Merge pull request #6784 from valeriosetti/issue6702

Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
This commit is contained in:
Manuel Pégourié-Gonnard 2023-01-03 09:36:58 +01:00 committed by GitHub
commit 7a389ddc84
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
21 changed files with 259 additions and 177 deletions

View file

@ -0,0 +1,4 @@
Features
* SHA224_C/SHA384_C are now independent from SHA384_C/SHA512_C respectively.
This helps in saving code size when some of the above hashes are not
required.

View file

@ -47,10 +47,6 @@
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_COOKIE_C

View file

@ -46,10 +46,6 @@
#define MBEDTLS_ENTROPY_C
#define MBEDTLS_MD_C
#define MBEDTLS_NET_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_CLI_C
#define MBEDTLS_SSL_SRV_C

View file

@ -60,10 +60,6 @@
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SHA384_C
#define MBEDTLS_SHA512_C

View file

@ -63,10 +63,6 @@
#define MBEDTLS_OID_C
#define MBEDTLS_PK_C
#define MBEDTLS_PK_PARSE_C
/* The library does not currently support enabling SHA-224 without SHA-256.
* A future version of the library will have this option disabled
* by default. */
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_SSL_COOKIE_C
#define MBEDTLS_SSL_CLI_C

View file

@ -695,10 +695,6 @@
#error "MBEDTLS_X509_RSASSA_PSS_SUPPORT defined, but not all prerequisites"
#endif
#if defined(MBEDTLS_SHA384_C) && !defined(MBEDTLS_SHA512_C)
#error "MBEDTLS_SHA384_C defined without MBEDTLS_SHA512_C"
#endif
#if defined(MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT) && \
defined(MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY)
#error "Must only define one of MBEDTLS_SHA512_USE_A64_CRYPTO_*"
@ -754,14 +750,6 @@
#error "MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY defined on non-Aarch64 system"
#endif
#if defined(MBEDTLS_SHA224_C) && !defined(MBEDTLS_SHA256_C)
#error "MBEDTLS_SHA224_C defined without MBEDTLS_SHA256_C"
#endif
#if defined(MBEDTLS_SHA256_C) && !defined(MBEDTLS_SHA224_C)
#error "MBEDTLS_SHA256_C defined without MBEDTLS_SHA224_C"
#endif
#if defined(MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT) && \
defined(MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY)
#error "Must only define one of MBEDTLS_SHA256_USE_A64_CRYPTO_*"

View file

@ -3046,9 +3046,6 @@
*
* Enable the SHA-224 cryptographic hash algorithm.
*
* Requires: MBEDTLS_SHA256_C. The library does not currently support enabling
* SHA-224 without SHA-256.
*
* Module: library/sha256.c
* Caller: library/md.c
* library/ssl_cookie.c
@ -3062,9 +3059,6 @@
*
* Enable the SHA-256 cryptographic hash algorithm.
*
* Requires: MBEDTLS_SHA224_C. The library does not currently support enabling
* SHA-256 without SHA-224.
*
* Module: library/sha256.c
* Caller: library/entropy.c
* library/md.c
@ -3132,8 +3126,6 @@
*
* Enable the SHA-384 cryptographic hash algorithm.
*
* Requires: MBEDTLS_SHA512_C
*
* Module: library/sha512.c
* Caller: library/md.c
* library/psa_crypto_hash.c

View file

@ -65,8 +65,14 @@ typedef enum {
#if defined(MBEDTLS_SHA512_C)
#define MBEDTLS_MD_MAX_SIZE 64 /* longest known is SHA512 */
#elif defined(MBEDTLS_SHA384_C)
#define MBEDTLS_MD_MAX_SIZE 48 /* longest known is SHA384 */
#elif defined(MBEDTLS_SHA256_C)
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 */
#elif defined(MBEDTLS_SHA224_C)
#define MBEDTLS_MD_MAX_SIZE 28 /* longest known is SHA224 */
#else
#define MBEDTLS_MD_MAX_SIZE 32 /* longest known is SHA256 or less */
#define MBEDTLS_MD_MAX_SIZE 20 /* longest known is SHA1 or RIPE MD-160 */
#endif
#if defined(MBEDTLS_SHA512_C)

View file

@ -96,6 +96,10 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
* \param is224 This determines which function to use. This must be
* either \c 0 for SHA-256, or \c 1 for SHA-224.
*
* \note is224 must be defined accordingly to the enabled
* MBEDTLS_SHA224_C/MBEDTLS_SHA256_C symbols otherwise the
* function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
*/
@ -178,13 +182,25 @@ int mbedtls_sha256( const unsigned char *input,
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_SHA224_C)
/**
* \brief The SHA-224 and SHA-256 checkup routine.
* \brief The SHA-224 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha224_self_test( int verbose );
#endif /* MBEDTLS_SHA224_C */
#if defined(MBEDTLS_SHA256_C)
/**
* \brief The SHA-256 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha256_self_test( int verbose );
#endif /* MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SELF_TEST */

View file

@ -99,9 +99,9 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
* \param is384 Determines which function to use. This must be
* either \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA384_C is not defined,
* \p is384 must be \c 0, or the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
* \note is384 must be defined accordingly to the enabled
* MBEDTLS_SHA384_C/MBEDTLS_SHA512_C symbols otherwise the
* function will return #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
* \return A negative error code on failure.
@ -175,8 +175,11 @@ int mbedtls_internal_sha512_process( mbedtls_sha512_context *ctx,
* \param is384 Determines which function to use. This must be either
* \c 0 for SHA-512, or \c 1 for SHA-384.
*
* \note When \c MBEDTLS_SHA384_C is not defined, \p is384 must
* be \c 0, or the function will return
* \note is384 must be defined accordingly with the supported
* symbols in the config file. If:
* - is384 is 0, but \c MBEDTLS_SHA384_C is not defined, or
* - is384 is 1, but \c MBEDTLS_SHA512_C is not defined
* then the function will return
* #MBEDTLS_ERR_SHA512_BAD_INPUT_DATA.
*
* \return \c 0 on success.
@ -189,13 +192,26 @@ int mbedtls_sha512( const unsigned char *input,
#if defined(MBEDTLS_SELF_TEST)
#if defined(MBEDTLS_SHA384_C)
/**
* \brief The SHA-384 or SHA-512 checkup routine.
* \brief The SHA-384 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha384_self_test( int verbose );
#endif /* MBEDTLS_SHA384_C */
#if defined(MBEDTLS_SHA512_C)
/**
* \brief The SHA-512 checkup routine.
*
* \return \c 0 on success.
* \return \c 1 on failure.
*/
int mbedtls_sha512_self_test( int verbose );
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus

View file

@ -24,7 +24,7 @@
#include "common.h"
#if defined(MBEDTLS_SHA256_C)
#if defined(MBEDTLS_SHA256_C) || defined(MBEDTLS_SHA224_C)
#include "mbedtls/sha256.h"
#include "mbedtls/platform_util.h"
@ -167,12 +167,15 @@ void mbedtls_sha256_clone( mbedtls_sha256_context *dst,
*/
int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
{
#if defined(MBEDTLS_SHA224_C)
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
if( is224 != 0 && is224 != 1 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
#elif defined(MBEDTLS_SHA256_C)
if( is224 != 0 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else /* defined MBEDTLS_SHA224_C only */
if( is224 == 0 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@ -180,7 +183,7 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
if( is224 == 0 )
{
/* SHA-256 */
#if defined(MBEDTLS_SHA256_C)
ctx->state[0] = 0x6A09E667;
ctx->state[1] = 0xBB67AE85;
ctx->state[2] = 0x3C6EF372;
@ -189,11 +192,11 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
ctx->state[5] = 0x9B05688C;
ctx->state[6] = 0x1F83D9AB;
ctx->state[7] = 0x5BE0CD19;
#endif
}
else
{
#if defined(MBEDTLS_SHA224_C)
/* SHA-224 */
ctx->state[0] = 0xC1059ED8;
ctx->state[1] = 0x367CD507;
ctx->state[2] = 0x3070DD17;
@ -205,7 +208,9 @@ int mbedtls_sha256_starts( mbedtls_sha256_context *ctx, int is224 )
#endif
}
#if defined(MBEDTLS_SHA224_C)
ctx->is224 = is224;
#endif
return( 0 );
}
@ -678,12 +683,15 @@ int mbedtls_sha256( const unsigned char *input,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha256_context ctx;
#if defined(MBEDTLS_SHA224_C)
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
if( is224 != 0 && is224 != 1 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else
#elif defined(MBEDTLS_SHA256_C)
if( is224 != 0 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#else /* defined MBEDTLS_SHA224_C only */
if( is224 == 0 )
return MBEDTLS_ERR_SHA256_BAD_INPUT_DATA;
#endif
mbedtls_sha256_init( &ctx );
@ -707,23 +715,26 @@ exit:
/*
* FIPS-180-2 test vectors
*/
static const unsigned char sha256_test_buf[3][57] =
static const unsigned char sha_test_buf[3][57] =
{
{ "abc" },
{ "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" },
{ "" }
};
static const size_t sha256_test_buflen[3] =
static const size_t sha_test_buflen[3] =
{
3, 56, 1000
};
static const unsigned char sha256_test_sum[6][32] =
typedef const unsigned char (sha_test_sum_t)[32];
/*
* SHA-224 test vectors
*/
#if defined(MBEDTLS_SHA224_C)
static sha_test_sum_t sha224_test_sum[] =
{
/*
* SHA-224 test vectors
*/
{ 0x23, 0x09, 0x7D, 0x22, 0x34, 0x05, 0xD8, 0x22,
0x86, 0x42, 0xA4, 0x77, 0xBD, 0xA2, 0x55, 0xB3,
0x2A, 0xAD, 0xBC, 0xE4, 0xBD, 0xA0, 0xB3, 0xF7,
@ -735,11 +746,16 @@ static const unsigned char sha256_test_sum[6][32] =
{ 0x20, 0x79, 0x46, 0x55, 0x98, 0x0C, 0x91, 0xD8,
0xBB, 0xB4, 0xC1, 0xEA, 0x97, 0x61, 0x8A, 0x4B,
0xF0, 0x3F, 0x42, 0x58, 0x19, 0x48, 0xB2, 0xEE,
0x4E, 0xE7, 0xAD, 0x67 },
0x4E, 0xE7, 0xAD, 0x67 }
};
#endif
/*
* SHA-256 test vectors
*/
/*
* SHA-256 test vectors
*/
#if defined(MBEDTLS_SHA256_C)
static sha_test_sum_t sha256_test_sum[] =
{
{ 0xBA, 0x78, 0x16, 0xBF, 0x8F, 0x01, 0xCF, 0xEA,
0x41, 0x41, 0x40, 0xDE, 0x5D, 0xAE, 0x22, 0x23,
0xB0, 0x03, 0x61, 0xA3, 0x96, 0x17, 0x7A, 0x9C,
@ -753,17 +769,26 @@ static const unsigned char sha256_test_sum[6][32] =
0xF1, 0x80, 0x9A, 0x48, 0xA4, 0x97, 0x20, 0x0E,
0x04, 0x6D, 0x39, 0xCC, 0xC7, 0x11, 0x2C, 0xD0 }
};
#endif
/*
* Checkup routine
*/
int mbedtls_sha256_self_test( int verbose )
static int mbedtls_sha256_common_self_test( int verbose, int is224 )
{
int i, j, k, buflen, ret = 0;
int i, buflen, ret = 0;
unsigned char *buf;
unsigned char sha256sum[32];
mbedtls_sha256_context ctx;
#if defined(MBEDTLS_SHA224_C) && defined(MBEDTLS_SHA256_C)
sha_test_sum_t* sha_test_sum = ( is224 ) ? sha224_test_sum : sha256_test_sum;
#elif defined(MBEDTLS_SHA256_C)
sha_test_sum_t* sha_test_sum = sha256_test_sum;
#else
sha_test_sum_t* sha_test_sum = sha224_test_sum;
#endif
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
if( NULL == buf )
{
@ -775,22 +800,19 @@ int mbedtls_sha256_self_test( int verbose )
mbedtls_sha256_init( &ctx );
for( i = 0; i < 6; i++ )
for( i = 0; i < 3; i++ )
{
j = i % 3;
k = i < 3;
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 256 - k * 32, j + 1 );
mbedtls_printf( " SHA-%d test #%d: ", 256 - is224 * 32, i + 1 );
if( ( ret = mbedtls_sha256_starts( &ctx, k ) ) != 0 )
if( ( ret = mbedtls_sha256_starts( &ctx, is224 ) ) != 0 )
goto fail;
if( j == 2 )
if( i == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
for( int j = 0; j < 1000; j++ )
{
ret = mbedtls_sha256_update( &ctx, buf, buflen );
if( ret != 0 )
@ -800,8 +822,8 @@ int mbedtls_sha256_self_test( int verbose )
}
else
{
ret = mbedtls_sha256_update( &ctx, sha256_test_buf[j],
sha256_test_buflen[j] );
ret = mbedtls_sha256_update( &ctx, sha_test_buf[i],
sha_test_buflen[i] );
if( ret != 0 )
goto fail;
}
@ -810,7 +832,7 @@ int mbedtls_sha256_self_test( int verbose )
goto fail;
if( memcmp( sha256sum, sha256_test_sum[i], 32 - k * 4 ) != 0 )
if( memcmp( sha256sum, sha_test_sum[i], 32 - is224 * 4 ) != 0 )
{
ret = 1;
goto fail;
@ -836,6 +858,20 @@ exit:
return( ret );
}
#if defined(MBEDTLS_SHA256_C)
int mbedtls_sha256_self_test( int verbose )
{
return mbedtls_sha256_common_self_test( verbose, 0 );
}
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA224_C)
int mbedtls_sha224_self_test( int verbose )
{
return mbedtls_sha256_common_self_test( verbose, 1 );
}
#endif /* MBEDTLS_SHA224_C */
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_SHA256_C */
#endif /* MBEDTLS_SHA256_C || MBEDTLS_SHA224_C */

View file

@ -24,7 +24,7 @@
#include "common.h"
#if defined(MBEDTLS_SHA512_C)
#if defined(MBEDTLS_SHA512_C) || defined(MBEDTLS_SHA384_C)
#include "mbedtls/sha512.h"
#include "mbedtls/platform_util.h"
@ -191,12 +191,15 @@ void mbedtls_sha512_clone( mbedtls_sha512_context *dst,
*/
int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
{
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
if( is384 != 0 && is384 != 1 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
#elif defined(MBEDTLS_SHA512_C)
if( is384 != 0 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else /* defined MBEDTLS_SHA384_C only */
if( is384 == 0 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
ctx->total[0] = 0;
@ -204,7 +207,7 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
if( is384 == 0 )
{
/* SHA-512 */
#if defined(MBEDTLS_SHA512_C)
ctx->state[0] = UL64(0x6A09E667F3BCC908);
ctx->state[1] = UL64(0xBB67AE8584CAA73B);
ctx->state[2] = UL64(0x3C6EF372FE94F82B);
@ -213,13 +216,11 @@ int mbedtls_sha512_starts( mbedtls_sha512_context *ctx, int is384 )
ctx->state[5] = UL64(0x9B05688C2B3E6C1F);
ctx->state[6] = UL64(0x1F83D9ABFB41BD6B);
ctx->state[7] = UL64(0x5BE0CD19137E2179);
#endif /* MBEDTLS_SHA512_C */
}
else
{
#if !defined(MBEDTLS_SHA384_C)
return( MBEDTLS_ERR_SHA512_BAD_INPUT_DATA );
#else
/* SHA-384 */
#if defined(MBEDTLS_SHA384_C)
ctx->state[0] = UL64(0xCBBB9D5DC1059ED8);
ctx->state[1] = UL64(0x629A292A367CD507);
ctx->state[2] = UL64(0x9159015A3070DD17);
@ -836,12 +837,15 @@ int mbedtls_sha512( const unsigned char *input,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
mbedtls_sha512_context ctx;
#if defined(MBEDTLS_SHA384_C)
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
if( is384 != 0 && is384 != 1 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else
#elif defined(MBEDTLS_SHA512_C)
if( is384 != 0 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#else /* defined MBEDTLS_SHA384_C only */
if( is384 == 0 )
return MBEDTLS_ERR_SHA512_BAD_INPUT_DATA;
#endif
mbedtls_sha512_init( &ctx );
@ -866,24 +870,26 @@ exit:
/*
* FIPS-180-2 test vectors
*/
static const unsigned char sha512_test_buf[3][113] =
static const unsigned char sha_test_buf[3][113] =
{
{ "abc" },
{ "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu" },
{ "" }
};
static const size_t sha512_test_buflen[3] =
static const size_t sha_test_buflen[3] =
{
3, 112, 1000
};
static const unsigned char sha512_test_sum[][64] =
{
typedef const unsigned char (sha_test_sum_t)[64];
/*
* SHA-384 test vectors
*/
#if defined(MBEDTLS_SHA384_C)
/*
* SHA-384 test vectors
*/
static sha_test_sum_t sha384_test_sum[] =
{
{ 0xCB, 0x00, 0x75, 0x3F, 0x45, 0xA3, 0x5E, 0x8B,
0xB5, 0xA0, 0x3D, 0x69, 0x9A, 0xC6, 0x50, 0x07,
0x27, 0x2C, 0x32, 0xAB, 0x0E, 0xDE, 0xD1, 0x63,
@ -901,12 +907,16 @@ static const unsigned char sha512_test_sum[][64] =
0xED, 0x14, 0x9E, 0x9C, 0x00, 0xF2, 0x48, 0x52,
0x79, 0x72, 0xCE, 0xC5, 0x70, 0x4C, 0x2A, 0x5B,
0x07, 0xB8, 0xB3, 0xDC, 0x38, 0xEC, 0xC4, 0xEB,
0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 },
