Merge branch 'development' into driver-wrapper-key-agreement

This commit is contained in:
Aditya Deshpande 2022-11-22 17:55:53 +00:00
commit 8cc1470c18
19 changed files with 191 additions and 112 deletions

View file

@ -0,0 +1,5 @@
Bugfix
* Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
bytes when parsing certificates containing a binary RFC 4108
HardwareModuleName as a Subject Alternative Name extension. Hardware
serial numbers are now rendered in hex format. Fixes #6262.

View file

@ -758,11 +758,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
* quotient is not needed.
* quotient is not needed. This must not alias A or B.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
* remainder is not needed.
* \param A The dividend. This must point to an initialized MPi.
* remainder is not needed. This must not alias A or B.
* \param A The dividend. This must point to an initialized MPI.
* \param B The divisor. This must point to an initialized MPI.
*
* \return \c 0 if successful.
@ -779,10 +779,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
*
* \param Q The destination MPI for the quotient.
* This may be \c NULL if the value of the
* quotient is not needed.
* quotient is not needed. This must not alias A.
* \param R The destination MPI for the remainder value.
* This may be \c NULL if the value of the
* remainder is not needed.
* remainder is not needed. This must not alias A.
* \param A The dividend. This must point to an initialized MPi.
* \param b The divisor.
*
@ -837,6 +837,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
* \brief Perform a sliding-window exponentiation: X = A^E mod N
*
* \param X The destination MPI. This must point to an initialized MPI.
* This must not alias E or N.
* \param A The base of the exponentiation.
* This must point to an initialized MPI.
* \param E The exponent MPI. This must point to an initialized MPI.

View file

@ -30,6 +30,7 @@
#include <stdint.h>
#include <stddef.h>
#include "mbedtls/private_access.h"
#include "mbedtls/build_info.h"
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */

View file

@ -138,6 +138,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
* \param B The right-hand MPI. This must point to an array of limbs
* with the same allocated length as \p A.
* \param limbs The number of limbs in \p A and \p B.
* This must not be 0.
*
* \return The result of the comparison:
* \c 1 if \p A is less than \p B.

View file

@ -1797,8 +1797,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}
@ -2013,8 +2012,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
if( ssl->f_send == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
"or mbedtls_ssl_set_bio()" ) );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
}

View file

@ -1837,6 +1837,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
const char *prefix )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t i;
size_t n = *size;
char *p = *buf;
const mbedtls_x509_sequence *cur = subject_alt_name;
@ -1889,18 +1890,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
MBEDTLS_X509_SAFE_SNPRINTF;
if( other_name->value.hardware_module_name.val.len >= n )
for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
MBEDTLS_X509_SAFE_SNPRINTF;
}
memcpy( p, other_name->value.hardware_module_name.val.p,
other_name->value.hardware_module_name.val.len );
p += other_name->value.hardware_module_name.val.len;
n -= other_name->value.hardware_module_name.val.len;
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
}
break;

View file

@ -376,6 +376,8 @@ int main( void )
" a second non-empty message before attempting\n" \
" to read a response from the server\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" nbio=%%d default: 0 (blocking I/O)\n" \
" options: 1 (non-blocking), 2 (added delays)\n" \
" event=%%d default: 0 (loop)\n" \
@ -981,6 +983,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "context_crt_cb" ) == 0 )
{
opt.context_crt_cb = atoi( q );
@ -1691,6 +1703,9 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/*
* 0. Initialize the RNG and the session data
*/

View file

@ -488,6 +488,8 @@ int main( void )
" server_addr=%%s default: (all interfaces)\n" \
" server_port=%%d default: 4433\n" \
" debug_level=%%d default: 0 (disabled)\n" \
" build_version=%%d default: none (disabled)\n" \
" option: 1 (print build version only and stop)\n" \
" buffer_size=%%d default: 200 \n" \
" (minimum: 1)\n" \
" response_size=%%d default: about 152 (basic response)\n" \
@ -1743,6 +1745,16 @@ int main( int argc, char *argv[] )
if( opt.debug_level < 0 || opt.debug_level > 65535 )
goto usage;
}
else if( strcmp( p, "build_version" ) == 0 )
{
if( strcmp( q, "1" ) == 0 )
{
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL,
MBEDTLS_VERSION_NUMBER );
goto exit;
}
}
else if( strcmp( p, "nbio" ) == 0 )
{
opt.nbio = atoi( q );
@ -2572,6 +2584,9 @@ int main( int argc, char *argv[] )
}
#endif /* MBEDTLS_SSL_ALPN */
mbedtls_printf( "build version: %s (build %d)\n",
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
/*
* 0. Initialize the RNG and the session data
*/

