Merge branch 'development' into driver-wrapper-key-agreement
This commit is contained in:
commit
8cc1470c18
19 changed files with 191 additions and 112 deletions
5
ChangeLog.d/fix_x509_info_hwmodulename.txt
Normal file
5
ChangeLog.d/fix_x509_info_hwmodulename.txt
Normal file
|
@ -0,0 +1,5 @@
|
|||
Bugfix
|
||||
* Fix a bug in which mbedtls_x509_crt_info() would produce non-printable
|
||||
bytes when parsing certificates containing a binary RFC 4108
|
||||
HardwareModuleName as a Subject Alternative Name extension. Hardware
|
||||
serial numbers are now rendered in hex format. Fixes #6262.
|
|
@ -758,11 +758,11 @@ int mbedtls_mpi_mul_int( mbedtls_mpi *X, const mbedtls_mpi *A,
|
|||
*
|
||||
* \param Q The destination MPI for the quotient.
|
||||
* This may be \c NULL if the value of the
|
||||
* quotient is not needed.
|
||||
* quotient is not needed. This must not alias A or B.
|
||||
* \param R The destination MPI for the remainder value.
|
||||
* This may be \c NULL if the value of the
|
||||
* remainder is not needed.
|
||||
* \param A The dividend. This must point to an initialized MPi.
|
||||
* remainder is not needed. This must not alias A or B.
|
||||
* \param A The dividend. This must point to an initialized MPI.
|
||||
* \param B The divisor. This must point to an initialized MPI.
|
||||
*
|
||||
* \return \c 0 if successful.
|
||||
|
@ -779,10 +779,10 @@ int mbedtls_mpi_div_mpi( mbedtls_mpi *Q, mbedtls_mpi *R, const mbedtls_mpi *A,
|
|||
*
|
||||
* \param Q The destination MPI for the quotient.
|
||||
* This may be \c NULL if the value of the
|
||||
* quotient is not needed.
|
||||
* quotient is not needed. This must not alias A.
|
||||
* \param R The destination MPI for the remainder value.
|
||||
* This may be \c NULL if the value of the
|
||||
* remainder is not needed.
|
||||
* remainder is not needed. This must not alias A.
|
||||
* \param A The dividend. This must point to an initialized MPi.
|
||||
* \param b The divisor.
|
||||
*
|
||||
|
@ -837,6 +837,7 @@ int mbedtls_mpi_mod_int( mbedtls_mpi_uint *r, const mbedtls_mpi *A,
|
|||
* \brief Perform a sliding-window exponentiation: X = A^E mod N
|
||||
*
|
||||
* \param X The destination MPI. This must point to an initialized MPI.
|
||||
* This must not alias E or N.
|
||||
* \param A The base of the exponentiation.
|
||||
* This must point to an initialized MPI.
|
||||
* \param E The exponent MPI. This must point to an initialized MPI.
|
||||
|
|
|
@ -30,6 +30,7 @@
|
|||
#include <stdint.h>
|
||||
#include <stddef.h>
|
||||
|
||||
#include "mbedtls/private_access.h"
|
||||
#include "mbedtls/build_info.h"
|
||||
|
||||
#define MBEDTLS_ERR_LMS_BAD_INPUT_DATA -0x0011 /**< Bad data has been input to an LMS function */
|
||||
|
|
|
@ -138,6 +138,7 @@ unsigned mbedtls_ct_mpi_uint_lt( const mbedtls_mpi_uint x,
|
|||
* \param B The right-hand MPI. This must point to an array of limbs
|
||||
* with the same allocated length as \p A.
|
||||
* \param limbs The number of limbs in \p A and \p B.
|
||||
* This must not be 0.
|
||||
*
|
||||
* \return The result of the comparison:
|
||||
* \c 1 if \p A is less than \p B.
|
||||
|
|
|
@ -1797,8 +1797,7 @@ int mbedtls_ssl_fetch_input( mbedtls_ssl_context *ssl, size_t nb_want )
|
|||
|
||||
if( ssl->f_recv == NULL && ssl->f_recv_timeout == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
|
||||
"or mbedtls_ssl_set_bio()" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
|
@ -2013,8 +2012,7 @@ int mbedtls_ssl_flush_output( mbedtls_ssl_context *ssl )
|
|||
|
||||
if( ssl->f_send == NULL )
|
||||
{
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() "
|
||||
"or mbedtls_ssl_set_bio()" ) );
|
||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "Bad usage of mbedtls_ssl_set_bio() " ) );
|
||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
|
|
|
@ -1837,6 +1837,7 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
|
|||
const char *prefix )
|
||||
{
|
||||
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
|
||||
size_t i;
|
||||
size_t n = *size;
|
||||
char *p = *buf;
|
||||
const mbedtls_x509_sequence *cur = subject_alt_name;
|
||||
|
@ -1889,18 +1890,11 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
|
|||
ret = mbedtls_snprintf( p, n, "\n%s hardware serial number : ", prefix );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( other_name->value.hardware_module_name.val.len >= n )
|
||||
for( i = 0; i < other_name->value.hardware_module_name.val.len; i++ )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
ret = mbedtls_snprintf( p, n, "%02X", other_name->value.hardware_module_name.val.p[i] );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
}
|
||||
|
||||
memcpy( p, other_name->value.hardware_module_name.val.p,
|
||||
other_name->value.hardware_module_name.val.len );
|
||||
p += other_name->value.hardware_module_name.val.len;
|
||||
|
||||
n -= other_name->value.hardware_module_name.val.len;
|
||||
|
||||
}/* MBEDTLS_OID_ON_HW_MODULE_NAME */
|
||||
}
|
||||
break;
|
||||
|
|
|
@ -376,6 +376,8 @@ int main( void )
|
|||
" a second non-empty message before attempting\n" \
|
||||
" to read a response from the server\n" \
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" build_version=%%d default: none (disabled)\n" \
|
||||
" option: 1 (print build version only and stop)\n" \
|
||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||
" event=%%d default: 0 (loop)\n" \
|
||||
|
@ -981,6 +983,16 @@ int main( int argc, char *argv[] )
|
|||
if( opt.debug_level < 0 || opt.debug_level > 65535 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "build_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "1" ) == 0 )
|
||||
{
|
||||
mbedtls_printf( "build version: %s (build %d)\n",
|
||||
MBEDTLS_VERSION_STRING_FULL,
|
||||
MBEDTLS_VERSION_NUMBER );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "context_crt_cb" ) == 0 )
|
||||
{
|
||||
opt.context_crt_cb = atoi( q );
|
||||
|
@ -1691,6 +1703,9 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
mbedtls_printf( "build version: %s (build %d)\n",
|
||||
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
|
||||
|
||||
/*
|
||||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
|
|
|
@ -488,6 +488,8 @@ int main( void )
|
|||
" server_addr=%%s default: (all interfaces)\n" \
|
||||
" server_port=%%d default: 4433\n" \
|
||||
" debug_level=%%d default: 0 (disabled)\n" \
|
||||
" build_version=%%d default: none (disabled)\n" \
|
||||
" option: 1 (print build version only and stop)\n" \
|
||||
" buffer_size=%%d default: 200 \n" \
|
||||
" (minimum: 1)\n" \
|
||||
" response_size=%%d default: about 152 (basic response)\n" \
|
||||
|
@ -1743,6 +1745,16 @@ int main( int argc, char *argv[] )
|
|||
if( opt.debug_level < 0 || opt.debug_level > 65535 )
|
||||
goto usage;
|
||||
}
|
||||
else if( strcmp( p, "build_version" ) == 0 )
|
||||
{
|
||||
if( strcmp( q, "1" ) == 0 )
|
||||
{
|
||||
mbedtls_printf( "build version: %s (build %d)\n",
|
||||
MBEDTLS_VERSION_STRING_FULL,
|
||||
MBEDTLS_VERSION_NUMBER );
|
||||
goto exit;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "nbio" ) == 0 )
|
||||
{
|
||||
opt.nbio = atoi( q );
|
||||
|
@ -2572,6 +2584,9 @@ int main( int argc, char *argv[] )
|
|||
}
|
||||
