- Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5) - Added tests for encrypted keyfiles
This commit is contained in:
parent
f17ed288ad
commit
96743fc5f5
15 changed files with 812 additions and 352 deletions
10
ChangeLog
10
ChangeLog
|
@ -1,5 +1,15 @@
|
|||
PolarSSL ChangeLog
|
||||
|
||||
= Version 0.99-pre2 released on XXXXXX
|
||||
Features
|
||||
* Parsing PEM private keys encrypted with DES and AES
|
||||
are now supported as well (Fixes ticket #5)
|
||||
|
||||
Changes
|
||||
* Parsing of PEM files moved to separate module (Fixes
|
||||
ticket #13). Also possible to remove PEM support for
|
||||
systems only using DER encoding
|
||||
|
||||
= Version 0.99-pre1 released on 2011-01-30
|
||||
Features
|
||||
Note: Most of these features have been donated by Fox-IT
|
||||
|
|
|
@ -151,6 +151,7 @@
|
|||
*
|
||||
* Module: library/aes.c
|
||||
* Caller: library/ssl_tls.c
|
||||
* library/pem.c
|
||||
*
|
||||
* This module enables the following ciphersuites:
|
||||
* SSL_RSA_AES_128_SHA
|
||||
|
@ -370,6 +371,18 @@
|
|||
*/
|
||||
#define POLARSSL_PADLOCK_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_PEM_C
|
||||
*
|
||||
* Enable PEM decoding
|
||||
*
|
||||
* Module: library/pem.c
|
||||
* Caller: library/x509parse.c
|
||||
*
|
||||
* This modules adds support for decoding PEM files.
|
||||
*/
|
||||
#define POLARSSL_PEM_C
|
||||
|
||||
/**
|
||||
* \def POLARSSL_RSA_C
|
||||
*
|
||||
|
|
98
include/polarssl/pem.h
Normal file
98
include/polarssl/pem.h
Normal file
|
@ -0,0 +1,98 @@
|
|||
/**
|
||||
* \file pem.h
|
||||
*
|
||||
* \brief Privacy Enhanced Mail (PEM) decoding
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
#ifndef POLARSSL_PEM_H
|
||||
#define POLARSSL_PEM_H
|
||||
|
||||
/**
|
||||
* \name PEM Error codes
|
||||
* These error codes are returned in case of errors reading the
|
||||
* PEM data.
|
||||
* \{
|
||||
*/
|
||||
#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x0500 /**< No PEM header found. */
|
||||
#define POLARSSL_ERR_PEM_INVALID_DATA -0x0520 /**< PEM string is not as expected. */
|
||||
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x0540 /**< Failed to allocate memory. */
|
||||
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x0560 /**< RSA IV is not in hex-format. */
|
||||
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x0580 /**< Unsupported key encryption algorithm. */
|
||||
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x05A0 /**< Private key password can't be empty. */
|
||||
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x05C0 /**< Given private key password does not allow for correct decryption. */
|
||||
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x05E0 /**< Unavailable feature, e.g. hashing/encryption combination. */
|
||||
/* \} name */
|
||||
|
||||
/**
|
||||
* \brief PEM context structure
|
||||
*/
|
||||
typedef struct
|
||||
{
|
||||
unsigned char *buf; /*!< buffer for decoded data */
|
||||
int buflen; /*!< length of the buffer */
|
||||
unsigned char *info; /*!< buffer for extra header information */
|
||||
}
|
||||
pem_context;
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \brief PEM context setup
|
||||
*
|
||||
* \param ctx context to be initialized
|
||||
*/
|
||||
void pem_init( pem_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Read a buffer for PEM information and store the resulting
|
||||
* data into the specified context buffers.