View file

@ -276,6 +276,9 @@ all_final += server5-ss-forgeca.crt
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
server5-nonprintable_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
server5-unsupported_othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@

View file

@ -0,0 +1,12 @@
-----BEGIN CERTIFICATE-----
MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
3vnWdvcHRIAdXA0kh+mcBMaXk9B0
-----END CERTIFICATE-----

View file

@ -15,6 +15,9 @@ basicConstraints = CA:true
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
[nonprintable_othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
[unsupoported_othername_san]
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
@ -34,6 +37,10 @@ subjectAltName=@alt_names
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
[nonprintable_hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = FORMAT:HEX, OCT:3132338081008180333231
[v3_any_policy_ca]
basicConstraints = CA:true
certificatePolicies = 2.5.29.32.0

View file

@ -126,9 +126,11 @@ code that is generated or read from helpers and platform files.
This script replaces following fields in the template and generates
the test source file:
$test_common_helpers <-- All common code from helpers.function
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
All common code from helpers.function
is substituted here.
$functions_code <-- Test functions are substituted here
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
Test functions are substituted here
from the input test_suit_xyz.function
file. C preprocessor checks are generated
for the build dependencies specified
@ -137,21 +139,25 @@ $functions_code <-- Test functions are substituted here
functions with code to expand the
string parameters read from the data
file.
$expression_code <-- This script enumerates the
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
This script enumerates the
expressions in the .data file and
generates code to handle enumerated
expression Ids and return the values.
$dep_check_code <-- This script enumerates all
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
This script enumerates all
build dependencies and generate
code to handle enumerated build
dependency Id and return status: if
the dependency is defined or not.
$dispatch_code <-- This script enumerates the functions
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
This script enumerates the functions
specified in the input test data file
and generates the initializer for the
function table in the template
file.
$platform_code <-- Platform specific setup and test
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
Platform specific setup and test
dispatch code.
"""
@ -974,11 +980,27 @@ def write_test_source_file(template_file, c_file, snippets):
:param snippets: Generated and code snippets
:return:
"""
# Create a placeholder pattern with the correct named capture groups
# to override the default provided with Template.
# Match nothing (no way of escaping placeholders).
escaped = "(?P<escaped>(?!))"
# Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
# Match nothing (no braced placeholder syntax).
braced = "(?P<braced>(?!))"
# If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
for line_no, line in enumerate(template_f.readlines(), 1):
# Update line number. +1 as #line directive sets next line number
snippets['line_no'] = line_no + 1
code = string.Template(line).substitute(**snippets)
template = string.Template(line)
template.pattern = placeholder_pattern
snippets = {k.upper():v for (k, v) in snippets.items()}
code = template.substitute(**snippets)
c_f.write(code)

View file

@ -50,11 +50,13 @@ GetOptions(
'verbose|v:1' => \$verbose,
) or die;
# All test suites = executable files, excluding source files, debug
# and profiling information, etc. We can't just grep {! /\./} because
# some of our test cases' base names contain a dot.
my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
# All test suites = executable files derived from a .data file.
my @suites = ();
for my $data_file (glob 'suites/test_suite_*.data') {
(my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
push @suites, $base if -x $base;
push @suites, "$base.exe" if -e "$base.exe";
}
die "$0: no test suite found\n" unless @suites;
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"

View file

@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs,
size_t hex_len = strlen( input );
size_t byte_len = ( hex_len + 1 ) / 2;
*plimbs = CHARS_TO_LIMBS( byte_len );
/* A core bignum is not allowed to be empty. Forbid it as test data,
* this way static analyzers have a chance of knowing we don't expect
* the bignum functions to support empty inputs. */
if( *plimbs == 0 )
return( 0 );
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
*pX = mbedtls_calloc( *plimbs, sizeof( **pX ) );
if( *pX == NULL )

View file

@ -3,17 +3,17 @@
* *** THIS FILE HAS BEEN MACHINE GENERATED ***
*
* This file has been machine generated using the script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* Test file : $test_file
* Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
*
* The following files were used to create this file.
*
* Main code file : $test_main_file
* Platform code file : $test_platform_file
* Helper file : $test_common_helper_file
* Test suite file : $test_case_file
* Test suite data : $test_case_data_file
* Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
* Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
* Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
* Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
* Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
*
*/
@ -37,9 +37,9 @@
/*----------------------------------------------------------------------------*/
/* Common helper code */
$test_common_helpers
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@ -48,9 +48,9 @@ $test_common_helpers
#define TEST_SUITE_ACTIVE
$functions_code
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
@ -62,7 +62,7 @@ $functions_code
* For optimizing space for embedded targets each expression/macro
* is identified by a unique identifier instead of string literals.
* Identifiers and evaluation code is generated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param exp_id Expression identifier.
* \param out_value Pointer to int to hold the integer.
@ -78,8 +78,8 @@ int get_expression( int32_t exp_id, int32_t * out_value )
switch( exp_id )
{
$expression_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
{
ret = KEY_VALUE_MAPPING_NOT_FOUND;
@ -95,7 +95,7 @@ $expression_code
* For optimizing space for embedded targets each dependency
* is identified by a unique identifier instead of string literals.
* Identifiers and check code is generated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
* \param dep_id Dependency identifier.
*
@ -109,8 +109,8 @@ int dep_check( int dep_id )
switch( dep_id )
{
$dep_check_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
default:
break;
}
@ -137,13 +137,13 @@ typedef void (*TestWrapper_t)( void **param_array );
/**
* \brief Table of test function wrappers. Used by dispatch_test().
* This table is populated by script:
* $generator_script
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
*
*/
TestWrapper_t test_funcs[] =
{
$dispatch_code
#line $line_no "suites/main_test.function"
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
};
/**
@ -219,9 +219,9 @@ int check_test( size_t func_idx )
}
$platform_code
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
#line $line_no "suites/main_test.function"
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
/*----------------------------------------------------------------------------*/
/* Main Test code */

View file

@ -167,9 +167,6 @@ mpi_core_lt_ct:"2B5":"2B4":0
mbedtls_mpi_core_lt_ct: x<y (1 limb)
mpi_core_lt_ct:"2B5":"2B6":1
mbedtls_mpi_core_lt_ct: x=y (0 limbs)
mpi_core_lt_ct:"":"":0
mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater)
mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0

View file

@ -790,8 +790,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 1 )
{
buffer0[s_x1_pk_off + 8] >>= 4;
buffer0[s_x2_pk_off + 7] <<= 4;
buffer0[s_x1_pr_off + 8] ^= 1;
buffer0[s_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}
@ -1013,8 +1013,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
if( inject_error == 2 )
{
buffer1[c_x1_pk_off + 12] >>= 4;
buffer1[c_x2_pk_off + 7] <<= 4;
buffer1[c_x1_pr_off + 12] ^= 1;
buffer1[c_x2_pr_off + 7] ^= 1;
expected_status = PSA_ERROR_DATA_INVALID;
}

View file

@ -88,7 +88,11 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial n
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -112,7 +116,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nseri
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -172,7 +176,11 @@ x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \:
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
@ -180,7 +188,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C

View file

@ -265,17 +265,11 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
MBEDTLS_X509_SAFE_SNPRINTF;
if( san->san.other_name.value.hardware_module_name.val.len >= n )
{
*p = '\0';
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
}
for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
{
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
MBEDTLS_X509_SAFE_SNPRINTF;
}
n -= san->san.other_name.value.hardware_module_name.val.len;
}
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
case( MBEDTLS_X509_SAN_DNS_NAME ):