#endif /* MBEDTLS_SSL_ALPN */
|
||||
|
||||
mbedtls_printf( "build version: %s (build %d)\n",
|
||||
MBEDTLS_VERSION_STRING_FULL, MBEDTLS_VERSION_NUMBER );
|
||||
|
||||
/*
|
||||
* 0. Initialize the RNG and the session data
|
||||
*/
|
||||
|
|
|
@ -276,6 +276,9 @@ all_final += server5-ss-forgeca.crt
|
|||
server5-othername.crt: server5.key
|
||||
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
|
||||
|
||||
server5-nonprintable_othername.crt: server5.key
|
||||
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS non-printable othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions nonprintable_othername_san -days 3650 -sha256 -key $< -out $@
|
||||
|
||||
server5-unsupported_othername.crt: server5.key
|
||||
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS unsupported othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions unsupoported_othername_san -days 3650 -sha256 -key $< -out $@
|
||||
|
||||
|
|
12
tests/data_files/server5-nonprintable_othername.crt
Normal file
12
tests/data_files/server5-nonprintable_othername.crt
Normal file
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN CERTIFICATE-----
|
||||
MIIBwTCCAWagAwIBAgIBTTAKBggqhkjOPQQDAjBPMQswCQYDVQQGEwJVSzERMA8G
|
||||
A1UECgwITWJlZCBUTFMxLTArBgNVBAMMJE1iZWQgVExTIG5vbi1wcmludGFibGUg
|
||||
b3RoZXJuYW1lIFNBTjAeFw0yMjA5MDYxNTU2NDdaFw0zMjA5MDMxNTU2NDdaME8x
|
||||
CzAJBgNVBAYTAlVLMREwDwYDVQQKDAhNYmVkIFRMUzEtMCsGA1UEAwwkTWJlZCBU
|
||||
TFMgbm9uLXByaW50YWJsZSBvdGhlcm5hbWUgU0FOMFkwEwYHKoZIzj0CAQYIKoZI
|
||||
zj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/
|
||||
6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6MzMDEwLwYDVR0RBCgwJqAkBggrBgEF
|
||||
BQcIBKAYMBYGBysGAQQBEQMECzEyM4CBAIGAMzIxMAoGCCqGSM49BAMCA0kAMEYC
|
||||
IQDATir07PTj5gtf+HAyI+nd27AH9+bdaWdOI2t2bAwUWgIhAO7kvdcsa++yfJdT
|
||||
3vnWdvcHRIAdXA0kh+mcBMaXk9B0
|
||||
-----END CERTIFICATE-----
|
|
@ -15,6 +15,9 @@ basicConstraints = CA:true
|
|||
[othername_san]
|
||||
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
|
||||
|
||||
[nonprintable_othername_san]
|
||||
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:nonprintable_hw_module_name
|
||||
|
||||
[unsupoported_othername_san]
|
||||
subjectAltName=otherName:1.2.3.4;UTF8:some other identifier
|
||||
|
||||
|
@ -34,6 +37,10 @@ subjectAltName=@alt_names
|
|||
hwtype = OID:1.3.6.1.4.1.17.3
|
||||
hwserial = OCT:123456
|
||||
|
||||
[nonprintable_hw_module_name]
|
||||
hwtype = OID:1.3.6.1.4.1.17.3
|
||||
hwserial = FORMAT:HEX, OCT:3132338081008180333231
|
||||
|
||||
[v3_any_policy_ca]
|
||||
basicConstraints = CA:true
|
||||
certificatePolicies = 2.5.29.32.0
|
||||
|
|
|
@ -126,9 +126,11 @@ code that is generated or read from helpers and platform files.
|
|||
This script replaces following fields in the template and generates
|
||||
the test source file:
|
||||
|
||||
$test_common_helpers <-- All common code from helpers.function
|
||||
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
|
||||
All common code from helpers.function
|
||||
is substituted here.
|
||||
$functions_code <-- Test functions are substituted here
|
||||
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
|
||||
Test functions are substituted here
|
||||
from the input test_suit_xyz.function
|
||||
file. C preprocessor checks are generated
|
||||
for the build dependencies specified
|
||||
|
@ -137,21 +139,25 @@ $functions_code <-- Test functions are substituted here
|
|||
functions with code to expand the
|
||||
string parameters read from the data
|
||||
file.
|
||||
$expression_code <-- This script enumerates the
|
||||
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
|
||||
This script enumerates the
|
||||
expressions in the .data file and
|
||||
generates code to handle enumerated
|
||||
expression Ids and return the values.
|
||||
$dep_check_code <-- This script enumerates all
|
||||
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
|
||||
This script enumerates all
|
||||
build dependencies and generate
|
||||
code to handle enumerated build
|
||||
dependency Id and return status: if
|
||||
the dependency is defined or not.
|
||||
$dispatch_code <-- This script enumerates the functions
|
||||
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
|
||||
This script enumerates the functions
|
||||
specified in the input test data file
|
||||
and generates the initializer for the
|
||||
function table in the template
|
||||
file.
|
||||
$platform_code <-- Platform specific setup and test
|
||||
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
|
||||
Platform specific setup and test
|
||||
dispatch code.
|
||||
|
||||
"""
|
||||
|
@ -974,11 +980,27 @@ def write_test_source_file(template_file, c_file, snippets):
|
|||
:param snippets: Generated and code snippets
|
||||
:return:
|
||||
"""
|
||||
|
||||
# Create a placeholder pattern with the correct named capture groups
|
||||
# to override the default provided with Template.
|
||||
# Match nothing (no way of escaping placeholders).
|
||||
escaped = "(?P<escaped>(?!))"
|
||||
# Match the "__MBEDTLS_TEST_TEMPLATE__PLACEHOLDER_NAME" pattern.
|
||||
named = "__MBEDTLS_TEST_TEMPLATE__(?P<named>[A-Z][_A-Z0-9]*)"
|
||||
# Match nothing (no braced placeholder syntax).
|
||||
braced = "(?P<braced>(?!))"
|
||||
# If not already matched, a "__MBEDTLS_TEST_TEMPLATE__" prefix is invalid.
|
||||
invalid = "(?P<invalid>__MBEDTLS_TEST_TEMPLATE__)"
|
||||
placeholder_pattern = re.compile("|".join([escaped, named, braced, invalid]))
|
||||
|
||||
with open(template_file, 'r') as template_f, open(c_file, 'w') as c_f:
|
||||
for line_no, line in enumerate(template_f.readlines(), 1):
|
||||
# Update line number. +1 as #line directive sets next line number
|
||||
snippets['line_no'] = line_no + 1
|
||||
code = string.Template(line).substitute(**snippets)
|
||||
template = string.Template(line)
|
||||
template.pattern = placeholder_pattern
|
||||
snippets = {k.upper():v for (k, v) in snippets.items()}
|
||||
code = template.substitute(**snippets)
|
||||
c_f.write(code)
|
||||
|
||||
|
||||
|
|
|
@ -50,11 +50,13 @@ GetOptions(
|
|||
'verbose|v:1' => \$verbose,
|
||||
) or die;
|
||||
|
||||
# All test suites = executable files, excluding source files, debug
|
||||
# and profiling information, etc. We can't just grep {! /\./} because
|
||||
# some of our test cases' base names contain a dot.
|
||||
my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*';
|
||||
@suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites;
|
||||
# All test suites = executable files derived from a .data file.
|
||||
my @suites = ();
|
||||
for my $data_file (glob 'suites/test_suite_*.data') {
|
||||
(my $base = $data_file) =~ s#^suites/(.*)\.data$#$1#;
|
||||
push @suites, $base if -x $base;
|
||||
push @suites, "$base.exe" if -e "$base.exe";
|
||||
}
|
||||
die "$0: no test suite found\n" unless @suites;
|
||||
|
||||
# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar"
|
||||
|
|
|
@ -357,8 +357,12 @@ int mbedtls_test_read_mpi_core( mbedtls_mpi_uint **pX, size_t *plimbs,
|
|||
size_t hex_len = strlen( input );
|
||||
size_t byte_len = ( hex_len + 1 ) / 2;
|
||||
*plimbs = CHARS_TO_LIMBS( byte_len );
|
||||
|
||||
/* A core bignum is not allowed to be empty. Forbid it as test data,
|
||||
* this way static analyzers have a chance of knowing we don't expect
|
||||
* the bignum functions to support empty inputs. */
|
||||
if( *plimbs == 0 )
|
||||
return( 0 );
|
||||
return( MBEDTLS_ERR_MPI_BAD_INPUT_DATA );
|
||||
|
||||
*pX = mbedtls_calloc( *plimbs, sizeof( **pX ) );
|
||||
if( *pX == NULL )
|
||||
|
|
|
@ -3,17 +3,17 @@
|
|||
* *** THIS FILE HAS BEEN MACHINE GENERATED ***
|
||||
*
|
||||
* This file has been machine generated using the script:
|
||||
* $generator_script
|
||||
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
|
||||
*
|
||||
* Test file : $test_file
|
||||
* Test file : __MBEDTLS_TEST_TEMPLATE__TEST_FILE
|
||||
*
|
||||
* The following files were used to create this file.
|
||||
*
|
||||
* Main code file : $test_main_file
|
||||
* Platform code file : $test_platform_file
|
||||
* Helper file : $test_common_helper_file
|
||||
* Test suite file : $test_case_file
|
||||
* Test suite data : $test_case_data_file
|
||||
* Main code file : __MBEDTLS_TEST_TEMPLATE__TEST_MAIN_FILE
|
||||
* Platform code file : __MBEDTLS_TEST_TEMPLATE__TEST_PLATFORM_FILE
|
||||
* Helper file : __MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPER_FILE
|
||||
* Test suite file : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_FILE
|
||||
* Test suite data : __MBEDTLS_TEST_TEMPLATE__TEST_CASE_DATA_FILE
|
||||
*
|
||||
*/
|
||||
|
||||
|
@ -37,9 +37,9 @@
|
|||
/*----------------------------------------------------------------------------*/
|
||||
/* Common helper code */
|
||||
|
||||
$test_common_helpers
|
||||
__MBEDTLS_TEST_TEMPLATE__TEST_COMMON_HELPERS
|
||||
|
||||
#line $line_no "suites/main_test.function"
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
|
@ -48,9 +48,9 @@ $test_common_helpers
|
|||
|
||||
#define TEST_SUITE_ACTIVE
|
||||
|
||||
$functions_code
|
||||
__MBEDTLS_TEST_TEMPLATE__FUNCTIONS_CODE
|
||||
|
||||
#line $line_no "suites/main_test.function"
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
|
@ -62,7 +62,7 @@ $functions_code
|
|||
* For optimizing space for embedded targets each expression/macro
|
||||
* is identified by a unique identifier instead of string literals.
|
||||
* Identifiers and evaluation code is generated by script:
|
||||
* $generator_script
|
||||
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
|
||||
*
|
||||
* \param exp_id Expression identifier.
|
||||
* \param out_value Pointer to int to hold the integer.
|
||||
|
@ -78,8 +78,8 @@ int get_expression( int32_t exp_id, int32_t * out_value )
|
|||
|
||||
switch( exp_id )
|
||||
{
|
||||
$expression_code
|
||||
#line $line_no "suites/main_test.function"
|
||||
__MBEDTLS_TEST_TEMPLATE__EXPRESSION_CODE
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
default:
|
||||
{
|
||||
ret = KEY_VALUE_MAPPING_NOT_FOUND;
|
||||
|
@ -95,7 +95,7 @@ $expression_code
|
|||
* For optimizing space for embedded targets each dependency
|
||||
* is identified by a unique identifier instead of string literals.
|
||||
* Identifiers and check code is generated by script:
|
||||
* $generator_script
|
||||
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
|
||||
*
|
||||
* \param dep_id Dependency identifier.
|
||||
*
|
||||
|
@ -109,8 +109,8 @@ int dep_check( int dep_id )
|
|||
|
||||
switch( dep_id )
|
||||
{
|
||||
$dep_check_code
|
||||
#line $line_no "suites/main_test.function"
|
||||
__MBEDTLS_TEST_TEMPLATE__DEP_CHECK_CODE
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
@ -137,13 +137,13 @@ typedef void (*TestWrapper_t)( void **param_array );
|
|||
/**
|
||||
* \brief Table of test function wrappers. Used by dispatch_test().