|
||||
*
|
||||
* \param ctx context to use
|
||||
* \param header header string to seek and expect
|
||||
* \param footer footer string to seek and expect
|
||||
* \param data source data to look in
|
||||
* \param pwd password for decryption (can be NULL)
|
||||
* \param pwdlen length of password
|
||||
* \param use_len destination for total length used
|
||||
*
|
||||
* \return 0 on success, ior a specific PEM error code
|
||||
*/
|
||||
int pem_read_buffer( pem_context *ctx, char *header, char *footer,
|
||||
const unsigned char *data,
|
||||
const unsigned char *pwd,
|
||||
int pwdlen, int *use_len );
|
||||
|
||||
/**
|
||||
* \brief PEM context memory freeing
|
||||
*
|
||||
* \param ctx context to be freed
|
||||
*/
|
||||
void pem_free( pem_context *ctx );
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
#endif /* pem.h */
|
|
@ -69,13 +69,8 @@
|
|||
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
|
||||
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
|
||||
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
|
||||
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
|
||||
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
|
||||
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
|
||||
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
|
||||
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
|
||||
/* \} name */
|
||||
|
@ -485,7 +480,7 @@ extern "C" {
|
|||
* \param buf buffer holding the certificate data
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
||||
|
||||
|
@ -497,7 +492,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
|
|||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the certificates from
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crtfile( x509_cert *chain, const char *path );
|
||||
|
||||
|
@ -510,7 +505,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path );
|
|||
* \param buf buffer holding the CRL data
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
||||
|
||||
|
@ -522,7 +517,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
|
|||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the CRLs from
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_crlfile( x509_crl *chain, const char *path );
|
||||
|
||||
|
@ -536,7 +531,7 @@ int x509parse_crlfile( x509_crl *chain, const char *path );
|
|||
* \param pwd password for decryption (optional)
|
||||
* \param pwdlen size of the password
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_key( rsa_context *rsa,
|
||||
const unsigned char *key, int keylen,
|
||||
|
@ -550,7 +545,7 @@ int x509parse_key( rsa_context *rsa,
|
|||
* \param path filename to read the private key from
|
||||
* \param password password to decrypt the file (can be NULL)
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_keyfile( rsa_context *rsa, const char *path,
|
||||
const char *password );
|
||||
|
@ -563,7 +558,7 @@ int x509parse_keyfile( rsa_context *rsa, const char *path,
|
|||
* \param dhmin input buffer
|
||||
* \param dhminlen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
||||
|
||||
|
@ -574,7 +569,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
|
|||
* \param dhm DHM context to be initialized
|
||||
* \param path filename to read the DHM Parameters from
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 error code
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509parse_dhmfile( dhm_context *dhm, const char *path );
|
||||
|
||||
|
|
350
library/pem.c
Normal file
350
library/pem.c
Normal file
|
@ -0,0 +1,350 @@
|
|||
/*
|
||||
* Privacy Enhanced Mail (PEM) decoding
|
||||
*
|
||||
* Copyright (C) 2006-2010, Brainspark B.V.
|
||||
*
|
||||
* This file is part of PolarSSL (http://www.polarssl.org)
|
||||
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
|
||||
*
|
||||
* All rights reserved.
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License along
|
||||
* with this program; if not, write to the Free Software Foundation, Inc.,
|
||||
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||
*/
|
||||
|
||||
#include "polarssl/config.h"
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
|
||||
#include "polarssl/pem.h"
|
||||
#include "polarssl/base64.h"
|
||||
#include "polarssl/des.h"
|
||||
#include "polarssl/aes.h"
|
||||
#include "polarssl/md5.h"
|
||||
#include "polarssl/cipher.h"
|
||||
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
void pem_init( pem_context *ctx )
|
||||
{
|
||||
memset( ctx, 0, sizeof( pem_context ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||
/*
|
||||
* Read a 16-byte hex string and convert it to binary
|
||||
*/
|
||||
static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len )
|
||||
{
|
||||
int i, j, k;
|
||||
|
||||
memset( iv, 0, iv_len );
|
||||
|
||||
for( i = 0; i < iv_len * 2; i++, s++ )
|
||||
{
|
||||
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
|
||||
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
|
||||
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
|
||||
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||
|
||||
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
|
||||
|
||||
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
static void pem_pbkdf1( unsigned char *key, int keylen,
|
||||
unsigned char *iv,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
md5_context md5_ctx;
|
||||
unsigned char md5sum[16];
|
||||
int use_len;
|
||||
|
||||
/*
|
||||
* key[ 0..15] = MD5(pwd || IV)
|
||||
*/
|
||||
md5_starts( &md5_ctx );
|
||||
md5_update( &md5_ctx, pwd, pwdlen );
|
||||
md5_update( &md5_ctx, iv, 8 );
|
||||
md5_finish( &md5_ctx, md5sum );
|
||||
|
||||
if( keylen <= 16 )
|
||||
{
|
||||
memcpy( key, md5sum, keylen );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
return;
|
||||
}
|
||||
|
||||
memcpy( key, md5sum, 16 );
|
||||
|
||||
/*
|
||||
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
|
||||
*/
|
||||
md5_starts( &md5_ctx );
|
||||
md5_update( &md5_ctx, md5sum, 16 );
|
||||
md5_update( &md5_ctx, pwd, pwdlen );
|
||||
md5_update( &md5_ctx, iv, 8 );
|
||||
md5_finish( &md5_ctx, md5sum );
|
||||
|
||||
use_len = 16;
|
||||
if( keylen < 32 )
|
||||
use_len = keylen - 16;
|
||||
|
||||
memcpy( key + 16, md5sum, use_len );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
/*
|
||||
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des_decrypt( unsigned char des_iv[8],
|
||||
unsigned char *buf, int buflen,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
des_context des_ctx;
|
||||
unsigned char des_key[8];
|
||||
|
||||
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
||||
|
||||
des_setkey_dec( &des_ctx, des_key );
|
||||
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
|
||||
des_iv, buf, buf );
|
||||
|
||||
memset( &des_ctx, 0, sizeof( des_ctx ) );
|
||||
memset( des_key, 0, 8 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, int buflen,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
des3_context des3_ctx;
|
||||
unsigned char des3_key[24];
|
||||
|
||||
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
||||
|
||||
des3_set3key_dec( &des3_ctx, des3_key );
|
||||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
|
||||
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
||||
memset( des3_key, 0, 24 );
|
||||
}
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
/*
|
||||
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen,
|
||||
unsigned char *buf, int buflen,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
aes_context aes_ctx;
|
||||
unsigned char aes_key[32];
|
||||
|
||||
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
||||
|
||||
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
|
||||
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
|
||||
aes_iv, buf, buf );
|
||||
|
||||
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
|
||||
memset( aes_key, 0, keylen );
|
||||
}
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||
|
||||
int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, int pwdlen, int *use_len )
|
||||
{
|
||||
int ret, len, enc;
|
||||
unsigned char *buf;
|
||||
unsigned char *s1, *s2;
|
||||
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||
unsigned char pem_iv[16];
|
||||
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
|
||||
#else
|
||||
((void) pwd);
|
||||
((void) pwdlen);
|
||||
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||
|
||||
if( ctx == NULL )
|
||||
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
|
||||
s1 = (unsigned char *) strstr( (char *) data, header );
|
||||
|
||||
if( s1 == NULL )
|
||||
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
|
||||
|
||||
s2 = (unsigned char *) strstr( (char *) data, footer );
|
||||
|
||||
if( s2 == NULL || s2 <= s1 )
|
||||
return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
|
||||
s1 += strlen( header );
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
|
||||
enc = 0;
|
||||
|
||||
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
||||
{
|
||||
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||
enc++;
|
||||
|
||||
s1 += 22;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
|
||||
{
|
||||
enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
|
||||
|
||||
s1 += 23;
|
||||
if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
|
||||
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||
|
||||
s1 += 16;
|
||||
}
|
||||
else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
|
||||
{
|
||||
enc_alg = POLARSSL_CIPHER_DES_CBC;
|
||||
|
||||
s1 += 18;
|
||||
if( pem_get_iv( s1, pem_iv, 8) != 0 )
|
||||
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||
|
||||
s1 += 16;
|
||||
}
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
|
||||
{
|
||||
if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
|
||||
enc_alg = POLARSSL_CIPHER_AES_128_CBC;
|
||||
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
|
||||
enc_alg = POLARSSL_CIPHER_AES_192_CBC;
|
||||
else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
|
||||
enc_alg = POLARSSL_CIPHER_AES_256_CBC;
|
||||
else
|
||||
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||
|
||||
s1 += 22;
|
||||
if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
|
||||
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
|
||||
|
||||
s1 += 32;
|
||||
}
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
if( enc_alg == POLARSSL_CIPHER_NONE )
|
||||
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
|
||||
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
#else
|
||||
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
|
||||
}
|
||||
|
||||
len = 0;
|
||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
|
||||
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
||||
return( POLARSSL_ERR_PEM_MALLOC_FAILED );
|
||||
|
||||
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
free( buf );
|
||||
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
|
||||
}
|
||||
|
||||
if( enc != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
|
||||
if( pwd == NULL )
|
||||
{
|
||||
free( buf );
|
||||
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DES_C)
|
||||
if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
|
||||
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
|
||||
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||
#endif /* POLARSSL_DES_C */
|
||||
|
||||
#if defined(POLARSSL_AES_C)
|
||||
if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
|
||||
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
|
||||
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||
else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
|
||||
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||
#endif /* POLARSSL_AES_C */
|
||||
|
||||
if( buf[0] != 0x30 || buf[1] != 0x82 ||
|
||||
buf[4] != 0x02 || buf[5] != 0x01 )
|
||||
{
|
||||
free( buf );
|
||||
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
|
||||
}
|
||||
#else
|
||||
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
}
|
||||
|
||||
ctx->buf = buf;
|
||||
ctx->buflen = len;
|
||||
s2 += strlen( footer );
|
||||
if( *s2 == '\r' ) s2++;
|
||||
if( *s2 == '\n' ) s2++;
|
||||
*use_len = s2 - data;
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
void pem_free( pem_context *ctx )
|
||||
{
|
||||
if( ctx->buf )
|
||||
free( ctx->buf );
|
||||
|
||||
if( ctx->info )
|
||||
free( ctx->info );
|
||||
}
|
||||
|
||||
#endif
|
|
@ -39,7 +39,7 @@
|
|||
#if defined(POLARSSL_X509_PARSE_C)
|
||||
|
||||
#include "polarssl/x509.h"
|
||||
#include "polarssl/base64.h"
|
||||
#include "polarssl/pem.h"
|
||||
#include "polarssl/des.h"
|
||||
#include "polarssl/md2.h"
|
||||
#include "polarssl/md4.h"
|
||||
|
@ -1045,10 +1045,12 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
|
|||
*/
|
||||
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
||||
{
|
||||
int ret, len;
|
||||
const unsigned char *s1, *s2;
|
||||
int ret, len, use_len;
|
||||
unsigned char *p, *end;
|
||||
x509_cert *crt;
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_context pem;
|
||||
#endif
|
||||
|
||||
crt = chain;
|
||||
|
||||
|
@ -1078,57 +1080,33 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||
memset( crt, 0, sizeof( x509_cert ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* check if the certificate is encoded in base64
|
||||
*/
|
||||
s1 = (unsigned char *) strstr( (char *) buf,
|
||||
"-----BEGIN CERTIFICATE-----" );
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN CERTIFICATE-----",
|
||||
"-----END CERTIFICATE-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( s1 != NULL )
|
||||
if( ret == 0 )
|
||||
{
|
||||
s2 = (unsigned char *) strstr( (char *) buf,
|
||||
"-----END CERTIFICATE-----" );
|
||||
|
||||
if( s2 == NULL || s2 <= s1 )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
|
||||
s1 += 27;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
/*
|
||||
* get the DER data length and decode the buffer
|
||||
* Steal PEM buffer
|
||||
*/
|
||||
len = 0;
|
||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
||||
|
||||
if( ( p = (unsigned char *) malloc( len ) ) == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
free( p );
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
||||
p = pem.buf;
|
||||
pem.buf = NULL;
|
||||
len = pem.buflen;
|
||||
pem_free( &pem );
|
||||
}
|
||||
|
||||
/*
|
||||
* update the buffer size and offset
|
||||
*/
|
||||
s2 += 25;
|
||||
if( *s2 == '\r' ) s2++;
|
||||
if( *s2 == '\n' ) s2++;
|
||||
else
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
free( p );
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
}
|
||||
|
||||
buflen -= s2 - buf;
|
||||
buf = s2;
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1144,6 +1122,16 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||
|
||||
buflen = 0;
|
||||
}
|
||||
#else
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
#endif
|
||||
|
||||
crt->raw.p = p;
|
||||
crt->raw.len = len;
|
||||
|
@ -1393,10 +1381,12 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
|
|||
*/
|
||||
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
||||
{
|
||||
int ret, len;
|
||||
unsigned char *s1, *s2;
|
||||
int ret, len, use_len;
|
||||
unsigned char *p, *end;
|
||||
x509_crl *crl;
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_context pem;
|
||||
#endif
|
||||
|
||||
crl = chain;
|
||||
|
||||
|
@ -1426,57 +1416,33 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
|||
memset( crl, 0, sizeof( x509_crl ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* check if the CRL is encoded in base64
|
||||
*/
|
||||
s1 = (unsigned char *) strstr( (char *) buf,
|
||||
"-----BEGIN X509 CRL-----" );
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( s1 != NULL )
|
||||
if( ret == 0 )
|
||||
{
|
||||
s2 = (unsigned char *) strstr( (char *) buf,
|
||||
"-----END X509 CRL-----" );
|
||||
|
||||
if( s2 == NULL || s2 <= s1 )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
|
||||
s1 += 24;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
/*
|
||||
* get the DER data length and decode the buffer
|
||||
* Steal PEM buffer
|
||||
*/
|
||||
len = 0;
|
||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
||||
|
||||
if( ( p = (unsigned char *) malloc( len ) ) == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
free( p );
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
|
||||
p = pem.buf;
|
||||
pem.buf = NULL;
|
||||
len = pem.buflen;
|
||||
pem_free( &pem );
|
||||
}
|
||||
|
||||
/*
|
||||
* update the buffer size and offset
|
||||
*/
|
||||
s2 += 22;
|
||||
if( *s2 == '\r' ) s2++;
|
||||
if( *s2 == '\n' ) s2++;
|
||||
else
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
free( p );
|
||||
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
|
||||
}
|
||||
|
||||
buflen -= s2 - buf;
|
||||
buf = s2;
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -1492,6 +1458,16 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
|
|||
|
||||
buflen = 0;
|
||||
}
|
||||
#else
|
||||
p = (unsigned char *) malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( 1 );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
#endif
|
||||
|
||||
crl->raw.p = p;
|
||||
crl->raw.len = len;
|
||||
|
@ -1758,180 +1734,44 @@ int x509parse_crlfile( x509_crl *chain, const char *path )
|
|||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
||||
/*
|
||||
* Read a 16-byte hex string and convert it to binary
|
||||
*/
|
||||
static int x509_get_iv( const unsigned char *s, unsigned char iv[8] )
|
||||
{
|
||||
int i, j, k;
|
||||
|
||||
memset( iv, 0, 8 );
|
||||
|
||||
for( i = 0; i < 16; i++, s++ )
|
||||
{
|
||||
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
|
||||
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
|
||||
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
|
||||
|
||||
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
|
||||
|
||||
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||
*/
|
||||
static void x509_des3_decrypt( unsigned char des3_iv[8],
|
||||
unsigned char *buf, int buflen,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
md5_context md5_ctx;
|
||||
des3_context des3_ctx;
|
||||
unsigned char md5sum[16];
|
||||
unsigned char des3_key[24];
|
||||
|
||||
/*
|
||||
* 3DES key[ 0..15] = MD5(pwd || IV)
|
||||
* key[16..23] = MD5(pwd || IV || 3DES key[ 0..15])
|
||||
*/
|
||||
md5_starts( &md5_ctx );
|
||||
md5_update( &md5_ctx, pwd, pwdlen );
|
||||
md5_update( &md5_ctx, des3_iv, 8 );
|
||||
md5_finish( &md5_ctx, md5sum );
|
||||
memcpy( des3_key, md5sum, 16 );
|
||||
|
||||
md5_starts( &md5_ctx );
|
||||
md5_update( &md5_ctx, md5sum, 16 );
|
||||
md5_update( &md5_ctx, pwd, pwdlen );
|
||||
md5_update( &md5_ctx, des3_iv, 8 );
|
||||
md5_finish( &md5_ctx, md5sum );
|
||||
memcpy( des3_key + 16, md5sum, 8 );
|
||||
|
||||
des3_set3key_dec( &des3_ctx, des3_key );
|
||||
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
|
||||
des3_iv, buf, buf );
|
||||
|
||||
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
|
||||
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
|
||||
memset( md5sum, 0, 16 );
|
||||
memset( des3_key, 0, 24 );
|
||||
}
|
||||
#endif
|
||||
|
||||
/*
|
||||
* Parse a private RSA key
|
||||
*/
|
||||
int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
||||
const unsigned char *pwd, int pwdlen )
|
||||
{
|
||||
int ret, len, enc;
|
||||
unsigned char *buf, *s1, *s2;
|
||||
int ret, len;
|
||||
unsigned char *p, *end;
|
||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
||||
unsigned char des3_iv[8];
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_context pem;
|
||||
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN RSA PRIVATE KEY-----",
|
||||
"-----END RSA PRIVATE KEY-----",
|
||||
key, pwd, pwdlen, &len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
keylen = pem.buflen;
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
|
||||
#else
|
||||
((void) pwd);
|
||||
((void) pwdlen);
|
||||
p = (unsigned char *) key;
|
||||
#endif
|
||||
|
||||
s1 = (unsigned char *) strstr( (char *) key,
|
||||
"-----BEGIN RSA PRIVATE KEY-----" );
|
||||
|
||||
if( s1 != NULL )
|
||||
{
|
||||
s2 = (unsigned char *) strstr( (char *) key,
|
||||
"-----END RSA PRIVATE KEY-----" );
|
||||
|
||||
if( s2 == NULL || s2 <= s1 )
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
s1 += 31;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
enc = 0;
|
||||
|
||||
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
|
||||
{
|
||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
||||
enc++;
|
||||
|
||||
s1 += 22;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 )
|
||||
return( POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG );
|
||||
|
||||
s1 += 23;
|
||||
if( x509_get_iv( s1, des3_iv ) != 0 )
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
|
||||
|
||||
s1 += 16;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
#else
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
}
|
||||
|
||||
len = 0;
|
||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
||||
{
|
||||
free( buf );
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
}
|
||||
|
||||
keylen = len;
|
||||
|
||||
if( enc != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
|
||||
if( pwd == NULL )
|
||||
{
|
||||
free( buf );
|
||||
return( POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED );
|
||||
}
|
||||
|
||||
x509_des3_decrypt( des3_iv, buf, keylen, pwd, pwdlen );
|
||||
|
||||
if( buf[0] != 0x30 || buf[1] != 0x82 ||
|
||||
buf[4] != 0x02 || buf[5] != 0x01 )
|
||||
{
|
||||
free( buf );
|
||||
return( POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH );
|
||||
}
|
||||
#else
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
#endif
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
buf = NULL;
|
||||
}
|
||||
end = p + keylen;
|
||||
|
||||
memset( rsa, 0, sizeof( rsa_context ) );
|
||||
|
||||
p = ( s1 != NULL ) ? buf : (unsigned char *) key;
|
||||
end = p + keylen;
|
||||
|
||||
/*
|
||||
* RSAPrivateKey ::= SEQUENCE {
