
RSA_PRIVATE, olen, input, output, osize ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
static int rsa_alt_check_pair( const void *pub, const void *prv )
|
||||
{
|
||||
unsigned char sig[POLARSSL_MPI_MAX_SIZE];
|
||||
unsigned char hash[32];
|
||||
size_t sig_len = 0;
|
||||
int ret;
|
||||
|
||||
if( rsa_alt_get_size( prv ) != rsa_get_size( pub ) )
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
|
||||
memset( hash, 0x2a, sizeof( hash ) );
|
||||
|
||||
if( ( ret = rsa_alt_sign_wrap( (void *) prv, POLARSSL_MD_NONE,
|
||||
hash, sizeof( hash ),
|
||||
sig, &sig_len, NULL, NULL ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( rsa_verify_wrap( (void *) pub, POLARSSL_MD_NONE,
|
||||
hash, sizeof( hash ), sig, sig_len ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
static void *rsa_alt_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
|
||||
|
@ -444,6 +491,11 @@ const pk_info_t rsa_alt_info = {
|
|||
rsa_alt_sign_wrap,
|
||||
rsa_alt_decrypt_wrap,
|
||||
NULL,
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
rsa_alt_check_pair,
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
rsa_alt_alloc_wrap,
|
||||
rsa_alt_free_wrap,
|
||||
NULL,
|
||||
|
|
|
@ -71,7 +71,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
|
|||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*/
|
||||
static int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
int pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
{
|
||||
FILE *f;
|
||||
long size;
|
||||
|
@ -120,7 +120,7 @@ int pk_parse_keyfile( pk_context *ctx,
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( pwd == NULL )
|
||||
|
@ -144,7 +144,7 @@ int pk_parse_public_keyfile( pk_context *ctx, const char *path )
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = pk_parse_public_key( ctx, buf, n );
|
||||
|
|
|
@ -240,6 +240,26 @@ cleanup:
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if contexts holding a public and private key match
|
||||
*/
|
||||
int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv )
|
||||
{
|
||||
if( rsa_check_pubkey( pub ) != 0 ||
|
||||
rsa_check_privkey( prv ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
if( mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
|
||||
mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Do an RSA public key operation
|
||||
*/
|
||||
|
@ -275,7 +295,6 @@ cleanup:
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
/*
|
||||
* Generate or update blinding values, see section 10 of:
|
||||
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
||||
|
@ -329,7 +348,6 @@ cleanup:
|
|||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !POLARSSL_RSA_NO_CRT */
|
||||
|
||||
/*
|
||||
* Do an RSA private key operation
|
||||
|
@ -343,7 +361,6 @@ int rsa_private( rsa_context *ctx,
|
|||
int ret;
|
||||
size_t olen;
|
||||
mpi T, T1, T2;
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi *Vi, *Vf;
|
||||
|
||||
/*
|
||||
|
@ -361,7 +378,6 @@ int rsa_private( rsa_context *ctx,
|
|||
Vi = &ctx->Vi;
|
||||
Vf = &ctx->Vf;
|
||||
#endif
|
||||
#endif /* !POLARSSL_RSA_NO_CRT */
|
||||
|
||||
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
|
||||
|
||||
|
@ -372,11 +388,6 @@ int rsa_private( rsa_context *ctx,
|
|||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_NO_CRT)
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||
#else
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
/*
|
||||
|
@ -388,6 +399,9 @@ int rsa_private( rsa_context *ctx,
|
|||
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_NO_CRT)
|
||||
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||
#else
|
||||
/*
|
||||
* faster decryption using the CRT
|
||||
*
|
||||
|
@ -409,6 +423,7 @@ int rsa_private( rsa_context *ctx,
|
|||
*/
|
||||
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
||||
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
|
||||
#endif /* POLARSSL_RSA_NO_CRT */
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
|
@ -419,14 +434,13 @@ int rsa_private( rsa_context *ctx,
|
|||
MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
|
||||
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_NO_CRT */
|
||||
|
||||
olen = ctx->len;
|
||||
MPI_CHK( mpi_write_binary( &T, output, olen ) );
|
||||
|
||||
cleanup:
|
||||
mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
|
||||
#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
|
||||
#if defined(POLARSSL_THREADING_C)
|
||||
mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
|
||||
#endif
|
||||
|
||||
|
@ -1425,10 +1439,8 @@ int rsa_copy( rsa_context *dst, const rsa_context *src )
|
|||
MPI_CHK( mpi_copy( &dst->RP, &src->RP ) );
|
||||
MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) );
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
MPI_CHK( mpi_copy( &dst->Vi, &src->Vi ) );
|
||||
MPI_CHK( mpi_copy( &dst->Vf, &src->Vf ) );
|
||||
#endif
|
||||
|
||||
dst->padding = src->padding;
|
||||
dst->hash_id = src->hash_id;
|
||||
|
@ -1445,9 +1457,7 @@ cleanup:
|
|||
*/
|
||||
void rsa_free( rsa_context *ctx )
|
||||
{
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi_free( &ctx->Vi ); mpi_free( &ctx->Vf );
|
||||
#endif
|
||||
mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN );
|
||||
mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
|
||||
mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D );
|
||||
|
|
|
@ -105,10 +105,8 @@ int ssl_cache_get( void *data, ssl_session *session )
|
|||
*/
|
||||
if( entry->peer_cert.p != NULL )
|
||||
{
|
||||
session->peer_cert =
|
||||
(x509_crt *) polarssl_malloc( sizeof(x509_crt) );
|
||||
|
||||
if( session->peer_cert == NULL )
|
||||
if( ( session->peer_cert = (x509_crt *) polarssl_malloc(
|
||||
sizeof(x509_crt) ) ) == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
|
@ -226,8 +224,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
|||
/*
|
||||
* max_entries not reached, create new entry
|
||||
*/
|
||||
cur = (ssl_cache_entry *)
|
||||
polarssl_malloc( sizeof(ssl_cache_entry) );
|
||||
cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
|
||||
if( cur == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
|
@ -264,8 +261,8 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
|||
*/
|
||||
if( session->peer_cert != NULL )
|
||||
{
|
||||
cur->peer_cert.p = (unsigned char *)
|
||||
polarssl_malloc( session->peer_cert->raw.len );
|
||||
cur->peer_cert.p = (unsigned char *) polarssl_malloc(
|
||||
session->peer_cert->raw.len );
|
||||
if( cur->peer_cert.p == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
|
|
|
@ -142,7 +142,11 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
|||
*olen = 5 + ssl->verify_data_len;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Only if we handle at least one key exchange that needs signatures.