0xAE, 0x97, 0xDD, 0xD8, 0x7F, 0x3D, 0x89, 0x85 }
};
#endif /* MBEDTLS_SHA384_C */
/*
* SHA-512 test vectors
*/
/*
* SHA-512 test vectors
*/
#if defined(MBEDTLS_SHA512_C)
static sha_test_sum_t sha512_test_sum[] =
{
{ 0xDD, 0xAF, 0x35, 0xA1, 0x93, 0x61, 0x7A, 0xBA,
0xCC, 0x41, 0x73, 0x49, 0xAE, 0x20, 0x41, 0x31,
0x12, 0xE6, 0xFA, 0x4E, 0x89, 0xA9, 0x7E, 0xA2,
@ -932,19 +942,25 @@ static const unsigned char sha512_test_sum[][64] =
0xEB, 0x00, 0x9C, 0x5C, 0x2C, 0x49, 0xAA, 0x2E,
0x4E, 0xAD, 0xB2, 0x17, 0xAD, 0x8C, 0xC0, 0x9B }
};
#endif /* MBEDTLS_SHA512_C */
#define ARRAY_LENGTH( a ) ( sizeof( a ) / sizeof( ( a )[0] ) )
/*
* Checkup routine
*/
int mbedtls_sha512_self_test( int verbose )
static int mbedtls_sha512_common_self_test( int verbose, int is384 )
{
int i, j, k, buflen, ret = 0;
int i, buflen, ret = 0;
unsigned char *buf;
unsigned char sha512sum[64];
mbedtls_sha512_context ctx;
#if defined(MBEDTLS_SHA384_C) && defined(MBEDTLS_SHA512_C)
sha_test_sum_t* sha_test_sum = ( is384 ) ? sha384_test_sum : sha512_test_sum;
#elif defined(MBEDTLS_SHA512_C)
sha_test_sum_t* sha_test_sum = sha512_test_sum;
#else
sha_test_sum_t* sha_test_sum = sha384_test_sum;
#endif
buf = mbedtls_calloc( 1024, sizeof(unsigned char) );
if( NULL == buf )
{
@ -956,26 +972,19 @@ int mbedtls_sha512_self_test( int verbose )
mbedtls_sha512_init( &ctx );
for( i = 0; i < (int) ARRAY_LENGTH(sha512_test_sum); i++ )
for( i = 0; i < 3; i++ )
{
j = i % 3;
#if defined(MBEDTLS_SHA384_C)
k = i < 3;
#else
k = 0;
#endif
if( verbose != 0 )
mbedtls_printf( " SHA-%d test #%d: ", 512 - k * 128, j + 1 );
mbedtls_printf( " SHA-%d test #%d: ", 512 - is384 * 128, i + 1 );
if( ( ret = mbedtls_sha512_starts( &ctx, k ) ) != 0 )
if( ( ret = mbedtls_sha512_starts( &ctx, is384 ) ) != 0 )
goto fail;
if( j == 2 )
if( i == 2 )
{
memset( buf, 'a', buflen = 1000 );
for( j = 0; j < 1000; j++ )
for( int j = 0; j < 1000; j++ )
{
ret = mbedtls_sha512_update( &ctx, buf, buflen );
if( ret != 0 )
@ -984,8 +993,8 @@ int mbedtls_sha512_self_test( int verbose )
}
else
{
ret = mbedtls_sha512_update( &ctx, sha512_test_buf[j],
sha512_test_buflen[j] );
ret = mbedtls_sha512_update( &ctx, sha_test_buf[i],
sha_test_buflen[i] );
if( ret != 0 )
goto fail;
}
@ -993,7 +1002,7 @@ int mbedtls_sha512_self_test( int verbose )
if( ( ret = mbedtls_sha512_finish( &ctx, sha512sum ) ) != 0 )
goto fail;
if( memcmp( sha512sum, sha512_test_sum[i], 64 - k * 16 ) != 0 )
if( memcmp( sha512sum, sha_test_sum[i], 64 - is384 * 16 ) != 0 )
{
ret = 1;
goto fail;
@ -1019,8 +1028,22 @@ exit:
return( ret );
}
#if defined(MBEDTLS_SHA512_C)
int mbedtls_sha512_self_test( int verbose )
{
return mbedtls_sha512_common_self_test( verbose, 0 );
}
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SHA384_C)
int mbedtls_sha384_self_test( int verbose )
{
return mbedtls_sha512_common_self_test( verbose, 1 );
}
#endif /* MBEDTLS_SHA384_C */
#undef ARRAY_LENGTH
#endif /* MBEDTLS_SELF_TEST */
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_SHA512_C || MBEDTLS_SHA384_C */

View file

@ -38,23 +38,19 @@
#include <string.h>
/*
* If DTLS is in use, then at least one of SHA-1, SHA-256, SHA-384 is
* available. Try SHA-256 first, 384 wastes resources
* If DTLS is in use, then at least one of SHA-256 or SHA-384 is
* available. Try SHA-256 first as 384 wastes resources
*/
#if defined(MBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA)
#define COOKIE_MD MBEDTLS_MD_SHA224
#if defined(MBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA)
#define COOKIE_MD MBEDTLS_MD_SHA256
#define COOKIE_MD_OUTLEN 32
#define COOKIE_HMAC_LEN 28
#elif defined(MBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA)
#define COOKIE_MD MBEDTLS_MD_SHA384
#define COOKIE_MD_OUTLEN 48
#define COOKIE_HMAC_LEN 28
#elif defined(MBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA)
#define COOKIE_MD MBEDTLS_MD_SHA1
#define COOKIE_MD_OUTLEN 20
#define COOKIE_HMAC_LEN 20
#else
#error "DTLS hello verify needs SHA-1 or SHA-2"
#error "DTLS hello verify needs SHA-256 or SHA-384"
#endif
/*

View file

@ -243,9 +243,15 @@ const selftest_t selftests[] =
#if defined(MBEDTLS_SHA1_C)
{"sha1", mbedtls_sha1_self_test},
#endif
#if defined(MBEDTLS_SHA224_C)
{"sha224", mbedtls_sha224_self_test},
#endif
#if defined(MBEDTLS_SHA256_C)
{"sha256", mbedtls_sha256_self_test},
#endif
#if defined(MBEDTLS_SHA384_C)
{"sha384", mbedtls_sha384_self_test},
#endif
#if defined(MBEDTLS_SHA512_C)
{"sha512", mbedtls_sha512_self_test},
#endif

View file

@ -35,7 +35,6 @@
/* PSA core mandatory configuration options */
#define MBEDTLS_CIPHER_C
#define MBEDTLS_AES_C
#define MBEDTLS_SHA224_C
#define MBEDTLS_SHA256_C
#define MBEDTLS_PSA_BUILTIN_ALG_SHA_256 1
#define MBEDTLS_CTR_DRBG_C
@ -46,6 +45,7 @@
* purpose of a specific set of tests.
*/
//#define MBEDTLS_SHA1_C
//#define MBEDTLS_SHA224_C
//#define MBEDTLS_SHA384_C
//#define MBEDTLS_SHA512_C
//#define MBEDTLS_MD_C

View file

@ -1969,7 +1969,8 @@ component_test_psa_crypto_config_accel_ecdsa () {
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_STREAM_CIPHER
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_ECB_NO_PADDING
# SHA384 needed for some ECDSA signature tests.
# These hashes are needed for some ECDSA signature tests.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
@ -1978,6 +1979,7 @@ component_test_psa_crypto_config_accel_ecdsa () {
make -C tests libtestdriver1.a CFLAGS="$ASAN_CFLAGS $loc_accel_flags" LDFLAGS="$ASAN_CFLAGS"
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA384_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
@ -2062,6 +2064,7 @@ component_test_psa_crypto_config_accel_rsa_signature () {
scripts/config.py -f include/psa/crypto_config.h unset PSA_WANT_ALG_RIPEMD160_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA224_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_SHA512_C
# We need to define either MD_C or all of the PSA_WANT_ALG_SHAxxx.
scripts/config.py -f tests/include/test/drivers/config_test_driver.h set MBEDTLS_MD_C
@ -2076,6 +2079,7 @@ component_test_psa_crypto_config_accel_rsa_signature () {
# Restore test driver base configuration
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA1_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA224_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_SHA512_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_MD_C
scripts/config.py -f tests/include/test/drivers/config_test_driver.h unset MBEDTLS_PEM_PARSE_C

View file

@ -44,12 +44,6 @@ The configuration building method can be one of the three following:
direct dependencies, but rather non-trivial results of other configs missing. Then
look for any unset symbols and handle their reverse dependencies.
Examples of EXCLUSIVE_GROUPS usage:
- MBEDTLS_SHA256 job turns off all hashes except SHA256, however, when investigating
reverse dependencies, SHA224 is found to depend on SHA256, so it is disabled,
and then SHA256 is found to depend on SHA224, so it is also disabled. To handle
this, there's a field in EXCLUSIVE_GROUPS that states that in a SHA256 test SHA224
should also be enabled before processing reverse dependencies:
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C']
- MBEDTLS_SHA512_C job turns off all hashes except SHA512. MBEDTLS_SSL_COOKIE_C
requires either SHA256 or SHA384 to work, so it also has to be disabled.
This is not a dependency on SHA512_C, but a result of an exclusive domain
@ -257,17 +251,14 @@ REVERSE_DEPENDENCIES = {
'MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED'],
'MBEDTLS_SHA256_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA224_C',
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY',
'MBEDTLS_LMS_C',
'MBEDTLS_LMS_PRIVATE'],
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA384_C',
'MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_C': ['MBEDTLS_SHA512_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA512_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_SHA224_C': ['MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED',
'MBEDTLS_ENTROPY_FORCE_SHA256',
'MBEDTLS_SHA256_C',
'MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT',
'MBEDTLS_SHA256_USE_A64_CRYPTO_ONLY'],
'MBEDTLS_X509_RSASSA_PSS_SUPPORT': []
@ -277,8 +268,6 @@ REVERSE_DEPENDENCIES = {
# These are not necessarily dependencies, but just minimal required changes
# if a given define is the only one enabled from an exclusive group.
EXCLUSIVE_GROUPS = {
'MBEDTLS_SHA256_C': ['+MBEDTLS_SHA224_C'],
'MBEDTLS_SHA384_C': ['+MBEDTLS_SHA512_C'],
'MBEDTLS_SHA512_C': ['-MBEDTLS_SSL_COOKIE_C',
'-MBEDTLS_SSL_PROTO_TLS1_3'],
'MBEDTLS_ECP_DP_CURVE448_ENABLED': ['-MBEDTLS_ECDSA_C',
@ -421,15 +410,15 @@ class DomainData:
build_and_test),
# Elliptic curves. Run the test suites.
'curves': ExclusiveDomain(curve_symbols, build_and_test),
# Hash algorithms. Exclude three groups:
# - Exclusive domain of MD, RIPEMD, SHA1 (obsolete);
# - Exclusive domain of SHA224 (tested with and depends on SHA256);
# - Complementary domain of SHA224 and SHA384 - tested with and depend
# on SHA256 and SHA512, respectively.
# Hash algorithms. Excluding exclusive domains of MD, RIPEMD, SHA1,
# SHA224 and SHA384 because MBEDTLS_ENTROPY_C is extensively used
# across various modules, but it depends on either SHA256 or SHA512.
# As a consequence an "exclusive" test of anything other than SHA256
# or SHA512 with MBEDTLS_ENTROPY_C enabled is not possible.
'hashes': DualDomain(hash_symbols, build_and_test,
exclude=r'MBEDTLS_(MD|RIPEMD|SHA1_)' \
'|MBEDTLS_SHA224_'\
'|!MBEDTLS_(SHA224_|SHA384_)'),
'|MBEDTLS_SHA224_' \
'|MBEDTLS_SHA384_'),
# Key exchange types. Only build the library and the sample
# programs.
'kex': ExclusiveDomain(key_exchange_symbols,

View file

@ -169,10 +169,18 @@ SHA-1 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA1_C
sha1_selftest:
SHA-224 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA224_C
sha224_selftest:
SHA-256 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA256_C
sha256_selftest:
SHA-384 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA384_C
sha384_selftest:
SHA-512 Selftest
depends_on:MBEDTLS_SELF_TEST:MBEDTLS_SHA512_C
sha512_selftest:

View file

@ -46,9 +46,9 @@ void sha224( data_t * src_str, data_t * hash )
memset(output, 0x00, 57);
TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_EQUAL( mbedtls_sha256( src_str->x, src_str->len, output, 1 ), 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ) == 0 );
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 28, hash->len ), 0 );
}
/* END_CASE */
@ -60,9 +60,9 @@ void mbedtls_sha256( data_t * src_str, data_t * hash )
memset(output, 0x00, 65);
TEST_ASSERT( mbedtls_sha256( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_EQUAL( mbedtls_sha256( src_str->x, src_str->len, output, 0 ), 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ) == 0 );
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 32, hash->len ), 0 );
}
/* END_CASE */
@ -94,9 +94,9 @@ void sha384( data_t * src_str, data_t * hash )
memset(output, 0x00, 97);
TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 1 ) == 0 );
TEST_EQUAL( mbedtls_sha512( src_str->x, src_str->len, output, 1 ), 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ) == 0 );
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 48, hash->len ), 0 );
}
/* END_CASE */
@ -108,9 +108,9 @@ void mbedtls_sha512( data_t * src_str, data_t * hash )
memset(output, 0x00, 129);
TEST_ASSERT( mbedtls_sha512( src_str->x, src_str->len, output, 0 ) == 0 );
TEST_EQUAL( mbedtls_sha512( src_str->x, src_str->len, output, 0 ), 0 );
TEST_ASSERT( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ) == 0 );
TEST_EQUAL( mbedtls_test_hexcmp( output, hash->x, 64, hash->len ), 0 );
}
/* END_CASE */
@ -121,16 +121,30 @@ void sha1_selftest( )
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA224_C:MBEDTLS_SELF_TEST */
void sha224_selftest( )
{
TEST_EQUAL( mbedtls_sha224_self_test( 1 ), 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA256_C:MBEDTLS_SELF_TEST */
void sha256_selftest( )
{
TEST_ASSERT( mbedtls_sha256_self_test( 1 ) == 0 );
TEST_EQUAL( mbedtls_sha256_self_test( 1 ), 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA384_C:MBEDTLS_SELF_TEST */
void sha384_selftest( )
{
TEST_EQUAL( mbedtls_sha384_self_test( 1 ), 0 );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SHA512_C:MBEDTLS_SELF_TEST */
void sha512_selftest( )
{
TEST_ASSERT( mbedtls_sha512_self_test( 1 ) == 0 );
TEST_EQUAL( mbedtls_sha512_self_test( 1 ), 0 );
}
/* END_CASE */

View file

@ -4532,7 +4532,7 @@ void ssl_tls13_create_psk_binder( int hash_alg,
data_t *transcript,
data_t *binder_expected )
{
unsigned char binder[ MBEDTLS_MD_MAX_SIZE ];
unsigned char binder[ MBEDTLS_HASH_MAX_SIZE ];
/* Double-check that we've passed sane parameters. */
psa_algorithm_t alg = (psa_algorithm_t) hash_alg;
@ -4664,7 +4664,7 @@ void ssl_tls13_key_evolution( int hash_alg,
data_t *input,
data_t *expected )
{
unsigned char secret_new[ MBEDTLS_MD_MAX_SIZE ];
unsigned char secret_new[ MBEDTLS_HASH_MAX_SIZE ];
PSA_INIT();

View file

@ -704,7 +704,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR
x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #37 (Valid, EC CA, SHA224 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #38 (Valid, EC CA, SHA384 Digest)
@ -840,7 +840,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_S
x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 CRT verification #69 (RSASSA-PSS, wrong mgf_hash)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 CRT verification #70 (v1 trusted CA)
@ -2117,35 +2117,35 @@ X509 CRL ASN1 (TBSCertList, sig_oid1 id unknown)
x509parse_crl:"30143012020100300d06092a864886f70d01010f0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG
X509 CRL ASN1 (TBSCertList, sig_oid1 correct, issuer missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30143012020100300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, issuer set missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30163014020100300d06092a864886f70d01010e05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, correct issuer, thisUpdate missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30253023020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, correct thisUpdate, nextUpdate missing, entries length missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30343032020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030":"":MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, entries present, invalid sig_alg)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, entries present, date in entry invalid)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"304a3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c30383132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, sig_alg present, sig_alg does not match)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010d0500":"":MBEDTLS_ERR_X509_SIG_MISMATCH
X509 CRL ASN1 (TBSCertList, sig present, len mismatch)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e05000302000100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
# 305c
@ -2171,35 +2171,35 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA:
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (TBSCertList, signatureValue missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30583047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, signatureAlgorithm missing)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30493047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, single empty entry at end)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"30373035020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c30393031303130303030303030023000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, good entry then empty entry at end)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"304b3049020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301630128202abcd170c3038313233313233353935393000":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, missing time in entry)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"304e3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, missing time in entry at end)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"303b3039020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300630048202abcd":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA
X509 CRL ASN1 (TBSCertList, invalid tag for time in entry)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd190c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, invalid tag for serial)
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
depends_on:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, no entries)