Merge branch 'development' into driver-wrapper-key-agreement

This commit is contained in:
Aditya Deshpande 2022-11-22 17:55:53 +00:00
commit 8cc1470c18
19 changed files with 191 additions and 112 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
bytes when parsing certificates containing a binary RFC 4108
HardwareModuleName as a Subject Alternative Name extension. Hardware
serial numbers are now rendered in hex format. Fixes #6262.

View file

@ -758,11 +758,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
* quotient is not needed.
* quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
* remainder is not needed.
* \param A The dividend. This must point to an initialized MPi.
* remainder is not needed. This must not alias A or B.
* \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI.
*
* \return \c 0 if successful.
@ -779,10 +779,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
* quotient is not needed.
* quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
* remainder is not needed.
* remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi.
* \param b The divisor.
*
@ -837,6 +837,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
* \brief Perform a sliding-window exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
* This must not alias E or N.
* \param A The base of the exponentiation.
* This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI.

View file

@ -30,6 +30,7 @@
#include <stdint.h>
#include <stddef.h>
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */

View file

@ -138,6 +138,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
* \param B The right-hand MPI. This must point to an array of limbs
* with the same allocated length as \p A.
* \param limbs The number of limbs in \p A and \p B.
* This must not be 0.
*
* \return The result of the comparison:
* \c 1 if \p A is less than \p B.

View file

@ -1797,8 +1797,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@ -2013,8 +2012,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ssl->f_send == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}

View file

@ -1837,6 +1837,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@ -1889,18 +1890,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
if( other_name->value.hardware_module_name.val.len >= n )
for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
MBEDTLS_X509_SAFE_SNPRINTF;
}
memcpy( p, other_name->value.hardware_module_name.val.p,
other_name->value.hardware_module_name.val.len );
p += other_name->value.hardware_module_name.val.len;
n -= other_name->value.hardware_module_name.val.len;
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;

View file

@ -376,6 +376,8 @@ int main( void )
" a second non-empty message before attempting\n" \
" to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
@ -981,6 +983,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "context_crt_cb" ) == 0 )
{
opt.context_crt_cb = atoi( q );
@ -1691,6 +1703,9 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/*
* 0. Initialize the RNG and the session data
*/

View file

@ -488,6 +488,8 @@ int main( void )
" server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" buffer_size=%%d default: 200 \n" \
" (minimum: 1)\n" \
" response_size=%%d default: about 152 (basic response)\n" \
@ -1743,6 +1745,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "nbio" ) == 0 )
{
opt.nbio = atoi( q );
@ -2572,6 +2584,9 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/*
* 0. Initialize the RNG and the session data
*/

View file

@ -276,6 +276,9 @@ all_final += server5-ss-forgeca.crt
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
server5-nonprintable_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@

View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
3vnWdvcHRIAdXA0kh+mcBMaXk9B0
-----END CERTIFICATE-----

View file

@ -15,6 +15,9 @@ basicConstraints = CA:true
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
[unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@ -34,6 +37,10 @@ subjectAltName=@alt_names
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0

View file

@ -126,33 +126,39 @@ code that is generated or read from helpers and platform files.
This script replaces following fields in the template and generates
the test source file:
$test_common_helpers <-- All common code from helpers.function
is substituted here.
$functions_code <-- Test functions are substituted here
from the input test_suit_xyz.function
file. C preprocessor checks are generated
for the build dependencies specified
in the input file. This script also
generates wrappers for the test
functions with code to expand the
string parameters read from the data
file.
$expression_code <-- This script enumerates the
expressions in the .data file and
generates code to handle enumerated
expression Ids and return the values.
$dep_check_code <-- This script enumerates all
build dependencies and generate
code to handle enumerated build
dependency Id and return status: if
the dependency is defined or not.
$dispatch_code <-- This script enumerates the functions
specified in the input test data file
and generates the initializer for the
function table in the template
file.
$platform_code <-- Platform specific setup and test
dispatch code.
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
All common code from helpers.function
is substituted here.
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
Test functions are substituted here
from the input test_suit_xyz.function
file. C preprocessor checks are generated
for the build dependencies specified
in the input file. This script also
generates wrappers for the test
functions with code to expand the
string parameters read from the data
file.
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
This script enumerates the
expressions in the .data file and
generates code to handle enumerated
expression Ids and return the values.
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
This script enumerates all
build dependencies and generate
code to handle enumerated build
dependency Id and return status: if
the dependency is defined or not.
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
This script enumerates the functions
specified in the input test data file
and generates the initializer for the
function table in the template
file.
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
Platform specific setup and test
dispatch code.
"""
@ -974,11 +980,27 @@ def write_test_source_file(template_file, c_file, snippets):
:param snippets: Generated and code snippets
:return:
"""
# Create a placeholder pattern with the correct named capture groups
# to override the default provided with Template.
# Match nothing (no way of escaping placeholders).
escaped = "(?P<escaped>(?!))"
# Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
# Match nothing (no braced placeholder syntax).
braced = "(?P<braced>(?!))"
# If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
for line_no, line in enumerate(template_f.readlines(), 1):
# Update line number. +1 as #line directive sets next line number
snippets['line_no'] = line_no + 1
code = string.Template(line).substitute(**snippets)
template = string.Template(line)
template.pattern = placeholder_pattern
snippets = {k.upper():v for (k, v) in snippets.items()}
code = template.substitute(**snippets)
c_f.write(code)

View file

@ -50,11 +50,13 @@ GetOptions(
'verbose|v:1' => \$verbose,
) or die;
# All test suites = executable files, excluding source files, debug
# and profiling information, etc. We can't just grep {! /\./} because
# some of our test cases' base names contain a dot.
my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
# All test suites = executable files derived from a .data file.
my @suites = ();
for my $data_file (glob 'suites/test_suite_*.data') {
(my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
push @suites, $base if -x $base;
push @suites, "$base.exe" if -e "$base.exe";
}
die "$0: no test suite found\n" unless @suites;
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"

View file

@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs,
size_t hex_len = strlen( input );
size_t byte_len = ( hex_len + 1 ) / 2;
*plimbs = CHARS_TO_LIMBS( byte_len );
/* A core bignum is not allowed to be empty. Forbid it as test data,
* this way static analyzers have a chance of knowing we don't expect
* the bignum functions to support empty inputs. */
if( *plimbs == 0 )
return( 0 );
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
*pX = mbedtls_calloc( *plimbs, sizeof( **pX ) );
if( *pX == NULL )

View file

@ -3,17 +3,17 @@
* *** THIS FILE HAS BEEN MACHINE GENERATED ***
*
* This file has been machine generated using the script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* Test file : $test_file
* Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
*
* The following files were used to create this file.
*
* Main code file : $test_main_file
* Platform code file : $test_platform_file
* Helper file : $test_common_helper_file
* Test suite file : $test_case_file
* Test suite data : $test_case_data_file
* Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
* Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
* Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
* Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
* Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
*
*/
@ -37,9 +37,9 @@
/*----------------------------------------------------------------------------*/
/* Common helper code */
$test_common_helpers
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@ -48,9 +48,9 @@ $test_common_helpers
#define TEST_SUITE_ACTIVE
$functions_code
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@ -62,7 +62,7 @@ $functions_code
* For optimizing space for embedded targets each expression/macro
* is identified by a unique identifier instead of string literals.
* Identifiers and evaluation code is generated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param exp_id Expression identifier.
* \param out_value Pointer to int to hold the integer.
@ -78,8 +78,8 @@ int get_expression( int32_t exp_id, int32_t * out_value )
switch( exp_id )
{
$expression_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
{
ret = KEY_VALUE_MAPPING_NOT_FOUND;
@ -95,7 +95,7 @@ $expression_code
* For optimizing space for embedded targets each dependency
* is identified by a unique identifier instead of string literals.
* Identifiers and check code is generated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param dep_id Dependency identifier.
*
@ -109,8 +109,8 @@ int dep_check( int dep_id )
switch( dep_id )
{
$dep_check_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
break;
}
@ -137,13 +137,13 @@ typedef void (*TestWrapper_t)( void **param_array );
/**
* \brief Table of test function wrappers. Used by dispatch_test().
* This table is populated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
*/
TestWrapper_t test_funcs[] =
{
$dispatch_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
};
/**
@ -219,9 +219,9 @@ int check_test( size_t func_idx )
}
$platform_code
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
/* Main Test code */

View file

@ -167,9 +167,6 @@ mpi_core_lt_ct:"2B5":"2B4":0
mbedtls_mpi_core_lt_ct: x<y (1 limb)
mpi_core_lt_ct:"2B5":"2B6":1
mbedtls_mpi_core_lt_ct: x=y (0 limbs)
mpi_core_lt_ct:"":"":0
mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater)
mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0

View file

@ -790,8 +790,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 1 )
{
buffer0[s_x1_pk_off + 8] >>= 4;
buffer0[s_x2_pk_off + 7] <<= 4;
buffer0[s_x1_pr_off + 8] ^= 1;
buffer0[s_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}
@ -1013,8 +1013,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 2 )
{
buffer1[c_x1_pk_off + 12] >>= 4;
buffer1[c_x2_pk_off + 7] <<= 4;
buffer1[c_x1_pr_off + 12] ^= 1;
buffer1[c_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}

View file

@ -88,7 +88,11 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial n
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -112,7 +116,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nseri
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -172,7 +176,11 @@ x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \:
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -180,7 +188,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C

View file

@ -246,36 +246,30 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
switch( san->type )
{
case( MBEDTLS_X509_SAN_OTHER_NAME ):
ret = mbedtls_snprintf( p, n, "\notherName :");
MBEDTLS_X509_SAFE_SNPRINTF;
case( MBEDTLS_X509_SAN_OTHER_NAME ):
ret = mbedtls_snprintf( p, n, "\notherName :");
MBEDTLS_X509_SAFE_SNPRINTF;
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
&san->san.other_name.value.hardware_module_name.oid ) != 0 )
{
ret = mbedtls_snprintf( p, n, " hardware module name :" );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " hardware type : " );
MBEDTLS_X509_SAFE_SNPRINTF;
if( MBEDTLS_OID_CMP( MBEDTLS_OID_ON_HW_MODULE_NAME,
&san->san.other_name.value.hardware_module_name.oid ) != 0 )
{
ret = mbedtls_snprintf( p, n, " hardware module name :" );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, " hardware type : " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_oid_get_numeric_string( p, n,
&san->san.other_name.value.hardware_module_name.oid );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_oid_get_numeric_string( p, n,
&san->san.other_name.value.hardware_module_name.oid );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
MBEDTLS_X509_SAFE_SNPRINTF;
if( san->san.other_name.value.hardware_module_name.val.len >= n )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
}
for( i=0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
}
n -= san->san.other_name.value.hardware_module_name.val.len;
for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{
ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
MBEDTLS_X509_SAFE_SNPRINTF;
}
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):