|
||||
* version Version,
|
||||
|
@ -1949,9 +1789,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||
}
|
||||
|
@ -1960,18 +1800,18 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||
|
||||
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||
}
|
||||
|
||||
if( rsa->ver != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
|
||||
}
|
||||
|
@ -1985,9 +1825,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
|
||||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||
}
|
||||
|
@ -1996,9 +1836,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||
|
||||
if( p != end )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
|
@ -2006,15 +1846,16 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
|
|||
|
||||
if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
rsa_free( rsa );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
@ -2049,52 +1890,38 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
|
|||
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
||||
{
|
||||
int ret, len;
|
||||
unsigned char *buf, *s1, *s2;
|
||||
unsigned char *p, *end;
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_context pem;
|
||||
|
||||
s1 = (unsigned char *) strstr( (char *) dhmin,
|
||||
"-----BEGIN DH PARAMETERS-----" );
|
||||
pem_init( &pem );
|
||||
|
||||
if( s1 != NULL )
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN DH PARAMETERS-----",
|
||||
"-----END DH PARAMETERS-----",
|
||||
dhmin, NULL, 0, &dhminlen );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
s2 = (unsigned char *) strstr( (char *) dhmin,
|
||||
"-----END DH PARAMETERS-----" );
|
||||
|
||||
if( s2 == NULL || s2 <= s1 )
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
s1 += 29;
|
||||
if( *s1 == '\r' ) s1++;
|
||||
if( *s1 == '\n' ) s1++;
|
||||
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
len = 0;
|
||||
ret = base64_decode( NULL, &len, s1, s2 - s1 );
|
||||
|
||||
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
|
||||
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
|
||||
return( 1 );
|
||||
|
||||
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
dhminlen = pem.buflen;
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
|
||||
{
|
||||
free( buf );
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
|
||||
dhminlen = len;
|
||||
}
|
||||
else
|
||||
{
|
||||
buf = NULL;
|
||||
}
|
||||
p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
|
||||
#else
|
||||
p = (unsigned char *) dhmin;
|
||||
#endif
|
||||
end = p + dhminlen;
|
||||
|
||||
memset( dhm, 0, sizeof( dhm_context ) );
|
||||
|
||||
p = ( s1 != NULL ) ? buf : (unsigned char *) dhmin;
|
||||
end = p + dhminlen;
|
||||
|
||||
/*
|
||||
* DHParams ::= SEQUENCE {
|
||||
* prime INTEGER, -- P
|
||||
|
@ -2104,10 +1931,9 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
|||
if( ( ret = asn1_get_tag( &p, end, &len,
|
||||
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
dhm_free( dhm );
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
|
||||
}
|
||||
|
||||
|
@ -2116,25 +1942,26 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
|
|||
if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
|
||||
( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
dhm_free( dhm );
|
||||
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
|
||||
}
|
||||
|
||||
if( p != end )
|
||||
{
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
dhm_free( dhm );
|
||||
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
if( s1 != NULL )
|
||||
free( buf );
|
||||
#if defined(POLARSSL_PEM_C)
|
||||
pem_free( &pem );
|
||||
#endif
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
|
15
tests/data_files/keyfile
Normal file
15
tests/data_files/keyfile
Normal file
|
@ -0,0 +1,15 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF
|
||||
UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y
|
||||
pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB
|
||||
AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo
|
||||
iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z
|
||||
fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v
|
||||
3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6
|
||||
ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O
|
||||
pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz
|
||||
JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP
|
||||
CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr
|
||||
JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k
|
||||
+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA==
|
||||
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.3des
Normal file
18
tests/data_files/keyfile.3des
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7
|
||||
|
||||
9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w
|
||||
uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d
|
||||
aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4
|
||||
Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw
|
||||
JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E
|
||||
P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P
|
||||
zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF
|
||||
3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE
|
||||
cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz
|
||||
0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A
|
||||
mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs
|
||||
JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY
|
||||
jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ==
|
||||
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes128
Normal file
18
tests/data_files/keyfile.aes128
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A
|
||||
|
||||
iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI
|
||||
tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg
|
||||
flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z
|
||||
Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3
|
||||
j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ
|
||||
3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94
|
||||
F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ
|
||||
66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ
|
||||
/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC
|
||||
IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9
|
||||
drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G
|
||||
Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP
|
||||
1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs
|
||||
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes192
Normal file
18
tests/data_files/keyfile.aes192
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8
|
||||
|
||||
R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+
|
||||
ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu
|
||||
zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs
|
||||
mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb
|
||||
IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h
|
||||
7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM
|
||||
ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6
|
||||
3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD
|
||||
9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw
|
||||
JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3
|
||||
gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH
|
||||
dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE
|
||||
Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc
|
||||
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.aes256
Normal file
18
tests/data_files/keyfile.aes256
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A
|
||||
|
||||
p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1
|
||||
1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd
|
||||
qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9
|
||||
sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy
|
||||
klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j
|
||||
uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU
|
||||
YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1
|
||||
dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk
|
||||
pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG
|
||||
ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S
|
||||
5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH
|
||||
RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji
|
||||
3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q
|
||||
-----END RSA PRIVATE KEY-----
|
18
tests/data_files/keyfile.des
Normal file
18
tests/data_files/keyfile.des
Normal file
|
@ -0,0 +1,18 @@
|
|||
-----BEGIN RSA PRIVATE KEY-----
|
||||
Proc-Type: 4,ENCRYPTED
|
||||
DEK-Info: DES-CBC,F87FE1C0FB9B3E77
|
||||
|
||||
1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG
|
||||
JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6
|
||||
7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8
|
||||
Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO
|
||||
vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM
|
||||
pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK
|
||||
St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn
|
||||
Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR
|
||||
cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy
|
||||
0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8
|
||||
lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp
|
||||
FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv
|
||||
VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ==
|
||||
-----END RSA PRIVATE KEY-----
|
|
@ -1,4 +1,4 @@
|
|||
Debug print certificate #1
|
||||
depends_on:POLARSSL_DEBUG_C
|
||||
depends_on:POLARSSL_DEBUG_C:POLARSSL_PEM_C
|
||||
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n"
|
||||
|
||||
|
|
|
@ -1,176 +1,237 @@
|
|||
X509 Certificate information #1
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information #2
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information #3
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information MD2 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information MD4 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information MD5 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information SHA224 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information SHA256 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information SHA384 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 Certificate information SHA512 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 CRL information #1
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
||||
|
||||
X509 CRL Information MD2 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n"
|
||||
|
||||
X509 CRL Information MD4 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n"
|
||||
|
||||
X509 CRL Information MD5 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n"
|
||||
|
||||
X509 CRL Information SHA1 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
|
||||
|
||||
X509 CRL Information SHA224 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n"
|
||||
|
||||
X509 CRL Information SHA256 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n"
|
||||
|
||||
X509 CRL Information SHA384 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n"
|
||||
|
||||
X509 CRL Information SHA512 Digest
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n"
|
||||
|
||||
X509 Parse Key #1 (No password when required)
|
||||
depends_on:POLARSSL_MD5_C
|
||||
x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_PEM_PASSWORD_REQUIRED
|
||||
|
||||
X509 Parse Key #2 (Correct password)
|
||||
depends_on:POLARSSL_MD5_C
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0
|
||||
|
||||
X509 Parse Key #3 (Wrong password)
|
||||
depends_on:POLARSSL_MD5_C
|
||||
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PEM_PASSWORD_MISMATCH
|
||||
|
||||
X509 Parse Key #4 (DES Encrypted)
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/keyfile.des":"testkey":0
|
||||
|
||||
X509 Parse Key #5 (3DES Encrypted)
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/keyfile.3des":"testkey":0
|
||||
|
||||
X509 Parse Key #6 (AES-128 Encrypted)
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/keyfile.aes128":"testkey":0
|
||||
|
||||
X509 Parse Key #7 (AES-192 Encrypted)
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/keyfile.aes192":"testkey":0
|
||||
|
||||
X509 Parse Key #8 (AES-256 Encrypted)
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
|
||||
x509parse_keyfile:"data_files/keyfile.aes256":"testkey":0
|
||||
|
||||
X509 Get Distinguished Name #1
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
|
||||
|
||||
X509 Get Distinguished Name #2
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
|
||||
X509 Get Distinguished Name #3
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost"
|
||||
|
||||
X509 Get Distinguished Name #4
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
|
||||
X509 Time Expired #1
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/server1.crt":valid_from:1
|
||||
|
||||
X509 Time Expired #2
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/server1.crt":valid_to:0
|
||||
|
||||
X509 Time Expired #3
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/server2.crt":valid_from:1
|
||||
|
||||
X509 Time Expired #4
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/server2.crt":valid_to:0
|
||||
|
||||
X509 Time Expired #5
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/test-ca.crt":valid_from:1
|
||||
|
||||
X509 Time Expired #6
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_time_expired:"data_files/test-ca.crt":valid_to:0
|
||||
|
||||
X509 Certificate verification #1 (Revoked Cert, Expired CRL)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
||||
|
||||
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
|
||||
|
||||
X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL
|
||||
|
||||
X509 Certificate verification #4 (Valid Cert, Expired CRL)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL
|
||||
|
||||
X509 Certificate verification #5 (Revoked Cert)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
||||
|
||||
X509 Certificate verification #6 (Revoked Cert)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
|
||||
|
||||
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL
|
||||
|
||||
X509 Certificate verification #8 (Valid Cert)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #9 (Not trusted Cert)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
||||
|
||||
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
|
||||
|
||||
X509 Certificate verification #11 (Valid Cert MD2 Digest)
|
||||
depends_on:POLARSSL_MD2_C
|
||||
depends_on:POLARSSL_MD2_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #12 (Valid Cert MD4 Digest)
|
||||
depends_on:POLARSSL_MD4_C
|
||||
depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #13 (Valid Cert MD5 Digest)
|
||||
depends_on:POLARSSL_MD5_C
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #14 (Valid Cert SHA1 Digest)
|
||||
depends_on:POLARSSL_SHA1_C
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
|
||||
depends_on:POLARSSL_SHA2_C
|
||||
depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
|
||||
depends_on:POLARSSL_SHA2_C
|
||||
depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
|
||||
depends_on:POLARSSL_SHA4_C
|
||||
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
|
||||
depends_on:POLARSSL_SHA4_C
|
||||
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
|
||||
|
||||
X509 Certificate verification #19 (Valid Cert, denying callback)
|
||||
depends_on:POLARSSL_SHA4_C
|
||||
depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none
|
||||
|
||||
X509 Certificate verification #20 (Not trusted Cert, allowing callback)
|
||||
depends_on:POLARSSL_PEM_C
|
||||
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all
|
||||
|
||||
X509 Parse Selftest
|
||||
depends_on:POLARSSL_MD5_C
|
||||
depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
|
||||
x509_selftest:
|
||||
|
||||
X509 Certificate ASN1 (Incorrect first tag)
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
BEGIN_HEADER
|
||||
#include <polarssl/config.h>
|
||||
#include <polarssl/x509.h>
|
||||
#include <polarssl/pem.h>
|
||||
|
||||
int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok )
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue