yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Reduce code size when mbedtls_x509_*_info() unused

Browse source 
Introduce MBEDTLS_X509_INFO to indicate the availability of the
mbedtls_x509_*_info() function and closely related APIs. When this is
not defined, also omit name and description from
mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that
are entirely unused. This saves several KB of code space.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Chris Jones <christopher.jones@arm.com>
This commit is contained in:
Peter Kolbus 2018-12-11 13:55:56 -06:00 committed by Chris Jones
parent 12f93f4fc2
commit 9a969b66c1
28 changed files with 322 additions and 206 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
include/mbedtls/config.h
View file

@ -2143,6 +2143,17 @@
*/
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
/**
* \def MBEDTLS_X509_INFO
*
* Enable mbedtls_x509_*_info() and related APIs.
*
* Comment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt()
* and other functions/constants only used by these functions, thus reducing
* the code footprint by several KB.
*/
#define MBEDTLS_X509_INFO
/**
* \def MBEDTLS_X509_RSASSA_PSS_SUPPORT
*

8
include/mbedtls/debug.h
View file

@ -59,9 +59,13 @@
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_INFO)
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \
mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt )
#endif
#else
#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 )
#endif /* MBEDTLS_X509_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_ECDH_C)
#define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \
@ -248,7 +252,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level,
const char *text, const mbedtls_ecp_point *X );
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO)
/**
* \brief Print a X.509 certificate structure to the debug output. This
* function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro,

4
include/mbedtls/oid.h
View file

@ -441,8 +441,10 @@ typedef struct mbedtls_oid_descriptor_t
{
const char *asn1; /*!< OID ASN.1 representation */
size_t asn1_len; /*!< length of asn1 */
#if defined(MBEDTLS_X509_INFO)
const char *name; /*!< official name (e.g. from RFC) */
const char *description; /*!< human friendly description */
#endif
} mbedtls_oid_descriptor_t;
/**
@ -582,6 +584,7 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a
int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac );
#endif /* MBEDTLS_MD_C */
#if defined(MBEDTLS_X509_INFO)
/**
* \brief Translate Extended Key Usage OID into description
*
@ -591,6 +594,7 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
*/
int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc );
#endif
/**
* \brief Translate certificate policies OID into description

2
include/mbedtls/x509.h
View file

@ -316,9 +316,11 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *serial );
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
mbedtls_x509_buf *ext, int tag );
#if defined(MBEDTLS_X509_INFO)
int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid,
mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const void *sig_opts );
#endif
int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name );
int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name );
int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len,

2
include/mbedtls/x509_crl.h
View file

@ -134,6 +134,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s
int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_X509_INFO)
/**
* \brief Returns an informational string about the CRL.
*
@ -147,6 +148,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path );
*/
int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_crl *crl );
#endif
/**
* \brief Initialize a CRL (chain)

5
include/mbedtls/x509_crt.h
View file

@ -509,6 +509,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path );
*/
int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san );
#if defined(MBEDTLS_X509_INFO)
/**
* \brief Returns an informational string about the
* certificate.
@ -523,7 +525,9 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
*/
int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_crt *crt );
#endif
#if defined(MBEDTLS_X509_INFO)
/**
* \brief Returns an informational string about the
* verification status of a certificate.
@ -538,6 +542,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
*/
int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
uint32_t flags );
#endif
/**
* \brief Verify a chain of certificates.

2
include/mbedtls/x509_csr.h
View file

@ -121,6 +121,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz
int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_X509_INFO)
/**
* \brief Returns an informational string about the
* CSR.
@ -135,6 +136,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path );
*/
int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
const mbedtls_x509_csr *csr );
#endif
/**
* \brief Initialize a CSR

4
library/debug.c
View file

@ -284,7 +284,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level,
}
#endif /* MBEDTLS_BIGNUM_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO)
static void debug_print_pk( const mbedtls_ssl_context *ssl, int level,
const char *file, int line,
const char *text, const mbedtls_pk_context *pk )
@ -379,7 +379,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level,
crt = crt->next;
}
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_INFO */
#if defined(MBEDTLS_ECDH_C)
static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl,

201
library/oid.c
View file

@ -41,6 +41,17 @@
*/
#define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s)
/*
* Macro to generate mbedtls_oid_descriptor_t
*/
#if defined(MBEDTLS_X509_INFO)
#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description }
#define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL }
#else
#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) }
#define NULL_OID_DESCRIPTOR { NULL, 0 }
#endif
/*
* Macro to generate an internal function for oid_XXX_from_asn1() (used by
* the other functions)
@ -64,6 +75,7 @@
return( NULL ); \
}
#if defined(MBEDTLS_X509_INFO)
/*
* Macro to generate a function for retrieving a single attribute from the
* descriptor of an mbedtls_oid_descriptor_t wrapper.
@ -76,6 +88,7 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 )
*ATTR1 = data->descriptor.ATTR1; \
return( 0 ); \
}
#endif /* MBEDTLS_X509_INFO */
/*
* Macro to generate a function for retrieving a single attribute from an
@ -157,83 +170,83 @@ typedef struct {
static const oid_x520_attr_t oid_x520_attr_type[] =
{
{
{ ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name" ),
"CN",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country" ),
"C",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality" ),
"L",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_STATE, "id-at-state", "State" ),
"ST",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_ORGANIZATION,"id-at-organizationName", "Organization" ),
"O",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit" ),
"OU",
},
{
{ ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS9_EMAIL, "emailAddress", "E-mail address" ),
"emailAddress",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_SERIAL_NUMBER,"id-at-serialNumber", "Serial number" ),
"serialNumber",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_ADDRESS,"id-at-postalAddress", "Postal address" ),
"postalAddress",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code" ),
"postalCode",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname" ),
"SN",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name" ),
"GN",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials" ),
"initials",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_GENERATION_QUALIFIER, "id-at-generationQualifier", "Generation qualifier" ),
"generationQualifier",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_TITLE, "id-at-title", "Title" ),
"title",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_DN_QUALIFIER,"id-at-dnQualifier", "Distinguished Name qualifier" ),
"dnQualifier",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym" ),
"pseudonym",
},
{
{ ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent", "Domain component" ),
"DC",
},
{
{ ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" },
OID_DESCRIPTOR( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, "id-at-uniqueIdentifier", "Unique Identifier" ),
"uniqueIdentifier",
},
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
NULL,
}
};
@ -252,31 +265,31 @@ typedef struct {
static const oid_x509_ext_t oid_x509_ext[] =
{
{
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ),
MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS,
},
{
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ),
MBEDTLS_OID_X509_EXT_KEY_USAGE,
},
{
{ ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" },
OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ),
MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE,
},
{
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ),
MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME,
},
{
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },
OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ),
MBEDTLS_OID_X509_EXT_NS_CERT_TYPE,
},
{
{ ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" },
OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ),
MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES,
},
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
0,
},
};
@ -284,16 +297,17 @@ static const oid_x509_ext_t oid_x509_ext[] =
FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext)
FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type)
#if defined(MBEDTLS_X509_INFO)
static const mbedtls_oid_descriptor_t oid_ext_key_usage[] =
{
{ ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" },
{ ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" },
{ ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" },
{ ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" },
{ ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" },
{ ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" },
{ ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" },
{ NULL, 0, NULL, NULL },
OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" ),
OID_DESCRIPTOR( MBEDTLS_OID_CLIENT_AUTH, "id-kp-clientAuth", "TLS Web Client Authentication" ),
OID_DESCRIPTOR( MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing" ),
OID_DESCRIPTOR( MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" ),
OID_DESCRIPTOR( MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping" ),
OID_DESCRIPTOR( MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" ),
OID_DESCRIPTOR( MBEDTLS_OID_WISUN_FAN, "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" ),
NULL_OID_DESCRIPTOR,
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage)
@ -301,12 +315,13 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, e
static const mbedtls_oid_descriptor_t oid_certificate_policies[] =
{
{ ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" },
{ NULL, 0, NULL, NULL },
OID_DESCRIPTOR( MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy" ),
NULL_OID_DESCRIPTOR,
};
FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies)
FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description)
#endif /* MBEDTLS_X509_INFO */
#if defined(MBEDTLS_MD_C)
/*
@ -323,51 +338,51 @@ static const oid_sig_alg_t oid_sig_alg[] =
#if defined(MBEDTLS_RSA_C)
#if defined(MBEDTLS_MD2_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" ),
MBEDTLS_MD_MD2, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" ),
MBEDTLS_MD_MD4, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ),
MBEDTLS_MD_MD5, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1" ),
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224" ),
MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA,
},
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256" ),
MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384" ),
MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA,
},
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512" ),
MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" },
OID_DESCRIPTOR( MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" ),
MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA,
},
#endif /* MBEDTLS_SHA1_C */
@ -375,45 +390,49 @@ static const oid_sig_alg_t oid_sig_alg[] =
#if defined(MBEDTLS_ECDSA_C)
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" },
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ),
MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" },
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" ),
MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA,
},
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" },
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" ),
MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" },
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" ),
MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA,
},
{
{ ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" },
OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" ),
MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA,
},
#endif /* MBEDTLS_SHA512_C */
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_RSA_C)
{
{ ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" },
OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ),
MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS,
},
#endif /* MBEDTLS_RSA_C */
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE, MBEDTLS_PK_NONE,
},
};
FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg)
#if defined(MBEDTLS_X509_INFO)
FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description)
#endif
FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg)
FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg)
#endif /* MBEDTLS_MD_C */
@ -429,19 +448,19 @@ typedef struct {
static const oid_pk_alg_t oid_pk_alg[] =
{
{
{ ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ),
MBEDTLS_PK_RSA,
},
{
{ ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ),
MBEDTLS_PK_ECKEY,
},
{
{ ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ),
MBEDTLS_PK_ECKEY_DH,
},
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_PK_NONE,
},
};
@ -463,72 +482,72 @@ static const oid_ecp_grp_t oid_ecp_grp[] =
{
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1" ),
MBEDTLS_ECP_DP_SECP192R1,
},
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1" ),
MBEDTLS_ECP_DP_SECP224R1,
},
#endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1" ),
MBEDTLS_ECP_DP_SECP256R1,
},
#endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1" ),
MBEDTLS_ECP_DP_SECP384R1,
},
#endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1" ),
MBEDTLS_ECP_DP_SECP521R1,
},
#endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1" ),
MBEDTLS_ECP_DP_SECP192K1,
},
#endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1" ),
MBEDTLS_ECP_DP_SECP224K1,
},
#endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1" ),
MBEDTLS_ECP_DP_SECP256K1,
},
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1","brainpool256r1" ),
MBEDTLS_ECP_DP_BP256R1,
},
#endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1","brainpool384r1" ),
MBEDTLS_ECP_DP_BP384R1,
},
#endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
{
{ ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" },
OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1","brainpool512r1" ),
MBEDTLS_ECP_DP_BP512R1,
},
#endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_ECP_DP_NONE,
},
};
@ -550,15 +569,15 @@ typedef struct {
static const oid_cipher_alg_t oid_cipher_alg[] =
{
{
{ ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" },
OID_DESCRIPTOR( MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC" ),
MBEDTLS_CIPHER_DES_CBC,
},
{
{ ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" },
OID_DESCRIPTOR( MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" ),
MBEDTLS_CIPHER_DES_EDE3_CBC,
},
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_CIPHER_NONE,
},
};
@ -580,56 +599,56 @@ static const oid_md_alg_t oid_md_alg[] =
{
#if defined(MBEDTLS_MD2_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD2, "id-md2", "MD2" ),
MBEDTLS_MD_MD2,
},
#endif /* MBEDTLS_MD2_C */
#if defined(MBEDTLS_MD4_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD4, "id-md4", "MD4" ),
MBEDTLS_MD_MD4,
},
#endif /* MBEDTLS_MD4_C */
#if defined(MBEDTLS_MD5_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ),
MBEDTLS_MD_MD5,
},
#endif /* MBEDTLS_MD5_C */
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" ),
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" ),
MBEDTLS_MD_SHA224,
},
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" ),
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" ),
MBEDTLS_MD_SHA384,
},
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" ),
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_SHA512_C */
#if defined(MBEDTLS_RIPEMD160_C)
{
{ ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" },
OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ),
MBEDTLS_MD_RIPEMD160,
},
#endif /* MBEDTLS_RIPEMD160_C */
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
},
};
@ -650,32 +669,32 @@ static const oid_md_hmac_t oid_md_hmac[] =
{
#if defined(MBEDTLS_SHA1_C)
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" },
OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1" ),
MBEDTLS_MD_SHA1,
},
#endif /* MBEDTLS_SHA1_C */
#if defined(MBEDTLS_SHA256_C)
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" },
OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224" ),
MBEDTLS_MD_SHA224,
},
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" },
OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256" ),
MBEDTLS_MD_SHA256,
},
#endif /* MBEDTLS_SHA256_C */
#if defined(MBEDTLS_SHA512_C)
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" },
OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384" ),
MBEDTLS_MD_SHA384,
},
{
{ ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" },
OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512" ),
MBEDTLS_MD_SHA512,
},
#endif /* MBEDTLS_SHA512_C */
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE,
},
};
@ -697,15 +716,15 @@ typedef struct {
static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] =
{
{
{ ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" ),
MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC,
},
{
{ ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" },
OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" ),
MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC,
},
{
{ NULL, 0, NULL, NULL },
NULL_OID_DESCRIPTOR,
MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE,
},
};

3
library/version_features.c
View file

@ -597,6 +597,9 @@ static const char * const features[] = {
#if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE)
"MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE",
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_INFO)
"MBEDTLS_X509_INFO",
#endif /* MBEDTLS_X509_INFO */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
"MBEDTLS_X509_RSASSA_PSS_SUPPORT",
#endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */

2
library/x509.c
View file

@ -831,6 +831,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
return( (int) ( size - n ) );
}
#if defined(MBEDTLS_X509_INFO)
/*
* Helper for writing signature algorithms
*/
@ -875,6 +876,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s
return( (int)( size - n ) );
}
#endif /* MBEDTLS_X509_INFO */
/*
* Helper for writing "RSA key size", "EC key size", etc

2
library/x509_crl.c
View file

@ -614,6 +614,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path )
}
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_X509_INFO)
/*
* Return an informational string about the certificate.
*/
@ -693,6 +694,7 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix,
return( (int) ( size - n ) );
}
#endif /* MBEDTLS_X509_INFO */
/*
* Initialize a CRL chain

102
library/x509_crt.c
View file

@ -1763,6 +1763,57 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
return( 0 );
}
int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
switch( san_buf->tag &
( MBEDTLS_ASN1_TAG_CLASS_MASK |
MBEDTLS_ASN1_TAG_VALUE_MASK ) )
{
/*
* otherName
*/
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
{
mbedtls_x509_san_other_name other_name;
ret = x509_get_other_name( san_buf, &other_name );
if( ret != 0 )
return( ret );
memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
san->type = MBEDTLS_X509_SAN_OTHER_NAME;
memcpy( &san->san.other_name,
&other_name, sizeof( other_name ) );
}
break;
/*
* dNSName
*/
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
{
memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
san->type = MBEDTLS_X509_SAN_DNS_NAME;
memcpy( &san->san.unstructured_name,
san_buf, sizeof( *san_buf ) );
}
break;
/*
* Type not supported
*/
default:
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
}
return( 0 );
}
#if !defined(MBEDTLS_X509_REMOVE_INFO)
static int x509_info_subject_alt_name( char **buf, size_t *size,
const mbedtls_x509_sequence
*subject_alt_name,
@ -1876,56 +1927,6 @@ static int x509_info_subject_alt_name( char **buf, size_t *size,
return( 0 );
}
int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf,
mbedtls_x509_subject_alternative_name *san )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
switch( san_buf->tag &
( MBEDTLS_ASN1_TAG_CLASS_MASK |
MBEDTLS_ASN1_TAG_VALUE_MASK ) )
{
/*
* otherName
*/
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ):
{
mbedtls_x509_san_other_name other_name;
ret = x509_get_other_name( san_buf, &other_name );
if( ret != 0 )
return( ret );
memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
san->type = MBEDTLS_X509_SAN_OTHER_NAME;
memcpy( &san->san.other_name,
&other_name, sizeof( other_name ) );
}
break;
/*
* dNSName
*/
case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ):
{
memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) );
san->type = MBEDTLS_X509_SAN_DNS_NAME;
memcpy( &san->san.unstructured_name,
san_buf, sizeof( *san_buf ) );
}
break;
/*
* Type not supported
*/
default:
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
}
return( 0 );
}
#define PRINT_ITEM(i) \
{ \
ret = mbedtls_snprintf( p, n, "%s" i, sep ); \
@ -2250,6 +2251,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
return( (int) ( size - n ) );
}
#endif /* MBEDTLS_X509_INFO */
#if defined(MBEDTLS_X509_CHECK_KEY_USAGE)
int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt,

2
library/x509_csr.c
View file

@ -323,6 +323,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path )
}
#endif /* MBEDTLS_FS_IO */
#if defined(MBEDTLS_X509_INFO)
#define BEFORE_COLON 14
#define BC "14"
/*
@ -367,6 +368,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix,
return( (int) ( size - n ) );
}
#endif /* MBEDTLS_X509_INFO */
/*
* Initialize a CSR

4
programs/ssl/dtls_client.c
View file

@ -241,13 +241,17 @@ int main( int argc, char *argv[] )
* MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
#endif
}
else
mbedtls_printf( " ok\n" );

4
programs/ssl/ssl_client1.c
View file

@ -216,13 +216,17 @@ int main( void )
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
#endif
}
else
mbedtls_printf( " ok\n" );

13
programs/ssl/ssl_client2.c
View file

@ -529,9 +529,12 @@ static unsigned char peer_crt_info[1024];
static int my_verify( void *data, mbedtls_x509_crt *crt,
int depth, uint32_t *flags )
{
#if defined(MBEDTLS_X509_INFO)
char buf[1024];
#endif
((void) data);
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt );
if( depth == 0 )
memcpy( peer_crt_info, buf, sizeof( buf ) );
@ -541,13 +544,19 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth );
mbedtls_printf( "%s", buf );
#else
((void) crt);
((void) depth);
#endif
if ( ( *flags ) == 0 )
mbedtls_printf( " This certificate has no flags\n" );
else
{
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags );
mbedtls_printf( "%s\n", buf );
#endif
}
return( 0 );
@ -2275,14 +2284,18 @@ int main( int argc, char *argv[] )
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ),
" ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
#endif
}
else
mbedtls_printf( " ok\n" );

6
programs/ssl/ssl_mail_client.c
View file

@ -208,21 +208,27 @@ static int do_handshake( mbedtls_ssl_context *ssl )
/* In real life, we probably want to bail out when ret != 0 */
if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 )
{
#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
#endif
}
else
mbedtls_printf( " ok\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_printf( " . Peer certificate information ...\n" );
mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ",
mbedtls_ssl_get_peer_cert( ssl ) );
mbedtls_printf( "%s\n", buf );
#endif
return( 0 );
}

8
programs/ssl/ssl_server2.c
View file

@ -3134,7 +3134,7 @@ handshake:
{
mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret );
#if defined(MBEDTLS_X509_CRT_PARSE_C)
#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO)
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
{
char vrfy_buf[512];
@ -3188,17 +3188,22 @@ handshake:
if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 )
{
#if defined(MBEDTLS_X509_INFO)
char vrfy_buf[512];
#endif
mbedtls_printf( " failed\n" );
#if defined(MBEDTLS_X509_INFO)
mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags );
mbedtls_printf( "%s\n", vrfy_buf );
#endif
}
else
mbedtls_printf( " ok\n" );
#if defined(MBEDTLS_X509_INFO)
if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL )
{
char crt_buf[512];
@ -3208,6 +3213,7 @@ handshake:
mbedtls_ssl_get_peer_cert( &ssl ) );
mbedtls_printf( "%s\n", crt_buf );
}
#endif /* MBEDTLS_X509_INFO */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_EXPORT_KEYS)

8
programs/test/query_config.c
View file

@ -1643,6 +1643,14 @@ int query_config( const char *config )
}
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */
#if defined(MBEDTLS_X509_INFO)
if( strcmp( "MBEDTLS_X509_INFO", config ) == 0 )
{
MACRO_EXPANSION_TO_STR( MBEDTLS_X509_INFO );
return( 0 );
}
#endif /* MBEDTLS_X509_INFO */
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 )
{

4
programs/x509/cert_app.c
View file

@ -41,14 +41,14 @@
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_CTR_DRBG_C)
!defined(MBEDTLS_X509_INFO) || !defined(MBEDTLS_CTR_DRBG_C)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_CTR_DRBG_C not defined.\n");
"MBEDTLS_X509_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n");
mbedtls_exit( 0 );
}
#else

6
programs/x509/crl_app.c
View file

@ -35,11 +35,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO)
!defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_X509_INFO)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
"MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_X509_INFO not defined.\n");
mbedtls_exit( 0 );
}
#else

6
programs/x509/req_app.c
View file

@ -35,11 +35,13 @@
#endif /* MBEDTLS_PLATFORM_C */
#if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO)
!defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \
!defined(MBEDTLS_X509_INFO)
int main( void )
{
mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or "
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n");
"MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or "
"MBEDTLS_X509_INFO not defined.\n");
mbedtls_exit( 0 );
}
#else

4
tests/suites/test_suite_debug.data
View file

@ -38,11 +38,11 @@ Debug print buffer #5
mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
Debug print certificate #1 (RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO
mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n"
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
Debug print mbedtls_mpi #1

2
tests/suites/test_suite_debug.function
View file

@ -131,7 +131,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */
void mbedtls_debug_print_crt( char * crt_file, char * file, int line,
char * prefix, char * result_str )
{

2
tests/suites/test_suite_oid.function
View file

@ -6,7 +6,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_OID_C
* depends_on:MBEDTLS_OID_C:MBEDTLS_X509_INFO
* END_DEPENDENCIES
*/

80
tests/suites/test_suite_x509parse.data
View file

@ -203,79 +203,79 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:
x509_parse_san:"data_files/server5-unsupported_othername.crt":""
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD2 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
X509 CRL Information MD4 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
X509 CRL Information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
X509 CRL information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
X509 CRL information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
X509 CRL information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
X509 CRL information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO
mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
@ -291,71 +291,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
X509 CSR Information RSA with MD4
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with MD5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA224
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA256
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA384
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA512
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 CSR Information RSA-PSS with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA with SHA-256 - Microsoft header
@ -2131,7 +2131,7 @@ x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b060355040
# 03020001 signatureValue BIT STRING
# The subsequent TBSCertList negative tests remove or modify some elements.
X509 CRL ASN1 (TBSCertList, sig present)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (TBSCertList, signatureValue missing)
@ -2167,7 +2167,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL ASN1 (TBSCertList, no entries)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
X509 CRL ASN1 (invalid version 2)
@ -2197,7 +2197,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
X509 CRT parse path #2 (one cert)
@ -2536,7 +2536,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG
X509 CSR ASN.1 (OK)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO
mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
X509 CSR ASN.1 (bad first tag)

31
tests/suites/test_suite_x509parse.function
View file

@ -398,6 +398,7 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
* END_DEPENDENCIES
*/
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
void x509_parse_san( char * crt_file, char * result_str )
{
@ -438,7 +439,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_INFO:MBEDTLS_X509_CRT_PARSE_C */
void x509_cert_info( char * crt_file, char * result_str )
{
mbedtls_x509_crt crt;
@ -461,7 +462,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */
void mbedtls_x509_crl_info( char * crl_file, char * result_str )
{
mbedtls_x509_crl crl;
@ -500,7 +501,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */
void mbedtls_x509_csr_info( char * csr_file, char * result_str )
{
mbedtls_x509_csr csr;
@ -523,7 +524,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */
void x509_verify_info( int flags, char * prefix, char * result_str )
{
char buf[2000];
@ -738,7 +739,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */
void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str )
{
mbedtls_x509_crt crt;
@ -826,30 +827,37 @@ exit:
void x509parse_crt( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crt crt;
#if defined(MBEDTLS_X509_INFO)
unsigned char output[2000];
int res;
#endif
mbedtls_x509_crt_init( &crt );
memset( output, 0, 2000 );
TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) );
#if defined(MBEDTLS_X509_INFO)
if( ( result ) == 0 )
{
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
TEST_ASSERT( res != -2 );
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
#endif
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
#if defined(MBEDTLS_X509_INFO)
memset( output, 0, 2000 );
#endif
TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) );
#if defined(MBEDTLS_X509_INFO)
if( ( result ) == 0 )
{
memset( output, 0, 2000 );
res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt );
TEST_ASSERT( res != -1 );
@ -857,6 +865,9 @@ void x509parse_crt( data_t * buf, char * result_str, int result )
TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 );
}
#else
((void)result_str);
#endif
mbedtls_x509_crt_free( &crt );
mbedtls_x509_crt_init( &crt );
@ -939,7 +950,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */
void x509parse_crl( data_t * buf, char * result_str, int result )
{
mbedtls_x509_crl crl;
@ -966,7 +977,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */
void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret )
{
mbedtls_x509_csr csr;
@ -1099,7 +1110,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */
/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:MBEDTLS_X509_INFO */
void x509_oid_desc( data_t * buf, char * ref_desc )
{
mbedtls_x509_buf oid;