|
||||
* This table is populated by script:
|
||||
* $generator_script
|
||||
* __MBEDTLS_TEST_TEMPLATE__GENERATOR_SCRIPT
|
||||
*
|
||||
*/
|
||||
TestWrapper_t test_funcs[] =
|
||||
{
|
||||
$dispatch_code
|
||||
#line $line_no "suites/main_test.function"
|
||||
__MBEDTLS_TEST_TEMPLATE__DISPATCH_CODE
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -219,9 +219,9 @@ int check_test( size_t func_idx )
|
|||
}
|
||||
|
||||
|
||||
$platform_code
|
||||
__MBEDTLS_TEST_TEMPLATE__PLATFORM_CODE
|
||||
|
||||
#line $line_no "suites/main_test.function"
|
||||
#line __MBEDTLS_TEST_TEMPLATE__LINE_NO "suites/main_test.function"
|
||||
|
||||
/*----------------------------------------------------------------------------*/
|
||||
/* Main Test code */
|
||||
|
|
|
@ -167,9 +167,6 @@ mpi_core_lt_ct:"2B5":"2B4":0
|
|||
mbedtls_mpi_core_lt_ct: x<y (1 limb)
|
||||
mpi_core_lt_ct:"2B5":"2B6":1
|
||||
|
||||
mbedtls_mpi_core_lt_ct: x=y (0 limbs)
|
||||
mpi_core_lt_ct:"":"":0
|
||||
|
||||
mbedtls_mpi_core_lt_ct: x>y (63 bit x, y first byte greater)
|
||||
mpi_core_lt_ct:"7FFFFFFFFFFFFFFF":"00000000000000FF":0
|
||||
|
||||
|
|
|
@ -790,8 +790,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
|
|||
|
||||
if( inject_error == 1 )
|
||||
{
|
||||
buffer0[s_x1_pk_off + 8] >>= 4;
|
||||
buffer0[s_x2_pk_off + 7] <<= 4;
|
||||
buffer0[s_x1_pr_off + 8] ^= 1;
|
||||
buffer0[s_x2_pr_off + 7] ^= 1;
|
||||
expected_status = PSA_ERROR_DATA_INVALID;
|
||||
}
|
||||
|
||||
|
@ -1013,8 +1013,8 @@ static void ecjpake_do_round( psa_algorithm_t alg, unsigned int primitive,
|
|||
|
||||
if( inject_error == 2 )
|
||||
{
|
||||
buffer1[c_x1_pk_off + 12] >>= 4;
|
||||
buffer1[c_x2_pk_off + 7] <<= 4;
|
||||
buffer1[c_x1_pr_off + 12] ^= 1;
|
||||
buffer1[c_x2_pr_off + 7] ^= 1;
|
||||
expected_status = PSA_ERROR_DATA_INVALID;
|
||||
}
|
||||
|
||||
|
|
|
@ -88,7 +88,11 @@ x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial n
|
|||
|
||||
X509 CRT information EC, SHA256 Digest, hardware module name SAN
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n"
|
||||
x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
|
||||
|
||||
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
|
||||
|
||||
X509 CRT information EC, SHA256 Digest, Wisun Fan device
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
|
@ -112,7 +116,7 @@ x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nseri
|
|||
|
||||
X509 CRT information, Multiple different Subject Alt Name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 123456\n dNSName \: example.net\n dNSName \: *.example.org\n"
|
||||
x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
|
||||
|
||||
X509 CRT information, Subject Alt Name + Key Usage
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
|
@ -172,7 +176,11 @@ x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \:
|
|||
|
||||
X509 SAN parsing otherName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\n"
|
||||
x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
|
||||
|
||||
X509 SAN parsing binary otherName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
|
||||
|
||||
X509 SAN parsing dNSName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
|
@ -180,7 +188,7 @@ x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: exampl
|
|||
|
||||
X509 SAN parsing Multiple different types
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA
|
||||
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 123456\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
|
||||
x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
|
||||
|
||||
X509 SAN parsing, no subject alt name
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA:MBEDTLS_ECDSA_C
|
||||
|
|
|
@ -265,17 +265,11 @@ int verify_parse_san( mbedtls_x509_subject_alternative_name *san,
|
|||
ret = mbedtls_snprintf( p, n, ", hardware serial number : " );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
|
||||
if( san->san.other_name.value.hardware_module_name.val.len >= n )
|
||||
{
|
||||
*p = '\0';
|
||||
return( MBEDTLS_ERR_X509_BUFFER_TOO_SMALL );
|
||||
}
|
||||
|
||||
for( i = 0; i < san->san.other_name.value.hardware_module_name.val.len; i++ )
|
||||
{
|
||||
*p++ = san->san.other_name.value.hardware_module_name.val.p[i];
|
||||
ret = mbedtls_snprintf( p, n, "%02X", san->san.other_name.value.hardware_module_name.val.p[i] );
|
||||
MBEDTLS_X509_SAFE_SNPRINTF;
|
||||
}
|
||||
n -= san->san.other_name.value.hardware_module_name.val.len;
|
||||
}
|
||||
break;/* MBEDTLS_OID_ON_HW_MODULE_NAME */
|
||||
case( MBEDTLS_X509_SAN_DNS_NAME ):
|
||||
|
|
Loading…
Reference in a new issue