Merge remote-tracking branch 'public/pr/2040' into development

This commit is contained in:
Simon Butcher 2019-01-23 10:28:25 +01:00
commit 8e763329ad
4 changed files with 34 additions and 3 deletions

View file

@ -20,6 +20,8 @@ Changes
* Include configuration file in all header files that use configuration, * Include configuration file in all header files that use configuration,
instead of relying on other header files that they include. instead of relying on other header files that they include.
Inserted as an enhancement for #1371 Inserted as an enhancement for #1371
* Add support for alternative CSR headers, as used by Microsoft and defined
in RFC 7468. Found by Michael Ernst. Fixes #767.
= mbed TLS 2.16.0 branch released 2018-12-21 = mbed TLS 2.16.0 branch released 2018-12-21

View file

@ -279,15 +279,24 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
{ {
mbedtls_pem_init( &pem ); mbedtls_pem_init( &pem );
ret = mbedtls_pem_read_buffer( &pem, ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN CERTIFICATE REQUEST-----", "-----BEGIN CERTIFICATE REQUEST-----",
"-----END CERTIFICATE REQUEST-----", "-----END CERTIFICATE REQUEST-----",
buf, NULL, 0, &use_len ); buf, NULL, 0, &use_len );
if( ret == MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
{
ret = mbedtls_pem_read_buffer( &pem,
"-----BEGIN NEW CERTIFICATE REQUEST-----",
"-----END NEW CERTIFICATE REQUEST-----",
buf, NULL, 0, &use_len );
}
if( ret == 0 ) if( ret == 0 )
{
/* /*
* Was PEM encoded, parse the result * Was PEM encoded, parse the result
*/ */
ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen ); ret = mbedtls_x509_csr_parse_der( csr, pem.buf, pem.buflen );
}
mbedtls_pem_free( &pem ); mbedtls_pem_free( &pem );
if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT ) if( ret != MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT )

View file

@ -0,0 +1,16 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow
GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb
+OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr
eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19
3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm
TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF
ox+ATHKxQ/XpRQP+2OTb9sw1kM59
-----END NEW CERTIFICATE REQUEST-----

View file

@ -278,6 +278,10 @@ X509 CSR Information RSA-PSS with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA with SHA256 - Microsoft header
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 Verify Information: empty X509 Verify Information: empty
x509_verify_info:0:"":"" x509_verify_info:0:"":""