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
|
@ -236,7 +240,8 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
|||
|
||||
*olen = 6 + sig_alg_len;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
|
||||
|
@ -773,7 +778,8 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
|||
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
|
|
@ -495,7 +495,8 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
|
@ -539,7 +540,8 @@ have_sig_alg:
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
|
||||
|
@ -1703,7 +1705,8 @@ read_record_header:
|
|||
return( ret );
|
||||
break;
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
case TLS_EXT_SIG_ALG:
|
||||
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
if( ssl->renegotiation == SSL_RENEGOTIATION )
|
||||
|
@ -1713,7 +1716,8 @@ read_record_header:
|
|||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
|
|
|
@ -721,6 +721,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
/*
|
||||
* Finally setup the cipher contexts, IVs and MAC secrets.
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2;
|
||||
|
@ -739,6 +740,9 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2 + transform->keylen;
|
||||
key2 = keyblk + transform->maclen * 2;
|
||||
|
@ -755,6 +759,12 @@ int ssl_derive_keys( ssl_context *ssl )
|
|||
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
|
||||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||
|
@ -1169,6 +1179,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
|
||||
mode = cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
/*
|
||||
* Add MAC before if needed
|
||||
*/
|
||||
|
@ -1232,9 +1245,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
"including %d bytes of padding",
|
||||
ssl->out_msglen, 0 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen,
|
||||
|
@ -1277,6 +1287,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
|
||||
ret = ssl->f_rng( ssl->p_rng,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
|
@ -1286,6 +1297,18 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
memcpy( ssl->out_iv,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
#else
|
||||
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
|
||||
{
|
||||
/* Reminder if we ever add an AEAD mode with a different size */
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->out_ctr, 8 );
|
||||
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
|
||||
#endif
|
||||
|
||||
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
|
@ -1302,9 +1325,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
"including %d bytes of padding",
|
||||
ssl->out_msglen, 0 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
/*
|
||||
* Encrypt and authenticate
|
||||
*/
|
||||
|
@ -1386,9 +1406,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
|||
ssl->out_msglen, ssl->transform_out->ivlen,
|
||||
padlen + 1 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_iv, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen,
|
||||
|
@ -3663,6 +3680,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
{
|
||||
if( ssl->client_auth == 0 )
|
||||
|
@ -3690,7 +3708,9 @@ int ssl_write_certificate( ssl_context *ssl )
|
|||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_SSL3 */
|
||||
}
|
||||
else /* SSL_IS_SERVER */
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
{
|
||||
if( ssl_own_cert( ssl ) == NULL )
|
||||
{
|
||||
|
@ -3698,6 +3718,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
|
||||
|
||||
|
@ -3773,6 +3794,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||
( ssl->authmode == SSL_VERIFY_NONE ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) )
|
||||
|
@ -3782,6 +3804,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||
{
|
||||
|
@ -3791,6 +3814,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
|
||||
ssl->state++;
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
/*
|
||||
* Check if the client sent an empty certificate
|
||||
|
@ -3835,6 +3859,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
||||
POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
|
@ -3917,6 +3942,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
* On client, make sure the server cert doesn't change during renego to
|
||||
* avoid "triple handshake" attack: https://secure-resumption.com/
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||
ssl->renegotiation == SSL_RENEGOTIATION )
|
||||
{
|
||||
|
@ -3936,6 +3962,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
|||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
if( ssl->authmode != SSL_VERIFY_NONE )
|
||||
{
|
||||
|
@ -4550,10 +4577,14 @@ int ssl_write_finished( ssl_context *ssl )
|
|||
*/
|
||||
if( ssl->handshake->resume != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
|
@ -4677,11 +4708,14 @@ int ssl_parse_finished( ssl_context *ssl )
|
|||
|
||||
if( ssl->handshake->resume != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
|
@ -4761,14 +4795,14 @@ static int ssl_handshake_init( ssl_context *ssl )
|
|||
*/
|
||||
if( ssl->transform_negotiate == NULL )
|
||||
{
|
||||
ssl->transform_negotiate =
|
||||
(ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
|
||||
ssl->transform_negotiate = (ssl_transform *) polarssl_malloc(
|
||||
sizeof(ssl_transform) );
|
||||
}
|
||||
|
||||
if( ssl->session_negotiate == NULL )
|
||||
{
|
||||
ssl->session_negotiate =
|
||||
(ssl_session *) polarssl_malloc( sizeof(ssl_session) );
|
||||
ssl->session_negotiate = (ssl_session *) polarssl_malloc(
|
||||
sizeof(ssl_session) );
|
||||
}
|
||||
|
||||
if( ssl->handshake == NULL )
|
||||
|
@ -5094,7 +5128,8 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
|
|||
{
|
||||
ssl->endpoint = endpoint;
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS) && \
|
||||
defined(POLARSSL_SSL_CLI_C)
|
||||
if( endpoint == SSL_IS_CLIENT )
|
||||
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
|
||||
#endif
|
||||
|
@ -5236,6 +5271,7 @@ void ssl_set_bio_timeout( ssl_context *ssl,
|
|||
ssl->read_timeout = timeout;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
void ssl_set_session_cache( ssl_context *ssl,
|
||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
|
||||
|
@ -5245,7 +5281,9 @@ void ssl_set_session_cache( ssl_context *ssl,
|
|||
ssl->f_set_cache = f_set_cache;
|
||||
ssl->p_set_cache = p_set_cache;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
||||
{
|
||||
int ret;
|
||||
|
@ -5265,6 +5303,7 @@ int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
|||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
|
||||
{
|
||||
|
@ -5336,7 +5375,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
|
|||
key_cert->cert = own_cert;
|
||||
key_cert->key = pk_key;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
|
@ -5365,7 +5404,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
|
|||
key_cert->cert = own_cert;
|
||||
key_cert->key_own_alloc = 1;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
|
@ -5394,7 +5433,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
|
|||
key_cert->cert = own_cert;
|
||||
key_cert->key_own_alloc = 1;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
|
@ -5666,8 +5705,13 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
|
|||
{
|
||||
ssl->session_tickets = use_tickets;
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
return( 0 );
|
||||
#endif
|
||||
|
||||
if( use_tickets == SSL_SESSION_TICKETS_DISABLED )
|
||||
return( 0 );
|
||||
|
||||
if( ssl->f_rng == NULL )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
|
@ -5784,6 +5828,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
|
|||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
||||
{
|
||||
if( ssl == NULL ||
|
||||
|
@ -5796,6 +5841,7 @@ int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
|||
|
||||
return( ssl_session_copy( dst, ssl->session ) );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/*
|
||||
* Perform a single step of the SSL handshake
|
||||
|
@ -5808,7 +5854,6 @@ int ssl_handshake_step( ssl_context *ssl )
|
|||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ret = ssl_handshake_client_step( ssl );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ret = ssl_handshake_server_step( ssl );
|
||||
|
@ -6043,6 +6088,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
{
|
||||
SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
|
||||
ssl->in_hslen != ssl_hs_hdr_len( ssl ) ) )
|
||||
|
@ -6069,6 +6115,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
|||
#endif
|
||||
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
|
||||
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
|
||||
|
|
|
@ -421,6 +421,9 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||
size_t set_len;
|
||||
const unsigned char *end_set;
|
||||
|
||||
/* don't use recursion, we'd risk stack overflow if not optimized */
|
||||
while( 1 )
|
||||
{
|
||||
/*
|
||||
* parse first SET, restricted to 1 element
|
||||
*/
|
||||
|
@ -437,7 +440,7 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
/*
|
||||
* recurse until end of SEQUENCE is reached
|
||||
* continue until end of SEQUENCE is reached
|
||||
*/
|
||||
if( *p == end )
|
||||
return( 0 );
|
||||
|
@ -449,7 +452,8 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
|||
|
||||
memset( cur->next, 0, sizeof( x509_name ) );
|
||||
|
||||
return( x509_get_name( p, end, cur->next ) );
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -632,50 +636,6 @@ int x509_get_ext( unsigned char **p, const unsigned char *end,
|
|||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*/
|
||||
int x509_load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
{
|
||||
FILE *f;
|
||||
long size;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
if( ( size = ftell( f ) ) == -1 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
}
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
*n = (size_t) size;
|
||||
|
||||
if( *n + 1 == 0 ||
|
||||
( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
polarssl_free( *buf );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
||||
(*buf)[*n] = '\0';
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
#include <stdarg.h>
|
||||
|
|
|
@ -243,8 +243,8 @@ static int x509_get_entries( unsigned char **p,
|
|||
if( cur_entry->next == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memset( cur_entry->next, 0, sizeof( x509_crl_entry ) );
|
||||
cur_entry = cur_entry->next;
|
||||
memset( cur_entry, 0, sizeof( x509_crl_entry ) );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -252,25 +252,16 @@ static int x509_get_entries( unsigned char **p,
|
|||
}
|
||||
|
||||
/*
|
||||
* Parse one or more CRLs and add them to the chained list
|
||||
* Parse one CRLs in DER format and append it to the chained list
|
||||
*/
|
||||
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
int x509_crl_parse_der( x509_crl *chain,
|
||||
const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
x509_crl *crl;
|
||||
x509_buf sig_params1, sig_params2;
|
||||
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
size_t use_len;
|
||||
pem_context pem;
|
||||
#endif
|
||||
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
|
||||
crl = chain;
|
||||
x509_crl *crl = chain;
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
|
@ -278,12 +269,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||
if( crl == NULL || buf == NULL )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
while( crl->version != 0 && crl->next != NULL )
|
||||
crl = crl->next;
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
|
||||
/*
|
||||
* Add new CRL on the end of the chain if needed.
|
||||
*/
|
||||
while( crl->version != 0 && crl->next != NULL )
|
||||
crl = crl->next;
|
||||
|
||||
if( crl->version != 0 && crl->next == NULL )
|
||||
{
|
||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
||||
|
@ -294,57 +288,22 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
x509_crl_init( crl->next );
|
||||
crl = crl->next;
|
||||
x509_crl_init( crl );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
* Copy raw DER-encoded CRL
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
/*
|
||||
* Steal PEM buffer
|
||||
*/
|
||||
p = pem.buf;
|
||||
pem.buf = NULL;
|
||||
len = pem.buflen;
|
||||
pem_free( &pem );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_PEM_PARSE_C */
|
||||
{
|
||||
/*
|
||||
* nope, copy the raw DER data
|
||||
*/
|
||||
p = (unsigned char *) polarssl_malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
if( ( p = polarssl_malloc( buflen ) ) == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
}
|
||||
|
||||
crl->raw.p = p;
|
||||
crl->raw.len = len;
|
||||
end = p + len;
|
||||
crl->raw.len = buflen;
|
||||
|
||||
end = p + buflen;
|
||||
|
||||
/*
|
||||
* CertificateList ::= SEQUENCE {
|
||||
|
@ -522,25 +481,64 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
|||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
if( buflen > 0 )
|
||||
{
|
||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
||||
|
||||
if( crl->next == NULL )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
crl = crl->next;
|
||||
x509_crl_init( crl );
|
||||
|
||||
return( x509_crl_parse( crl, buf, buflen ) );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse one or more CRLs and add them to the chained list
|
||||
*/
|
||||
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
int ret;
|
||||
size_t use_len;
|
||||
pem_context pem;
|
||||
int is_pem = 0;
|
||||
|
||||
if( chain == NULL || buf == NULL )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
do
|
||||
{
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
is_pem = 1;
|
||||
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
if( ( ret = x509_crl_parse_der( chain,
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
pem_free( &pem );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
while( is_pem && buflen > 0 );
|
||||
|
||||
if( is_pem )
|
||||
return( 0 );
|
||||
else
|
||||
#endif /* POLARSSL_PEM_PARSE_C */
|
||||
return( x509_crl_parse_der( chain, buf, buflen ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/*
|
||||
* Load one or more CRLs and add them to the chained list
|
||||
|
@ -551,7 +549,7 @@ int x509_crl_parse_file( x509_crl *chain, const char *path )
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_crl_parse( chain, buf, n );
|
||||
|
|
|
@ -359,6 +359,9 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
|||
/* Allocate and assign next pointer */
|
||||
if( cur->buf.p != NULL )
|
||||
{
|
||||
if( cur->next != NULL )
|
||||
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
|
||||
|
||||
cur->next = (asn1_sequence *) polarssl_malloc(
|
||||
sizeof( asn1_sequence ) );
|
||||
|
||||
|
@ -478,6 +481,10 @@ static int x509_get_crt_ext( unsigned char **p,
|
|||
continue;
|
||||
}
|
||||
|
||||
/* Forbid repeated extensions */
|
||||
if( ( crt->ext_types & ext_type ) != 0 )
|
||||
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
|
||||
|
||||
crt->ext_types |= ext_type;
|
||||
|
||||
switch( ext_type )
|
||||
|
@ -812,8 +819,8 @@ int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
|
|||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
prev = crt;
|
||||
x509_crt_init( crt->next );
|
||||
crt = crt->next;
|
||||
x509_crt_init( crt );
|
||||
}
|
||||
|
||||
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
|
||||
|
@ -946,7 +953,7 @@ int x509_crt_parse_file( x509_crt *chain, const char *path )
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_crt_parse( chain, buf, n );
|
||||
|
@ -1629,9 +1636,9 @@ static int x509_string_cmp( const x509_buf *a, const x509_buf *b )
|
|||
*/
|
||||
static int x509_name_cmp( const x509_name *a, const x509_name *b )
|
||||
{
|
||||
if( a == NULL && b == NULL )
|
||||
return( 0 );
|
||||
|
||||
/* Avoid recursion, it might not be optimised by the compiler */
|
||||
while( a != NULL || b != NULL )
|
||||
{
|
||||
if( a == NULL || b == NULL )
|
||||
return( -1 );
|
||||
|
||||
|
@ -1647,7 +1654,12 @@ static int x509_name_cmp( const x509_name *a, const x509_name *b )
|
|||
if( x509_string_cmp( &a->val, &b->val ) != 0 )
|
||||
return( -1 );
|
||||
|
||||
return( x509_name_cmp( a->next, b->next ) );
|
||||
a = a->next;
|
||||
b = b->next;
|
||||
}
|
||||
|
||||
/* a == NULL == b */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -1822,6 +1834,13 @@ static int x509_crt_verify_child(
|
|||
x509_crt *grandparent;
|
||||
const md_info_t *md_info;
|
||||
|
||||
/* path_cnt is 0 for the first intermediate CA */
|
||||
if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
|
||||
{
|
||||
*flags |= BADCERT_NOT_TRUSTED;
|
||||
return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
|
||||
}
|
||||
|
||||
if( x509_time_expired( &child->valid_to ) )
|
||||
*flags |= BADCERT_EXPIRED;
|
||||
|
||||
|
|
|
@ -310,7 +310,7 @@ int x509_csr_parse_file( x509_csr *csr, const char *path )
|
|||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_csr_parse( csr, buf, n );
|
||||
|
|
|
@ -739,8 +739,9 @@ int main( int argc, char *argv[] )
|
|||
#endif
|
||||
|
||||
#if !defined(_WIN32)
|
||||
/* Abort cleanly on SIGTERM */
|
||||
/* Abort cleanly on SIGTERM and SIGINT */
|
||||
signal( SIGTERM, term_handler );
|
||||
signal( SIGINT, term_handler );
|
||||
#endif
|
||||
|
||||
if( argc == 0 )
|
||||
|
@ -1679,7 +1680,7 @@ reset:
|
|||
#if !defined(_WIN32)
|
||||
if( received_sigterm )
|
||||
{
|
||||
printf( " interrupted by SIGTERM\n" );
|
||||
printf( " interrupted by signal\n" );
|
||||
ret = 0;
|
||||
goto exit;
|
||||
}
|
||||
|
@ -2069,6 +2070,9 @@ exit:
|
|||
}
|
||||
#endif
|
||||
|
||||
printf( " . Cleaning up..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( client_fd != -1 )
|
||||
net_close( client_fd );
|
||||
|
||||
|
@ -2110,6 +2114,8 @@ exit:
|
|||
memory_buffer_alloc_free();
|
||||
#endif
|
||||
|
||||
printf( " done.\n" );
|
||||
|
||||
#if defined(_WIN32)
|
||||
printf( " + Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
|
|
|
@ -188,6 +188,7 @@ int main( int argc, char *argv[] )
|
|||
{
|
||||
usage:
|
||||
printf( USAGE );
|
||||
ret = 2;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
|
@ -500,6 +501,9 @@ exit:
|
|||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
|
||||
|
|
|
@ -6,10 +6,11 @@ use warnings;
|
|||
use strict;
|
||||
|
||||
my $usage = <<EOU;
|
||||
$0 [-f <file>] full
|
||||
$0 [-f <file>] unset <name>
|
||||
$0 [-f <file>] set <name> [<value>]
|
||||
EOU
|
||||
# for our eyes only:
|
||||
# $0 [-f <file>] full
|
||||
|
||||
# Things that shouldn't be enabled with "full".
|
||||
# Notes:
|
||||
|
|
70
scripts/malloc-init.pl
Executable file
70
scripts/malloc-init.pl
Executable file
|
@ -0,0 +1,70 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# Check for malloc calls not shortly followed by initialisation.
|
||||
#
|
||||
# Known limitations:
|
||||
# - false negative: can't see allocations spanning more than one line
|
||||
# - possible false negatives, see patterns
|
||||
# - false positive: malloc-malloc-init-init is not accepted
|
||||
# - false positives: "non-standard" init functions (eg, the things being
|
||||
# initialised is not the first arg, or initialise struct members)
|
||||
#
|
||||
# Since false positives are expected, the results must be manually reviewed.
|
||||
#
|
||||
# Typical usage: scripts/malloc-init.pl library/*.c
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
use utf8;
|
||||
use open qw(:std utf8);
|
||||
|
||||
my $limit = 7;
|
||||
my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
|
||||
|
||||
# cases to bear in mind:
|
||||
#
|
||||
# 0. foo = malloc(...); memset( foo, ... );
|
||||
# 1. *foo = malloc(...); memset( *foo, ... );
|
||||
# 2. type *foo = malloc(...); memset( foo, ...);
|
||||
# 3. foo = malloc(...); foo_init( (type *) foo );
|
||||
# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
|
||||
#
|
||||
# The chosen patterns are a bit relaxed, but unlikely to cause false positives
|
||||
# in real code (initialising *foo or &foo instead of foo will likely be caught
|
||||
# by functional tests).
|
||||
#
|
||||
my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
|
||||
my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
|
||||
|
||||
my $name;
|
||||
my $line;
|
||||
my @bad;
|
||||
|
||||
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
||||
|
||||
while (my $file = shift @ARGV)
|
||||
{
|
||||
open my $fh, "<", $file or die "read $file failed: $!\n";
|
||||
while (<$fh>)
|
||||
{
|
||||
if( /polarssl_malloc\(/ ) {
|
||||
if( /$id\s*=.*polarssl_malloc\(/ ) {
|
||||
push @bad, "$file:$line:$name" if $name;
|
||||
$name = $1;
|
||||
$line = $.;
|
||||
} else {
|
||||
push @bad, "$file:$.:???" unless /return polarssl_malloc/;
|
||||
}
|
||||
} elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
|
||||
undef $name;
|
||||
} elsif( $name && $. - $line > $limit ) {
|
||||
push @bad, "$file:$line:$name";
|
||||
undef $name;
|
||||
undef $line;
|
||||
}
|
||||
}
|
||||
close $fh or die;
|
||||
}
|
||||
|
||||
print "$_\n" for @bad;
|
44
scripts/recursion.pl
Executable file
44
scripts/recursion.pl
Executable file
|
@ -0,0 +1,44 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# Find functions making recursive calls to themselves.
|
||||
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
||||
#
|
||||
# When the recursion depth might depend on data controlled by the attacker in
|
||||
# an unbounded way, those functions should use interation instead.
|
||||
#
|
||||
# Typical usage: scripts/recursion.pl library/*.c
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
use utf8;
|
||||
use open qw(:std utf8);
|
||||
|
||||
# exclude functions that are ok:
|
||||
# - mpi_write_hlp: bounded by size of mpi, a compile-time constant
|
||||
# - x509_crt_verify_child: bounded by POLARSSL_X509_MAX_INTERMEDIATE_CA
|
||||
my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
|
||||
|
||||
my $cur_name;
|
||||
my $inside;
|
||||
my @funcs;
|
||||
|
||||
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
||||
|
||||
while (<>)
|
||||
{
|
||||
if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
|
||||
chomp( $cur_name = $_ ) unless $inside;
|
||||
} elsif( /^{/ && $cur_name ) {
|
||||
$inside = 1;
|
||||
$cur_name =~ s/.* ([^ ]*)\(.*/$1/;
|
||||
} elsif( /^}/ && $inside ) {
|
||||
undef $inside;
|
||||
undef $cur_name;
|
||||
} elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
|
||||
push @funcs, $cur_name unless /$known_ok/;
|
||||
}
|
||||
}
|
||||
|
||||
print "$_\n" for @funcs;
|
||||
exit @funcs;
|
|
@ -29,11 +29,7 @@ function(add_test_suite suite_name)
|
|||
add_test(${data_name}-suite test_suite_${data_name})
|
||||
endfunction(add_test_suite)
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function -Wno-unused-value")
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wno-unused-function -Wno-unused-value")
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unreachable-code")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
|
||||
|
||||
add_test_suite(aes aes.ecb)
|
||||
add_test_suite(aes aes.cbc)
|
||||
|
|
85
tests/data_files/Readme-x509.txt
Normal file
85
tests/data_files/Readme-x509.txt
Normal file
|
@ -0,0 +1,85 @@
|
|||
This documents the X.509 CAs, certificates, and CRLS used for testing.
|
||||
|
||||
Certification authorities
|
||||
-------------------------
|
||||
|
||||
There are two main CAs for use as trusted roots:
|
||||
- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
uses a RSA-2048 key
|
||||
- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
|
||||
uses an EC key with NIST P-384 (aka secp384r1)
|
||||
variants used to test the keyUsage extension
|
||||
The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.
|
||||
|
||||
Two intermediate CAs are signed by them:
|
||||
- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
|
||||
uses RSA-4096, signed by test-ca2
|
||||
- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
|
||||
uses an EC key with NIST P-256, signed by test-ca
|
||||
|
||||
Finally, other CAs for specific purposes:
|
||||
- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
|
||||
enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
|
||||
- test-ca-v1.crt: v1 "CA", signs
|
||||
server1-v1.crt: v1 "intermediate CA", signs
|
||||
server2-v1*.crt: EE cert (without of with chain in same file)
|
||||
|
||||
End-entity certificates
|
||||
-----------------------
|
||||
|
||||
Short information fields:
|
||||
|
||||
- name or pattern
|
||||
- issuing CA: 1 -> test-ca.crt
|
||||
2 -> test-ca2.crt
|
||||
I1 -> test-int-ca.crt
|
||||
I2 -> test-int-ca2.crt
|
||||
O -> other
|
||||
- key type: R -> RSA, E -> EC
|
||||
- C -> there is a CRL revoking this cert (see below)
|
||||
- L -> CN=localhost (useful for local test servers)
|
||||
- P1, P2 if the file include parent (resp. parent + grandparent)
|
||||
- free-form comments
|
||||
|
||||
List of certificates:
|
||||
|
||||
- cert_example_multi*.crt: 1/O R: subjectAltName
|
||||
- cert_example_wildcard.crt: 1 R: wildcard in subject's CN
|
||||
- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
|
||||
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
|
||||
- cli2.crt: 2 E: basic
|
||||
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
|
||||
- server1*.crt: 1* R C*: misc *(server1-v1 see test-ca-v1.crt above)
|
||||
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
|
||||
- server2-v1*.crt: O R: see test-ca-v1.crt above
|
||||
- server2*.crt: 1 R L: misc
|
||||
- server3.crt: 1 E L: EC cert signed by RSA CA
|
||||
- server4.crt: 2 R L: RSA cert signed by EC CA
|
||||
- server5*.crt: 2* E L: misc *(except server5-selfsigned)
|
||||
-sha*: hashes
|
||||
-eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
|
||||
-ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
|
||||
- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
|
||||
- server6.crt, server6.pem: 2 E L C: revoked
|
||||
- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *(except 7.crt)
|
||||
*_space: with PEM error(s)
|
||||
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
|
||||
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
|
||||
*CRL for: 9.crt, -badsign, -with-ca (P1)
|
||||
|
||||
Certificate revocation lists
|
||||
----------------------------
|
||||
|
||||
Signing CA in parentheses (same meaning as certificates).
|
||||
|
||||
- crl-ec-sha*: (2) server6.crt
|
||||
- crl-future.pem: (2) server6.crt + unkown
|
||||
- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
|
||||
- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
|
||||
- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
|
||||
- crt_cat_*.pem: (1+2) concatenations in various orders:
|
||||
ec = crl-ec-sha256.pem, ecfut = crl-future.pem
|
||||
rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
|
||||
|
||||
Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
|
||||
crl-rsa-pss* would revoke server6.crt if signed by CA 2
|
21
tests/data_files/crl_cat_ec-rsa.pem
Normal file
21
tests/data_files/crl_cat_ec-rsa.pem
Normal file
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
22
tests/data_files/crl_cat_ecfut-rsa.pem
Normal file
22
tests/data_files/crl_cat_ecfut-rsa.pem
Normal file
|
@ -0,0 +1,22 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
|
||||
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
|
||||
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
|
||||
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
|
||||
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
|
||||
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
|
||||
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
|
||||
+cE+lWxhCQ==
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crl_cat_rsa-ec.pem
Normal file
21
tests/data_files/crl_cat_rsa-ec.pem
Normal file
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crl_cat_rsabadpem-ec.pem
Normal file
21
tests/data_files/crl_cat_rsabadpem-ec.pem
Normal file
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crt_cat_rsaexp-ec.pem
Normal file
21
tests/data_files/crt_cat_rsaexp-ec.pem
Normal file
|
@ -0,0 +1,21 @@
|
|||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx
|
||||
OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir
|
||||
jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct
|
||||
wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ
|
||||
SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS
|
||||
IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k
|
||||
OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA=
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
|
@ -1,13 +0,0 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
|
||||
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x
|
||||
MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
|
||||
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
|
||||
KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1
|
||||
1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J
|
||||
AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk
|
||||
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
|
||||
bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq
|
||||
PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl
|
||||
LA==
|
||||
-----END CERTIFICATE-----
|
|
@ -6,8 +6,8 @@
|
|||
# CMake configuration. After this script is run, the CMake cache is lost and
|
||||
# CMake is not initialised any more!
|
||||
#
|
||||
# Assumes gcc and clang (recent enough for using ASan) are available,
|
||||
# as well as cmake and valgrind.
|
||||
# Assumes gcc and clang (recent enough for using ASan with gcc and MemSen with
|
||||
# clang) are available, as well as cmake and GNU find.
|
||||
|
||||
# Abort on errors (and uninitiliased variables)
|
||||
set -eu
|
||||
|
@ -24,12 +24,9 @@ MEMORY=0
|
|||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-m1)
|
||||
-m*)
|
||||
MEMORY=1
|
||||
;;
|
||||
-m2)
|
||||
MEMORY=2
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: '$1'" >&2
|
||||
echo "Use the source, Luke!" >&2
|
||||
|
@ -61,93 +58,102 @@ msg()
|
|||
echo ""
|
||||
echo "******************************************************************"
|
||||
echo "* $1 "
|
||||
echo -n "* "; date
|
||||
echo "******************************************************************"
|
||||
}
|
||||
|
||||
# The test ordering tries to optimize for the following criteria:
|
||||
# 1. Catch possible problems early, by running first test that run quickly
|
||||
# 1. Catch possible problems early, by running first tests that run quickly
|
||||
# and/or are more likely to fail than others (eg I use Clang most of the
|
||||
# time, so start with a GCC build).
|
||||
# 2. Minimize total running time, by avoiding useless rebuilds
|
||||
#
|
||||
# Indicative running times are given for reference.
|
||||
|
||||
msg "build: cmake, -Werror (gcc)" # ~ 1 min
|
||||
msg "test: recursion.pl" # < 1s
|
||||
scripts/recursion.pl library/*.c
|
||||
|
||||
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
||||
cleanup
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: main suites with valgrind" # ~ 2 min 10s
|
||||
make memcheck
|
||||
msg "test: main suites and selftest (ASan build)" # ~ 50s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "build: with ASan (clang)" # ~ 1 min
|
||||
cleanup
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=ASan .
|
||||
make
|
||||
|
||||
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 10s
|
||||
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
||||
cd tests
|
||||
./ssl-opt.sh
|
||||
cd ..
|
||||
|
||||
msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "test: ref-configs (ASan build)" # ~ 4 min 45 s
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
tests/scripts/test-ref-configs.pl
|
||||
|
||||
# Most issues are likely to be caught at this point
|
||||
# Most frequent issues are likely to be caught at this point
|
||||
|
||||
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
|
||||
make
|
||||
|
||||
msg "test: compat.sh (ASan build)" # ~ 7 min 30s
|
||||
msg "test: compat.sh (ASan build)" # ~ 6 min
|
||||
cd tests
|
||||
./compat.sh
|
||||
cd ..
|
||||
|
||||
msg "build: cmake, full config" # ~ 40s
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl full
|
||||
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # too slow for tests
|
||||
cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
make
|
||||
|
||||
msg "test: main suites (full config)"
|
||||
msg "test: main suites (full config)" # ~ 5s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh default (full config)"
|
||||
msg "test: ssl-opt.sh default (full config)" # ~ 1s
|
||||
cd tests
|
||||
./ssl-opt.sh -f Default
|
||||
cd ..
|
||||
|
||||
msg "test: compat.sh 3DES & NULL (full config)"
|
||||
msg "test: compat.sh DES & NULL (full config)" # ~ 2 min
|
||||
cd tests
|
||||
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
|
||||
cd ..
|
||||
|
||||
msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
|
||||
cleanup
|
||||
cmake -D CMAKE_BUILD_TYPE:String=Debug .
|
||||
tests/scripts/curves.pl
|
||||
|
||||
msg "build: Unix make, -O2 (gcc)" # ~ 30s
|
||||
cleanup
|
||||
CC=gcc make
|
||||
|
||||
# Optional parts that take a long time to run
|
||||
msg "build: MSan (clang)" # ~ 1 min 20s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl unset POLARSSL_AESNI_C # memsan doesn't grok asm
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
||||
make
|
||||
|
||||
if [ "$MEMORY" -ge 1 ]; then
|
||||
msg "test: ssl-opt --memcheck (-02 build)" # ~ 8 min
|
||||
msg "test: main suites (MSan)" # ~ 10s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
|
||||
cd tests
|
||||
./ssl-opt.sh --memcheck
|
||||
./ssl-opt.sh
|
||||
cd ..
|
||||
|
||||
if [ "$MEMORY" -ge 2 ]; then
|
||||
msg "test: compat --memcheck (-02 build)" # ~ 42 min
|
||||
# Optional part(s)
|
||||
|
||||
if [ "$MEMORY" -gt 0 ]; then
|
||||
msg "test: compat.sh (MSan)" # ~ 6 min 20s
|
||||
cd tests
|
||||
./compat.sh --memcheck
|
||||
./compat.sh
|
||||
cd ..
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Done."
|
||||
msg "Done, cleaning up"
|
||||
cleanup
|
||||
|
||||
|
|
45
tests/scripts/curves.pl
Executable file
45
tests/scripts/curves.pl
Executable file
|
@ -0,0 +1,45 @@
|
|||
#!/usr/bin/perl
|
||||
|
||||
# test dependencies on individual curves in tests
|
||||
# - build
|
||||
# - run test suite
|
||||
#
|
||||
# Usage: tests/scripts/curves.pl
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
|
||||
|
||||
my $sed_cmd = 's/^#define \(POLARSSL_ECP_DP.*_ENABLED\)/\1/p';
|
||||
my $config_h = 'include/polarssl/config.h';
|
||||
my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
|
||||
|
||||
my $test = system( "grep -i cmake Makefile >/dev/null" ) ? 'check' : 'test';
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
sub abort {
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
die $_[0];
|
||||
}
|
||||
|
||||
for my $curve (@curves) {
|
||||
system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
|
||||
print "\n******************************************\n";
|
||||
print "* Testing without curve: $curve\n";
|
||||
print "******************************************\n";
|
||||
|
||||
system( "scripts/config.pl unset $curve" )
|
||||
and abort "Failed to disable $curve\n";
|
||||
|
||||
system( "make polarssl" ) and abort "Failed to build lib: $curve\n";
|
||||
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
|
||||
system( "make $test" ) and abort "Failed test suite: $curve\n";
|
||||
|
||||
}
|
||||
|
||||
system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
exit 0;
|
|
@ -32,19 +32,19 @@ Debug print buffer #1
|
|||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
|
||||
|
||||
Debug print buffer #2
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
|
||||
|
||||
Debug print buffer #3
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
|
||||
|
||||
Debug print buffer #4
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
|
||||
|
||||
Debug print buffer #5
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0030\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
|
||||
|
||||
Debug print buffer #5 (raw)
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0030\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F707172737475767778797A7B7C7D7E7F8081828384858687F8F9FAFBFCFDFEFF00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n0010\: 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n0020\: 80 81 82 83 84 85 86 87 f8 f9 fa fb fc fd fe ff ................\n0030\: 00 .\n"
|
||||
|
||||
Debug print certificate #1 (RSA)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C
|
||||
|
@ -55,11 +55,11 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C
|
|||
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/server1.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nvalue of 'crt->rsa.N' (2048 bits) is\:\n a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\n 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\n 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\n dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\n 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\n 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\n 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\n f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\n ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\n 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\n ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\n 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\n 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\n db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\n 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\n ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nvalue of 'crt->rsa.E' (17 bits) is\:\n 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
debug_print_crt:POLARSSL_DEBUG_LOG_FULL:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print certificate #2 (EC, raw)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2013-09-24 15\:49\:48\nexpires on \: 2023-09-22 15\:49\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\nvalue of 'crt->eckey.Q(X)' (384 bits) is\:\n c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\n 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\n 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nvalue of 'crt->eckey.Q(Y)' (384 bits) is\:\n 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\n b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\n 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print mpi #1
|
||||
|
|
|
@ -324,6 +324,33 @@ ECP check privkey #11 (montgomery, OK)
|
|||
depends_on:POLARSSL_ECP_DP_M255_ENABLED
|
||||
ecp_check_privkey:POLARSSL_ECP_DP_M255:"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":0
|
||||
|
||||
ECP check public-private #1 (OK)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":0
|
||||
|
||||
ECP check public-private #2 (group none)
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_NONE:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_NONE:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #3 (group mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP384R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #4 (Qx mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #5 (Qy mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #6 (wrong Qx)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #7 (wrong Qy)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP gen keypair
|
||||
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
|
||||
|
|
|
@ -598,6 +598,32 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub,
|
||||
int id, char *d, char *Qx, char *Qy, int ret )
|
||||
{
|
||||
ecp_keypair pub, prv;
|
||||
|
||||
ecp_keypair_init( &pub );
|
||||
ecp_keypair_init( &prv );
|
||||
|
||||
if( id_pub != POLARSSL_ECP_DP_NONE )
|
||||
TEST_ASSERT( ecp_use_known_dp( &pub.grp, id_pub ) == 0 );
|
||||
TEST_ASSERT( ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 );
|
||||
|
||||
if( id != POLARSSL_ECP_DP_NONE )
|
||||
TEST_ASSERT( ecp_use_known_dp( &prv.grp, id ) == 0 );
|
||||
TEST_ASSERT( ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
|
||||
TEST_ASSERT( mpi_read_string( &prv.d, 16, d ) == 0 );
|
||||
|
||||
TEST_ASSERT( ecp_check_pub_priv( &pub, &prv ) == ret );
|
||||
|
||||
exit:
|
||||
ecp_keypair_free( &pub );
|
||||
ecp_keypair_free( &prv );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_gen_keypair( int id )
|
||||
{
|
||||
|
|
|
@ -130,3 +130,23 @@ Verify ext RSA #12 (PKCS1 v1.5, good)
|
|||
depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15
|
||||
pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0
|
||||
|
||||
Check pair #1 (EC, OK)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
|
||||
|
||||
Check pair #2 (EC, bad)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
Check pair #3 (RSA, OK)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
|
||||
|
||||
Check pair #4 (RSA, bad)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
Check pair #5 (RSA vs EC)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include <polarssl/pk.h>
|
||||
|
||||
/* For error codes */
|
||||
#include <polarssl/ecp.h>
|
||||
#include <polarssl/rsa.h>
|
||||
|
||||
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
||||
|
||||
#define RSA_KEY_SIZE 512
|
||||
|
@ -80,6 +84,35 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C:POLARSSL_FS_IO */
|
||||
void pk_check_pair( char *pub_file, char *prv_file, int ret )
|
||||
{
|
||||
pk_context pub, prv, alt;
|
||||
|
||||
pk_init( &pub );
|
||||
pk_init( &prv );
|
||||
pk_init( &alt );
|
||||
|
||||
TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
|
||||
TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
|
||||
|
||||
TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
|
||||
{
|
||||
TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
|
||||
rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 );
|
||||
TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
pk_free( &pub );
|
||||
pk_free( &prv );
|
||||
pk_free( &alt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
|
||||
void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
|
||||
int mod, int radix_N, char *input_N, int radix_E,
|
||||
|
|
|
@ -35,5 +35,5 @@ depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP521R1_ENABLED
|
|||
pk_write_key_check:"data_files/ec_521_prv.pem"
|
||||
|
||||
Private key write check EC Brainpool 512 bits
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_BP512R1_ENABLED
|
||||
pk_write_key_check:"data_files/ec_bp512_prv.pem"
|
||||
|
|
|
@ -318,6 +318,21 @@ rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7
|
|||
RSA Check Public key #10 (E has size N)
|
||||
rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #1 (Correct)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":0
|
||||
|
||||
RSA Check Public-Private key #2 (Public no N)
|
||||
rsa_check_pubpriv:2048:16:"":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #3 (Private no N)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #4 (N mismatch)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034e":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #5 (E mismatch)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Private (Correct)
|
||||
rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
|
||||
|
||||
|
|
|
@ -590,6 +590,74 @@ exit:
|
|||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
|
||||
int radix_Epub, char *input_Epub,
|
||||
int radix_P, char *input_P, int radix_Q,
|
||||
char *input_Q, int radix_N, char *input_N,
|
||||
int radix_E, char *input_E, int radix_D, char *input_D,
|
||||
int radix_DP, char *input_DP, int radix_DQ,
|
||||
char *input_DQ, int radix_QP, char *input_QP,
|
||||
int result )
|
||||
{
|
||||
rsa_context pub, prv;
|
||||
|
||||
rsa_init( &pub, RSA_PKCS_V15, 0 );
|
||||
rsa_init( &prv, RSA_PKCS_V15, 0 );
|
||||
|
||||
pub.len = mod / 8;
|
||||
prv.len = mod / 8;
|
||||
|
||||
if( strlen( input_Npub ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
|
||||
}
|
||||
if( strlen( input_Epub ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
|
||||
}
|
||||
|
||||
if( strlen( input_P ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
|
||||
}
|
||||
if( strlen( input_Q ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
|
||||
}
|
||||
if( strlen( input_N ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
|
||||
}
|
||||
if( strlen( input_E ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
|
||||
}
|
||||
if( strlen( input_D ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
|
||||
}
|
||||
if( strlen( input_DP ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
|
||||
}
|
||||
if( strlen( input_DQ ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
|
||||
}
|
||||
if( strlen( input_QP ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
|
||||
}
|
||||
|
||||
TEST_ASSERT( rsa_check_pub_priv( &pub, &prv ) == result );
|
||||
|
||||
exit:
|
||||
rsa_free( &pub );
|
||||
rsa_free( &prv );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
|
||||
void rsa_gen_key( int nrbits, int exponent, int result)
|
||||
{
|
||||
|
|
|
@ -219,23 +219,23 @@ depends_on:POLARSSL_PEM_PARSE_C
|
|||
x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA1
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA224
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA256
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA384
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA512
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA1
|
||||
|
@ -607,7 +607,7 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C
|
|||
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
|
||||
|
@ -635,17 +635,41 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA25
|
|||
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #73 (selfsigned trusted without CA bit)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #75 (encoding mismatch)
|
||||
depends_on:POLARSSL_PEM_PARSE_C
|
||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #76 (multiple CRLs, not revoked)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #77 (multiple CRLs, revoked)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #78 (multiple CRLs, revoked by second)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #79 (multiple CRLs, revoked by future)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED|BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #81 (multiple CRLs, none relevant)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Parse Selftest
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C
|
||||
x509_selftest:
|
||||
|
@ -869,6 +893,18 @@ X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mism
|
|||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (SubjectAltName repeated)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
|
||||
|
||||
X509 Certificate ASN1 (ExtKeyUsage repeated)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
|
||||
|
||||
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
@ -1190,7 +1226,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
|
|||
x509_parse_rsassa_pss_params:"A303020102":ASN1_CONSTRUCTED | ASN1_SEQUENCE:POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:20:POLARSSL_ERR_X509_INVALID_ALG
|
||||
|
||||
X509 CSR ASN.1 (OK)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
|
||||
|
||||
X509 CSR ASN.1 (bad first tag)
|
||||
|
@ -1236,51 +1272,51 @@ X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
|
|||
x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: bad tag)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: not a sequence)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: unknown)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
|
||||
|
||||
X509 CSR ASN.1 (bad sig: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sig: not a bit string)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad sig: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (extra data after signature)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 File parse (no issues)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt_file:"data_files/server7_int-ca.crt":0
|
||||
|
||||
X509 File parse (extra space in one certificate)
|
||||
|
|
Loading…
Reference in a new issue