Merge remote-tracking branch 'tls/pr/2028' into development
This commit is contained in:
commit
a78c958b17
22 changed files with 403 additions and 102 deletions
10
ChangeLog
10
ChangeLog
|
@ -53,6 +53,16 @@ Changes
|
|||
underlying OS actually guarantees.
|
||||
* Fix configuration queries in ssl-opt.h. #2030
|
||||
* Ensure that ssl-opt.h can be run in OS X. #2029
|
||||
* Ensure that unused bits are zero when writing ASN.1 bitstrings when using
|
||||
mbedtls_asn1_write_bitstring().
|
||||
* Fix issue when writing the named bitstrings in KeyUsage and NsCertType
|
||||
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
|
||||
correctly as trailing zeroes were not accounted for as unused bits in the
|
||||
leading content octet. Fixes #1610.
|
||||
|
||||
Features
|
||||
* Add a new function mbedtls_asn1_write_named_bitstring() to write ASN.1
|
||||
named bitstring in DER as required by RFC 5280 Appendix B.
|
||||
|
||||
= mbed TLS 2.16.0 branch released 2018-12-21
|
||||
|
||||
|
|
|
@ -282,6 +282,28 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
|||
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t bits );
|
||||
|
||||
/**
|
||||
* \brief This function writes a named bitstring tag
|
||||
* (#MBEDTLS_ASN1_BIT_STRING) and value in ASN.1 format.
|
||||
*
|
||||
* As stated in RFC 5280 Appendix B, trailing zeroes are
|
||||
* omitted when encoding named bitstrings in DER.
|
||||
*
|
||||
* \note This function works backwards within the data buffer.
|
||||
*
|
||||
* \param p The reference to the current position pointer.
|
||||
* \param start The start of the buffer which is used for bounds-checking.
|
||||
* \param buf The bitstring to write.
|
||||
* \param bits The total number of bits in the bitstring.
|
||||
*
|
||||
* \return The number of bytes written to \p p on success.
|
||||
* \return A negative error code on failure.
|
||||
*/
|
||||
int mbedtls_asn1_write_named_bitstring( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const unsigned char *buf,
|
||||
size_t bits );
|
||||
|
||||
/**
|
||||
* \brief Write an octet string tag (#MBEDTLS_ASN1_OCTET_STRING)
|
||||
* and value in ASN.1 format.
|
||||
|
|
|
@ -205,6 +205,14 @@ void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_ty
|
|||
* \param key_usage key usage flags to set
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_ALLOC_FAILED
|
||||
*
|
||||
* \note The <code>decipherOnly</code> flag from the Key Usage
|
||||
* extension is represented by bit 8 (i.e.
|
||||
* <code>0x8000</code>), which cannot typically be represented
|
||||
* in an unsigned char. Therefore, the flag
|
||||
* <code>decipherOnly</code> (i.e.
|
||||
* #MBEDTLS_X509_KU_DECIPHER_ONLY) cannot be set using this
|
||||
* function.
|
||||
*/
|
||||
int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned char key_usage );
|
||||
|
||||
|
|
|
@ -290,26 +290,75 @@ int mbedtls_asn1_write_ia5_string( unsigned char **p, unsigned char *start,
|
|||
return( mbedtls_asn1_write_tagged_string(p, start, MBEDTLS_ASN1_IA5_STRING, text, text_len) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_named_bitstring( unsigned char **p,
|
||||
unsigned char *start,
|
||||
const unsigned char *buf,
|
||||
size_t bits )
|
||||
{
|
||||
size_t unused_bits, byte_len;
|
||||
const unsigned char *cur_byte;
|
||||
unsigned char cur_byte_shifted;
|
||||
unsigned char bit;
|
||||
|
||||
byte_len = ( bits + 7 ) / 8;
|
||||
unused_bits = ( byte_len * 8 ) - bits;
|
||||
|
||||
/*
|
||||
* Named bitstrings require that trailing 0s are excluded in the encoding
|
||||
* of the bitstring. Trailing 0s are considered part of the 'unused' bits
|
||||
* when encoding this value in the first content octet
|
||||
*/
|
||||
if( bits != 0 )
|
||||
{
|
||||
cur_byte = buf + byte_len - 1;
|
||||
cur_byte_shifted = *cur_byte >> unused_bits;
|
||||
|
||||
for( ; ; )
|
||||
{
|
||||
bit = cur_byte_shifted & 0x1;
|
||||
cur_byte_shifted >>= 1;
|
||||
|
||||
if( bit != 0 )
|
||||
break;
|
||||
|
||||
bits--;
|
||||
if( bits == 0 )
|
||||
break;
|
||||
|
||||
if( bits % 8 == 0 )
|
||||
cur_byte_shifted = *--cur_byte;
|
||||
}
|
||||
}
|
||||
|
||||
return( mbedtls_asn1_write_bitstring( p, start, buf, bits ) );
|
||||
}
|
||||
|
||||
int mbedtls_asn1_write_bitstring( unsigned char **p, unsigned char *start,
|
||||
const unsigned char *buf, size_t bits )
|
||||
{
|
||||
int ret;
|
||||
size_t len = 0, size;
|
||||
size_t len = 0;
|
||||
size_t unused_bits, byte_len;
|
||||
|
||||
size = ( bits / 8 ) + ( ( bits % 8 ) ? 1 : 0 );
|
||||
byte_len = ( bits + 7 ) / 8;
|
||||
unused_bits = ( byte_len * 8 ) - bits;
|
||||
|
||||
// Calculate byte length
|
||||
//
|
||||
if( *p < start || (size_t)( *p - start ) < size + 1 )
|
||||
if( *p < start || (size_t)( *p - start ) < byte_len + 1 )
|
||||
return( MBEDTLS_ERR_ASN1_BUF_TOO_SMALL );
|
||||
|
||||
len = size + 1;
|
||||
(*p) -= size;
|
||||
memcpy( *p, buf, size );
|
||||
len = byte_len + 1;
|
||||
|
||||
// Write unused bits
|
||||
//
|
||||
*--(*p) = (unsigned char) (size * 8 - bits);
|
||||
/* Write the bitstring. Ensure the unused bits are zeroed */
|
||||
if( byte_len > 0 )
|
||||
{
|
||||
byte_len--;
|
||||
*--( *p ) = buf[byte_len] & ~( ( 0x1 << unused_bits ) - 1 );
|
||||
( *p ) -= byte_len;
|
||||
memcpy( *p, buf, byte_len );
|
||||
}
|
||||
|
||||
/* Write unused bits */
|
||||
*--( *p ) = (unsigned char)unused_bits;
|
||||
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_BIT_STRING ) );
|
||||
|
|
|
@ -221,23 +221,36 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
|
|||
int mbedtls_x509write_crt_set_key_usage( mbedtls_x509write_cert *ctx,
|
||||
unsigned int key_usage )
|
||||
{
|
||||
unsigned char buf[4], ku;
|
||||
unsigned char buf[5], ku[2];
|
||||
unsigned char *c;
|
||||
int ret;
|
||||
const unsigned int allowed_bits = MBEDTLS_X509_KU_DIGITAL_SIGNATURE |
|
||||
MBEDTLS_X509_KU_NON_REPUDIATION |
|
||||
MBEDTLS_X509_KU_KEY_ENCIPHERMENT |
|
||||
MBEDTLS_X509_KU_DATA_ENCIPHERMENT |
|
||||
MBEDTLS_X509_KU_KEY_AGREEMENT |
|
||||
MBEDTLS_X509_KU_KEY_CERT_SIGN |
|
||||
MBEDTLS_X509_KU_CRL_SIGN |
|
||||
MBEDTLS_X509_KU_ENCIPHER_ONLY |
|
||||
MBEDTLS_X509_KU_DECIPHER_ONLY;
|
||||
|
||||
/* We currently only support 7 bits, from 0x80 to 0x02 */
|
||||
if( ( key_usage & ~0xfe ) != 0 )
|
||||
/* Check that nothing other than the allowed flags is set */
|
||||
if( ( key_usage & ~allowed_bits ) != 0 )
|
||||
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
c = buf + 4;
|
||||
ku = (unsigned char) key_usage;
|
||||
c = buf + 5;
|
||||
ku[0] = (unsigned char)( key_usage );
|
||||
ku[1] = (unsigned char)( key_usage >> 8 );
|
||||
ret = mbedtls_asn1_write_named_bitstring( &c, buf, ku, 9 );
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ku, 7 ) ) != 4 )
|
||||
if( ret < 0 )
|
||||
return( ret );
|
||||
else if( ret < 3 || ret > 5 )
|
||||
return( MBEDTLS_ERR_X509_INVALID_FORMAT );
|
||||
|
||||
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
|
||||
1, buf, 4 );
|
||||
1, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -253,12 +266,13 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
|
|||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
|
||||
ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
|
||||
if( ret < 3 || ret > 4 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
|
||||
0, buf, 4 );
|
||||
0, c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
|
@ -94,12 +94,13 @@ int mbedtls_x509write_csr_set_key_usage( mbedtls_x509write_csr *ctx, unsigned ch
|
|||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &key_usage, 7 ) ) != 4 )
|
||||
ret = mbedtls_asn1_write_named_bitstring( &c, buf, &key_usage, 8 );
|
||||
if( ret < 3 || ret > 4 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_KEY_USAGE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_KEY_USAGE ),
|
||||
buf, 4 );
|
||||
c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
@ -115,12 +116,13 @@ int mbedtls_x509write_csr_set_ns_cert_type( mbedtls_x509write_csr *ctx,
|
|||
|
||||
c = buf + 4;
|
||||
|
||||
if( ( ret = mbedtls_asn1_write_bitstring( &c, buf, &ns_cert_type, 8 ) ) != 4 )
|
||||
ret = mbedtls_asn1_write_named_bitstring( &c, buf, &ns_cert_type, 8 );
|
||||
if( ret < 3 || ret > 4 )
|
||||
return( ret );
|
||||
|
||||
ret = mbedtls_x509write_csr_set_extension( ctx, MBEDTLS_OID_NS_CERT_TYPE,
|
||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_NS_CERT_TYPE ),
|
||||
buf, 4 );
|
||||
c, (size_t)ret );
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
|
||||
|
|
|
@ -65,7 +65,9 @@ int main( void )
|
|||
#define DFL_OUTPUT_FILENAME "cert.req"
|
||||
#define DFL_SUBJECT_NAME "CN=Cert,O=mbed TLS,C=UK"
|
||||
#define DFL_KEY_USAGE 0
|
||||
#define DFL_FORCE_KEY_USAGE 0
|
||||
#define DFL_NS_CERT_TYPE 0
|
||||
#define DFL_FORCE_NS_CERT_TYPE 0
|
||||
#define DFL_MD_ALG MBEDTLS_MD_SHA256
|
||||
|
||||
#define USAGE \
|
||||
|
@ -85,6 +87,8 @@ int main( void )
|
|||
" key_agreement\n" \
|
||||
" key_cert_sign\n" \
|
||||
" crl_sign\n" \
|
||||
" force_key_usage=0/1 default: off\n" \
|
||||
" Add KeyUsage even if it is empty\n" \
|
||||
" ns_cert_type=%%s default: (empty)\n" \
|
||||
" Comma-separated-list of values:\n" \
|
||||
" ssl_client\n" \
|
||||
|
@ -94,6 +98,8 @@ int main( void )
|
|||
" ssl_ca\n" \
|
||||
" email_ca\n" \
|
||||
" object_signing_ca\n" \
|
||||
" force_ns_cert_type=0/1 default: off\n" \
|
||||
" Add NsCertType even if it is empty\n" \
|
||||
" md=%%s default: SHA256\n" \
|
||||
" possible values:\n" \
|
||||
" MD4, MD5, SHA1\n" \
|
||||
|
@ -123,7 +129,9 @@ struct options
|
|||
const char *output_file; /* where to store the constructed key file */
|
||||
const char *subject_name; /* subject name for certificate request */
|
||||
unsigned char key_usage; /* key usage flags */
|
||||
int force_key_usage; /* Force adding the KeyUsage extension */
|
||||
unsigned char ns_cert_type; /* NS cert type */
|
||||
int force_ns_cert_type; /* Force adding NsCertType extension */
|
||||
mbedtls_md_type_t md_alg; /* Hash algorithm used for signature. */
|
||||
} opt;
|
||||
|
||||
|
@ -190,7 +198,9 @@ int main( int argc, char *argv[] )
|
|||
opt.output_file = DFL_OUTPUT_FILENAME;
|
||||
opt.subject_name = DFL_SUBJECT_NAME;
|
||||
opt.key_usage = DFL_KEY_USAGE;
|
||||
opt.force_key_usage = DFL_FORCE_KEY_USAGE;
|
||||
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
||||
opt.force_ns_cert_type = DFL_FORCE_NS_CERT_TYPE;
|
||||
opt.md_alg = DFL_MD_ALG;
|
||||
|
||||
for( i = 1; i < argc; i++ )
|
||||
|
@ -292,6 +302,15 @@ int main( int argc, char *argv[] )
|
|||
q = r;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "force_key_usage" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.force_key_usage = 0; break;
|
||||
case 1: opt.force_key_usage = 1; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "ns_cert_type" ) == 0 )
|
||||
{
|
||||
while( q != NULL )
|
||||
|
@ -319,16 +338,25 @@ int main( int argc, char *argv[] )
|
|||
q = r;
|
||||
}
|
||||
}
|
||||
else if( strcmp( p, "force_ns_cert_type" ) == 0 )
|
||||
{
|
||||
switch( atoi( q ) )
|
||||
{
|
||||
case 0: opt.force_ns_cert_type = 0; break;
|
||||
case 1: opt.force_ns_cert_type = 1; break;
|
||||
default: goto usage;
|
||||
}
|
||||
}
|
||||
else
|
||||
goto usage;
|
||||
}
|
||||
|
||||
mbedtls_x509write_csr_set_md_alg( &req, opt.md_alg );
|
||||
|
||||
if( opt.key_usage )
|
||||
if( opt.key_usage || opt.force_key_usage == 1 )
|
||||
mbedtls_x509write_csr_set_key_usage( &req, opt.key_usage );
|
||||
|
||||
if( opt.ns_cert_type )
|
||||
if( opt.ns_cert_type || opt.force_ns_cert_type == 1 )
|
||||
mbedtls_x509write_csr_set_ns_cert_type( &req, opt.ns_cert_type );
|
||||
|
||||
/*
|
||||
|
|
|
@ -785,6 +785,14 @@ server1.req.ku-ct: server1.key
|
|||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
|
||||
all_final += server1.req.ku-ct
|
||||
|
||||
server1.req.key_usage_empty: server1.key
|
||||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1
|
||||
all_final += server1.req.key_usage_empty
|
||||
|
||||
server1.req.cert_type_empty: server1.key
|
||||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1
|
||||
all_final += server1.req.cert_type_empty
|
||||
|
||||
# server2*
|
||||
|
||||
server2.req.sha256: server2.key
|
||||
|
|
|
@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
|||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
|
||||
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
|
||||
AEAwDQYJKoZIhvcNAQEFBQADggEBAEQOk5Ejgu/GsxvMo+RknXcta5Qr6MiNo1EM
|
||||
G5Xrf++aaf4Mi38p5ZxWDxQDyBmutSnuJgzO+Dxe5w/RNojFa4ri4g5Zk8zwfIcQ
|
||||
8jR6a9DJtxarxDj/UqEzaiBa5MpxsbQqbmou7X7YW9LHDzmCgzbaabyWCuGYxvmh
|
||||
lDbcISST73G+vJEeExcBHyom/GV9TNcFAGa66YV/FtABg2tiy9znmUeMnZeYkC9S
|
||||
05m6UstAU6pMdwiTpjZjovsTlAcmC76XmE/GpREhRvtGCKTb2pUi3agqsrapABmF
|
||||
EGZT9cpwkrl3cxh+jxAMEuhJLdEScDWHVsiNS5y9yxitWC4NqR4=
|
||||
BkAwDQYJKoZIhvcNAQEFBQADggEBAK1WXZYd6k7/zE2NcszT6rxNaSixPZrDYzRt
|
||||
Iz5rpH33IHkCdR956/ExCcDMqGNVtKtBdr8kw3+jzyPQhwyHVPNv4C/cgt0C89Pf
|
||||
qZLQGuEPVp1X4tzEY2Kno9c1tllLVzJdvz1mRhSb9z5CWQKNMT+8MMl3k+0NZ4LT
|
||||
NEx4gTZxYEsAGEuO/Yij9ctxp4RdSP585FXgiMC00ieMe/aJxlOIgpIhuWdu0KPP
|
||||
G5guYd4hQ9ZrGVOGdjv2cZbh4DuQOsCwU9in/e1RKFV6eMmyOdvLJ4jkTauwkGJG
|
||||
lCclZZQwzGawOiMl2OYPUia5bkaEsdE/0QW/lf36lco8CNjpUfY=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
|||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR
|
||||
BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBAJc3yZUS9X3/lb63
|
||||
Nlt8rtXC45wbWZUoOK8N55IzEJC7FrttAStq24kq9QV0qiox8m1WLA+6xVaeZaXu
|
||||
h2z3WlUlyCNaKqHEpuSYu/XQ0td6j3jCMj3VDSZGHnKgliQ9fkkt+waPVCAZldwj
|
||||
rHsZibl2Dqzb3KttKqD1VyEVOUJ+saXRDJLFdK1M9nwdWMfOg/XE0WbqfVzw9COs
|
||||
08dJ6KL7SOvXtiOVQLNv7XN/2j+wF6+IoLDdLCDByj5VtK2q2vyVk5tpDJI1S696
|
||||
dP8Zi7VbBTS9OlVC+Gw3CntDKZA8e215MNG6iBuEM2mgi4i0umo7mN8FoA1zusnE
|
||||
8mCO55Q=
|
||||
BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADggEBAGl6bYCGKvDCvfSU
|
||||
PTyaiFPNGXV98AnIG0Hu4EJjs1owBU/Yf8UdFbWJtOymR80SbzmeQ6rEIoY1oXDA
|
||||
o9Y8yRgW8t25Wmq/0DCu/5P0/L6asstLTxLG4qajClVwqDLEqZNixmq8QorAOtK1
|
||||
JngFA+A5jzc70Ikl9+Hbx/2SEMrCpo0QLSco7KDK7XpNOHbkRz2AqSm0se4jDMP1
|
||||
Cwd2UtcpctIZEbECZo6S9WrVMqIhRF1Y5FeauBA2ORvGIHohaYJ9VzYWYXIp7N8d
|
||||
QXGv+M7ffpZiERcRr8lxtboPnTXKlv1mLCEX7g+KuiJQUm4OGfTCd5VHzWM7O5Id
|
||||
b+IvZD0=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
|||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
|
||||
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw
|
||||
DQYJKoZIhvcNAQEFBQADggEBAE4sz3ghfpolZ0rH6Q3CWIYQ1Q+aGBwQiCCBsApP
|
||||
8qZd880Kt+BiEdSsaU16S8CIMdOcHGQGB7dXK9wdTWkIqaW9I7fRPgDNDIhJoYDD
|
||||
67h1P+cEQeXT9900H173nYlM1vL9zLcnmmqEO7j8jXSpsR5mcCMPkR52RqxweLJw
|
||||
LGPeSlA+DF0WbezJc28FUgXAl8Kxm3Od40exMeicHtfgCnIykH1NEW3gXpc91nFT
|
||||
RoNRdEAIGHMX5Dd5QDlt2vlaKNXFtcx2xUXXIi71YNQybH3p6KXayPMFQzrBwoXJ
|
||||
YHevmjUaw7UH31fULa1dtd/dWmp8cCaKB4vBr0DBJPiMJMw=
|
||||
BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
|
||||
DQYJKoZIhvcNAQEFBQADggEBAE6xegEHvwuQ8I4YCLX7oXmDJiDb7m2nMin+um0v
|
||||
TMqHAE3B9GvdWGUgMIEMf76ee7OMDzxfzM2vyNGemB0rn1djEv+knJBSdMQKD9X8
|
||||
tkT8cPqMHlRMYYbFFkkZEOeqeihZXQdUORao9ZSXrokYwv+Fr+PAmiUJEmkZHbA1
|
||||
Gqp6tPfGxJ2ah50Og9oAPwyND6kvE2o++Dth2evjljPCPM2Gw5kjQGw3V9CAUyUo
|
||||
KtLrtZdOeRHRCWCf3UQ/tYkG70tY/+grftrHqKB2E4qkmDiCPS9sEpa7jOGT6e4k
|
||||
jGVeZFNZZ10mD2Svr3xl/60++c7yLxrquujo8NOTCVcshfs=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
|
|||
lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
|
||||
bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
|
||||
ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO
|
||||
BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBALqfFzzWOViKBXoFhtcc
|
||||
Ulzg1ShK20z3zeD6TL5Ss2+kMIGhvvvUMtcATIFa9LxZ//a0as1CACphxmrsqaju
|
||||
LDvnXjWLB+e7pJPQ+4XixKmA3QoQI6sduH03/4eRp/Er/+zXD7+uapz+GimiExJt
|
||||
mjW1Oz5n2Q7L9vQabqz0n9+8rM/chsfgipQSKmV0rXe/K1N4yuggh62r8kn9UaUR
|
||||
TKm6HaMIFBrZNwMy8TAc3gSq5rqbN8/ONiCBpW/LvwTnd7fFSl7yeetAbj08gpu2
|
||||
dkfYp/DK9Hs1KQFCi0u1pr9JIqFxNy6tUTO90ydq6QXj4E5yZhmitLPk5wPCozN+
|
||||
rIc=
|
||||
BgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAKuveVlnjgJIkiH6HqZk
|
||||
+oGpLPxpcoMEMskzyFxTfjP4L2Mj798qydBbobyVJdH5p/sIpcHsI0xajM/dcZKS
|
||||
7b28KVwxOk+87DtwCikFT+jzWPe8fzowqsNAaKtvtDQnLYh8u2tDT1vhABwgTVAy
|
||||
aHCzs+nm3o36NPSN9K+wmI+r1KFnhjtyOQ++7M8wRRT5jrC+1tYicjsnVMu07yB5
|
||||
04C99Fa3MToilg66Jos95U3gBF5GbSfDXYtd3/etNMkUiG8FEZJlkhKbTO+4E03a
|
||||
X6+z2VojrAroYyO/F5ZlaC3/CsMQ8Zcate64nH/Lu/U78XAo8iKz5DLLOPBqodER
|
||||
z4A=
|
||||
-----END CERTIFICATE-----
|
||||
|
|
|
@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
|||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV
|
||||
MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCMX3H6BiGP
|
||||
VRvLu8UHIhsj9WgrGDRogOMVHOrQm+0fnGyxZa2UwftSZf2qLBZ+DmJStHabXibw
|
||||
QuWA9BMVFDih5yGMhdzQC8iQQCjfYOS0sfhy7p76q89rVO0E9KAtvFH2ApbaDAck
|
||||
m1WdQvYey2rYnT1ucHGdn017Iu1CaY8qnmh7Fhuov++69eGGG4MjRVT/7Ywufjo5
|
||||
Fn+JsMhj4IonP/jwKIUBskK15MkTQhKpyl5rQK/8v+7bWlsuqhiNPSYg6rgIrjmN
|
||||
QxxzqP5NLPdlS4ksN6zcuwdq21l+li8zakjbeUvyqZb7E6vTHJaNBOp7Y7jv25gG
|
||||
5/PjwquYbKFr
|
||||
MBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4IBAQBErZcEaEEO
|
||||
hLbRVuB3+N5by0mogdJsatJFSgW2/VztLvQBYu0O+VmTbZwCAWejA8U+cr6uPlyf
|
||||
b4lDqj3W+XykeK9bSzoSr1yNO2VAcE74Y0ZrSz2yXMfT5R9IyKqQZspaKD8MOmYH
|
||||
BqUH9o/phnGcaEG5xeSfhM1O/YNZuGnlLDQBGwT5puHOaLfjECvs8eZLopIWEBlD
|
||||
QkRlhYqZBwhGZ8D/TxqG4teFtnBX5FG7UoSSVuneBrkREQM7ElhtD9jCWjfMnqm1
|
||||
59G84OycClwaKU7/Dm6zeMGDyFoMksBud7lyDHMhxvwSbzb1JR5v8iBsmVY2dhHt
|
||||
Ot3Fx2be0gIr
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
17
tests/data_files/server1.req.cert_type_empty
Normal file
17
tests/data_files/server1.req.cert_type_empty
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICpDCCAYwCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
|
||||
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
|
||||
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
|
||||
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
||||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAjMCEGCSqGSIb3DQEJDjEU
|
||||
MBIwEAYJYIZIAYb4QgEBBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBACU0LLDBIMgG
|
||||
B7gyNANHv42RovhQdzmUulqJPHNHx3v9G17F00bEykJb/r3awW6l5fhY/6oPydsY
|
||||
hnWEM6VVCUkJ6Zqm2/wE49uaNTbFd9JU4OywRBfjHHSTOGnYFg+BYSfwaIkSCkx2
|
||||
kVhyklFm7My5wkyDPpFSU2tTfgsgaQMyTm93a2kxM7qJ/X3gFDG8o7R0vyojFVSI
|
||||
mwsF9QsC6N9cygdFx23zCB0KsJ9KfmBqaTsdbKh8BsocYm5FJCw4WS/CBrCWBj+z
|
||||
N7yEJj4SR5F+P7sFc5I0HANov5wQe8E3+WxxQt8jcqIje6DlaaGja44cXOzvFQyx
|
||||
Hg/6H5EtBQc=
|
||||
-----END CERTIFICATE REQUEST-----
|
|
@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
|||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP
|
||||
MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQAIDkjGHokLINOSKAij
|
||||
DuBWyW72udNBwSmRAFYDyNoybWX+KJLFckyReF1S0YRHXWOljwxERF6htUEqIJDI
|
||||
vIzlXyV0YqHNmWEFpyRxyIllQ7X4NWnVm3zHYORx2utdy3EyNsNb4Rb/JNh6Qpqr
|
||||
27DB+frWaBYk27RPTdZz/ItZIicX8iHrAHL0aC6raQYvZfM1ybYehAh7Qx3asHKI
|
||||
XDcrbV50Kzrd0SgC4P6Z6/5C5uUL9AfcKnB2oj5VP2TM0BA6q+XRQFkJ3TO1UTLB
|
||||
lCKb9B1cIpVsT0YsOg/qptUh90zgd0x7FDa084ccwUJG73VXtHC6eioE4fbfrm5L
|
||||
9BNK
|
||||
MA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4IBAQBsJ3v1Ar2X28GJsRSJ
|
||||
WRQwFQwIbR/D0cHrwTf0ZfZttClytuc18JZlwkH3EG/rNkWaFp6MKIZoRMOBuSPc
|
||||
MNvvKIo4nPaeouDPruymx0gNenlyRL3D4OZpBO/BmQIQjbUKWFbzEnEqvwvMDUnG
|
||||
8w7UjPSFcxj2HzENr62HLPKKnVpL3nDXWK1a2A77KF9aMxyoWQ6FXb2xPD9cJjdo
|
||||
c1jwskQbgosQzKKwwp5yxq0zRD3EAGw4A78mgHMfgFprq9e9azaB0JeyFG2Vn0t0
|
||||
L+vfiDEVQ3eJXSCen1kEVyHRju8g53UcSgd+JicWFboFj2/mJBuyW6yM++RGA9B5
|
||||
Zd62
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
17
tests/data_files/server1.req.key_usage_empty
Normal file
17
tests/data_files/server1.req.key_usage_empty
Normal file
|
@ -0,0 +1,17 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIICnjCCAYYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
|
||||
GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
|
||||
ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
|
||||
ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
|
||||
HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
||||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAdMBsGCSqGSIb3DQEJDjEO
|
||||
MAwwCgYDVR0PBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAAqQ/EU/3oMt7YW4vWgm
|
||||
0Q7F4v7DrFEoVMWfBzNWhMNIijzoaWKY8jwseZMzu8aCNQlJnM7c9FJF+OCgS7L5
|
||||
0ctwzjfCOi5I5cKgqv8WpuMZWHXNtB7YtjUWIZVri/RazCncZEwJGCKQjmQYrGJm
|
||||
Qmu2+D+DWY+nEW47ZfDH9jOJtatnREjSNsKzc44L9zUaEy3bi+m455XGH+ABmeb7
|
||||
Iqmguh10xUyY6rEOFEuqvFyFr5g1eb53Rr5CQxGfw1j+2bbSh+rVb6Ehf9LAijyu
|
||||
Ygqa91hGab/CjykS6HMrD91ouWtt2Rt3zCKo4Xxe8dlAszKB4W83M9OgDVVpiCfC
|
||||
t3A=
|
||||
-----END CERTIFICATE REQUEST-----
|
|
@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
|
|||
W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
|
||||
FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
|
||||
DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi
|
||||
MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF
|
||||
AAOCAQEAhDH3BQWViy67+9sdlrTvv0cIJ1IbogaM221MUasNIbfLi+KKfw50mzTa
|
||||
V/BCXPT+EzmOptBl+F2iZVQyr2c0nWbBZBHnykS3f0fgifm6yWVEYwJqxUC5+uxK
|
||||
bZztsHocTuqODpqYILycYkFXCcY8ZFHmz9XZorpUVTpZULW33EmLee5/BYI7whkA
|
||||
bVoSNB5tAb8kGZQffDnGkHiRfu8dbbEnkPYqm/cerN+4yCh1v1CGFh2lMn4d5p0L
|
||||
o9GvMsPM8pxdffZWZI9T0JnlHwtAJDA5G/MFYJdHzLzcHpvDA99MdNO4DMAiUyWb
|
||||
PCDL5e7mJ0lnBp8RppLBR7GEkznIQQ==
|
||||
MCAwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUF
|
||||
AAOCAQEAWUMyIXHi4BbIxOeCD/Vtu9LGV8ENMV7dwYVEQcwrt1AHahtYgUtkoGcP
|
||||
lOPqg1lbg22bu8dLPoY4HAzxCOAGs27otWL5LlE9M5QPH1RedEycmOuYrMl6K988
|
||||
hfDBJ+OkgCShcM91+udrc0gpDEI7N01A+fmukQ6EiaQjIf7HME/EKQqhEuEQMXHC
|
||||
GBvdNuEF5BfV3aAYuT+xfdXDU2ZWwXXWAHGmVh3ntnhtEG6SnXSnBATU2wa4tpBd
|
||||
KLbEbcsiy2uj0OLJlvG6LqsNggtkD58GCGpLpaVxdW80yw+f/krwLpeyocE1KGcT
|
||||
7eX+9yhLe9NIZojvevw+53dNE7BUfw==
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
|
@ -1,8 +1,8 @@
|
|||
-----BEGIN CERTIFICATE REQUEST-----
|
||||
MIIBFzCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
|
||||
MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
|
||||
BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
|
||||
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
|
||||
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
|
||||
AgHAMAsGByqGSM49BAEFAANJADBGAiEA5MGFTJkpOtCV7bAx+N+t4gP3JDM9RH3W
|
||||
mIXzSpcBwvACIQDf7f9ytclwouV1DQTFSUKxExIm48H60hk3lh19i3bGOw==
|
||||
AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
|
||||
2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
|
||||
-----END CERTIFICATE REQUEST-----
|
||||
|
|
|
@ -90,3 +90,75 @@ mbedtls_asn1_write_len:16909060:"8401020304":5:5
|
|||
|
||||
ASN.1 Write / Read Length #12 (Len = 16909060, buffer too small)
|
||||
mbedtls_asn1_write_len:16909060:"8401020304":4:MBEDTLS_ERR_ASN1_BUF_TOO_SMALL
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #0
|
||||
test_asn1_write_bitstrings:"FF":8:"030200FF":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #1
|
||||
test_asn1_write_bitstrings:"FE":8:"030201FE":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #2
|
||||
test_asn1_write_bitstrings:"FC":7:"030202FC":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #3
|
||||
test_asn1_write_bitstrings:"F8":8:"030203F8":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #4
|
||||
test_asn1_write_bitstrings:"F0":6:"030204F0":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #5
|
||||
test_asn1_write_bitstrings:"E0":6:"030205E0":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #6
|
||||
test_asn1_write_bitstrings:"C0":8:"030206C0":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Unused bits #7
|
||||
test_asn1_write_bitstrings:"80":8:"03020780":4:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Empty bitstring
|
||||
test_asn1_write_bitstrings:"00":7:"030100":3:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Empty bitstring (bits = 16)
|
||||
test_asn1_write_bitstrings:"0000":16:"030100":3:1
|
||||
|
||||
ASN.1 Write Named Bitstring / Empty bitstring (bits = 24)
|
||||
test_asn1_write_bitstrings:"FFFFFF":0:"030100":3:1
|
||||
|
||||
ASN.1 Write Named Bitstring / 15 trailing bits all unset
|
||||
test_asn1_write_bitstrings:"F88000":24:"030307F880":5:1
|
||||
|
||||
ASN.1 Write Named Bitstring / 15 trailing bits all set
|
||||
test_asn1_write_bitstrings:"F8FFFF":9:"030307F880":5:1
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #0
|
||||
test_asn1_write_bitstrings:"FF":8:"030200FF":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #1
|
||||
test_asn1_write_bitstrings:"FF":7:"030201FE":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #2
|
||||
test_asn1_write_bitstrings:"FF":6:"030202FC":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #3
|
||||
test_asn1_write_bitstrings:"FF":5:"030203F8":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #4
|
||||
test_asn1_write_bitstrings:"FF":4:"030204F0":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #5
|
||||
test_asn1_write_bitstrings:"FF":3:"030205E0":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #6
|
||||
test_asn1_write_bitstrings:"FF":2:"030206C0":4:0
|
||||
|
||||
ASN.1 Write Bitstring / Unused bits #7
|
||||
test_asn1_write_bitstrings:"FF":1:"03020780":4:0
|
||||
|
||||
ASN.1 Write Bitstring / 1 trailing bit (bits 15)
|
||||
test_asn1_write_bitstrings:"0003":15:"0303010002":5:0
|
||||
|
||||
ASN.1 Write Bitstring / 0 bits
|
||||
test_asn1_write_bitstrings:"":0:"030100":3:0
|
||||
|
||||
ASN.1 Write Bitstring / long string all bits unset except trailing bits
|
||||
test_asn1_write_bitstrings:"000000000007":45:"030703000000000000":9:0
|
||||
|
|
|
@ -128,3 +128,47 @@ void mbedtls_asn1_write_len( int len, data_t * asn1, int buf_len,
|
|||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void test_asn1_write_bitstrings( data_t *bitstring, int bits,
|
||||
data_t *expected_asn1, int result,
|
||||
int is_named )
|
||||
{
|
||||
int ret;
|
||||
size_t i;
|
||||
unsigned char buf[150];
|
||||
unsigned char *p;
|
||||
|
||||
memset( buf, GUARD_VAL, sizeof( buf ) );
|
||||
|
||||
p = buf + GUARD_LEN + expected_asn1->len;
|
||||
|
||||
if ( is_named == 0 )
|
||||
{
|
||||
ret = mbedtls_asn1_write_bitstring( &p,
|
||||
buf,
|
||||
(unsigned char *)bitstring->x,
|
||||
(size_t) bits );
|
||||
}
|
||||
else
|
||||
{
|
||||
ret = mbedtls_asn1_write_named_bitstring( &p,
|
||||
buf,
|
||||
(unsigned char *)bitstring->x,
|
||||
(size_t) bits );
|
||||
}
|
||||
TEST_ASSERT( ret == result );
|
||||
|
||||
/* Check for buffer overwrite on both sides */
|
||||
for( i = 0; i < GUARD_LEN; i++ )
|
||||
{
|
||||
TEST_ASSERT( buf[i] == GUARD_VAL );
|
||||
TEST_ASSERT( buf[GUARD_LEN + expected_asn1->len + i] == GUARD_VAL );
|
||||
}
|
||||
|
||||
if ( result >= 0 )
|
||||
{
|
||||
TEST_ASSERT( memcmp( p, expected_asn1->x, expected_asn1->len ) == 0 );
|
||||
}
|
||||
}
|
||||
/* END_CASE */
|
||||
|
|
|
@ -1,46 +1,54 @@
|
|||
Certificate Request check Server1 SHA1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA224
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA256
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA384
|
||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 SHA512
|
||||
depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 MD4
|
||||
depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 MD5
|
||||
depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0
|
||||
|
||||
Certificate Request check Server1 key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0
|
||||
|
||||
Certificate Request check Server1 key_usage empty
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0
|
||||
|
||||
Certificate Request check Server1 ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
|
||||
|
||||
Certificate Request check Server1 ns_cert_type empty
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1
|
||||
|
||||
Certificate Request check Server1 key_usage + ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
|
||||
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1
|
||||
|
||||
Certificate Request check Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
|
||||
x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0
|
||||
|
||||
Certificate Request check opaque Server5 ECDSA, key_usage
|
||||
depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
|
||||
|
@ -48,35 +56,35 @@ x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU
|
|||
|
||||
Certificate write check Server1 SHA1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, version 1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, key_usage
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1
|
||||
|
||||
Certificate write check Server1 SHA1, RSA_ALT, version 1
|
||||
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
|
||||
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1
|
||||
|
||||
X509 String to Names #1
|
||||
mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0
|
||||
|
|
|
@ -70,7 +70,8 @@ static int x509_crt_verifycsr( const unsigned char *buf, size_t buflen )
|
|||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */
|
||||
void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
|
||||
int key_usage, int cert_type )
|
||||
int key_usage, int set_key_usage, int cert_type,
|
||||
int set_cert_type )
|
||||
{
|
||||
mbedtls_pk_context key;
|
||||
mbedtls_x509write_csr req;
|
||||
|
@ -92,9 +93,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type,
|
|||
mbedtls_x509write_csr_set_md_alg( &req, md_type );
|
||||
mbedtls_x509write_csr_set_key( &req, &key );
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 );
|
||||
if( key_usage != 0 )
|
||||
if( set_key_usage != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 );
|
||||
if( cert_type != 0 )
|
||||
if( set_cert_type != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 );
|
||||
|
||||
ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ),
|
||||
|
@ -180,7 +181,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
char *subject_name, char *issuer_key_file,
|
||||
char *issuer_pwd, char *issuer_name,
|
||||
char *serial_str, char *not_before, char *not_after,
|
||||
int md_type, int key_usage, int cert_type, int auth_ident,
|
||||
int md_type, int key_usage, int set_key_usage,
|
||||
int cert_type, int set_cert_type, int auth_ident,
|
||||
int ver, char *cert_check_file, int rsa_alt )
|
||||
{
|
||||
mbedtls_pk_context subject_key, issuer_key, issuer_key_alt;
|
||||
|
@ -248,9 +250,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd,
|
|||
TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 );
|
||||
if( auth_ident )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 );
|
||||
if( key_usage != 0 )
|
||||
if( set_key_usage != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 );
|
||||
if( cert_type != 0 )
|
||||
if( set_cert_type != 0 )
|
||||
TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 );
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue