Merge development into development-restricted

This commit is contained in:
Simon Butcher 2016-03-16 13:56:00 +00:00
commit 184990c1d4
15 changed files with 470 additions and 46 deletions

View file

@ -24,6 +24,8 @@ Bugfix
* Fix an issue that caused valid certificates to be rejected whenever an
expired or not yet valid certificate was parsed before a valid certificate
in the trusted certificate list.
* Fix bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer after DER certificates to be included in the raw representation.
Changes
* On ARM platforms, when compiling with -O0 with GCC, Clang or armcc5,

View file

@ -677,14 +677,9 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
if( crt == NULL || buf == NULL )
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
p = mbedtls_calloc( 1, len = buflen );
if( p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( p, buf, buflen );
crt->raw.p = p;
crt->raw.len = len;
// Use the original buffer until we figure out actual length
p = (unsigned char*) buf;
len = buflen;
end = p + len;
/*
@ -708,6 +703,18 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, const unsigned char *
}
crt_end = p + len;
// Create and populate a new buffer for the raw field
crt->raw.len = crt_end - buf;
crt->raw.p = p = mbedtls_calloc( 1, crt->raw.len );
if( p == NULL )
return( MBEDTLS_ERR_X509_ALLOC_FAILED );
memcpy( p, buf, crt->raw.len );
// Direct pointers to the new buffer
p += crt->raw.len - len;
end = crt_end = p + len;
/*
* TBSCertificate ::= SEQUENCE {
*/

View file

@ -99,7 +99,8 @@ static int run_test_snprintf( void )
int main( int argc, char *argv[] )
{
int ret = 0, v;
int ret = 0, v, suites_tested = 0, suites_failed = 0,
exitcode = EXIT_SUCCESS;
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
unsigned char buf[1000000];
#endif
@ -126,8 +127,11 @@ int main( int argc, char *argv[] )
return( 0 );
}
if( argc == 2 && strcmp( argv[1], "-quiet" ) == 0 )
if( argc == 2 && ( strcmp( argv[1], "--quiet" ) == 0 ||
strcmp( argv[1], "-q" ) == 0 ) )
{
v = 0;
}
else
{
v = 1;
@ -142,134 +146,212 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_MD2_C)
if( ( ret = mbedtls_md2_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_MD4_C)
if( ( ret = mbedtls_md4_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_MD5_C)
if( ( ret = mbedtls_md5_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_RIPEMD160_C)
if( ( ret = mbedtls_ripemd160_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA1_C)
if( ( ret = mbedtls_sha1_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA256_C)
if( ( ret = mbedtls_sha256_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_SHA512_C)
if( ( ret = mbedtls_sha512_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ARC4_C)
if( ( ret = mbedtls_arc4_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_DES_C)
if( ( ret = mbedtls_des_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_aes_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_GCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_gcm_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CCM_C) && defined(MBEDTLS_AES_C)
if( ( ret = mbedtls_ccm_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_BASE64_C)
if( ( ret = mbedtls_base64_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_BIGNUM_C)
if( ( ret = mbedtls_mpi_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_RSA_C)
if( ( ret = mbedtls_rsa_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_X509_USE_C)
if( ( ret = mbedtls_x509_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_XTEA_C)
if( ( ret = mbedtls_xtea_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CAMELLIA_C)
if( ( ret = mbedtls_camellia_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_HMAC_DRBG_C)
if( ( ret = mbedtls_hmac_drbg_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ECP_C)
if( ( ret = mbedtls_ecp_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ECJPAKE_C)
if( ( ret = mbedtls_ecjpake_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_DHM_C)
if( ( ret = mbedtls_dhm_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_ENTROPY_C)
if( ( ret = mbedtls_entropy_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#if defined(MBEDTLS_PKCS5_C)
if( ( ret = mbedtls_pkcs5_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
/* Slow tests last */
#if defined(MBEDTLS_TIMING_C)
if( ( ret = mbedtls_timing_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
#else
@ -285,19 +367,34 @@ int main( int argc, char *argv[] )
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
if( ( ret = mbedtls_memory_buffer_alloc_self_test( v ) ) != 0 )
return( ret );
{
suites_failed++;
}
suites_tested++;
#endif
if( v != 0 )
{
mbedtls_printf( " [ All tests passed ]\n\n" );
mbedtls_printf( " Executed %d test suites\n\n", suites_tested );
if( suites_failed > 0)
{
mbedtls_printf( " [ %d tests FAIL ]\n\n", suites_failed );
}
else
{
mbedtls_printf( " [ All tests PASS ]\n\n" );
}
#if defined(_WIN32)
mbedtls_printf( " Press Enter to exit this program.\n" );
fflush( stdout ); getchar();
#endif
}
return( ret );
if( suites_failed > 0)
exitcode = EXIT_FAILURE;
exit( exitcode );
}

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -133,6 +133,7 @@ tests/compat.sh
msg "build: Default + SSLv3 (ASan build)" # ~ 6 min
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
make
@ -149,7 +150,6 @@ tests/ssl-opt.sh
msg "build: cmake, full config, clang" # ~ 50s
cleanup
cp "$CONFIG_H" "$CONFIG_BAK"
scripts/config.pl full
scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .

201
tests/scripts/basic-build-test.sh Executable file
View file

@ -0,0 +1,201 @@
#!/bin/sh
# basic-build-tests.sh
#
# Copyright (c) 2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# Executes the basic test suites, captures the results, and generates a simple
# test report and code coverage report.
#
# The tests include:
# * Self-tests - executed using program/test/selftest
# * Unit tests - executed using tests/scripts/run-test-suite.pl
# * System tests - executed using tests/ssl-opt.sh
# * Interoperability tests - executed using tests/compat.sh
#
# The tests focus on functionality and do not consider performance.
#
# Note the tests self-adapt due to configurations in include/mbedtls/config.h
# which can lead to some tests being skipped, and can cause the number of
# available self-tests to fluctuate.
#
# This script has been written to be generic and should work on any shell.
#
# Usage: basic-build-tests.sh
#
# Abort on errors (and uninitiliased variables)
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
echo "Must be run from mbed TLS root" >&2
exit 1
fi
# Step 1 - Make and instrumented build for code coverage
CFLAGS=' --coverage -g3 -O0 '
make
# Step 2 - Execute the tests
TEST_OUTPUT=out_${PPID}
cd tests
# Step 2a - Self-tests
../programs/test/selftest |tee self-test-$TEST_OUTPUT
echo
# Step 2b - Unit Tests
perl scripts/run-test-suites.pl -v |tee unit-test-$TEST_OUTPUT
echo
# Step 2c - System Tests
sh ssl-opt.sh |tee sys-test-$TEST_OUTPUT
echo
# Step 2d - Compatibility tests
sh compat.sh |tee compat-test-$TEST_OUTPUT
echo
# Step 3 - Process the coverage report
cd ..
make lcov |tee tests/cov-$TEST_OUTPUT
# Step 4 - Summarise the test report
echo
echo "========================================================================="
echo "Test Report Summary"
echo
cd tests
# Step 4a - Self-tests
echo "Self tests - ./programs/test/selftest"
PASSED_TESTS=$(grep 'passed' self-test-$TEST_OUTPUT |wc -l)
FAILED_TESTS=$(grep 'failed' self-test-$TEST_OUTPUT |wc -l)
AVAIL_TESTS=$(($PASSED_TESTS + $FAILED_TESTS))
EXED_TESTS=$(($PASSED_TESTS + $FAILED_TESTS))
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : n/a"
echo "Total tests : $AVAIL_TESTS"
echo
TOTAL_PASS=$PASSED_TESTS
TOTAL_FAIL=$FAILED_TESTS
TOTAL_SKIP=0
TOTAL_AVAIL=$(($PASSED_TESTS + $FAILED_TESTS))
TOTAL_EXED=$(($PASSED_TESTS + $FAILED_TESTS))
# Step 4b - Unit tests
echo "Unit tests - tests/scripts/run-test-suites.pl"
PASSED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/test cases passed :[\t]*\([0-9]*\)/\1/p'| tr -d ' ')
SKIPPED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/skipped :[ \t]*\([0-9]*\)/\1/p'| tr -d ' ')
TOTAL_SUITES=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) .*, [0-9]* tests run)/\1/p'| tr -d ' ')
FAILED_TESTS=$(tail -n6 unit-test-$TEST_OUTPUT|sed -n -e 's/failed :[\t]*\([0-9]*\)/\1/p' |tr -d ' ')
echo "No test suites : $TOTAL_SUITES"
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : $SKIPPED_TESTS"
echo "Total exec'd tests : $(($PASSED_TESTS + $FAILED_TESTS))"
echo "Total avail tests : $(($PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))"
echo
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
TOTAL_AVAIL=$(($TOTAL_AVAIL + $PASSED_TESTS + $FAILED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($TOTAL_EXED + $PASSED_TESTS + $FAILED_TESTS))
# Step 4c - TLS Options tests
echo "TLS Options tests - tests/ssl-opt.sh"
PASSED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
SKIPPED_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
TOTAL_TESTS=$(tail -n5 sys-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
FAILED_TESTS=$(($TOTAL_TESTS - $PASSED_TESTS))
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : $SKIPPED_TESTS"
echo "Total exec'd tests : $TOTAL_TESTS"
echo "Total avail tests : $(($TOTAL_TESTS + $SKIPPED_TESTS))"
echo
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
TOTAL_AVAIL=$(($TOTAL_AVAIL + $TOTAL_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($TOTAL_EXED + $TOTAL_TESTS))
# Step 4d - System Compatibility tests
echo "System/Compatibility tests - tests/compat.sh"
PASSED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* (\([0-9]*\) \/ [0-9]* tests ([0-9]* skipped))$/\1/p')
SKIPPED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ [0-9]* tests (\([0-9]*\) skipped))$/\1/p')
EXED_TESTS=$(tail -n5 compat-test-$TEST_OUTPUT|sed -n -e 's/.* ([0-9]* \/ \([0-9]*\) tests ([0-9]* skipped))$/\1/p')
FAILED_TESTS=$(($EXED_TESTS - $PASSED_TESTS))
echo "Passed : $PASSED_TESTS"
echo "Failed : $FAILED_TESTS"
echo "Skipped : $SKIPPED_TESTS"
echo "Total exec'd tests : $EXED_TESTS"
echo "Total avail tests : $(($EXED_TESTS + $SKIPPED_TESTS))"
echo
TOTAL_PASS=$(($TOTAL_PASS+$PASSED_TESTS))
TOTAL_FAIL=$(($TOTAL_FAIL+$FAILED_TESTS))
TOTAL_SKIP=$(($TOTAL_SKIP+$SKIPPED_TESTS))
TOTAL_AVAIL=$(($TOTAL_AVAIL + $EXED_TESTS + $SKIPPED_TESTS))
TOTAL_EXED=$(($TOTAL_EXED + $EXED_TESTS))
# Step 4e - Grand totals
echo "-------------------------------------------------------------------------"
echo "Total tests"
echo "Total Passed : $TOTAL_PASS"
echo "Total Failed : $TOTAL_FAIL"
echo "Total Skipped : $TOTAL_SKIP"
echo "Total exec'd tests : $TOTAL_EXED"
echo "Total avail tests : $TOTAL_AVAIL"
echo
# Step 4f - Coverage
echo "Coverage"
LINES_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* lines)/\1/p')
LINES_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ lines......: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) lines)/\1/p')
FUNCS_TESTED=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% (\([0-9]*\) of [0-9]* functions)$/\1/p')
FUNCS_TOTAL=$(tail -n3 cov-$TEST_OUTPUT|sed -n -e 's/ functions..: [0-9]*.[0-9]% ([0-9]* of \([0-9]*\) functions)$/\1/p')
LINES_PERCENT=$((1000*$LINES_TESTED/$LINES_TOTAL))
LINES_PERCENT="$(($LINES_PERCENT/10)).$(($LINES_PERCENT-($LINES_PERCENT/10)*10))"
FUNCS_PERCENT=$((1000*$FUNCS_TESTED/$FUNCS_TOTAL))
FUNCS_PERCENT="$(($FUNCS_PERCENT/10)).$(($FUNCS_PERCENT-($FUNCS_PERCENT/10)*10))"
echo "Lines Tested : $LINES_TESTED of $LINES_TOTAL $LINES_PERCENT%"
echo "Functions Tested : $FUNCS_TESTED of $FUNCS_TOTAL $FUNCS_PERCENT%"
echo
rm self-test-$TEST_OUTPUT
rm unit-test-$TEST_OUTPUT
rm sys-test-$TEST_OUTPUT
rm compat-test-$TEST_OUTPUT
rm cov-$TEST_OUTPUT
cd ..

67
tests/scripts/run-test-suites.pl Normal file → Executable file
View file

@ -1,12 +1,37 @@
#!/usr/bin/perl
# run-test-suites.pl
#
# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved
#
# Purpose
#
# Executes all the available test suites, and provides a basic summary of the
# results.
#
# Usage: run-test-suites.pl [-v]
#
# Options :
# -v|--verbose - Provide a pass/fail/skip breakdown per test suite and
# in total
#
use warnings;
use strict;
use utf8;
use open qw(:std utf8);
my @suites = grep { ! /\.(?:c|gcno)$/ } glob 'test_suite_*';
use constant FALSE => 0;
use constant TRUE => 1;
my $verbose;
my $switch = shift;
if ( defined($switch) && ( $switch eq "-v" || $switch eq "--verbose" ) ) {
$verbose = TRUE;
}
my @suites = grep { ! /\.(?:c|gcno|gcda|dSYM)$/ } glob 'test_suite_*';
die "$0: no test suite found\n" unless @suites;
# in case test suites are linked dynamically
@ -14,22 +39,56 @@ $ENV{'LD_LIBRARY_PATH'} = '../library';
my $prefix = $^O eq "MSWin32" ? '' : './';
my ($failed_suites, $total_tests_run);
my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed,
$suite_cases_failed, $suite_cases_skipped, $total_cases_passed,
$total_cases_failed, $total_cases_skipped );
for my $suite (@suites)
{
print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " ";
my $result = `$prefix$suite`;
$suite_cases_passed = () = $result =~ /.. PASS/g;
$suite_cases_failed = () = $result =~ /.. FAILED/g;
$suite_cases_skipped = () = $result =~ /.. ----/g;
if( $result =~ /PASSED/ ) {
print "PASS\n";
my ($tests, $skipped) = $result =~ /([0-9]*) tests.*?([0-9]*) skipped/;
$total_tests_run += $tests - $skipped;
} else {
$failed_suites++;
print "FAIL\n";
}
my ($passed, $tests, $skipped) = $result =~ /([0-9]*) \/ ([0-9]*) tests.*?([0-9]*) skipped/;
$total_tests_run += $tests - $skipped;
if ( $verbose ) {
print "(test cases passed:", $suite_cases_passed,
" failed:", $suite_cases_failed,
" skipped:", $suite_cases_skipped,
" of total:", ( $suite_cases_passed + $suite_cases_failed ),
")\n"
}
$total_cases_passed += $suite_cases_passed;
$total_cases_failed += $suite_cases_failed;
$total_cases_skipped += $suite_cases_skipped;
}
print "-" x 72, "\n";
print $failed_suites ? "FAILED" : "PASSED";
printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run;
if ( $verbose ) {
print " test cases passed :", $total_cases_passed, "\n";
print " failed :", $total_cases_failed, "\n";
print " skipped :", $total_cases_skipped, "\n";
print " of tests executed :", ( $total_cases_passed + $total_cases_failed ),
"\n";
print " of available tests :",
( $total_cases_passed + $total_cases_failed + $total_cases_skipped ),
"\n"
}
exit( $failed_suites ? 1 : 0 );

View file

@ -1559,6 +1559,64 @@ run_test "Renego ext: gnutls client unsafe, server break legacy" \
-S "received TLS_EMPTY_RENEGOTIATION_INFO\|found renegotiation extension" \
-S "server hello, secure renegotiation extension"
# Tests for silently dropping trailing extra bytes in .der certificates
requires_gnutls
run_test "DER format: no trailing bytes" \
"$P_SRV crt_file=data_files/server5-der0.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with a trailing zero byte" \
"$P_SRV crt_file=data_files/server5-der1a.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with a trailing random byte" \
"$P_SRV crt_file=data_files/server5-der1b.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with 2 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der2.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with 4 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der4.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with 8 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der8.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
requires_gnutls
run_test "DER format: with 9 trailing random bytes" \
"$P_SRV crt_file=data_files/server5-der9.crt \
key_file=data_files/server5.key" \
"$G_CLI " \
0 \
-c "Handshake was completed" \
# Tests for auth_mode
run_test "Authentication: server badcert, client required" \

View file

@ -771,7 +771,7 @@ X509 Certificate ASN1 (Incorrect first tag)
x509parse_crt:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT
X509 Certificate ASN1 (Correct first tag, data length does not match)
x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
x509parse_crt:"300000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 Certificate ASN1 (Correct first tag, no more data)
x509parse_crt:"3000":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA