Merge miscellaneous fixes into development
This commit is contained in:
commit
d7e2483bfc
@ -4,26 +4,30 @@ project(POLARSSL C)
|
||||
string(REGEX MATCH "Clang" CMAKE_COMPILER_IS_CLANG "${CMAKE_C_COMPILER_ID}")
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS "-Wall -Wextra -W -Wdeclaration-after-statement -Wlogical-op -Wwrite-strings")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wlogical-op")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -O3")
|
||||
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
|
||||
set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
|
||||
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wpointer-arith -Wwrite-strings -Wdocumentation -Wunreachable-code")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-g3 -O0")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-g3 -O0 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-fsanitize=address -fno-omit-frame-pointer -g3 -O1 -Werror")
|
||||
set(CMAKE_C_FLAGS_CHECK "-O1 -Werror")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wall -Wextra -W -Wdeclaration-after-statement -Wwrite-strings -Wpointer-arith")
|
||||
set(CMAKE_C_FLAGS_RELEASE "-O2")
|
||||
set(CMAKE_C_FLAGS_DEBUG "-O0 -g3")
|
||||
set(CMAKE_C_FLAGS_COVERAGE "-O0 -g3 --coverage")
|
||||
set(CMAKE_C_FLAGS_ASAN "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O3")
|
||||
set(CMAKE_C_FLAGS_ASANDBG "-Werror -fsanitize=address -fno-common -fsanitize=undefined -fno-sanitize-recover -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls ")
|
||||
set(CMAKE_C_FLAGS_MEMSAN "-Werror -fsanitize=memory -O3")
|
||||
set(CMAKE_C_FLAGS_MEMSANDBG "-Werror -fsanitize=memory -O1 -g3 -fno-omit-frame-pointer -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2")
|
||||
set(CMAKE_C_FLAGS_CHECK "-Werror -O1")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
|
||||
set(CMAKE_BUILD_TYPE ${CMAKE_BUILD_TYPE}
|
||||
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan Check CheckFull"
|
||||
CACHE STRING "Choose the type of build: None Debug Release Coverage ASan ASanDbg MemSan MemSanDbg Check CheckFull"
|
||||
FORCE)
|
||||
|
||||
if(CMAKE_BUILD_TYPE STREQUAL "Coverage")
|
||||
|
38
ChangeLog
38
ChangeLog
@ -4,16 +4,29 @@ PolarSSL ChangeLog (Sorted per branch, date)
|
||||
|
||||
Reminder: bump SONAME for ABI change (FALLBACK_SCSV, session-hash, EtM)
|
||||
|
||||
Features
|
||||
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv)
|
||||
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
||||
* Add support for Encrypt-then-MAC (RFC 7366)
|
||||
|
||||
Security
|
||||
* NULL pointer dereference in the buffer-based allocator when the buffer is
|
||||
full and polarssl_free() is called (found by Jean-Philippe Aumasson)
|
||||
(only possible if POLARSSL_MEMORY_BUFFER_ALLOC_C is enabled, which it is
|
||||
not by default).
|
||||
* Fix remotely-triggerable uninitialised pointer dereference caused by
|
||||
crafted X.509 certificate (TLS server is not affected if it doesn't ask for a
|
||||
client certificate) (found using Codenomicon Defensics).
|
||||
* Fix remotely-triggerable memory leak caused by crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
* Fix potential stack overflow while parsing crafted X.509 certificates
|
||||
(TLS server is not affected if it doesn't ask for a client certificate)
|
||||
(found using Codenomicon Defensics).
|
||||
|
||||
Features
|
||||
* Add support for FALLBACK_SCSV (draft-ietf-tls-downgrade-scsv)
|
||||
* Add support for Extended Master Secret (draft-ietf-tls-session-hash)
|
||||
* Add support for Encrypt-then-MAC (RFC 7366)
|
||||
* Add function pk_check_pair() to test if public and private keys match.
|
||||
* Add x509_crl_parse_der().
|
||||
* Add compile-time option POLARSSL_X509_MAX_INTERMEDIATE_CA to limit the
|
||||
length of an X.509 verification chain.
|
||||
|
||||
Bugfix
|
||||
* Stack buffer overflow if ctr_drbg_update() is called with too large
|
||||
@ -21,6 +34,21 @@ Bugfix
|
||||
* Possible buffer overflow of length at most POLARSSL_MEMORY_ALIGN_MULTIPLE
|
||||
if memory_buffer_alloc_init() was called with buf not aligned and len not
|
||||
a multiple of POLARSSL_MEMORY_ALIGN_MULTIPLE.
|
||||
* User set CFLAGS were ignore by Cmake with gcc (introduced in 1.3.9, found
|
||||
by Julian Ospald).
|
||||
* Fix potential undefined behaviour in Camellia.
|
||||
* Fix potential failure in ECDSA signatures when POLARSSL_ECP_MAX_BITS is a
|
||||
multiple of 8 (found by Gergely Budai).
|
||||
|
||||
Changes
|
||||
* Use deterministic nonces for AEAD ciphers in TLS by default (possible to
|
||||
switch back to random with POLARSSL_SSL_AEAD_RANDOM_IV in config.h).
|
||||
* Blind RSA private operations even when POLARSSL_RSA_NO_CRT is defined.
|
||||
* ssl_set_own_cert() now returns an error on key-certificate mismatch.
|
||||
* Forbid repeated extensions in X.509 certificates.
|
||||
* debug_print_buf() now prints a text view in addition to hexadecimal.
|
||||
* Skip writing and parsing signature_algorithm extension if none of the
|
||||
key exchanges enabled needs certificates.
|
||||
|
||||
= PolarSSL 1.3.9 released 2014-10-20
|
||||
Security
|
||||
|
37
README.rst
37
README.rst
@ -2,6 +2,15 @@
|
||||
README for PolarSSL
|
||||
===================
|
||||
|
||||
Configuration
|
||||
=============
|
||||
|
||||
PolarSSL should build out of the box on most systems. Some platform specific options are available in the fully-documented configuration file *include/polarssl/config.h*, which is also the place where features can be selected.
|
||||
This file can be edited manually, or in a more programmatic way using the Perl
|
||||
script *scripts/config.pl* (use *--help* for usage instructions).
|
||||
|
||||
Compiler options can be set using standard variables such as *CC* and *CFLAGS* when using the Make and CMake build system (see below).
|
||||
|
||||
Compiling
|
||||
=========
|
||||
|
||||
@ -39,7 +48,7 @@ In order to build the source using CMake, just enter at the command line::
|
||||
|
||||
make
|
||||
|
||||
There are 5 different active build modes specified within the CMake buildsystem:
|
||||
There are many different build modes available within the CMake buildsystem. Most of them are available for gcc and clang, though some are compiler-specific:
|
||||
|
||||
- Release.
|
||||
This generates the default code without any unnecessary information in the binary files.
|
||||
@ -49,13 +58,30 @@ There are 5 different active build modes specified within the CMake buildsystem:
|
||||
This generates code coverage information in addition to debug information.
|
||||
- ASan.
|
||||
This instruments the code with AddressSanitizer to check for memory errors.
|
||||
(This includes LeakSanitizer, with recent version of gcc and clang.)
|
||||
(With recent version of clang, this mode also intruments the code with
|
||||
UndefinedSanitizer to check for undefined behaviour.)
|
||||
- ASanDbg.
|
||||
Same as ASan but slower, with debug information and better stack traces.
|
||||
- MemSan.
|
||||
This intruments the code with MemorySanitizer to check for uninitialised
|
||||
memory reads. Experimental, needs recent clang on Linux/x86_64.
|
||||
- MemSanDbg.
|
||||
Same as ASan but slower, with debug information, better stack traces and
|
||||
origin tracking.
|
||||
- Check.
|
||||
This activates more compiler warnings and treats them as errors.
|
||||
This activates the compiler warnings that depend on optimisation and treats
|
||||
all warnings as errors.
|
||||
|
||||
Switching build modes in CMake is simple. For debug mode, enter at the command line:
|
||||
|
||||
cmake -D CMAKE_BUILD_TYPE:String="Debug" .
|
||||
|
||||
Note that, with CMake, if you want to change the compiler or its options after you already ran CMake, you need to clear its cache first, eg (using GNU find)::
|
||||
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CC=gcc CFLAGS='-fstack-protector-strong -Wa,--noexecstack' cmake .
|
||||
|
||||
In order to run the tests, enter::
|
||||
|
||||
make test
|
||||
@ -77,6 +103,13 @@ Tests
|
||||
|
||||
PolarSSL includes an elaborate test suite in *tests/* that initially requires Perl to generate the tests files (e.g. *test_suite_mpi.c*). These files are generates from a **function file** (e.g. *suites/test_suite_mpi.function*) and a **data file** (e.g. *suites/test_suite_mpi.data*). The **function file** contains the template for each test function. The **data file** contains the test cases, specified as parameters that should be pushed into a template function.
|
||||
|
||||
For machines with a Unix shell and OpenSSL (and optionnally GnuTLS) installed, additional test scripts are available:
|
||||
|
||||
- *tests/ssl-opt.sh* runs integration tests for various TLS options (renegotiation, resumption, etc.) and tests interoperability of these options with other implementations.
|
||||
- *tests/compat.sh* tests interoperability of every ciphersuite with other implementations.
|
||||
- *tests/scripts/test-ref-configs.pl* test builds in various reduced configurations.
|
||||
- *tests/scripts/all.sh* runs a combination of the above tests with various build options (eg ASan).
|
||||
|
||||
Configurations
|
||||
==============
|
||||
|
||||
|
@ -18,7 +18,7 @@ them, you can pick one of the following methods:
|
||||
|
||||
Or, using cmake:
|
||||
|
||||
rm CMakeCache.txt
|
||||
find . -iname '*cmake*' -not -name CMakeLists.txt -exec rm -rf {} +
|
||||
CFLAGS="-I$PWD/configs -DPOLARSSL_CONFIG_FILE='<foo.h>'" cmake .
|
||||
make
|
||||
|
||||
|
@ -781,6 +781,18 @@
|
||||
*/
|
||||
#define POLARSSL_SELF_TEST
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_AEAD_RANDOM_IV
|
||||
*
|
||||
* Generate a random IV rather than using the record sequence number as a
|
||||
* nonce for ciphersuites using and AEAD algorithm (GCM or CCM).
|
||||
*
|
||||
* Using the sequence number is generally recommended.
|
||||
*
|
||||
* Uncomment this macro to always use random IVs with AEAD ciphersuites.
|
||||
*/
|
||||
//#define POLARSSL_SSL_AEAD_RANDOM_IV
|
||||
|
||||
/**
|
||||
* \def POLARSSL_SSL_ALL_ALERT_MESSAGES
|
||||
*
|
||||
@ -954,8 +966,7 @@
|
||||
/**
|
||||
* \def POLARSSL_SSL_ALPN
|
||||
*
|
||||
* Enable support for Application Layer Protocol Negotiation.
|
||||
* draft-ietf-tls-applayerprotoneg-05
|
||||
* Enable support for RFC 7301 Application Layer Protocol Negotiation.
|
||||
*
|
||||
* Comment this macro to disable support for ALPN.
|
||||
*/
|
||||
@ -2226,6 +2237,9 @@
|
||||
/* Debug options */
|
||||
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
|
||||
|
||||
/* X509 options */
|
||||
//#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
|
||||
|
||||
/* \} name SECTION: Module configuration options */
|
||||
|
||||
#include "check_config.h"
|
||||
|
@ -413,6 +413,8 @@ int ecp_point_read_binary( const ecp_group *grp, ecp_point *P,
|
||||
* \param buf $(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
*
|
||||
* \note buf is updated to point right after the ECPoint on exit
|
||||
*
|
||||
* \return O if successful,
|
||||
* POLARSSL_ERR_MPI_XXX if initialization failed
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
@ -479,6 +481,8 @@ int ecp_use_known_dp( ecp_group *grp, ecp_group_id index );
|
||||
* \param buf &(Start of input buffer)
|
||||
* \param len Buffer length
|
||||
*
|
||||
* \note buf is updated to point right after ECParameters on exit
|
||||
*
|
||||
* \return O if successful,
|
||||
* POLARSSL_ERR_MPI_XXX if initialization failed
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA if input is invalid
|
||||
@ -635,6 +639,18 @@ int ecp_gen_keypair( ecp_group *grp, mpi *d, ecp_point *Q,
|
||||
int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check a public-private key pair
|
||||
*
|
||||
* \param pub Keypair structure holding a public key
|
||||
* \param prv Keypair structure holding a private (plus public) key
|
||||
*
|
||||
* \return 0 if successfull (keys are valid and match), or
|
||||
* POLARSSL_ERR_ECP_BAD_INPUT_DATA, or
|
||||
* a POLARSSL_ERR_ECP_XXX or POLARSSL_ERR_MPI_XXX code.
|
||||
*/
|
||||
int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv );
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
/**
|
||||
* \brief Checkup routine
|
||||
|
@ -177,6 +177,9 @@ typedef struct
|
||||
int (*f_rng)(void *, unsigned char *, size_t),
|
||||
void *p_rng );
|
||||
|
||||
/** Check public-private key pair */
|
||||
int (*check_pair_func)( const void *pub, const void *prv );
|
||||
|
||||
/** Allocate a new context */
|
||||
void * (*ctx_alloc_func)( void );
|
||||
|
||||
@ -426,6 +429,16 @@ int pk_encrypt( pk_context *ctx,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
|
||||
|
||||
/**
|
||||
* \brief Check if a public-private pair of keys matches.
|
||||
*
|
||||
* \param pub Context holding a public key.
|
||||
* \param prv Context holding a private (and public) key.
|
||||
*
|
||||
* \return 0 on success or POLARSSL_ERR_PK_BAD_INPUT_DATA
|
||||
*/
|
||||
int pk_check_pair( const pk_context *pub, const pk_context *prv );
|
||||
|
||||
/**
|
||||
* \brief Export debug information
|
||||
*
|
||||
@ -625,6 +638,14 @@ int pk_write_pubkey( unsigned char **p, unsigned char *start,
|
||||
const pk_context *key );
|
||||
#endif /* POLARSSL_PK_WRITE_C */
|
||||
|
||||
/*
|
||||
* Internal module functions. You probably do not want to use these unless you
|
||||
* know you do.
|
||||
*/
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
int pk_load_file( const char *path, unsigned char **buf, size_t *n );
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
@ -99,10 +99,8 @@ typedef struct
|
||||
mpi RP; /*!< cached R^2 mod P */
|
||||
mpi RQ; /*!< cached R^2 mod Q */
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi Vi; /*!< cached blinding value */
|
||||
mpi Vf; /*!< cached un-blinding value */
|
||||
#endif
|
||||
|
||||
int padding; /*!< RSA_PKCS_V15 for 1.5 padding and
|
||||
RSA_PKCS_v21 for OAEP/PSS */
|
||||
@ -191,6 +189,17 @@ int rsa_check_pubkey( const rsa_context *ctx );
|
||||
*/
|
||||
int rsa_check_privkey( const rsa_context *ctx );
|
||||
|
||||
/**
|
||||
* \brief Check a public-private RSA key pair.
|
||||
* Check each of the contexts, and make sure they match.
|
||||
*
|
||||
* \param pub RSA context holding the public key
|
||||
* \param prv RSA context holding the private key
|
||||
*
|
||||
* \return 0 if successful, or an POLARSSL_ERR_RSA_XXX error code
|
||||
*/
|
||||
int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv );
|
||||
|
||||
/**
|
||||
* \brief Do an RSA public key operation
|
||||
*
|
||||
|
@ -458,7 +458,7 @@ union _ssl_premaster_secret
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
|
||||
unsigned char _pms_rsa_psk[52 + POLARSSL_PSK_MAX_LEN]; /* RFC 4279 4 */
|
||||
#endif
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
|
||||
unsigned char _pms_ecdhe_psk[4 + POLARSSL_ECP_MAX_BYTES
|
||||
+ POLARSSL_PSK_MAX_LEN]; /* RFC 5489 2 */
|
||||
#endif
|
||||
@ -1055,9 +1055,11 @@ void ssl_set_bio( ssl_context *ssl,
|
||||
int (*f_recv)(void *, unsigned char *, size_t), void *p_recv,
|
||||
int (*f_send)(void *, const unsigned char *, size_t), void *p_send );
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
/**
|
||||
* \brief Set the session cache callbacks (server-side only)
|
||||
* If not set, no session resuming is done.
|
||||
* If not set, no session resuming is done (except if session
|
||||
* tickets are enabled too).
|
||||
*
|
||||
* The session cache has the responsibility to check for stale
|
||||
* entries based on timeout. See RFC 5246 for recommendations.
|
||||
@ -1095,7 +1097,9 @@ void ssl_set_bio( ssl_context *ssl,
|
||||
void ssl_set_session_cache( ssl_context *ssl,
|
||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache );
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Request resumption of session (client-side only)
|
||||
* Session data is copied from presented session structure.
|
||||
@ -1111,6 +1115,7 @@ void ssl_set_session_cache( ssl_context *ssl,
|
||||
* \sa ssl_get_session()
|
||||
*/
|
||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session );
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/**
|
||||
* \brief Set the list of allowed ciphersuites and the preference
|
||||
@ -1661,6 +1666,7 @@ const char *ssl_get_version( const ssl_context *ssl );
|
||||
const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
/**
|
||||
* \brief Save session in order to resume it later (client-side only)
|
||||
* Session data is copied to presented session structure.
|
||||
@ -1678,6 +1684,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl );
|
||||
* \sa ssl_set_session()
|
||||
*/
|
||||
int ssl_get_session( const ssl_context *ssl, ssl_session *session );
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/**
|
||||
* \brief Perform the SSL handshake
|
||||
|
@ -233,7 +233,9 @@ extern "C" {
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 0xC0AE /**< TLS 1.2 */
|
||||
#define TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 0xC0AF /**< TLS 1.2 */
|
||||
|
||||
/* Reminder: update _ssl_premaster_secret when adding a new key exchange */
|
||||
/* Reminder: update _ssl_premaster_secret when adding a new key exchange.
|
||||
* Reminder: update POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED below.
|
||||
*/
|
||||
typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_NONE = 0,
|
||||
POLARSSL_KEY_EXCHANGE_RSA,
|
||||
@ -248,6 +250,17 @@ typedef enum {
|
||||
POLARSSL_KEY_EXCHANGE_ECDH_ECDSA,
|
||||
} key_exchange_type_t;
|
||||
|
||||
#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
|
||||
defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
|
||||
#define POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED
|
||||
#endif
|
||||
|
||||
typedef struct _ssl_ciphersuite_t ssl_ciphersuite_t;
|
||||
|
||||
#define POLARSSL_CIPHERSUITE_WEAK 0x01 /**< Weak ciphersuite flag */
|
||||
|
@ -45,6 +45,18 @@
|
||||
* \{
|
||||
*/
|
||||
|
||||
#if !defined(POLARSSL_X509_MAX_INTERMEDIATE_CA)
|
||||
/**
|
||||
* Maximum number of intermediate CAs in a verification chain.
|
||||
* That is, maximum length of the chain, excluding the end-entity certificate
|
||||
* and the trusted root certificate.
|
||||
*
|
||||
* Set this to a low value to prevent an adversary from making you waste
|
||||
* resources verifying an overlong certificate chain.
|
||||
*/
|
||||
#define POLARSSL_X509_MAX_INTERMEDIATE_CA 8
|
||||
#endif
|
||||
|
||||
/**
|
||||
* \name X509 Error codes
|
||||
* \{
|
||||
@ -295,7 +307,6 @@ int x509_get_serial( unsigned char **p, const unsigned char *end,
|
||||
x509_buf *serial );
|
||||
int x509_get_ext( unsigned char **p, const unsigned char *end,
|
||||
x509_buf *ext, int tag );
|
||||
int x509_load_file( const char *path, unsigned char **buf, size_t *n );
|
||||
int x509_sig_alg_gets( char *buf, size_t size, const x509_buf *sig_oid,
|
||||
pk_type_t pk_alg, md_type_t md_alg,
|
||||
const void *sig_opts );
|
||||
|
@ -100,11 +100,23 @@ typedef struct _x509_crl
|
||||
x509_crl;
|
||||
|
||||
/**
|
||||
* \brief Parse one or more CRLs and add them
|
||||
* to the chained list
|
||||
* \brief Parse a DER-encoded CRL and append it to the chained list
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the CRL data
|
||||
* \param buf buffer holding the CRL data in DER format
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
int x509_crl_parse_der( x509_crl *chain,
|
||||
const unsigned char *buf, size_t buflen );
|
||||
/**
|
||||
* \brief Parse one or more CRLs and append them to the chained list
|
||||
*
|
||||
* \note Mutliple CRLs are accepted only if using PEM format
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param buf buffer holding the CRL data in PEM or DER format
|
||||
* \param buflen size of the buffer
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
@ -113,11 +125,12 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen );
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/**
|
||||
* \brief Load one or more CRLs and add them
|
||||
* to the chained list
|
||||
* \brief Load one or more CRLs and append them to the chained list
|
||||
*
|
||||
* \note Mutliple CRLs are accepted only if using PEM format
|
||||
*
|
||||
* \param chain points to the start of the chain
|
||||
* \param path filename to read the CRLs from
|
||||
* \param path filename to read the CRLs from (in PEM or DER encoding)
|
||||
*
|
||||
* \return 0 if successful, or a specific X509 or PEM error code
|
||||
*/
|
||||
|
@ -78,12 +78,11 @@ set(libs ws2_32)
|
||||
endif(WIN32)
|
||||
|
||||
if(CMAKE_COMPILER_IS_GNUCC)
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
|
||||
set(CMAKE_C_FLAGS_CHECKFULL "${CMAKE_C_FLAGS_CHECK} -Wcast-qual")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes")
|
||||
endif(CMAKE_COMPILER_IS_GNUCC)
|
||||
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wmissing-declarations -Wmissing-prototypes")
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wmissing-declarations -Wmissing-prototypes -Wdocumentation -Wunreachable-code")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
|
||||
if (NOT USE_STATIC_POLARSSL_LIBRARY AND NOT USE_SHARED_POLARSSL_LIBRARY)
|
||||
|
@ -278,6 +278,8 @@ int asn1_get_sequence_of( unsigned char **p,
|
||||
if( cur->next == NULL )
|
||||
return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
|
||||
|
||||
memset( cur->next, 0, sizeof( asn1_sequence ) );
|
||||
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
@ -327,6 +327,8 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head,
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
memcpy( cur->oid.p, oid, oid_len );
|
||||
|
||||
cur->val.len = val_len;
|
||||
cur->val.p = polarssl_malloc( val_len );
|
||||
if( cur->val.p == NULL )
|
||||
@ -336,8 +338,6 @@ asn1_named_data *asn1_store_named_data( asn1_named_data **head,
|
||||
return( NULL );
|
||||
}
|
||||
|
||||
memcpy( cur->oid.p, oid, oid_len );
|
||||
|
||||
cur->next = *head;
|
||||
*head = cur;
|
||||
}
|
||||
|
@ -304,14 +304,14 @@ static void camellia_feistel( const uint32_t x[2], const uint32_t k[2],
|
||||
I0 = x[0] ^ k[0];
|
||||
I1 = x[1] ^ k[1];
|
||||
|
||||
I0 = (SBOX1((I0 >> 24) & 0xFF) << 24) |
|
||||
(SBOX2((I0 >> 16) & 0xFF) << 16) |
|
||||
(SBOX3((I0 >> 8) & 0xFF) << 8) |
|
||||
(SBOX4((I0 ) & 0xFF) );
|
||||
I1 = (SBOX2((I1 >> 24) & 0xFF) << 24) |
|
||||
(SBOX3((I1 >> 16) & 0xFF) << 16) |
|
||||
(SBOX4((I1 >> 8) & 0xFF) << 8) |
|
||||
(SBOX1((I1 ) & 0xFF) );
|
||||
I0 = ((uint32_t) SBOX1((I0 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX2((I0 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX3((I0 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX4((I0 ) & 0xFF) );
|
||||
I1 = ((uint32_t) SBOX2((I1 >> 24) & 0xFF) << 24) |
|
||||
((uint32_t) SBOX3((I1 >> 16) & 0xFF) << 16) |
|
||||
((uint32_t) SBOX4((I1 >> 8) & 0xFF) << 8) |
|
||||
((uint32_t) SBOX1((I1 ) & 0xFF) );
|
||||
|
||||
I0 ^= (I1 << 8) | (I1 >> 24);
|
||||
I1 ^= (I0 << 16) | (I0 >> 16);
|
||||
|
@ -123,6 +123,7 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
||||
unsigned char *buf, size_t len )
|
||||
{
|
||||
char str[512];
|
||||
char txt[17];
|
||||
size_t i, maxlen = sizeof( str ) - 1, idx = 0;
|
||||
|
||||
if( ssl->f_dbg == NULL || level > debug_threshold )
|
||||
@ -138,6 +139,7 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
for( i = 0; i < len; i++ )
|
||||
{
|
||||
if( i >= 4096 )
|
||||
@ -147,9 +149,11 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
||||
{
|
||||
if( i > 0 )
|
||||
{
|
||||
snprintf( str + idx, maxlen - idx, "\n" );
|
||||
snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
|
||||
idx = 0;
|
||||
memset( txt, 0, sizeof( txt ) );
|
||||
}
|
||||
|
||||
if( debug_log_mode == POLARSSL_DEBUG_LOG_FULL )
|
||||
@ -162,11 +166,15 @@ void debug_print_buf( const ssl_context *ssl, int level,
|
||||
|
||||
idx += snprintf( str + idx, maxlen - idx, " %02x",
|
||||
(unsigned int) buf[i] );
|
||||
txt[i % 16] = ( buf[i] > 31 && buf[i] < 127 ) ? buf[i] : '.' ;
|
||||
}
|
||||
|
||||
if( len > 0 )
|
||||
{
|
||||
snprintf( str + idx, maxlen - idx, "\n" );
|
||||
for( /* i = i */; i % 16 != 0; i++ )
|
||||
idx += snprintf( str + idx, maxlen - idx, " " );
|
||||
|
||||
snprintf( str + idx, maxlen - idx, " %s\n", txt );
|
||||
ssl->f_dbg( ssl->p_dbg, level, str );
|
||||
}
|
||||
}
|
||||
|
@ -333,7 +333,7 @@ cleanup:
|
||||
#if POLARSSL_ECP_MAX_BYTES > 124
|
||||
#error "POLARSSL_ECP_MAX_BYTES bigger than expected, please fix MAX_SIG_LEN"
|
||||
#endif
|
||||
#define MAX_SIG_LEN ( 3 + 2 * ( 2 + POLARSSL_ECP_MAX_BYTES ) )
|
||||
#define MAX_SIG_LEN ( 3 + 2 * ( 3 + POLARSSL_ECP_MAX_BYTES ) )
|
||||
|
||||
/*
|
||||
* Convert a signature (given by context) to ASN.1
|
||||
|
@ -1897,6 +1897,48 @@ int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
|
||||
return( ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check a public-private key pair
|
||||
*/
|
||||
int ecp_check_pub_priv( const ecp_keypair *pub, const ecp_keypair *prv )
|
||||
{
|
||||
int ret;
|
||||
ecp_point Q;
|
||||
ecp_group grp;
|
||||
|
||||
if( pub->grp.id == POLARSSL_ECP_DP_NONE ||
|
||||
pub->grp.id != prv->grp.id ||
|
||||
mpi_cmp_mpi( &pub->Q.X, &prv->Q.X ) ||
|
||||
mpi_cmp_mpi( &pub->Q.Y, &prv->Q.Y ) ||
|
||||
mpi_cmp_mpi( &pub->Q.Z, &prv->Q.Z ) )
|
||||
{
|
||||
return( POLARSSL_ERR_ECP_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
ecp_point_init( &Q );
|
||||
ecp_group_init( &grp );
|
||||
|
||||
/* ecp_mul() needs a non-const group... */
|
||||
ecp_group_copy( &grp, &prv->grp );
|
||||
|
||||
/* Also checks d is valid */
|
||||
MPI_CHK( ecp_mul( &grp, &Q, &prv->d, &prv->grp.G, NULL, NULL ) );
|
||||
|
||||
if( mpi_cmp_mpi( &Q.X, &prv->Q.X ) ||
|
||||
mpi_cmp_mpi( &Q.Y, &prv->Q.Y ) ||
|
||||
mpi_cmp_mpi( &Q.Z, &prv->Q.Z ) )
|
||||
{
|
||||
ret = POLARSSL_ERR_ECP_BAD_INPUT_DATA;
|
||||
goto cleanup;
|
||||
}
|
||||
|
||||
cleanup:
|
||||
ecp_point_free( &Q );
|
||||
ecp_group_free( &grp );
|
||||
|
||||
return( ret );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SELF_TEST)
|
||||
|
||||
/*
|
||||
|
@ -496,12 +496,12 @@ int net_set_nonblock( int fd )
|
||||
void net_usleep( unsigned long usec )
|
||||
{
|
||||
struct timeval tv;
|
||||
tv.tv_sec = 0;
|
||||
tv.tv_sec = usec / 1000000;
|
||||
#if !defined(_WIN32) && ( defined(__unix__) || defined(__unix) || \
|
||||
( defined(__APPLE__) && defined(__MACH__) ) )
|
||||
tv.tv_usec = (suseconds_t) usec;
|
||||
tv.tv_usec = (suseconds_t) usec % 1000000;
|
||||
#else
|
||||
tv.tv_usec = usec;
|
||||
tv.tv_usec = usec % 1000000;
|
||||
#endif
|
||||
select( 0, NULL, NULL, NULL, &tv );
|
||||
}
|
||||
|
26
library/pk.c
26
library/pk.c
@ -300,6 +300,32 @@ int pk_encrypt( pk_context *ctx,
|
||||
output, olen, osize, f_rng, p_rng ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check public-private key pair
|
||||
*/
|
||||
int pk_check_pair( const pk_context *pub, const pk_context *prv )
|
||||
{
|
||||
if( pub == NULL || pub->pk_info == NULL ||
|
||||
prv == NULL || prv->pk_info == NULL ||
|
||||
prv->pk_info->check_pair_func == NULL )
|
||||
{
|
||||
return( POLARSSL_ERR_PK_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
if( prv->pk_info->type == POLARSSL_PK_RSA_ALT )
|
||||
{
|
||||
if( pub->pk_info->type != POLARSSL_PK_RSA )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
}
|
||||
else
|
||||
{
|
||||
if( pub->pk_info != prv->pk_info )
|
||||
return( POLARSSL_ERR_PK_TYPE_MISMATCH );
|
||||
}
|
||||
|
||||
return( prv->pk_info->check_pair_func( pub->pk_ctx, prv->pk_ctx ) );
|
||||
}
|
||||
|
||||
/*
|
||||
* Get key size in bits
|
||||
*/
|
||||
|
@ -117,14 +117,21 @@ static int rsa_encrypt_wrap( void *ctx,
|
||||
unsigned char *output, size_t *olen, size_t osize,
|
||||
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
|
||||
{
|
||||
((void) osize);
|
||||
|
||||
*olen = ((rsa_context *) ctx)->len;
|
||||
|
||||
if( *olen > osize )
|
||||
return( POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE );
|
||||
|
||||
return( rsa_pkcs1_encrypt( (rsa_context *) ctx,
|
||||
f_rng, p_rng, RSA_PUBLIC, ilen, input, output ) );
|
||||
}
|
||||
|
||||
static int rsa_check_pair_wrap( const void *pub, const void *prv )
|
||||
{
|
||||
return( rsa_check_pub_priv( (const rsa_context *) pub,
|
||||
(const rsa_context *) prv ) );
|
||||
}
|
||||
|
||||
static void *rsa_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( rsa_context ) );
|
||||
@ -163,6 +170,7 @@ const pk_info_t rsa_info = {
|
||||
rsa_sign_wrap,
|
||||
rsa_decrypt_wrap,
|
||||
rsa_encrypt_wrap,
|
||||
rsa_check_pair_wrap,
|
||||
rsa_alloc_wrap,
|
||||
rsa_free_wrap,
|
||||
rsa_debug,
|
||||
@ -234,6 +242,12 @@ static int eckey_sign_wrap( void *ctx, md_type_t md_alg,
|
||||
|
||||
#endif /* POLARSSL_ECDSA_C */
|
||||
|
||||
static int eckey_check_pair( const void *pub, const void *prv )
|
||||
{
|
||||
return( ecp_check_pub_priv( (const ecp_keypair *) pub,
|
||||
(const ecp_keypair *) prv ) );
|
||||
}
|
||||
|
||||
static void *eckey_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( ecp_keypair ) );
|
||||
@ -271,6 +285,7 @@ const pk_info_t eckey_info = {
|
||||
#endif
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair,
|
||||
eckey_alloc_wrap,
|
||||
eckey_free_wrap,
|
||||
eckey_debug,
|
||||
@ -294,6 +309,7 @@ const pk_info_t eckeydh_info = {
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair,
|
||||
eckey_alloc_wrap, /* Same underlying key structure */
|
||||
eckey_free_wrap, /* Same underlying key structure */
|
||||
eckey_debug, /* Same underlying key structure */
|
||||
@ -367,6 +383,7 @@ const pk_info_t ecdsa_info = {
|
||||
ecdsa_sign_wrap,
|
||||
NULL,
|
||||
NULL,
|
||||
eckey_check_pair, /* Compatible key structures */
|
||||
ecdsa_alloc_wrap,
|
||||
ecdsa_free_wrap,
|
||||
eckey_debug, /* Compatible key structures */
|
||||
@ -419,6 +436,36 @@ static int rsa_alt_decrypt_wrap( void *ctx,
|
||||
RSA_PRIVATE, olen, input, output, osize ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
static int rsa_alt_check_pair( const void *pub, const void *prv )
|
||||
{
|
||||
unsigned char sig[POLARSSL_MPI_MAX_SIZE];
|
||||
unsigned char hash[32];
|
||||
size_t sig_len = 0;
|
||||
int ret;
|
||||
|
||||
if( rsa_alt_get_size( prv ) != rsa_get_size( pub ) )
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
|
||||
memset( hash, 0x2a, sizeof( hash ) );
|
||||
|
||||
if( ( ret = rsa_alt_sign_wrap( (void *) prv, POLARSSL_MD_NONE,
|
||||
hash, sizeof( hash ),
|
||||
sig, &sig_len, NULL, NULL ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
if( rsa_verify_wrap( (void *) pub, POLARSSL_MD_NONE,
|
||||
hash, sizeof( hash ), sig, sig_len ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
static void *rsa_alt_alloc_wrap( void )
|
||||
{
|
||||
void *ctx = polarssl_malloc( sizeof( rsa_alt_context ) );
|
||||
@ -444,6 +491,11 @@ const pk_info_t rsa_alt_info = {
|
||||
rsa_alt_sign_wrap,
|
||||
rsa_alt_decrypt_wrap,
|
||||
NULL,
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
rsa_alt_check_pair,
|
||||
#else
|
||||
NULL,
|
||||
#endif
|
||||
rsa_alt_alloc_wrap,
|
||||
rsa_alt_free_wrap,
|
||||
NULL,
|
||||
|
@ -71,7 +71,7 @@ static void polarssl_zeroize( void *v, size_t n ) {
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*/
|
||||
static int load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
int pk_load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
{
|
||||
FILE *f;
|
||||
long size;
|
||||
@ -120,7 +120,7 @@ int pk_parse_keyfile( pk_context *ctx,
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( pwd == NULL )
|
||||
@ -144,7 +144,7 @@ int pk_parse_public_keyfile( pk_context *ctx, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = pk_parse_public_key( ctx, buf, n );
|
||||
|
@ -240,6 +240,26 @@ cleanup:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Check if contexts holding a public and private key match
|
||||
*/
|
||||
int rsa_check_pub_priv( const rsa_context *pub, const rsa_context *prv )
|
||||
{
|
||||
if( rsa_check_pubkey( pub ) != 0 ||
|
||||
rsa_check_privkey( prv ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
if( mpi_cmp_mpi( &pub->N, &prv->N ) != 0 ||
|
||||
mpi_cmp_mpi( &pub->E, &prv->E ) != 0 )
|
||||
{
|
||||
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Do an RSA public key operation
|
||||
*/
|
||||
@ -275,7 +295,6 @@ cleanup:
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
/*
|
||||
* Generate or update blinding values, see section 10 of:
|
||||
* KOCHER, Paul C. Timing attacks on implementations of Diffie-Hellman, RSA,
|
||||
@ -329,7 +348,6 @@ cleanup:
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* !POLARSSL_RSA_NO_CRT */
|
||||
|
||||
/*
|
||||
* Do an RSA private key operation
|
||||
@ -343,7 +361,6 @@ int rsa_private( rsa_context *ctx,
|
||||
int ret;
|
||||
size_t olen;
|
||||
mpi T, T1, T2;
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi *Vi, *Vf;
|
||||
|
||||
/*
|
||||
@ -361,7 +378,6 @@ int rsa_private( rsa_context *ctx,
|
||||
Vi = &ctx->Vi;
|
||||
Vf = &ctx->Vf;
|
||||
#endif
|
||||
#endif /* !POLARSSL_RSA_NO_CRT */
|
||||
|
||||
mpi_init( &T ); mpi_init( &T1 ); mpi_init( &T2 );
|
||||
|
||||
@ -372,11 +388,6 @@ int rsa_private( rsa_context *ctx,
|
||||
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_NO_CRT)
|
||||
((void) f_rng);
|
||||
((void) p_rng);
|
||||
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||
#else
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
/*
|
||||
@ -388,6 +399,9 @@ int rsa_private( rsa_context *ctx,
|
||||
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_NO_CRT)
|
||||
MPI_CHK( mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
|
||||
#else
|
||||
/*
|
||||
* faster decryption using the CRT
|
||||
*
|
||||
@ -409,6 +423,7 @@ int rsa_private( rsa_context *ctx,
|
||||
*/
|
||||
MPI_CHK( mpi_mul_mpi( &T1, &T, &ctx->Q ) );
|
||||
MPI_CHK( mpi_add_mpi( &T, &T2, &T1 ) );
|
||||
#endif /* POLARSSL_RSA_NO_CRT */
|
||||
|
||||
if( f_rng != NULL )
|
||||
{
|
||||
@ -419,14 +434,13 @@ int rsa_private( rsa_context *ctx,
|
||||
MPI_CHK( mpi_mul_mpi( &T, &T, Vf ) );
|
||||
MPI_CHK( mpi_mod_mpi( &T, &T, &ctx->N ) );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_NO_CRT */
|
||||
|
||||
olen = ctx->len;
|
||||
MPI_CHK( mpi_write_binary( &T, output, olen ) );
|
||||
|
||||
cleanup:
|
||||
mpi_free( &T ); mpi_free( &T1 ); mpi_free( &T2 );
|
||||
#if !defined(POLARSSL_RSA_NO_CRT) && defined(POLARSSL_THREADING_C)
|
||||
#if defined(POLARSSL_THREADING_C)
|
||||
mpi_free( &Vi_copy ); mpi_free( &Vf_copy );
|
||||
#endif
|
||||
|
||||
@ -1425,10 +1439,8 @@ int rsa_copy( rsa_context *dst, const rsa_context *src )
|
||||
MPI_CHK( mpi_copy( &dst->RP, &src->RP ) );
|
||||
MPI_CHK( mpi_copy( &dst->RQ, &src->RQ ) );
|
||||
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
MPI_CHK( mpi_copy( &dst->Vi, &src->Vi ) );
|
||||
MPI_CHK( mpi_copy( &dst->Vf, &src->Vf ) );
|
||||
#endif
|
||||
|
||||
dst->padding = src->padding;
|
||||
dst->hash_id = src->hash_id;
|
||||
@ -1445,9 +1457,7 @@ cleanup:
|
||||
*/
|
||||
void rsa_free( rsa_context *ctx )
|
||||
{
|
||||
#if !defined(POLARSSL_RSA_NO_CRT)
|
||||
mpi_free( &ctx->Vi ); mpi_free( &ctx->Vf );
|
||||
#endif
|
||||
mpi_free( &ctx->RQ ); mpi_free( &ctx->RP ); mpi_free( &ctx->RN );
|
||||
mpi_free( &ctx->QP ); mpi_free( &ctx->DQ ); mpi_free( &ctx->DP );
|
||||
mpi_free( &ctx->Q ); mpi_free( &ctx->P ); mpi_free( &ctx->D );
|
||||
|
@ -105,10 +105,8 @@ int ssl_cache_get( void *data, ssl_session *session )
|
||||
*/
|
||||
if( entry->peer_cert.p != NULL )
|
||||
{
|
||||
session->peer_cert =
|
||||
(x509_crt *) polarssl_malloc( sizeof(x509_crt) );
|
||||
|
||||
if( session->peer_cert == NULL )
|
||||
if( ( session->peer_cert = (x509_crt *) polarssl_malloc(
|
||||
sizeof(x509_crt) ) ) == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
goto exit;
|
||||
@ -226,8 +224,7 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
||||
/*
|
||||
* max_entries not reached, create new entry
|
||||
*/
|
||||
cur = (ssl_cache_entry *)
|
||||
polarssl_malloc( sizeof(ssl_cache_entry) );
|
||||
cur = (ssl_cache_entry *) polarssl_malloc( sizeof(ssl_cache_entry) );
|
||||
if( cur == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
@ -264,8 +261,8 @@ int ssl_cache_set( void *data, const ssl_session *session )
|
||||
*/
|
||||
if( session->peer_cert != NULL )
|
||||
{
|
||||
cur->peer_cert.p = (unsigned char *)
|
||||
polarssl_malloc( session->peer_cert->raw.len );
|
||||
cur->peer_cert.p = (unsigned char *) polarssl_malloc(
|
||||
session->peer_cert->raw.len );
|
||||
if( cur->peer_cert.p == NULL )
|
||||
{
|
||||
ret = 1;
|
||||
|
@ -142,7 +142,11 @@ static void ssl_write_renegotiation_ext( ssl_context *ssl,
|
||||
*olen = 5 + ssl->verify_data_len;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
/*
|
||||
* Only if we handle at least one key exchange that needs signatures.
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
||||
unsigned char *buf,
|
||||
size_t *olen )
|
||||
@ -236,7 +240,8 @@ static void ssl_write_signature_algorithms_ext( ssl_context *ssl,
|
||||
|
||||
*olen = 6 + sig_alg_len;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
static void ssl_write_supported_elliptic_curves_ext( ssl_context *ssl,
|
||||
@ -691,7 +696,8 @@ static int ssl_write_client_hello( ssl_context *ssl )
|
||||
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
ssl_write_signature_algorithms_ext( ssl, p + 2 + ext_len, &olen );
|
||||
ext_len += olen;
|
||||
#endif
|
||||
|
@ -465,7 +465,8 @@ static int ssl_parse_renegotiation_info( ssl_context *ssl,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
static int ssl_parse_signature_algorithms_ext( ssl_context *ssl,
|
||||
const unsigned char *buf,
|
||||
size_t len )
|
||||
@ -509,7 +510,8 @@ have_sig_alg:
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
static int ssl_parse_supported_elliptic_curves( ssl_context *ssl,
|
||||
@ -1495,7 +1497,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
return( ret );
|
||||
break;
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2)
|
||||
#if defined(POLARSSL_SSL_PROTO_TLS1_2) && \
|
||||
defined(POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||
case TLS_EXT_SIG_ALG:
|
||||
SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||
if( ssl->renegotiation == SSL_RENEGOTIATION )
|
||||
@ -1505,7 +1508,8 @@ static int ssl_parse_client_hello( ssl_context *ssl )
|
||||
if( ret != 0 )
|
||||
return( ret );
|
||||
break;
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1_2 &&
|
||||
POLARSSL_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||
|
||||
#if defined(POLARSSL_ECDH_C) || defined(POLARSSL_ECDSA_C)
|
||||
case TLS_EXT_SUPPORTED_ELLIPTIC_CURVES:
|
||||
|
@ -647,6 +647,7 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
/*
|
||||
* Finally setup the cipher contexts, IVs and MAC secrets.
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2;
|
||||
@ -665,6 +666,9 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
{
|
||||
key1 = keyblk + transform->maclen * 2 + transform->keylen;
|
||||
key2 = keyblk + transform->maclen * 2;
|
||||
@ -681,6 +685,12 @@ int ssl_derive_keys( ssl_context *ssl )
|
||||
memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
|
||||
iv_copy_len );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
if( ssl->minor_ver == SSL_MINOR_VERSION_0 )
|
||||
@ -1096,6 +1106,9 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
|
||||
mode = cipher_get_cipher_mode( &ssl->transform_out->cipher_ctx_enc );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
/*
|
||||
* Add MAC before if needed
|
||||
*/
|
||||
@ -1157,9 +1170,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
"including %d bytes of padding",
|
||||
ssl->out_msglen, 0 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen,
|
||||
@ -1202,6 +1212,7 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
/*
|
||||
* Generate IV
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_AEAD_RANDOM_IV)
|
||||
ret = ssl->f_rng( ssl->p_rng,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
@ -1211,6 +1222,18 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
memcpy( ssl->out_iv,
|
||||
ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
#else
|
||||
if( ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen != 8 )
|
||||
{
|
||||
/* Reminder if we ever add an AEAD mode with a different size */
|
||||
SSL_DEBUG_MSG( 1, ( "should never happen" ) );
|
||||
return( POLARSSL_ERR_SSL_INTERNAL_ERROR );
|
||||
}
|
||||
|
||||
memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
|
||||
ssl->out_ctr, 8 );
|
||||
memcpy( ssl->out_iv, ssl->out_ctr, 8 );
|
||||
#endif
|
||||
|
||||
SSL_DEBUG_BUF( 4, "IV used", ssl->out_iv,
|
||||
ssl->transform_out->ivlen - ssl->transform_out->fixed_ivlen );
|
||||
@ -1227,9 +1250,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
"including %d bytes of padding",
|
||||
ssl->out_msglen, 0 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_msg, ssl->out_msglen );
|
||||
|
||||
/*
|
||||
* Encrypt and authenticate
|
||||
*/
|
||||
@ -1311,9 +1331,6 @@ static int ssl_encrypt_buf( ssl_context *ssl )
|
||||
ssl->out_msglen, ssl->transform_out->ivlen,
|
||||
padlen + 1 ) );
|
||||
|
||||
SSL_DEBUG_BUF( 4, "before encrypt: output payload",
|
||||
ssl->out_iv, ssl->out_msglen );
|
||||
|
||||
if( ( ret = cipher_crypt( &ssl->transform_out->cipher_ctx_enc,
|
||||
ssl->transform_out->iv_enc,
|
||||
ssl->transform_out->ivlen,
|
||||
@ -2522,6 +2539,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
{
|
||||
if( ssl->client_auth == 0 )
|
||||
@ -2549,7 +2567,9 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_SSL3 */
|
||||
}
|
||||
else /* SSL_IS_SERVER */
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
{
|
||||
if( ssl_own_cert( ssl ) == NULL )
|
||||
{
|
||||
@ -2557,6 +2577,7 @@ int ssl_write_certificate( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_CERTIFICATE_REQUIRED );
|
||||
}
|
||||
}
|
||||
#endif
|
||||
|
||||
SSL_DEBUG_CRT( 3, "own certificate", ssl_own_cert( ssl ) );
|
||||
|
||||
@ -2632,6 +2653,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER &&
|
||||
( ssl->authmode == SSL_VERIFY_NONE ||
|
||||
ciphersuite_info->key_exchange == POLARSSL_KEY_EXCHANGE_RSA_PSK ) )
|
||||
@ -2641,6 +2663,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
ssl->state++;
|
||||
return( 0 );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ( ret = ssl_read_record( ssl ) ) != 0 )
|
||||
{
|
||||
@ -2650,6 +2673,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
|
||||
ssl->state++;
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
#if defined(POLARSSL_SSL_PROTO_SSL3)
|
||||
/*
|
||||
* Check if the client sent an empty certificate
|
||||
@ -2694,6 +2718,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
}
|
||||
#endif /* POLARSSL_SSL_PROTO_TLS1 || POLARSSL_SSL_PROTO_TLS1_1 || \
|
||||
POLARSSL_SSL_PROTO_TLS1_2 */
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
if( ssl->in_msgtype != SSL_MSG_HANDSHAKE )
|
||||
{
|
||||
@ -2772,6 +2797,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
* On client, make sure the server cert doesn't change during renego to
|
||||
* avoid "triple handshake" attack: https://secure-resumption.com/
|
||||
*/
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||
ssl->renegotiation == SSL_RENEGOTIATION )
|
||||
{
|
||||
@ -2791,6 +2817,7 @@ int ssl_parse_certificate( ssl_context *ssl )
|
||||
return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
|
||||
}
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
if( ssl->authmode != SSL_VERIFY_NONE )
|
||||
{
|
||||
@ -3315,10 +3342,14 @@ int ssl_write_finished( ssl_context *ssl )
|
||||
*/
|
||||
if( ssl->handshake->resume != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||
else
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
@ -3428,11 +3459,14 @@ int ssl_parse_finished( ssl_context *ssl )
|
||||
|
||||
if( ssl->handshake->resume != 0 )
|
||||
{
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ssl->state = SSL_CLIENT_CHANGE_CIPHER_SPEC;
|
||||
|
||||
#endif
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ssl->state = SSL_HANDSHAKE_WRAPUP;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
ssl->state++;
|
||||
@ -3507,14 +3541,14 @@ static int ssl_handshake_init( ssl_context *ssl )
|
||||
*/
|
||||
if( ssl->transform_negotiate == NULL )
|
||||
{
|
||||
ssl->transform_negotiate =
|
||||
(ssl_transform *) polarssl_malloc( sizeof(ssl_transform) );
|
||||
ssl->transform_negotiate = (ssl_transform *) polarssl_malloc(
|
||||
sizeof(ssl_transform) );
|
||||
}
|
||||
|
||||
if( ssl->session_negotiate == NULL )
|
||||
{
|
||||
ssl->session_negotiate =
|
||||
(ssl_session *) polarssl_malloc( sizeof(ssl_session) );
|
||||
ssl->session_negotiate = (ssl_session *) polarssl_malloc(
|
||||
sizeof(ssl_session) );
|
||||
}
|
||||
|
||||
if( ssl->handshake == NULL )
|
||||
@ -3778,7 +3812,8 @@ void ssl_set_endpoint( ssl_context *ssl, int endpoint )
|
||||
{
|
||||
ssl->endpoint = endpoint;
|
||||
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS)
|
||||
#if defined(POLARSSL_SSL_SESSION_TICKETS) && \
|
||||
defined(POLARSSL_SSL_CLI_C)
|
||||
if( endpoint == SSL_IS_CLIENT )
|
||||
ssl->session_tickets = SSL_SESSION_TICKETS_ENABLED;
|
||||
#endif
|
||||
@ -3825,6 +3860,7 @@ void ssl_set_bio( ssl_context *ssl,
|
||||
ssl->p_send = p_send;
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
void ssl_set_session_cache( ssl_context *ssl,
|
||||
int (*f_get_cache)(void *, ssl_session *), void *p_get_cache,
|
||||
int (*f_set_cache)(void *, const ssl_session *), void *p_set_cache )
|
||||
@ -3834,7 +3870,9 @@ void ssl_set_session_cache( ssl_context *ssl,
|
||||
ssl->f_set_cache = f_set_cache;
|
||||
ssl->p_set_cache = p_set_cache;
|
||||
}
|
||||
#endif /* POLARSSL_SSL_SRV_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
||||
{
|
||||
int ret;
|
||||
@ -3854,6 +3892,7 @@ int ssl_set_session( ssl_context *ssl, const ssl_session *session )
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
void ssl_set_ciphersuites( ssl_context *ssl, const int *ciphersuites )
|
||||
{
|
||||
@ -3925,7 +3964,7 @@ int ssl_set_own_cert( ssl_context *ssl, x509_crt *own_cert,
|
||||
key_cert->cert = own_cert;
|
||||
key_cert->key = pk_key;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
@ -3954,7 +3993,7 @@ int ssl_set_own_cert_rsa( ssl_context *ssl, x509_crt *own_cert,
|
||||
key_cert->cert = own_cert;
|
||||
key_cert->key_own_alloc = 1;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
#endif /* POLARSSL_RSA_C */
|
||||
|
||||
@ -3983,7 +4022,7 @@ int ssl_set_own_cert_alt( ssl_context *ssl, x509_crt *own_cert,
|
||||
key_cert->cert = own_cert;
|
||||
key_cert->key_own_alloc = 1;
|
||||
|
||||
return( 0 );
|
||||
return( pk_check_pair( &key_cert->cert->pk, key_cert->key ) );
|
||||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
@ -4232,8 +4271,13 @@ int ssl_set_session_tickets( ssl_context *ssl, int use_tickets )
|
||||
{
|
||||
ssl->session_tickets = use_tickets;
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
return( 0 );
|
||||
#endif
|
||||
|
||||
if( use_tickets == SSL_SESSION_TICKETS_DISABLED )
|
||||
return( 0 );
|
||||
|
||||
if( ssl->f_rng == NULL )
|
||||
return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
|
||||
@ -4300,6 +4344,7 @@ const x509_crt *ssl_get_peer_cert( const ssl_context *ssl )
|
||||
}
|
||||
#endif /* POLARSSL_X509_CRT_PARSE_C */
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
||||
{
|
||||
if( ssl == NULL ||
|
||||
@ -4312,6 +4357,7 @@ int ssl_get_session( const ssl_context *ssl, ssl_session *dst )
|
||||
|
||||
return( ssl_session_copy( dst, ssl->session ) );
|
||||
}
|
||||
#endif /* POLARSSL_SSL_CLI_C */
|
||||
|
||||
/*
|
||||
* Perform a single step of the SSL handshake
|
||||
@ -4324,7 +4370,6 @@ int ssl_handshake_step( ssl_context *ssl )
|
||||
if( ssl->endpoint == SSL_IS_CLIENT )
|
||||
ret = ssl_handshake_client_step( ssl );
|
||||
#endif
|
||||
|
||||
#if defined(POLARSSL_SSL_SRV_C)
|
||||
if( ssl->endpoint == SSL_IS_SERVER )
|
||||
ret = ssl_handshake_server_step( ssl );
|
||||
@ -4525,6 +4570,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
{
|
||||
SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
||||
|
||||
#if defined(POLARSSL_SSL_CLI_C)
|
||||
if( ssl->endpoint == SSL_IS_CLIENT &&
|
||||
( ssl->in_msg[0] != SSL_HS_HELLO_REQUEST ||
|
||||
ssl->in_hslen != 4 ) )
|
||||
@ -4532,6 +4578,7 @@ int ssl_read( ssl_context *ssl, unsigned char *buf, size_t len )
|
||||
SSL_DEBUG_MSG( 1, ( "handshake received (not HelloRequest)" ) );
|
||||
return( POLARSSL_ERR_SSL_UNEXPECTED_MESSAGE );
|
||||
}
|
||||
#endif
|
||||
|
||||
if( ssl->disable_renegotiation == SSL_RENEGOTIATION_DISABLED ||
|
||||
( ssl->secure_renegotiation == SSL_LEGACY_RENEGOTIATION &&
|
||||
|
@ -421,35 +421,39 @@ int x509_get_name( unsigned char **p, const unsigned char *end,
|
||||
size_t set_len;
|
||||
const unsigned char *end_set;
|
||||
|
||||
/*
|
||||
* parse first SET, restricted to 1 element
|
||||
*/
|
||||
if( ( ret = asn1_get_tag( p, end, &set_len,
|
||||
ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
|
||||
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||
/* don't use recursion, we'd risk stack overflow if not optimized */
|
||||
while( 1 )
|
||||
{
|
||||
/*
|
||||
* parse first SET, restricted to 1 element
|
||||
*/
|
||||
if( ( ret = asn1_get_tag( p, end, &set_len,
|
||||
ASN1_CONSTRUCTED | ASN1_SET ) ) != 0 )
|
||||
return( POLARSSL_ERR_X509_INVALID_NAME + ret );
|
||||
|
||||
end_set = *p + set_len;
|
||||
end_set = *p + set_len;
|
||||
|
||||
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
|
||||
return( ret );
|
||||
if( ( ret = x509_get_attr_type_value( p, end_set, cur ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
if( *p != end_set )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
if( *p != end_set )
|
||||
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
|
||||
|
||||
/*
|
||||
* recurse until end of SEQUENCE is reached
|
||||
*/
|
||||
if( *p == end )
|
||||
return( 0 );
|
||||
/*
|
||||
* continue until end of SEQUENCE is reached
|
||||
*/
|
||||
if( *p == end )
|
||||
return( 0 );
|
||||
|
||||
cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) );
|
||||
cur->next = (x509_name *) polarssl_malloc( sizeof( x509_name ) );
|
||||
|
||||
if( cur->next == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
if( cur->next == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memset( cur->next, 0, sizeof( x509_name ) );
|
||||
memset( cur->next, 0, sizeof( x509_name ) );
|
||||
|
||||
return( x509_get_name( p, end, cur->next ) );
|
||||
cur = cur->next;
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
@ -632,50 +636,6 @@ int x509_get_ext( unsigned char **p, const unsigned char *end,
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/*
|
||||
* Load all data from a file into a given buffer.
|
||||
*/
|
||||
int x509_load_file( const char *path, unsigned char **buf, size_t *n )
|
||||
{
|
||||
FILE *f;
|
||||
long size;
|
||||
|
||||
if( ( f = fopen( path, "rb" ) ) == NULL )
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
|
||||
fseek( f, 0, SEEK_END );
|
||||
if( ( size = ftell( f ) ) == -1 )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
}
|
||||
fseek( f, 0, SEEK_SET );
|
||||
|
||||
*n = (size_t) size;
|
||||
|
||||
if( *n + 1 == 0 ||
|
||||
( *buf = (unsigned char *) polarssl_malloc( *n + 1 ) ) == NULL )
|
||||
{
|
||||
fclose( f );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
if( fread( *buf, 1, *n, f ) != *n )
|
||||
{
|
||||
fclose( f );
|
||||
polarssl_free( *buf );
|
||||
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
|
||||
}
|
||||
|
||||
fclose( f );
|
||||
|
||||
(*buf)[*n] = '\0';
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
#endif /* POLARSSL_FS_IO */
|
||||
|
||||
#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
|
||||
!defined(EFI32)
|
||||
#include <stdarg.h>
|
||||
|
@ -243,8 +243,8 @@ static int x509_get_entries( unsigned char **p,
|
||||
if( cur_entry->next == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memset( cur_entry->next, 0, sizeof( x509_crl_entry ) );
|
||||
cur_entry = cur_entry->next;
|
||||
memset( cur_entry, 0, sizeof( x509_crl_entry ) );
|
||||
}
|
||||
}
|
||||
|
||||
@ -252,25 +252,16 @@ static int x509_get_entries( unsigned char **p,
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse one or more CRLs and add them to the chained list
|
||||
* Parse one CRLs in DER format and append it to the chained list
|
||||
*/
|
||||
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
int x509_crl_parse_der( x509_crl *chain,
|
||||
const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
int ret;
|
||||
size_t len;
|
||||
unsigned char *p, *end;
|
||||
x509_crl *crl;
|
||||
x509_buf sig_params1, sig_params2;
|
||||
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
size_t use_len;
|
||||
pem_context pem;
|
||||
#endif
|
||||
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
|
||||
crl = chain;
|
||||
x509_crl *crl = chain;
|
||||
|
||||
/*
|
||||
* Check for valid input
|
||||
@ -278,12 +269,15 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
if( crl == NULL || buf == NULL )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
while( crl->version != 0 && crl->next != NULL )
|
||||
crl = crl->next;
|
||||
memset( &sig_params1, 0, sizeof( x509_buf ) );
|
||||
memset( &sig_params2, 0, sizeof( x509_buf ) );
|
||||
|
||||
/*
|
||||
* Add new CRL on the end of the chain if needed.
|
||||
*/
|
||||
while( crl->version != 0 && crl->next != NULL )
|
||||
crl = crl->next;
|
||||
|
||||
if( crl->version != 0 && crl->next == NULL )
|
||||
{
|
||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
||||
@ -294,57 +288,22 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
x509_crl_init( crl->next );
|
||||
crl = crl->next;
|
||||
x509_crl_init( crl );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
/*
|
||||
* Copy raw DER-encoded CRL
|
||||
*/
|
||||
if( ( p = polarssl_malloc( buflen ) ) == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
/*
|
||||
* Steal PEM buffer
|
||||
*/
|
||||
p = pem.buf;
|
||||
pem.buf = NULL;
|
||||
len = pem.buflen;
|
||||
pem_free( &pem );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
else
|
||||
#endif /* POLARSSL_PEM_PARSE_C */
|
||||
{
|
||||
/*
|
||||
* nope, copy the raw DER data
|
||||
*/
|
||||
p = (unsigned char *) polarssl_malloc( len = buflen );
|
||||
|
||||
if( p == NULL )
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
buflen = 0;
|
||||
}
|
||||
memcpy( p, buf, buflen );
|
||||
|
||||
crl->raw.p = p;
|
||||
crl->raw.len = len;
|
||||
end = p + len;
|
||||
crl->raw.len = buflen;
|
||||
|
||||
end = p + buflen;
|
||||
|
||||
/*
|
||||
* CertificateList ::= SEQUENCE {
|
||||
@ -522,25 +481,64 @@ int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
|
||||
}
|
||||
|
||||
if( buflen > 0 )
|
||||
{
|
||||
crl->next = (x509_crl *) polarssl_malloc( sizeof( x509_crl ) );
|
||||
|
||||
if( crl->next == NULL )
|
||||
{
|
||||
x509_crl_free( crl );
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
}
|
||||
|
||||
crl = crl->next;
|
||||
x509_crl_init( crl );
|
||||
|
||||
return( x509_crl_parse( crl, buf, buflen ) );
|
||||
}
|
||||
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
* Parse one or more CRLs and add them to the chained list
|
||||
*/
|
||||
int x509_crl_parse( x509_crl *chain, const unsigned char *buf, size_t buflen )
|
||||
{
|
||||
#if defined(POLARSSL_PEM_PARSE_C)
|
||||
int ret;
|
||||
size_t use_len;
|
||||
pem_context pem;
|
||||
int is_pem = 0;
|
||||
|
||||
if( chain == NULL || buf == NULL )
|
||||
return( POLARSSL_ERR_X509_BAD_INPUT_DATA );
|
||||
|
||||
do
|
||||
{
|
||||
pem_init( &pem );
|
||||
ret = pem_read_buffer( &pem,
|
||||
"-----BEGIN X509 CRL-----",
|
||||
"-----END X509 CRL-----",
|
||||
buf, NULL, 0, &use_len );
|
||||
|
||||
if( ret == 0 )
|
||||
{
|
||||
/*
|
||||
* Was PEM encoded
|
||||
*/
|
||||
is_pem = 1;
|
||||
|
||||
buflen -= use_len;
|
||||
buf += use_len;
|
||||
|
||||
if( ( ret = x509_crl_parse_der( chain,
|
||||
pem.buf, pem.buflen ) ) != 0 )
|
||||
{
|
||||
return( ret );
|
||||
}
|
||||
|
||||
pem_free( &pem );
|
||||
}
|
||||
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_FOOTER_PRESENT )
|
||||
{
|
||||
pem_free( &pem );
|
||||
return( ret );
|
||||
}
|
||||
}
|
||||
while( is_pem && buflen > 0 );
|
||||
|
||||
if( is_pem )
|
||||
return( 0 );
|
||||
else
|
||||
#endif /* POLARSSL_PEM_PARSE_C */
|
||||
return( x509_crl_parse_der( chain, buf, buflen ) );
|
||||
}
|
||||
|
||||
#if defined(POLARSSL_FS_IO)
|
||||
/*
|
||||
* Load one or more CRLs and add them to the chained list
|
||||
@ -551,7 +549,7 @@ int x509_crl_parse_file( x509_crl *chain, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_crl_parse( chain, buf, n );
|
||||
|
@ -359,6 +359,9 @@ static int x509_get_subject_alt_name( unsigned char **p,
|
||||
/* Allocate and assign next pointer */
|
||||
if( cur->buf.p != NULL )
|
||||
{
|
||||
if( cur->next != NULL )
|
||||
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
|
||||
|
||||
cur->next = (asn1_sequence *) polarssl_malloc(
|
||||
sizeof( asn1_sequence ) );
|
||||
|
||||
@ -478,6 +481,10 @@ static int x509_get_crt_ext( unsigned char **p,
|
||||
continue;
|
||||
}
|
||||
|
||||
/* Forbid repeated extensions */
|
||||
if( ( crt->ext_types & ext_type ) != 0 )
|
||||
return( POLARSSL_ERR_X509_INVALID_EXTENSIONS );
|
||||
|
||||
crt->ext_types |= ext_type;
|
||||
|
||||
switch( ext_type )
|
||||
@ -812,8 +819,8 @@ int x509_crt_parse_der( x509_crt *chain, const unsigned char *buf,
|
||||
return( POLARSSL_ERR_X509_MALLOC_FAILED );
|
||||
|
||||
prev = crt;
|
||||
x509_crt_init( crt->next );
|
||||
crt = crt->next;
|
||||
x509_crt_init( crt );
|
||||
}
|
||||
|
||||
if( ( ret = x509_crt_parse_der_core( crt, buf, buflen ) ) != 0 )
|
||||
@ -946,7 +953,7 @@ int x509_crt_parse_file( x509_crt *chain, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_crt_parse( chain, buf, n );
|
||||
@ -1629,25 +1636,30 @@ static int x509_string_cmp( const x509_buf *a, const x509_buf *b )
|
||||
*/
|
||||
static int x509_name_cmp( const x509_name *a, const x509_name *b )
|
||||
{
|
||||
if( a == NULL && b == NULL )
|
||||
return( 0 );
|
||||
|
||||
if( a == NULL || b == NULL )
|
||||
return( -1 );
|
||||
|
||||
/* type */
|
||||
if( a->oid.tag != b->oid.tag ||
|
||||
a->oid.len != b->oid.len ||
|
||||
memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
|
||||
/* Avoid recursion, it might not be optimised by the compiler */
|
||||
while( a != NULL || b != NULL )
|
||||
{
|
||||
return( -1 );
|
||||
if( a == NULL || b == NULL )
|
||||
return( -1 );
|
||||
|
||||
/* type */
|
||||
if( a->oid.tag != b->oid.tag ||
|
||||
a->oid.len != b->oid.len ||
|
||||
memcmp( a->oid.p, b->oid.p, b->oid.len ) != 0 )
|
||||
{
|
||||
return( -1 );
|
||||
}
|
||||
|
||||
/* value */
|
||||
if( x509_string_cmp( &a->val, &b->val ) != 0 )
|
||||
return( -1 );
|
||||
|
||||
a = a->next;
|
||||
b = b->next;
|
||||
}
|
||||
|
||||
/* value */
|
||||
if( x509_string_cmp( &a->val, &b->val ) != 0 )
|
||||
return( -1 );
|
||||
|
||||
return( x509_name_cmp( a->next, b->next ) );
|
||||
/* a == NULL == b */
|
||||
return( 0 );
|
||||
}
|
||||
|
||||
/*
|
||||
@ -1822,6 +1834,13 @@ static int x509_crt_verify_child(
|
||||
x509_crt *grandparent;
|
||||
const md_info_t *md_info;
|
||||
|
||||
/* path_cnt is 0 for the first intermediate CA */
|
||||
if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
|
||||
{
|
||||
*flags |= BADCERT_NOT_TRUSTED;
|
||||
return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
|
||||
}
|
||||
|
||||
if( x509_time_expired( &child->valid_to ) )
|
||||
*flags |= BADCERT_EXPIRED;
|
||||
|
||||
|
@ -310,7 +310,7 @@ int x509_csr_parse_file( x509_csr *csr, const char *path )
|
||||
size_t n;
|
||||
unsigned char *buf;
|
||||
|
||||
if( ( ret = x509_load_file( path, &buf, &n ) ) != 0 )
|
||||
if( ( ret = pk_load_file( path, &buf, &n ) ) != 0 )
|
||||
return( ret );
|
||||
|
||||
ret = x509_csr_parse( csr, buf, n );
|
||||
|
@ -1293,8 +1293,8 @@ reconnect:
|
||||
goto exit;
|
||||
}
|
||||
|
||||
if( ( ret = net_connect( &server_fd, opt.server_name,
|
||||
opt.server_port ) ) != 0 )
|
||||
if( ( ret = net_connect( &server_fd, opt.server_addr,
|
||||
opt.server_port ) ) != 0 )
|
||||
{
|
||||
printf( " failed\n ! net_connect returned -0x%x\n\n", -ret );
|
||||
goto exit;
|
||||
|
@ -592,7 +592,7 @@ int psk_callback( void *p_info, ssl_context *ssl,
|
||||
}
|
||||
#endif /* POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED */
|
||||
|
||||
static int listen_fd;
|
||||
static int listen_fd, client_fd = -1;
|
||||
|
||||
/* Interruption handler to ensure clean exit (for valgrind testing) */
|
||||
#if !defined(_WIN32)
|
||||
@ -602,13 +602,13 @@ void term_handler( int sig )
|
||||
((void) sig);
|
||||
received_sigterm = 1;
|
||||
net_close( listen_fd ); /* causes net_accept() to abort */
|
||||
net_close( client_fd ); /* causes net_read() to abort */
|
||||
}
|
||||
#endif
|
||||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 0, len, written, frags, exchanges;
|
||||
int client_fd = -1;
|
||||
int version_suites[4][2];
|
||||
unsigned char buf[IO_BUF_LEN];
|
||||
#if defined(POLARSSL_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||
@ -676,8 +676,9 @@ int main( int argc, char *argv[] )
|
||||
#endif
|
||||
|
||||
#if !defined(_WIN32)
|
||||
/* Abort cleanly on SIGTERM */
|
||||
/* Abort cleanly on SIGTERM and SIGINT */
|
||||
signal( SIGTERM, term_handler );
|
||||
signal( SIGINT, term_handler );
|
||||
#endif
|
||||
|
||||
if( argc == 0 )
|
||||
@ -1435,6 +1436,15 @@ int main( int argc, char *argv[] )
|
||||
printf( " ok\n" );
|
||||
|
||||
reset:
|
||||
#if !defined(_WIN32)
|
||||
if( received_sigterm )
|
||||
{
|
||||
printf( " interrupted by SIGTERM\n" );
|
||||
ret = 0;
|
||||
goto exit;
|
||||
}
|
||||
#endif
|
||||
|
||||
#ifdef POLARSSL_ERROR_C
|
||||
if( ret != 0 )
|
||||
{
|
||||
@ -1462,7 +1472,7 @@ reset:
|
||||
#if !defined(_WIN32)
|
||||
if( received_sigterm )
|
||||
{
|
||||
printf( " interrupted by SIGTERM\n" );
|
||||
printf( " interrupted by signal\n" );
|
||||
ret = 0;
|
||||
goto exit;
|
||||
}
|
||||
@ -1750,6 +1760,9 @@ exit:
|
||||
}
|
||||
#endif
|
||||
|
||||
printf( " . Cleaning up..." );
|
||||
fflush( stdout );
|
||||
|
||||
if( client_fd != -1 )
|
||||
net_close( client_fd );
|
||||
|
||||
@ -1788,6 +1801,8 @@ exit:
|
||||
memory_buffer_alloc_free();
|
||||
#endif
|
||||
|
||||
printf( " done.\n" );
|
||||
|
||||
#if defined(_WIN32)
|
||||
printf( " + Press Enter to exit this program.\n" );
|
||||
fflush( stdout ); getchar();
|
||||
|
@ -188,6 +188,7 @@ int main( int argc, char *argv[] )
|
||||
{
|
||||
usage:
|
||||
printf( USAGE );
|
||||
ret = 2;
|
||||
goto exit;
|
||||
}
|
||||
|
||||
@ -500,6 +501,9 @@ exit:
|
||||
fflush( stdout ); getchar();
|
||||
#endif
|
||||
|
||||
if( ret < 0 )
|
||||
ret = 1;
|
||||
|
||||
return( ret );
|
||||
}
|
||||
#endif /* POLARSSL_BIGNUM_C && POLARSSL_ENTROPY_C && POLARSSL_SSL_TLS_C &&
|
||||
|
@ -6,10 +6,11 @@ use warnings;
|
||||
use strict;
|
||||
|
||||
my $usage = <<EOU;
|
||||
$0 [-f <file>] full
|
||||
$0 [-f <file>] unset <name>
|
||||
$0 [-f <file>] set <name> [<value>]
|
||||
EOU
|
||||
# for our eyes only:
|
||||
# $0 [-f <file>] full
|
||||
|
||||
# Things that shouldn't be enabled with "full".
|
||||
# Notes:
|
||||
|
70
scripts/malloc-init.pl
Executable file
70
scripts/malloc-init.pl
Executable file
@ -0,0 +1,70 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# Check for malloc calls not shortly followed by initialisation.
|
||||
#
|
||||
# Known limitations:
|
||||
# - false negative: can't see allocations spanning more than one line
|
||||
# - possible false negatives, see patterns
|
||||
# - false positive: malloc-malloc-init-init is not accepted
|
||||
# - false positives: "non-standard" init functions (eg, the things being
|
||||
# initialised is not the first arg, or initialise struct members)
|
||||
#
|
||||
# Since false positives are expected, the results must be manually reviewed.
|
||||
#
|
||||
# Typical usage: scripts/malloc-init.pl library/*.c
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
use utf8;
|
||||
use open qw(:std utf8);
|
||||
|
||||
my $limit = 7;
|
||||
my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
|
||||
|
||||
# cases to bear in mind:
|
||||
#
|
||||
# 0. foo = malloc(...); memset( foo, ... );
|
||||
# 1. *foo = malloc(...); memset( *foo, ... );
|
||||
# 2. type *foo = malloc(...); memset( foo, ...);
|
||||
# 3. foo = malloc(...); foo_init( (type *) foo );
|
||||
# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
|
||||
#
|
||||
# The chosen patterns are a bit relaxed, but unlikely to cause false positives
|
||||
# in real code (initialising *foo or &foo instead of foo will likely be caught
|
||||
# by functional tests).
|
||||
#
|
||||
my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
|
||||
my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
|
||||
|
||||
my $name;
|
||||
my $line;
|
||||
my @bad;
|
||||
|
||||
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
||||
|
||||
while (my $file = shift @ARGV)
|
||||
{
|
||||
open my $fh, "<", $file or die "read $file failed: $!\n";
|
||||
while (<$fh>)
|
||||
{
|
||||
if( /polarssl_malloc\(/ ) {
|
||||
if( /$id\s*=.*polarssl_malloc\(/ ) {
|
||||
push @bad, "$file:$line:$name" if $name;
|
||||
$name = $1;
|
||||
$line = $.;
|
||||
} else {
|
||||
push @bad, "$file:$.:???" unless /return polarssl_malloc/;
|
||||
}
|
||||
} elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
|
||||
undef $name;
|
||||
} elsif( $name && $. - $line > $limit ) {
|
||||
push @bad, "$file:$line:$name";
|
||||
undef $name;
|
||||
undef $line;
|
||||
}
|
||||
}
|
||||
close $fh or die;
|
||||
}
|
||||
|
||||
print "$_\n" for @bad;
|
44
scripts/recursion.pl
Executable file
44
scripts/recursion.pl
Executable file
@ -0,0 +1,44 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# Find functions making recursive calls to themselves.
|
||||
# (Multiple recursion where a() calls b() which calls a() not covered.)
|
||||
#
|
||||
# When the recursion depth might depend on data controlled by the attacker in
|
||||
# an unbounded way, those functions should use interation instead.
|
||||
#
|
||||
# Typical usage: scripts/recursion.pl library/*.c
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
use utf8;
|
||||
use open qw(:std utf8);
|
||||
|
||||
# exclude functions that are ok:
|
||||
# - mpi_write_hlp: bounded by size of mpi, a compile-time constant
|
||||
# - x509_crt_verify_child: bounded by POLARSSL_X509_MAX_INTERMEDIATE_CA
|
||||
my $known_ok = qr/mpi_write_hlp|x509_crt_verify_child/;
|
||||
|
||||
my $cur_name;
|
||||
my $inside;
|
||||
my @funcs;
|
||||
|
||||
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
||||
|
||||
while (<>)
|
||||
{
|
||||
if( /^[^\/#{}\s]/ && ! /\[.*]/ ) {
|
||||
chomp( $cur_name = $_ ) unless $inside;
|
||||
} elsif( /^{/ && $cur_name ) {
|
||||
$inside = 1;
|
||||
$cur_name =~ s/.* ([^ ]*)\(.*/$1/;
|
||||
} elsif( /^}/ && $inside ) {
|
||||
undef $inside;
|
||||
undef $cur_name;
|
||||
} elsif( $inside && /\b\Q$cur_name\E\([^)]/ ) {
|
||||
push @funcs, $cur_name unless /$known_ok/;
|
||||
}
|
||||
}
|
||||
|
||||
print "$_\n" for @funcs;
|
||||
exit @funcs;
|
@ -29,11 +29,7 @@ function(add_test_suite suite_name)
|
||||
add_test(${data_name}-suite test_suite_${data_name})
|
||||
endfunction(add_test_suite)
|
||||
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function -Wno-unused-value")
|
||||
set(CMAKE_C_FLAGS_CHECK "${CMAKE_C_FLAGS_CHECK} -Wno-unused-function -Wno-unused-value")
|
||||
if(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unreachable-code")
|
||||
endif(CMAKE_COMPILER_IS_CLANG)
|
||||
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -Wno-unused-function")
|
||||
|
||||
add_test_suite(aes aes.ecb)
|
||||
add_test_suite(aes aes.cbc)
|
||||
|
85
tests/data_files/Readme-x509.txt
Normal file
85
tests/data_files/Readme-x509.txt
Normal file
@ -0,0 +1,85 @@
|
||||
This documents the X.509 CAs, certificates, and CRLS used for testing.
|
||||
|
||||
Certification authorities
|
||||
-------------------------
|
||||
|
||||
There are two main CAs for use as trusted roots:
|
||||
- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
|
||||
uses a RSA-2048 key
|
||||
- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
|
||||
uses an EC key with NIST P-384 (aka secp384r1)
|
||||
variants used to test the keyUsage extension
|
||||
The files test-ca_cat12 and test-ca_cat21 contain them concatenated both ways.
|
||||
|
||||
Two intermediate CAs are signed by them:
|
||||
- test-int-ca.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate CA"
|
||||
uses RSA-4096, signed by test-ca2
|
||||
- test-int-ca2.crt "C=NL, O=PolarSSL, CN=PolarSSL Test Intermediate EC CA"
|
||||
uses an EC key with NIST P-256, signed by test-ca
|
||||
|
||||
Finally, other CAs for specific purposes:
|
||||
- enco-ca-prstr.pem: has its CN encoded as a printable string, but child cert
|
||||
enco-cert-utf8str.pem has its issuer's CN encoded as a UTF-8 string.
|
||||
- test-ca-v1.crt: v1 "CA", signs
|
||||
server1-v1.crt: v1 "intermediate CA", signs
|
||||
server2-v1*.crt: EE cert (without of with chain in same file)
|
||||
|
||||
End-entity certificates
|
||||
-----------------------
|
||||
|
||||
Short information fields:
|
||||
|
||||
- name or pattern
|
||||
- issuing CA: 1 -> test-ca.crt
|
||||
2 -> test-ca2.crt
|
||||
I1 -> test-int-ca.crt
|
||||
I2 -> test-int-ca2.crt
|
||||
O -> other
|
||||
- key type: R -> RSA, E -> EC
|
||||
- C -> there is a CRL revoking this cert (see below)
|
||||
- L -> CN=localhost (useful for local test servers)
|
||||
- P1, P2 if the file include parent (resp. parent + grandparent)
|
||||
- free-form comments
|
||||
|
||||
List of certificates:
|
||||
|
||||
- cert_example_multi*.crt: 1/O R: subjectAltName
|
||||
- cert_example_wildcard.crt: 1 R: wildcard in subject's CN
|
||||
- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
|
||||
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
|
||||
- cli2.crt: 2 E: basic
|
||||
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
|
||||
- server1*.crt: 1* R C*: misc *(server1-v1 see test-ca-v1.crt above)
|
||||
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
|
||||
- server2-v1*.crt: O R: see test-ca-v1.crt above
|
||||
- server2*.crt: 1 R L: misc
|
||||
- server3.crt: 1 E L: EC cert signed by RSA CA
|
||||
- server4.crt: 2 R L: RSA cert signed by EC CA
|
||||
- server5*.crt: 2* E L: misc *(except server5-selfsigned)
|
||||
-sha*: hashes
|
||||
-eku*: extendeKeyUsage (cli/srv = www client/server, cs = codesign, etc)
|
||||
-ku*: keyUsage (ds = signatures, ke/ka = key exchange/agreement)
|
||||
- server6-ss-child.crt: O E: "child" of non-CA server5-selfsigned
|
||||
- server6.crt, server6.pem: 2 E L C: revoked
|
||||
- server7*.crt: I1 E L P1*: EC signed by RSA signed by EC *(except 7.crt)
|
||||
*_space: with PEM error(s)
|
||||
- server8*.crt: I2 R L: RSA signed by EC signed by RSA (P1 for _int-ca2)
|
||||
- server9*.crt: 1 R C* L P1*: signed using RSASSA-PSS
|
||||
*CRL for: 9.crt, -badsign, -with-ca (P1)
|
||||
|
||||
Certificate revocation lists
|
||||
----------------------------
|
||||
|
||||
Signing CA in parentheses (same meaning as certificates).
|
||||
|
||||
- crl-ec-sha*: (2) server6.crt
|
||||
- crl-future.pem: (2) server6.crt + unkown
|
||||
- crl-rsa-pss-*.pem: (1) server9{,badsign,with-ca}.crt + cert_sha384.crt + unknown
|
||||
- crl.pem, crl_expired.pem: (1) server1{,.cert_type,.key_usage,.v1}.crt + unknown
|
||||
- crl_md*.pem: crl_sha*.pem: (1) same as crl.pem
|
||||
- crt_cat_*.pem: (1+2) concatenations in various orders:
|
||||
ec = crl-ec-sha256.pem, ecfut = crl-future.pem
|
||||
rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
|
||||
|
||||
Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
|
||||
crl-rsa-pss* would revoke server6.crt if signed by CA 2
|
21
tests/data_files/crl_cat_ec-rsa.pem
Normal file
21
tests/data_files/crl_cat_ec-rsa.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
22
tests/data_files/crl_cat_ecfut-rsa.pem
Normal file
22
tests/data_files/crl_cat_ecfut-rsa.pem
Normal file
@ -0,0 +1,22 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBgzCCAQoCAQEwCQYHKoZIzj0EATA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTMyMDMxMDEx
|
||||
MDUxNVoXDTQyMDMwODExMDUxNVowKDASAgEKFw0xMzA5MjQxNjI4MzhaMBICARYX
|
||||
DTE0MDEyMDEzNDMwNVqgcjBwMG4GA1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb
|
||||
+zZ8oUKkQDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNV
|
||||
BAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gA
|
||||
MGUCMQCmsvNsOQdbGpmzpeZlKU9lDP6yyWenrI/89swZYogE3cSPob4tOzeYg38i
|
||||
or91IPgCMD7N/0Qz6Nq2IgBtZORLgsA0ltK+W6AOS+/EIhvGuXV8uguUyYknl4vb
|
||||
+cE+lWxhCQ==
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crl_cat_rsa-ec.pem
Normal file
21
tests/data_files/crl_cat_rsa-ec.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crl_cat_rsabadpem-ec.pem
Normal file
21
tests/data_files/crl_cat_rsabadpem-ec.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
|
||||
OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
|
||||
dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
|
||||
//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
|
||||
yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
|
||||
NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
|
||||
5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
21
tests/data_files/crt_cat_rsaexp-ec.pem
Normal file
21
tests/data_files/crt_cat_rsaexp-ec.pem
Normal file
@ -0,0 +1,21 @@
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx
|
||||
OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
|
||||
MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir
|
||||
jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct
|
||||
wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ
|
||||
SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS
|
||||
IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k
|
||||
OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA=
|
||||
-----END X509 CRL-----
|
||||
-----BEGIN X509 CRL-----
|
||||
MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
|
||||
UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
|
||||
MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
|
||||
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
|
||||
TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
|
||||
IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
|
||||
S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
|
||||
g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
|
||||
-----END X509 CRL-----
|
@ -1,13 +0,0 @@
|
||||
-----BEGIN CERTIFICATE-----
|
||||
MIIB3TCCAZSgAwIBAgIBGDAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
|
||||
VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBFQyBDQTAeFw0x
|
||||
MzA4MDgxNjQ0MTBaFw0yMzA4MDYxNjQ0MTBaMDQxCzAJBgNVBAYTAk5MMREwDwYD
|
||||
VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MEkwEwYHKoZIzj0CAQYI
|
||||
KoZIzj0DAQEDMgAEE2sIbSZOSEinZM3q2MMOy8egM8Y9BAcsuwxO9UpS1B8nT9u1
|
||||
1bvjTh5VQAgJAU+Oo4GdMIGaMAkGA1UdEwQCMAAwHQYDVR0OBBYEFDYreWnU1s1J
|
||||
AG49ALPOQliFaJahMG4GA1UdIwRnMGWAFNCkRpkIZ/H0utlW6GcwC/zvJRZjoUKk
|
||||
QDA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1Bv
|
||||
bGFyU1NMIFRlc3QgRUMgQ0GCCQClZwiM/hcKsjAJBgcqhkjOPQQBAzgAMDUCGQDq
|
||||
PIUaCr8u28R7V0G/TEOklXgPawdiY4ICGDzmBegZHs7BcNwENa1fn4JYUdTPqKwl
|
||||
LA==
|
||||
-----END CERTIFICATE-----
|
@ -6,8 +6,8 @@
|
||||
# CMake configuration. After this script is run, the CMake cache is lost and
|
||||
# CMake is not initialised any more!
|
||||
#
|
||||
# Assumes gcc and clang (recent enough for using ASan) are available,
|
||||
# as well as cmake and valgrind.
|
||||
# Assumes gcc and clang (recent enough for using ASan with gcc and MemSen with
|
||||
# clang) are available, as well as cmake and GNU find.
|
||||
|
||||
# Abort on errors (and uninitiliased variables)
|
||||
set -eu
|
||||
@ -24,12 +24,9 @@ MEMORY=0
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
-m1)
|
||||
-m*)
|
||||
MEMORY=1
|
||||
;;
|
||||
-m2)
|
||||
MEMORY=2
|
||||
;;
|
||||
*)
|
||||
echo "Unknown argument: '$1'" >&2
|
||||
echo "Use the source, Luke!" >&2
|
||||
@ -60,94 +57,103 @@ msg()
|
||||
{
|
||||
echo ""
|
||||
echo "******************************************************************"
|
||||
echo "* $1"
|
||||
echo "* $1 "
|
||||
echo -n "* "; date
|
||||
echo "******************************************************************"
|
||||
}
|
||||
|
||||
# The test ordering tries to optimize for the following criteria:
|
||||
# 1. Catch possible problems early, by running first test that run quickly
|
||||
# 1. Catch possible problems early, by running first tests that run quickly
|
||||
# and/or are more likely to fail than others (eg I use Clang most of the
|
||||
# time, so start with a GCC build).
|
||||
# 2. Minimize total running time, by avoiding useless rebuilds
|
||||
#
|
||||
# Indicative running times are given for reference.
|
||||
|
||||
msg "build: cmake, -Werror (gcc)" # ~ 1 min
|
||||
msg "test: recursion.pl" # < 1s
|
||||
scripts/recursion.pl library/*.c
|
||||
|
||||
msg "build: cmake, gcc, ASan" # ~ 1 min 50s
|
||||
cleanup
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
||||
msg "test: main suites with valgrind" # ~ 2 min 10s
|
||||
make memcheck
|
||||
msg "test: main suites and selftest (ASan build)" # ~ 50s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "build: with ASan (clang)" # ~ 1 min
|
||||
cleanup
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=ASan .
|
||||
make
|
||||
|
||||
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min 10s
|
||||
msg "test: ssl-opt.sh (ASan build)" # ~ 1 min
|
||||
cd tests
|
||||
./ssl-opt.sh
|
||||
cd ..
|
||||
|
||||
msg "test: main suites and selftest (ASan build)" # ~ 10s + 30s
|
||||
make test
|
||||
programs/test/selftest
|
||||
|
||||
msg "test: ref-configs (ASan build)" # ~ 4 min 45 s
|
||||
msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s
|
||||
tests/scripts/test-ref-configs.pl
|
||||
|
||||
# Most issues are likely to be caught at this point
|
||||
# Most frequent issues are likely to be caught at this point
|
||||
|
||||
msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min
|
||||
make
|
||||
|
||||
msg "test: compat.sh (ASan build)" # ~ 7 min 30s
|
||||
msg "test: compat.sh (ASan build)" # ~ 6 min
|
||||
cd tests
|
||||
./compat.sh
|
||||
cd ..
|
||||
|
||||
msg "build: cmake, full config" # ~ 40s
|
||||
msg "build: cmake, full config, clang" # ~ 50s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl full
|
||||
scripts/config.pl unset POLARSSL_MEMORY_BACKTRACE # too slow for tests
|
||||
cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check .
|
||||
make
|
||||
|
||||
msg "test: main suites (full config)"
|
||||
msg "test: main suites (full config)" # ~ 5s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh default (full config)"
|
||||
msg "test: ssl-opt.sh default (full config)" # ~ 1s
|
||||
cd tests
|
||||
./ssl-opt.sh -f Default
|
||||
cd ..
|
||||
|
||||
msg "test: compat.sh 3DES & NULL (full config)"
|
||||
msg "test: compat.sh DES & NULL (full config)" # ~ 2 min
|
||||
cd tests
|
||||
./compat.sh -e '^$' -f 'NULL\|3DES-EDE-CBC\|DES-CBC3'
|
||||
cd ..
|
||||
|
||||
msg "test/build: curves.pl (gcc)" # ~ 5 min (?)
|
||||
cleanup
|
||||
cmake -D CMAKE_BUILD_TYPE:String=Debug .
|
||||
tests/scripts/curves.pl
|
||||
|
||||
msg "build: Unix make, -O2 (gcc)" # ~ 30s
|
||||
cleanup
|
||||
CC=gcc make
|
||||
|
||||
# Optional parts that take a long time to run
|
||||
msg "build: MSan (clang)" # ~ 1 min 20s
|
||||
cleanup
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.pl unset POLARSSL_AESNI_C # memsan doesn't grok asm
|
||||
CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan .
|
||||
make
|
||||
|
||||
if [ "$MEMORY" -ge 1 ]; then
|
||||
msg "test: ssl-opt --memcheck (-02 build)" # ~ 8 min
|
||||
msg "test: main suites (MSan)" # ~ 10s
|
||||
make test
|
||||
|
||||
msg "test: ssl-opt.sh (MSan)" # ~ 1 min
|
||||
cd tests
|
||||
./ssl-opt.sh
|
||||
cd ..
|
||||
|
||||
# Optional part(s)
|
||||
|
||||
if [ "$MEMORY" -gt 0 ]; then
|
||||
msg "test: compat.sh (MSan)" # ~ 6 min 20s
|
||||
cd tests
|
||||
./ssl-opt.sh --memcheck
|
||||
./compat.sh
|
||||
cd ..
|
||||
|
||||
if [ "$MEMORY" -ge 2 ]; then
|
||||
msg "test: compat --memcheck (-02 build)" # ~ 42 min
|
||||
cd tests
|
||||
./compat.sh --memcheck
|
||||
cd ..
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Done."
|
||||
msg "Done, cleaning up"
|
||||
cleanup
|
||||
|
||||
|
45
tests/scripts/curves.pl
Executable file
45
tests/scripts/curves.pl
Executable file
@ -0,0 +1,45 @@
|
||||
#!/usr/bin/perl
|
||||
|
||||
# test dependencies on individual curves in tests
|
||||
# - build
|
||||
# - run test suite
|
||||
#
|
||||
# Usage: tests/scripts/curves.pl
|
||||
|
||||
use warnings;
|
||||
use strict;
|
||||
|
||||
-d 'library' && -d 'include' && -d 'tests' or die "Must be run from root\n";
|
||||
|
||||
my $sed_cmd = 's/^#define \(POLARSSL_ECP_DP.*_ENABLED\)/\1/p';
|
||||
my $config_h = 'include/polarssl/config.h';
|
||||
my @curves = split( /\s+/, `sed -n -e '$sed_cmd' $config_h` );
|
||||
|
||||
my $test = system( "grep -i cmake Makefile >/dev/null" ) ? 'check' : 'test';
|
||||
|
||||
system( "cp $config_h $config_h.bak" ) and die;
|
||||
sub abort {
|
||||
system( "mv $config_h.bak $config_h" ) and warn "$config_h not restored\n";
|
||||
die $_[0];
|
||||
}
|
||||
|
||||
for my $curve (@curves) {
|
||||
system( "cp $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
|
||||
print "\n******************************************\n";
|
||||
print "* Testing without curve: $curve\n";
|
||||
print "******************************************\n";
|
||||
|
||||
system( "scripts/config.pl unset $curve" )
|
||||
and abort "Failed to disable $curve\n";
|
||||
|
||||
system( "make polarssl" ) and abort "Failed to build lib: $curve\n";
|
||||
system( "cd tests && make" ) and abort "Failed to build tests: $curve\n";
|
||||
system( "make $test" ) and abort "Failed test suite: $curve\n";
|
||||
|
||||
}
|
||||
|
||||
system( "mv $config_h.bak $config_h" ) and die "$config_h not restored\n";
|
||||
system( "make clean" ) and die;
|
||||
exit 0;
|
@ -32,19 +32,19 @@ Debug print buffer #1
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"":"MyFile(0999)\: dumping 'Test return value' (0 bytes)\n"
|
||||
|
||||
Debug print buffer #2
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"00":"MyFile(0999)\: dumping 'Test return value' (1 bytes)\nMyFile(0999)\: 0000\: 00 .\n"
|
||||
|
||||
Debug print buffer #3
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F":"MyFile(0999)\: dumping 'Test return value' (16 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n"
|
||||
|
||||
Debug print buffer #4
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (17 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 00 .\n"
|
||||
|
||||
Debug print buffer #5
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\nMyFile(0999)\: 0030\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_FULL:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n"
|
||||
|
||||
Debug print buffer #5 (raw)
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0010\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0020\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f\n0030\: 00\n"
|
||||
debug_print_buf:POLARSSL_DEBUG_LOG_RAW:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F707172737475767778797A7B7C7D7E7F8081828384858687F8F9FAFBFCFDFEFF00":"dumping 'Test return value' (49 bytes)\n0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\n0010\: 70 71 72 73 74 75 76 77 78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n0020\: 80 81 82 83 84 85 86 87 f8 f9 fa fb fc fd fe ff ................\n0030\: 00 .\n"
|
||||
|
||||
Debug print certificate #1 (RSA)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C
|
||||
@ -55,11 +55,11 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_RSA_C
|
||||
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/server1.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nvalue of 'crt->rsa.N' (2048 bits) is\:\n a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\n 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\n 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\n dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\n 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\n 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\n 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\n f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\n ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\n 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\n ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\n 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\n 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\n db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\n 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\n ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nvalue of 'crt->rsa.E' (17 bits) is\:\n 01 00 01\n"
|
||||
|
||||
Debug print certificate #2 (EC)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
debug_print_crt:POLARSSL_DEBUG_LOG_FULL:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2013-09-24 15\:49\:48\nMyFile(0999)\: expires on \: 2023-09-22 15\:49\:48\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print certificate #2 (EC, raw)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_BASE64_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
debug_print_crt:POLARSSL_DEBUG_LOG_RAW:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"PREFIX_ #1\:\ncert. version \: 3\nserial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2013-09-24 15\:49\:48\nexpires on \: 2023-09-22 15\:49\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\nvalue of 'crt->eckey.Q(X)' (384 bits) is\:\n c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\n 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\n 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nvalue of 'crt->eckey.Q(Y)' (384 bits) is\:\n 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\n b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\n 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
|
||||
|
||||
Debug print mpi #1
|
||||
|
@ -324,6 +324,33 @@ ECP check privkey #11 (montgomery, OK)
|
||||
depends_on:POLARSSL_ECP_DP_M255_ENABLED
|
||||
ecp_check_privkey:POLARSSL_ECP_DP_M255:"7FFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":0
|
||||
|
||||
ECP check public-private #1 (OK)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":0
|
||||
|
||||
ECP check public-private #2 (group none)
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_NONE:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_NONE:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #3 (group mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP384R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #4 (Qx mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #5 (Qy mismatch)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #6 (wrong Qx)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596293":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP check public-private #7 (wrong Qy)
|
||||
depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
ecp_check_pub_priv:POLARSSL_ECP_DP_SECP256R1:"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ECP_DP_SECP256R1:"00f12a1320760270a83cbffd53f6031ef76a5d86c8a204f2c30ca9ebf51f0f0ea7":"37cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f76822596292":"4ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edfe":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
ECP gen keypair
|
||||
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
|
||||
|
@ -598,6 +598,32 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_check_pub_priv( int id_pub, char *Qx_pub, char *Qy_pub,
|
||||
int id, char *d, char *Qx, char *Qy, int ret )
|
||||
{
|
||||
ecp_keypair pub, prv;
|
||||
|
||||
ecp_keypair_init( &pub );
|
||||
ecp_keypair_init( &prv );
|
||||
|
||||
if( id_pub != POLARSSL_ECP_DP_NONE )
|
||||
TEST_ASSERT( ecp_use_known_dp( &pub.grp, id_pub ) == 0 );
|
||||
TEST_ASSERT( ecp_point_read_string( &pub.Q, 16, Qx_pub, Qy_pub ) == 0 );
|
||||
|
||||
if( id != POLARSSL_ECP_DP_NONE )
|
||||
TEST_ASSERT( ecp_use_known_dp( &prv.grp, id ) == 0 );
|
||||
TEST_ASSERT( ecp_point_read_string( &prv.Q, 16, Qx, Qy ) == 0 );
|
||||
TEST_ASSERT( mpi_read_string( &prv.d, 16, d ) == 0 );
|
||||
|
||||
TEST_ASSERT( ecp_check_pub_priv( &pub, &prv ) == ret );
|
||||
|
||||
exit:
|
||||
ecp_keypair_free( &pub );
|
||||
ecp_keypair_free( &prv );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void ecp_gen_keypair( int id )
|
||||
{
|
||||
|
@ -130,3 +130,23 @@ Verify ext RSA #12 (PKCS1 v1.5, good)
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_PKCS1_V15
|
||||
pk_rsa_verify_ext_test_vec:"206ef4bf396c6087f8229ef196fd35f37ccb8de5efcdb238f20d556668f114257a11fbe038464a67830378e62ae9791453953dac1dbd7921837ba98e84e856eb80ed9487e656d0b20c28c8ba5e35db1abbed83ed1c7720a97701f709e3547a4bfcabca9c89c57ad15c3996577a0ae36d7c7b699035242f37954646c1cd5c08ac":POLARSSL_MD_SHA1:1024:16:"e28a13548525e5f36dccb24ecb7cc332cc689dfd64012604c9c7816d72a16c3f5fcdc0e86e7c03280b1c69b586ce0cd8aec722cc73a5d3b730310bf7dfebdc77ce5d94bbc369dc18a2f7b07bd505ab0f82224aef09fdc1e5063234255e0b3c40a52e9e8ae60898eb88a766bdd788fe9493d8fd86bcdd2884d5c06216c65469e5":16:"3":"5abc01f5de25b70867ff0c24e222c61f53c88daf42586fddcd56f3c4588f074be3c328056c063388688b6385a8167957c6e5355a510e005b8a851d69c96b36ec6036644078210e5d7d326f96365ee0648882921492bc7b753eb9c26cdbab37555f210df2ca6fec1b25b463d38b81c0dcea202022b04af5da58aa03d77be949b7":POLARSSL_PK_RSA:-1:RSA_SALT_LEN_ANY:0
|
||||
|
||||
Check pair #1 (EC, OK)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/ec_256_prv.pem":0
|
||||
|
||||
Check pair #2 (EC, bad)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server5.key":POLARSSL_ERR_ECP_BAD_INPUT_DATA
|
||||
|
||||
Check pair #3 (RSA, OK)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/server1.pubkey":"data_files/server1.key":0
|
||||
|
||||
Check pair #4 (RSA, bad)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/server1.pubkey":"data_files/server2.key":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
Check pair #5 (RSA vs EC)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_RSA_C
|
||||
pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":POLARSSL_ERR_PK_TYPE_MISMATCH
|
||||
|
||||
|
@ -1,6 +1,10 @@
|
||||
/* BEGIN_HEADER */
|
||||
#include <polarssl/pk.h>
|
||||
|
||||
/* For error codes */
|
||||
#include <polarssl/ecp.h>
|
||||
#include <polarssl/rsa.h>
|
||||
|
||||
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
|
||||
|
||||
#define RSA_KEY_SIZE 512
|
||||
@ -80,6 +84,35 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_PK_PARSE_C:POLARSSL_FS_IO */
|
||||
void pk_check_pair( char *pub_file, char *prv_file, int ret )
|
||||
{
|
||||
pk_context pub, prv, alt;
|
||||
|
||||
pk_init( &pub );
|
||||
pk_init( &prv );
|
||||
pk_init( &alt );
|
||||
|
||||
TEST_ASSERT( pk_parse_public_keyfile( &pub, pub_file ) == 0 );
|
||||
TEST_ASSERT( pk_parse_keyfile( &prv, prv_file, NULL ) == 0 );
|
||||
|
||||
TEST_ASSERT( pk_check_pair( &pub, &prv ) == ret );
|
||||
|
||||
#if defined(POLARSSL_RSA_C)
|
||||
if( pk_get_type( &prv ) == POLARSSL_PK_RSA )
|
||||
{
|
||||
TEST_ASSERT( pk_init_ctx_rsa_alt( &alt, pk_rsa( prv ),
|
||||
rsa_decrypt_func, rsa_sign_func, rsa_key_len_func ) == 0 );
|
||||
TEST_ASSERT( pk_check_pair( &pub, &alt ) == ret );
|
||||
}
|
||||
#endif
|
||||
|
||||
pk_free( &pub );
|
||||
pk_free( &prv );
|
||||
pk_free( &alt );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_RSA_C */
|
||||
void pk_rsa_verify_test_vec( char *message_hex_string, int digest,
|
||||
int mod, int radix_N, char *input_N, int radix_E,
|
||||
|
@ -35,5 +35,5 @@ depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP521R1_ENABLED
|
||||
pk_write_key_check:"data_files/ec_521_prv.pem"
|
||||
|
||||
Private key write check EC Brainpool 512 bits
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_SECP192R1_ENABLED
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_BASE64_C:POLARSSL_ECP_DP_BP512R1_ENABLED
|
||||
pk_write_key_check:"data_files/ec_bp512_prv.pem"
|
||||
|
@ -318,6 +318,21 @@ rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7
|
||||
RSA Check Public key #10 (E has size N)
|
||||
rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #1 (Correct)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":0
|
||||
|
||||
RSA Check Public-Private key #2 (Public no N)
|
||||
rsa_check_pubpriv:2048:16:"":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #3 (Private no N)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #4 (N mismatch)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034e":16:"3":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Check Public-Private key #5 (E mismatch)
|
||||
rsa_check_pubpriv:2048:16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"17":16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":16:"77B1D99300D6A54E864962DA09AE10CF19A7FB888456BC2672B72AEA52B204914493D16C184AD201EC3F762E1FBD8702BA796EF953D9EA2F26300D285264F11B0C8301D0207FEB1E2C984445C899B0ACEBAA74EF014DD1D4BDDB43202C08D2FF9692D8D788478DEC829EB52AFB5AE068FBDBAC499A27FACECC391E75C936D55F07BB45EE184DAB45808E15722502F279F89B38C1CB292557E5063597F52C75D61001EDC33F4739353E33E56AD273B067C1A2760208529EA421774A5FFFCB3423B1E0051E7702A55D80CBF2141569F18F87BFF538A1DA8EDBB2693A539F68E0D62D77743F89EACF3B1723BDB25CE2F333FA63CACF0E67DF1A431893BB9B352FCB":16:"9A66CF76572A71A17475794FA1C8C70D987E581E990D772BB27C77C53FF1ECBB31260E9EDAFAEBC79991807E48918EAB8C3A5F03A600F30C69511546AE788EDF53168E2D035D300EDCD5E4BF3AA2A6D603EA0A7BD11E1C1089657306DF8A64E7F1BC6B266B825C1A6C5F0FC85775F4CF7ACD63367E42EAFE46511D58AD6DFE0F":16:"844DBDD20925D9164F9A1E2F707076C261CCA8337D0241392B38AE3C12342F3AC14F8FD6DF4A1C36839662BD0D227344CD55A32AE5DBD2309A9A2B8A2C82BE6DDDDCE81D1B694775D9047AA765CA0C6E1BB8E61C8B7BE27ED711E8EE2FEAD87F3491F76A6D2262C14189EACDFD4CEFE0BF9D0A5B49857E0ED22CBEB98DC8D45B":16:"4951A7B174DF972C37BADCC38457B5EDD1F078BC613E75CE25E08814E12461C7A1C189A70EB8138294298D141244C7A9DE31AB4F6D38B40B04D6353CD30F77ADBF66BBDE41C7BE463C5E30AAA3F7BAD6CEE99506DEAAFA2F335C1B1C5C88B8ABB0D0387EE0D1B4E7027F7F085A025CEDB5CCE18B88C0462F1C3C910D47C0D4AB":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
|
||||
|
||||
RSA Private (Correct)
|
||||
rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
|
||||
|
||||
|
@ -590,6 +590,74 @@ exit:
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE */
|
||||
void rsa_check_pubpriv( int mod, int radix_Npub, char *input_Npub,
|
||||
int radix_Epub, char *input_Epub,
|
||||
int radix_P, char *input_P, int radix_Q,
|
||||
char *input_Q, int radix_N, char *input_N,
|
||||
int radix_E, char *input_E, int radix_D, char *input_D,
|
||||
int radix_DP, char *input_DP, int radix_DQ,
|
||||
char *input_DQ, int radix_QP, char *input_QP,
|
||||
int result )
|
||||
{
|
||||
rsa_context pub, prv;
|
||||
|
||||
rsa_init( &pub, RSA_PKCS_V15, 0 );
|
||||
rsa_init( &prv, RSA_PKCS_V15, 0 );
|
||||
|
||||
pub.len = mod / 8;
|
||||
prv.len = mod / 8;
|
||||
|
||||
if( strlen( input_Npub ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &pub.N, radix_Npub, input_Npub ) == 0 );
|
||||
}
|
||||
if( strlen( input_Epub ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &pub.E, radix_Epub, input_Epub ) == 0 );
|
||||
}
|
||||
|
||||
if( strlen( input_P ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.P, radix_P, input_P ) == 0 );
|
||||
}
|
||||
if( strlen( input_Q ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.Q, radix_Q, input_Q ) == 0 );
|
||||
}
|
||||
if( strlen( input_N ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.N, radix_N, input_N ) == 0 );
|
||||
}
|
||||
if( strlen( input_E ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.E, radix_E, input_E ) == 0 );
|
||||
}
|
||||
if( strlen( input_D ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.D, radix_D, input_D ) == 0 );
|
||||
}
|
||||
if( strlen( input_DP ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.DP, radix_DP, input_DP ) == 0 );
|
||||
}
|
||||
if( strlen( input_DQ ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.DQ, radix_DQ, input_DQ ) == 0 );
|
||||
}
|
||||
if( strlen( input_QP ) )
|
||||
{
|
||||
TEST_ASSERT( mpi_read_string( &prv.QP, radix_QP, input_QP ) == 0 );
|
||||
}
|
||||
|
||||
TEST_ASSERT( rsa_check_pub_priv( &pub, &prv ) == result );
|
||||
|
||||
exit:
|
||||
rsa_free( &pub );
|
||||
rsa_free( &prv );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:POLARSSL_CTR_DRBG_C:POLARSSL_ENTROPY_C */
|
||||
void rsa_gen_key( int nrbits, int exponent, int result)
|
||||
{
|
||||
|
@ -219,23 +219,23 @@ depends_on:POLARSSL_PEM_PARSE_C
|
||||
x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA1
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA224
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA256
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA384
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information EC with SHA512
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_PEM_PARSE_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
|
||||
|
||||
X509 CSR Information RSA-PSS with SHA1
|
||||
@ -607,7 +607,7 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C
|
||||
x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_X509_RSASSA_PSS_SUPPORT:POLARSSL_SHA1_C:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP384R1_ENABLED
|
||||
x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
|
||||
@ -635,17 +635,41 @@ depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_RSA_C:POLARSSL_PKCS1_V15:POLARSSL_SHA25
|
||||
x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #73 (selfsigned trusted without CA bit)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_SHA256_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:"NULL"
|
||||
|
||||
X509 Certificate verification #75 (encoding mismatch)
|
||||
depends_on:POLARSSL_PEM_PARSE_C
|
||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #76 (multiple CRLs, not revoked)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Certificate verification #77 (multiple CRLs, revoked)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #78 (multiple CRLs, revoked by second)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #79 (multiple CRLs, revoked by future)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED|BADCRL_FUTURE:"NULL"
|
||||
|
||||
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:"NULL"
|
||||
|
||||
X509 Certificate verification #81 (multiple CRLs, none relevant)
|
||||
depends_on:POLARSSL_PEM_PARSE_C:POLARSSL_ECDSA_C:POLARSSL_ECP_DP_SECP384R1_ENABLED:POLARSSL_ECP_DP_SECP256R1_ENABLED:POLARSSL_SHA256_C:POLARSSL_RSA_C
|
||||
x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL"
|
||||
|
||||
X509 Parse Selftest
|
||||
depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_PARSE_C:POLARSSL_CERTS_C
|
||||
x509_selftest:
|
||||
@ -869,6 +893,18 @@ X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mism
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 Certificate ASN1 (ExtKeyUsage, bad second tag)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d250416301406082b0601050507030107082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 Certificate ASN1 (SubjectAltName repeated)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
|
||||
|
||||
X509 Certificate ASN1 (ExtKeyUsage repeated)
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":POLARSSL_ERR_X509_INVALID_EXTENSIONS
|
||||
|
||||
X509 Certificate ASN1 (correct pubkey, no sig_alg)
|
||||
depends_on:POLARSSL_RSA_C
|
||||
x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
@ -1190,7 +1226,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1)
|
||||
x509_parse_rsassa_pss_params:"A303020102":ASN1_CONSTRUCTED | ASN1_SEQUENCE:POLARSSL_MD_SHA1:POLARSSL_MD_SHA1:20:POLARSSL_ERR_X509_INVALID_ALG
|
||||
|
||||
X509 CSR ASN.1 (OK)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0
|
||||
|
||||
X509 CSR ASN.1 (bad first tag)
|
||||
@ -1236,51 +1272,51 @@ X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong)
|
||||
x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":POLARSSL_ERR_PK_KEY_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: bad tag)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad attributes: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: not a sequence)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":POLARSSL_ERR_X509_INVALID_ALG + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sigAlg: unknown)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":POLARSSL_ERR_X509_UNKNOWN_SIG_ALG
|
||||
|
||||
X509 CSR ASN.1 (bad sig: missing)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (bad sig: not a bit string)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CSR ASN.1 (bad sig: overlong)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":POLARSSL_ERR_X509_INVALID_SIGNATURE + POLARSSL_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CSR ASN.1 (extra data after signature)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":POLARSSL_ERR_X509_INVALID_FORMAT + POLARSSL_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 File parse (no issues)
|
||||
depends_on:POLARSSL_ECP_C
|
||||
depends_on:POLARSSL_ECP_C:POLARSSL_ECP_DP_SECP256R1_ENABLED
|
||||
x509parse_crt_file:"data_files/server7_int-ca.crt":0
|
||||
|
||||
X509 File parse (extra space in one certificate)
|
||||
|
Loading…
Reference in New Issue
Block a user