Merge remote-tracking branch 'origin/pr/2260' into development
* origin/pr/2260: Update crypto submodule Remove heading spaces in tests/data_files/Makefile Re-generate library/certs.c from script Add new line at the end of test-ca2.key.enc Use strict syntax to annotate origin of test data in certs.c Add run to all.sh exercising !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO Allow DHM self test to run without MBEDTLS_PEM_PARSE_C ssl-opt.sh: Auto-skip tests that use files if MBEDTLS_FS_IO unset Document origin of hardcoded certificates in library/certs.c Adapt ChangeLog Rename server1.der to server1.crt.der Add DER encoded files to git tree Add build instructions to generate DER versions of CRTs and keys Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 ssl_server2: Skip CA setup if `ca_path` or `ca_file` argument "none" ssl_client2: Skip CA setup if `ca_path` or `ca_file` argument "none" Correct white spaces in ssl_server2 and ssl_client2 Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled
This commit is contained in:
commit
e1b02df515
28 changed files with 2055 additions and 443 deletions
|
@ -63,6 +63,9 @@ API Changes
|
||||||
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
|
* Extend the MBEDTLS_SSL_EXPORT_KEYS to export the handshake randbytes,
|
||||||
and the used tls-prf.
|
and the used tls-prf.
|
||||||
* Add public API for tls-prf function, according to requested enum.
|
* Add public API for tls-prf function, according to requested enum.
|
||||||
|
* Add DER-encoded test CRTs to library/certs.c, allowing
|
||||||
|
the example programs ssl_server2 and ssl_client2 to be run
|
||||||
|
if MBEDTLS_FS_IO and MBEDTLS_PEM_PARSE_C are unset. Fixes #2254.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
|
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
|
||||||
|
|
|
@ -36,68 +36,214 @@
|
||||||
extern "C" {
|
extern "C" {
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* List of all PEM-encoded CA certificates, terminated by NULL;
|
||||||
|
* PEM encoded if MBEDTLS_PEM_PARSE_C is enabled, DER encoded
|
||||||
|
* otherwise. */
|
||||||
|
extern const char * mbedtls_test_cas[];
|
||||||
|
extern const size_t mbedtls_test_cas_len[];
|
||||||
|
|
||||||
|
/* List of all DER-encoded CA certificates, terminated by NULL */
|
||||||
|
extern const unsigned char * mbedtls_test_cas_der[];
|
||||||
|
extern const size_t mbedtls_test_cas_der_len[];
|
||||||
|
|
||||||
#if defined(MBEDTLS_PEM_PARSE_C)
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
/* Concatenation of all CA certificates in PEM format if available */
|
/* Concatenation of all CA certificates in PEM format if available */
|
||||||
extern const char mbedtls_test_cas_pem[];
|
extern const char mbedtls_test_cas_pem[];
|
||||||
extern const size_t mbedtls_test_cas_pem_len;
|
extern const size_t mbedtls_test_cas_pem_len;
|
||||||
#endif
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
|
||||||
/* List of all CA certificates, terminated by NULL */
|
|
||||||
extern const char * mbedtls_test_cas[];
|
|
||||||
extern const size_t mbedtls_test_cas_len[];
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Convenience for users who just want a certificate:
|
* CA test certificates
|
||||||
* RSA by default, or ECDSA if RSA is not available
|
|
||||||
*/
|
*/
|
||||||
extern const char * mbedtls_test_ca_crt;
|
|
||||||
extern const size_t mbedtls_test_ca_crt_len;
|
|
||||||
extern const char * mbedtls_test_ca_key;
|
|
||||||
extern const size_t mbedtls_test_ca_key_len;
|
|
||||||
extern const char * mbedtls_test_ca_pwd;
|
|
||||||
extern const size_t mbedtls_test_ca_pwd_len;
|
|
||||||
extern const char * mbedtls_test_srv_crt;
|
|
||||||
extern const size_t mbedtls_test_srv_crt_len;
|
|
||||||
extern const char * mbedtls_test_srv_key;
|
|
||||||
extern const size_t mbedtls_test_srv_key_len;
|
|
||||||
extern const char * mbedtls_test_cli_crt;
|
|
||||||
extern const size_t mbedtls_test_cli_crt_len;
|
|
||||||
extern const char * mbedtls_test_cli_key;
|
|
||||||
extern const size_t mbedtls_test_cli_key_len;
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECDSA_C)
|
extern const char mbedtls_test_ca_crt_ec_pem[];
|
||||||
extern const char mbedtls_test_ca_crt_ec[];
|
extern const char mbedtls_test_ca_key_ec_pem[];
|
||||||
|
extern const char mbedtls_test_ca_pwd_ec_pem[];
|
||||||
|
extern const char mbedtls_test_ca_key_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_ca_pwd_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_ca_crt_rsa_sha1_pem[];
|
||||||
|
extern const char mbedtls_test_ca_crt_rsa_sha256_pem[];
|
||||||
|
|
||||||
|
extern const unsigned char mbedtls_test_ca_crt_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_ca_key_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_ca_key_rsa_der[];
|
||||||
|
extern const unsigned char mbedtls_test_ca_crt_rsa_sha1_der[];
|
||||||
|
extern const unsigned char mbedtls_test_ca_crt_rsa_sha256_der[];
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_ca_crt_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_key_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_pwd_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_key_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_pwd_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_crt_rsa_sha1_pem_len;
|
||||||
|
extern const size_t mbedtls_test_ca_crt_rsa_sha256_pem_len;
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_ca_crt_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_key_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_pwd_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_key_rsa_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_pwd_rsa_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_crt_rsa_sha1_der_len;
|
||||||
|
extern const size_t mbedtls_test_ca_crt_rsa_sha256_der_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between PEM and DER encoding
|
||||||
|
* (PEM if enabled, otherwise DER) */
|
||||||
|
|
||||||
|
extern const char mbedtls_test_ca_crt_ec[];
|
||||||
|
extern const char mbedtls_test_ca_key_ec[];
|
||||||
|
extern const char mbedtls_test_ca_pwd_ec[];
|
||||||
|
extern const char mbedtls_test_ca_key_rsa[];
|
||||||
|
extern const char mbedtls_test_ca_pwd_rsa[];
|
||||||
|
extern const char mbedtls_test_ca_crt_rsa_sha1[];
|
||||||
|
extern const char mbedtls_test_ca_crt_rsa_sha256[];
|
||||||
|
|
||||||
extern const size_t mbedtls_test_ca_crt_ec_len;
|
extern const size_t mbedtls_test_ca_crt_ec_len;
|
||||||
extern const char mbedtls_test_ca_key_ec[];
|
|
||||||
extern const size_t mbedtls_test_ca_key_ec_len;
|
extern const size_t mbedtls_test_ca_key_ec_len;
|
||||||
extern const char mbedtls_test_ca_pwd_ec[];
|
|
||||||
extern const size_t mbedtls_test_ca_pwd_ec_len;
|
extern const size_t mbedtls_test_ca_pwd_ec_len;
|
||||||
extern const char mbedtls_test_srv_crt_ec[];
|
|
||||||
extern const size_t mbedtls_test_srv_crt_ec_len;
|
|
||||||
extern const char mbedtls_test_srv_key_ec[];
|
|
||||||
extern const size_t mbedtls_test_srv_key_ec_len;
|
|
||||||
extern const char mbedtls_test_cli_crt_ec[];
|
|
||||||
extern const size_t mbedtls_test_cli_crt_ec_len;
|
|
||||||
extern const char mbedtls_test_cli_key_ec[];
|
|
||||||
extern const size_t mbedtls_test_cli_key_ec_len;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
|
||||||
extern const char mbedtls_test_ca_crt_rsa[];
|
|
||||||
extern const size_t mbedtls_test_ca_crt_rsa_len;
|
|
||||||
extern const char mbedtls_test_ca_key_rsa[];
|
|
||||||
extern const size_t mbedtls_test_ca_key_rsa_len;
|
extern const size_t mbedtls_test_ca_key_rsa_len;
|
||||||
extern const char mbedtls_test_ca_pwd_rsa[];
|
|
||||||
extern const size_t mbedtls_test_ca_pwd_rsa_len;
|
extern const size_t mbedtls_test_ca_pwd_rsa_len;
|
||||||
extern const char mbedtls_test_srv_crt_rsa[];
|
extern const size_t mbedtls_test_ca_crt_rsa_sha1_len;
|
||||||
extern const size_t mbedtls_test_srv_crt_rsa_len;
|
extern const size_t mbedtls_test_ca_crt_rsa_sha256_len;
|
||||||
extern const char mbedtls_test_srv_key_rsa[];
|
|
||||||
|
/* Config-dependent dispatch between SHA-1 and SHA-256
|
||||||
|
* (SHA-256 if enabled, otherwise SHA-1) */
|
||||||
|
|
||||||
|
extern const char mbedtls_test_ca_crt_rsa[];
|
||||||
|
extern const size_t mbedtls_test_ca_crt_rsa_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between EC and RSA
|
||||||
|
* (RSA if enabled, otherwise EC) */
|
||||||
|
|
||||||
|
extern const char * mbedtls_test_ca_crt;
|
||||||
|
extern const char * mbedtls_test_ca_key;
|
||||||
|
extern const char * mbedtls_test_ca_pwd;
|
||||||
|
extern const size_t mbedtls_test_ca_crt_len;
|
||||||
|
extern const size_t mbedtls_test_ca_key_len;
|
||||||
|
extern const size_t mbedtls_test_ca_pwd_len;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Server test certificates
|
||||||
|
*/
|
||||||
|
|
||||||
|
extern const char mbedtls_test_srv_crt_ec_pem[];
|
||||||
|
extern const char mbedtls_test_srv_key_ec_pem[];
|
||||||
|
extern const char mbedtls_test_srv_pwd_ec_pem[];
|
||||||
|
extern const char mbedtls_test_srv_key_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_srv_pwd_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_srv_crt_rsa_sha1_pem[];
|
||||||
|
extern const char mbedtls_test_srv_crt_rsa_sha256_pem[];
|
||||||
|
|
||||||
|
extern const unsigned char mbedtls_test_srv_crt_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_srv_key_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_srv_key_rsa_der[];
|
||||||
|
extern const unsigned char mbedtls_test_srv_crt_rsa_sha1_der[];
|
||||||
|
extern const unsigned char mbedtls_test_srv_crt_rsa_sha256_der[];
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_srv_crt_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_crt_rsa_sha1_pem_len;
|
||||||
|
extern const size_t mbedtls_test_srv_crt_rsa_sha256_pem_len;
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_srv_crt_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_rsa_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_rsa_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_crt_rsa_sha1_der_len;
|
||||||
|
extern const size_t mbedtls_test_srv_crt_rsa_sha256_der_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between PEM and DER encoding
|
||||||
|
* (PEM if enabled, otherwise DER) */
|
||||||
|
|
||||||
|
extern const char mbedtls_test_srv_crt_ec[];
|
||||||
|
extern const char mbedtls_test_srv_key_ec[];
|
||||||
|
extern const char mbedtls_test_srv_pwd_ec[];
|
||||||
|
extern const char mbedtls_test_srv_key_rsa[];
|
||||||
|
extern const char mbedtls_test_srv_pwd_rsa[];
|
||||||
|
extern const char mbedtls_test_srv_crt_rsa_sha1[];
|
||||||
|
extern const char mbedtls_test_srv_crt_rsa_sha256[];
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_srv_crt_ec_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_ec_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_ec_len;
|
||||||
extern const size_t mbedtls_test_srv_key_rsa_len;
|
extern const size_t mbedtls_test_srv_key_rsa_len;
|
||||||
extern const char mbedtls_test_cli_crt_rsa[];
|
extern const size_t mbedtls_test_srv_pwd_rsa_len;
|
||||||
extern const size_t mbedtls_test_cli_crt_rsa_len;
|
extern const size_t mbedtls_test_srv_crt_rsa_sha1_len;
|
||||||
extern const char mbedtls_test_cli_key_rsa[];
|
extern const size_t mbedtls_test_srv_crt_rsa_sha256_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between SHA-1 and SHA-256
|
||||||
|
* (SHA-256 if enabled, otherwise SHA-1) */
|
||||||
|
|
||||||
|
extern const char mbedtls_test_srv_crt_rsa[];
|
||||||
|
extern const size_t mbedtls_test_srv_crt_rsa_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between EC and RSA
|
||||||
|
* (RSA if enabled, otherwise EC) */
|
||||||
|
|
||||||
|
extern const char * mbedtls_test_srv_crt;
|
||||||
|
extern const char * mbedtls_test_srv_key;
|
||||||
|
extern const char * mbedtls_test_srv_pwd;
|
||||||
|
extern const size_t mbedtls_test_srv_crt_len;
|
||||||
|
extern const size_t mbedtls_test_srv_key_len;
|
||||||
|
extern const size_t mbedtls_test_srv_pwd_len;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Client test certificates
|
||||||
|
*/
|
||||||
|
|
||||||
|
extern const char mbedtls_test_cli_crt_ec_pem[];
|
||||||
|
extern const char mbedtls_test_cli_key_ec_pem[];
|
||||||
|
extern const char mbedtls_test_cli_pwd_ec_pem[];
|
||||||
|
extern const char mbedtls_test_cli_key_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_cli_pwd_rsa_pem[];
|
||||||
|
extern const char mbedtls_test_cli_crt_rsa_pem[];
|
||||||
|
|
||||||
|
extern const unsigned char mbedtls_test_cli_crt_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_cli_key_ec_der[];
|
||||||
|
extern const unsigned char mbedtls_test_cli_key_rsa_der[];
|
||||||
|
extern const unsigned char mbedtls_test_cli_crt_rsa_der[];
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_cli_crt_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_cli_pwd_ec_pem_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_cli_pwd_rsa_pem_len;
|
||||||
|
extern const size_t mbedtls_test_cli_crt_rsa_pem_len;
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_cli_crt_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_ec_der_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_rsa_der_len;
|
||||||
|
extern const size_t mbedtls_test_cli_crt_rsa_der_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between PEM and DER encoding
|
||||||
|
* (PEM if enabled, otherwise DER) */
|
||||||
|
|
||||||
|
extern const char mbedtls_test_cli_crt_ec[];
|
||||||
|
extern const char mbedtls_test_cli_key_ec[];
|
||||||
|
extern const char mbedtls_test_cli_pwd_ec[];
|
||||||
|
extern const char mbedtls_test_cli_key_rsa[];
|
||||||
|
extern const char mbedtls_test_cli_pwd_rsa[];
|
||||||
|
extern const char mbedtls_test_cli_crt_rsa[];
|
||||||
|
|
||||||
|
extern const size_t mbedtls_test_cli_crt_ec_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_ec_len;
|
||||||
|
extern const size_t mbedtls_test_cli_pwd_ec_len;
|
||||||
extern const size_t mbedtls_test_cli_key_rsa_len;
|
extern const size_t mbedtls_test_cli_key_rsa_len;
|
||||||
#endif
|
extern const size_t mbedtls_test_cli_pwd_rsa_len;
|
||||||
|
extern const size_t mbedtls_test_cli_crt_rsa_len;
|
||||||
|
|
||||||
|
/* Config-dependent dispatch between EC and RSA
|
||||||
|
* (RSA if enabled, otherwise EC) */
|
||||||
|
|
||||||
|
extern const char * mbedtls_test_cli_crt;
|
||||||
|
extern const char * mbedtls_test_cli_key;
|
||||||
|
extern const char * mbedtls_test_cli_pwd;
|
||||||
|
extern const size_t mbedtls_test_cli_crt_len;
|
||||||
|
extern const size_t mbedtls_test_cli_key_len;
|
||||||
|
extern const size_t mbedtls_test_cli_pwd_len;
|
||||||
|
|
||||||
#ifdef __cplusplus
|
#ifdef __cplusplus
|
||||||
}
|
}
|
||||||
|
|
2046
library/certs.c
2046
library/certs.c
File diff suppressed because it is too large
Load diff
|
@ -649,12 +649,28 @@ int mbedtls_dhm_parse_dhmfile( mbedtls_dhm_context *dhm, const char *path )
|
||||||
|
|
||||||
#if defined(MBEDTLS_SELF_TEST)
|
#if defined(MBEDTLS_SELF_TEST)
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
static const char mbedtls_test_dhm_params[] =
|
static const char mbedtls_test_dhm_params[] =
|
||||||
"-----BEGIN DH PARAMETERS-----\r\n"
|
"-----BEGIN DH PARAMETERS-----\r\n"
|
||||||
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
|
"MIGHAoGBAJ419DBEOgmQTzo5qXl5fQcN9TN455wkOL7052HzxxRVMyhYmwQcgJvh\r\n"
|
||||||
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
|
"1sa18fyfR9OiVEMYglOpkqVoGLN7qd5aQNNi5W7/C+VBdHTBJcGZJyyP5B3qcz32\r\n"
|
||||||
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
|
"9mLJKudlVudV0Qxk5qUJaPZ/xupz0NyoVpviuiBOI1gNi8ovSXWzAgEC\r\n"
|
||||||
"-----END DH PARAMETERS-----\r\n";
|
"-----END DH PARAMETERS-----\r\n";
|
||||||
|
#else /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
static const char mbedtls_test_dhm_params[] = {
|
||||||
|
0x30, 0x81, 0x87, 0x02, 0x81, 0x81, 0x00, 0x9e, 0x35, 0xf4, 0x30, 0x44,
|
||||||
|
0x3a, 0x09, 0x90, 0x4f, 0x3a, 0x39, 0xa9, 0x79, 0x79, 0x7d, 0x07, 0x0d,
|
||||||
|
0xf5, 0x33, 0x78, 0xe7, 0x9c, 0x24, 0x38, 0xbe, 0xf4, 0xe7, 0x61, 0xf3,
|
||||||
|
0xc7, 0x14, 0x55, 0x33, 0x28, 0x58, 0x9b, 0x04, 0x1c, 0x80, 0x9b, 0xe1,
|
||||||
|
0xd6, 0xc6, 0xb5, 0xf1, 0xfc, 0x9f, 0x47, 0xd3, 0xa2, 0x54, 0x43, 0x18,
|
||||||
|
0x82, 0x53, 0xa9, 0x92, 0xa5, 0x68, 0x18, 0xb3, 0x7b, 0xa9, 0xde, 0x5a,
|
||||||
|
0x40, 0xd3, 0x62, 0xe5, 0x6e, 0xff, 0x0b, 0xe5, 0x41, 0x74, 0x74, 0xc1,
|
||||||
|
0x25, 0xc1, 0x99, 0x27, 0x2c, 0x8f, 0xe4, 0x1d, 0xea, 0x73, 0x3d, 0xf6,
|
||||||
|
0xf6, 0x62, 0xc9, 0x2a, 0xe7, 0x65, 0x56, 0xe7, 0x55, 0xd1, 0x0c, 0x64,
|
||||||
|
0xe6, 0xa5, 0x09, 0x68, 0xf6, 0x7f, 0xc6, 0xea, 0x73, 0xd0, 0xdc, 0xa8,
|
||||||
|
0x56, 0x9b, 0xe2, 0xba, 0x20, 0x4e, 0x23, 0x58, 0x0d, 0x8b, 0xca, 0x2f,
|
||||||
|
0x49, 0x75, 0xb3, 0x02, 0x01, 0x02 };
|
||||||
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
|
||||||
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
|
static const size_t mbedtls_test_dhm_params_len = sizeof( mbedtls_test_dhm_params );
|
||||||
|
|
||||||
|
|
|
@ -150,8 +150,10 @@ int main( void )
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" default: \"\" (pre-loaded)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
|
" use \"none\" to skip loading any top-level CAs.\n" \
|
||||||
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" use \"none\" to skip loading any top-level CAs.\n" \
|
||||||
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
" default: \"\" (pre-loaded)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
" key_file=%%s default: \"\" (pre-loaded)\n"
|
" key_file=%%s default: \"\" (pre-loaded)\n"
|
||||||
|
@ -1681,20 +1683,22 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " . Loading the CA root certificate ..." );
|
mbedtls_printf( " . Loading the CA root certificate ..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
|
if( strcmp( opt.ca_path, "none" ) == 0 ||
|
||||||
|
strcmp( opt.ca_file, "none" ) == 0 )
|
||||||
|
{
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if( strlen( opt.ca_path ) )
|
if( strlen( opt.ca_path ) )
|
||||||
if( strcmp( opt.ca_path, "none" ) == 0 )
|
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
|
|
||||||
else if( strlen( opt.ca_file ) )
|
else if( strlen( opt.ca_file ) )
|
||||||
if( strcmp( opt.ca_file, "none" ) == 0 )
|
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
|
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_CERTS_C)
|
#if defined(MBEDTLS_CERTS_C)
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
|
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
|
||||||
{
|
{
|
||||||
ret = mbedtls_x509_crt_parse( &cacert,
|
ret = mbedtls_x509_crt_parse( &cacert,
|
||||||
|
@ -1703,12 +1707,23 @@ int main( int argc, char *argv[] )
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if( ret == 0 )
|
||||||
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
|
||||||
|
{
|
||||||
|
ret = mbedtls_x509_crt_parse_der( &cacert,
|
||||||
|
(const unsigned char *) mbedtls_test_cas_der[i],
|
||||||
|
mbedtls_test_cas_der_len[i] );
|
||||||
|
if( ret != 0 )
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
{
|
{
|
||||||
ret = 1;
|
ret = 1;
|
||||||
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
|
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* MBEDTLS_CERTS_C */
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n",
|
||||||
|
@ -1726,12 +1741,12 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " . Loading the client cert. and key..." );
|
mbedtls_printf( " . Loading the client cert. and key..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
|
if( strcmp( opt.crt_file, "none" ) == 0 )
|
||||||
|
ret = 0;
|
||||||
|
else
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if( strlen( opt.crt_file ) )
|
if( strlen( opt.crt_file ) )
|
||||||
if( strcmp( opt.crt_file, "none" ) == 0 )
|
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_x509_crt_parse_file( &clicert, opt.crt_file );
|
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_CERTS_C)
|
#if defined(MBEDTLS_CERTS_C)
|
||||||
|
@ -1741,7 +1756,7 @@ int main( int argc, char *argv[] )
|
||||||
#else
|
#else
|
||||||
{
|
{
|
||||||
ret = 1;
|
ret = 1;
|
||||||
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
|
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
@ -1751,12 +1766,12 @@ int main( int argc, char *argv[] )
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( strcmp( opt.key_file, "none" ) == 0 )
|
||||||
|
ret = 0;
|
||||||
|
else
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if( strlen( opt.key_file ) )
|
if( strlen( opt.key_file ) )
|
||||||
if( strcmp( opt.key_file, "none" ) == 0 )
|
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_pk_parse_keyfile( &pkey, opt.key_file, "" );
|
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_CERTS_C)
|
#if defined(MBEDTLS_CERTS_C)
|
||||||
|
@ -1766,7 +1781,7 @@ int main( int argc, char *argv[] )
|
||||||
#else
|
#else
|
||||||
{
|
{
|
||||||
ret = 1;
|
ret = 1;
|
||||||
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
|
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
|
|
|
@ -202,8 +202,10 @@ int main( void )
|
||||||
#define USAGE_IO \
|
#define USAGE_IO \
|
||||||
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
" ca_file=%%s The single file containing the top-level CA(s) you fully trust\n" \
|
||||||
" default: \"\" (pre-loaded)\n" \
|
" default: \"\" (pre-loaded)\n" \
|
||||||
|
" use \"none\" to skip loading any top-level CAs.\n" \
|
||||||
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
" ca_path=%%s The path containing the top-level CA(s) you fully trust\n" \
|
||||||
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
" default: \"\" (pre-loaded) (overrides ca_file)\n" \
|
||||||
|
" use \"none\" to skip loading any top-level CAs.\n" \
|
||||||
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
" crt_file=%%s Your own cert and chain (in bottom to top order, top may be omitted)\n" \
|
||||||
" default: see note after key_file2\n" \
|
" default: see note after key_file2\n" \
|
||||||
" key_file=%%s default: see note after key_file2\n" \
|
" key_file=%%s default: see note after key_file2\n" \
|
||||||
|
@ -2464,20 +2466,22 @@ int main( int argc, char *argv[] )
|
||||||
mbedtls_printf( " . Loading the CA root certificate ..." );
|
mbedtls_printf( " . Loading the CA root certificate ..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
|
if( strcmp( opt.ca_path, "none" ) == 0 ||
|
||||||
|
strcmp( opt.ca_file, "none" ) == 0 )
|
||||||
|
{
|
||||||
|
ret = 0;
|
||||||
|
}
|
||||||
|
else
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO)
|
||||||
if( strlen( opt.ca_path ) )
|
if( strlen( opt.ca_path ) )
|
||||||
if( strcmp( opt.ca_path, "none" ) == 0 )
|
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_x509_crt_parse_path( &cacert, opt.ca_path );
|
|
||||||
else if( strlen( opt.ca_file ) )
|
else if( strlen( opt.ca_file ) )
|
||||||
if( strcmp( opt.ca_file, "none" ) == 0 )
|
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
|
||||||
ret = 0;
|
|
||||||
else
|
|
||||||
ret = mbedtls_x509_crt_parse_file( &cacert, opt.ca_file );
|
|
||||||
else
|
else
|
||||||
#endif
|
#endif
|
||||||
#if defined(MBEDTLS_CERTS_C)
|
#if defined(MBEDTLS_CERTS_C)
|
||||||
|
{
|
||||||
|
#if defined(MBEDTLS_PEM_PARSE_C)
|
||||||
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
|
for( i = 0; mbedtls_test_cas[i] != NULL; i++ )
|
||||||
{
|
{
|
||||||
ret = mbedtls_x509_crt_parse( &cacert,
|
ret = mbedtls_x509_crt_parse( &cacert,
|
||||||
|
@ -2486,12 +2490,23 @@ int main( int argc, char *argv[] )
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
if( ret == 0 )
|
||||||
|
#endif /* MBEDTLS_PEM_PARSE_C */
|
||||||
|
for( i = 0; mbedtls_test_cas_der[i] != NULL; i++ )
|
||||||
|
{
|
||||||
|
ret = mbedtls_x509_crt_parse_der( &cacert,
|
||||||
|
(const unsigned char *) mbedtls_test_cas_der[i],
|
||||||
|
mbedtls_test_cas_der_len[i] );
|
||||||
|
if( ret != 0 )
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
#else
|
#else
|
||||||
{
|
{
|
||||||
ret = 1;
|
ret = 1;
|
||||||
mbedtls_printf("MBEDTLS_CERTS_C not defined.");
|
mbedtls_printf( "MBEDTLS_CERTS_C not defined." );
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* MBEDTLS_CERTS_C */
|
||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
|
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse returned -0x%x\n\n", -ret );
|
||||||
|
|
|
@ -45,18 +45,32 @@ all_intermediate += test-ca.req.sha256
|
||||||
|
|
||||||
test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
||||||
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
|
||||||
test-ca.der: test-ca.crt
|
all_final += test-ca.crt
|
||||||
|
|
||||||
|
test-ca.crt.der: test-ca.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += test-ca.crt test-ca.der
|
all_final += test-ca.crt.der
|
||||||
|
|
||||||
|
test-ca.key.der: $(test_ca_key_file_rsa)
|
||||||
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
|
||||||
|
all_final += test-ca.key.der
|
||||||
|
|
||||||
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
||||||
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@
|
||||||
all_final += test-ca-sha1.crt
|
all_final += test-ca-sha1.crt
|
||||||
|
|
||||||
|
test-ca-sha1.crt.der: test-ca-sha1.crt
|
||||||
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += test-ca-sha1.crt.der
|
||||||
|
|
||||||
test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
|
||||||
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@
|
||||||
all_final += test-ca-sha256.crt
|
all_final += test-ca-sha256.crt
|
||||||
|
|
||||||
|
test-ca-sha256.crt.der: test-ca-sha256.crt
|
||||||
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += test-ca-sha256.crt.der
|
||||||
|
|
||||||
test_ca_key_file_rsa_alt = test-ca-alt.key
|
test_ca_key_file_rsa_alt = test-ca-alt.key
|
||||||
|
|
||||||
$(test_ca_key_file_rsa_alt):
|
$(test_ca_key_file_rsa_alt):
|
||||||
|
@ -113,6 +127,14 @@ test-ca.req_ec.sha256: $(test_ca_key_file_ec)
|
||||||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL, O=PolarSSL, CN=Polarssl Test EC CA" md=SHA256
|
||||||
all_intermediate += test-ca.req_ec.sha256
|
all_intermediate += test-ca.req_ec.sha256
|
||||||
|
|
||||||
|
test-ca2.crt.der: $(test_ca_crt_file_ec)
|
||||||
|
$(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER
|
||||||
|
all_final += test-ca2.crt.der
|
||||||
|
|
||||||
|
test-ca2.key.der: $(test_ca_key_file_ec)
|
||||||
|
$(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER
|
||||||
|
all_final += test-ca2.key.der
|
||||||
|
|
||||||
test_ca_crt_cat12 = test-ca_cat12.crt
|
test_ca_crt_cat12 = test-ca_cat12.crt
|
||||||
$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
|
$(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec)
|
||||||
cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
|
cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@
|
||||||
|
@ -151,6 +173,14 @@ cli-rsa-sha256.crt: cli-rsa.csr
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
|
||||||
all_final += cli-rsa-sha256.crt
|
all_final += cli-rsa-sha256.crt
|
||||||
|
|
||||||
|
cli-rsa-sha256.crt.der: cli-rsa-sha256.crt
|
||||||
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += cli-rsa-sha256.crt.der
|
||||||
|
|
||||||
|
cli-rsa.key.der: $(cli_crt_key_file_rsa)
|
||||||
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += cli-rsa.key.der
|
||||||
|
|
||||||
test_ca_int_rsa1 = test-int-ca.crt
|
test_ca_int_rsa1 = test-int-ca.crt
|
||||||
|
|
||||||
server7.csr: server7.key
|
server7.csr: server7.key
|
||||||
|
@ -169,6 +199,22 @@ server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
|
||||||
cat server7.crt test-int-ca-exp.crt > $@
|
cat server7.crt test-int-ca-exp.crt > $@
|
||||||
all_final += server7_int-ca-exp.crt
|
all_final += server7_int-ca-exp.crt
|
||||||
|
|
||||||
|
cli2.crt.der: cli2.crt
|
||||||
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += cli2.crt.der
|
||||||
|
|
||||||
|
cli2.key.der: cli2.key
|
||||||
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += cli2.key.der
|
||||||
|
|
||||||
|
server5.crt.der: server5.crt
|
||||||
|
$(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += server5.crt.der
|
||||||
|
|
||||||
|
server5.key.der: server5.key
|
||||||
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += server5.key.der
|
||||||
|
|
||||||
server5-ss-expired.crt: server5.key
|
server5-ss-expired.crt: server5.key
|
||||||
$(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
|
$(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@
|
||||||
all_final += server5-ss-expired.crt
|
all_final += server5-ss-expired.crt
|
||||||
|
@ -844,6 +890,18 @@ server2.req.sha256: server2.key
|
||||||
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
|
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256
|
||||||
all_intermediate += server2.req.sha256
|
all_intermediate += server2.req.sha256
|
||||||
|
|
||||||
|
server2.crt.der: server2.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server2.crt.der
|
||||||
|
|
||||||
|
server2-sha256.crt.der: server2-sha256.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server2-sha256.crt.der
|
||||||
|
|
||||||
|
server2.key.der: server2.key
|
||||||
|
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER
|
||||||
|
all_final += server2.key.der
|
||||||
|
|
||||||
# server5*
|
# server5*
|
||||||
|
|
||||||
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
|
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
|
||||||
|
@ -873,9 +931,9 @@ server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rs
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
||||||
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
||||||
server1.der: server1.crt
|
server1.crt.der: server1.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
all_final += server1.crt server1.noauthid.crt server1.der
|
all_final += server1.crt server1.noauthid.crt server1.crt.der
|
||||||
|
|
||||||
server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
||||||
|
@ -928,9 +986,7 @@ server1_all: server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt
|
||||||
|
|
||||||
server2.crt: server2.req.sha256
|
server2.crt: server2.req.sha256
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
||||||
server2.der: server2.crt
|
all_final += server2.crt
|
||||||
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
|
||||||
all_final += server2.crt server2.der
|
|
||||||
|
|
||||||
server2-sha256.crt: server2.req.sha256
|
server2-sha256.crt: server2.req.sha256
|
||||||
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
|
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@
|
||||||
|
|
BIN
tests/data_files/cli-rsa-sha256.crt.der
Normal file
BIN
tests/data_files/cli-rsa-sha256.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/cli-rsa-sha256.key.der
Normal file
BIN
tests/data_files/cli-rsa-sha256.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/cli-rsa.key.der
Normal file
BIN
tests/data_files/cli-rsa.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/cli2.crt.der
Normal file
BIN
tests/data_files/cli2.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/cli2.key.der
Normal file
BIN
tests/data_files/cli2.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/server2-sha256.crt.der
Normal file
BIN
tests/data_files/server2-sha256.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/server2.key.der
Normal file
BIN
tests/data_files/server2.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/server5.crt.der
Normal file
BIN
tests/data_files/server5.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/server5.key.der
Normal file
BIN
tests/data_files/server5.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/test-ca-sha256.crt.der
Normal file
BIN
tests/data_files/test-ca-sha256.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/test-ca.crt.der
Normal file
BIN
tests/data_files/test-ca.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/test-ca.key.der
Normal file
BIN
tests/data_files/test-ca.key.der
Normal file
Binary file not shown.
BIN
tests/data_files/test-ca2.crt.der
Normal file
BIN
tests/data_files/test-ca2.crt.der
Normal file
Binary file not shown.
BIN
tests/data_files/test-ca2.key.der
Normal file
BIN
tests/data_files/test-ca2.key.der
Normal file
Binary file not shown.
9
tests/data_files/test-ca2.key.enc
Normal file
9
tests/data_files/test-ca2.key.enc
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
Proc-Type: 4,ENCRYPTED
|
||||||
|
DEK-Info: DES-EDE3-CBC,307EAB469933D64E
|
||||||
|
|
||||||
|
IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG
|
||||||
|
ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq
|
||||||
|
UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb
|
||||||
|
a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm
|
||||||
|
-----END EC PRIVATE KEY-----
|
|
@ -673,6 +673,20 @@ component_test_no_renegotiation () {
|
||||||
if_build_succeeded tests/ssl-opt.sh
|
if_build_succeeded tests/ssl-opt.sh
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_test_no_pem_no_fs () {
|
||||||
|
msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)"
|
||||||
|
scripts/config.pl unset MBEDTLS_PEM_PARSE_C
|
||||||
|
scripts/config.pl unset MBEDTLS_FS_IO
|
||||||
|
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||||
|
make
|
||||||
|
|
||||||
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s
|
||||||
|
make test
|
||||||
|
|
||||||
|
msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min
|
||||||
|
if_build_succeeded tests/ssl-opt.sh
|
||||||
|
}
|
||||||
|
|
||||||
component_test_rsa_no_crt () {
|
component_test_rsa_no_crt () {
|
||||||
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
|
msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min
|
||||||
scripts/config.pl set MBEDTLS_RSA_NO_CRT
|
scripts/config.pl set MBEDTLS_RSA_NO_CRT
|
||||||
|
|
|
@ -551,6 +551,12 @@ run_test() {
|
||||||
CLI_EXPECT="$3"
|
CLI_EXPECT="$3"
|
||||||
shift 3
|
shift 3
|
||||||
|
|
||||||
|
# Check if test uses files
|
||||||
|
TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" )
|
||||||
|
if [ ! -z "$TEST_USES_FILES" ]; then
|
||||||
|
requires_config_enabled MBEDTLS_FS_IO
|
||||||
|
fi
|
||||||
|
|
||||||
# Check if server forces ciphersuite
|
# Check if server forces ciphersuite
|
||||||
FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
|
FORCE_CIPHERSUITE=$(echo "$SRV_CMD" | sed -n 's/^.*force_ciphersuite=\([a-zA-Z0-9\-]*\).*$/\1/p')
|
||||||
if [ ! -z "$FORCE_CIPHERSUITE" ]; then
|
if [ ! -z "$FORCE_CIPHERSUITE" ]; then
|
||||||
|
|
|
@ -4,7 +4,7 @@ x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number
|
||||||
|
|
||||||
X509 Certificate information #1 (DER)
|
X509 Certificate information #1 (DER)
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_cert_info:"data_files/server1.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
|
x509_cert_info:"data_files/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
|
||||||
|
|
||||||
X509 Certificate information #2
|
X509 Certificate information #2
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
|
@ -12,7 +12,7 @@ x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number
|
||||||
|
|
||||||
X509 Certificate information #2 (DER)
|
X509 Certificate information #2 (DER)
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_cert_info:"data_files/server2.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
|
x509_cert_info:"data_files/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
|
||||||
|
|
||||||
X509 Certificate information #3
|
X509 Certificate information #3
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
|
@ -20,7 +20,7 @@ x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number
|
||||||
|
|
||||||
X509 Certificate information #3 (DER)
|
X509 Certificate information #3 (DER)
|
||||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
|
||||||
x509_cert_info:"data_files/test-ca.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
|
x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
|
||||||
|
|
||||||
X509 Certificate information MD2 Digest
|
X509 Certificate information MD2 Digest
|
||||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
|
||||||
|
|
Loading…
Reference in a new issue