diff options
Diffstat (limited to 'tests')
70 files changed, 2037 insertions, 1731 deletions
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt index eae1f578..a8e7523e 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -20,6 +20,13 @@ endif() # on non-POSIX platforms. add_definitions("-D_POSIX_C_SOURCE=200809L") +# Test suites caught by SKIP_TEST_SUITES are built but not executed. +# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" +# but not "test_suite_foobar". +string(REGEX REPLACE "[ ,;]" "|" SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES}") +string(REPLACE "." "\\." SKIP_TEST_SUITES_REGEX "${SKIP_TEST_SUITES_REGEX}") +set(SKIP_TEST_SUITES_REGEX "^(${SKIP_TEST_SUITES_REGEX})(\$|\\.)") + function(add_test_suite suite_name) if(ARGV1) set(data_name ${ARGV1}) @@ -36,7 +43,11 @@ function(add_test_suite suite_name) include_directories(${CMAKE_CURRENT_SOURCE_DIR}) add_executable(test_suite_${data_name} test_suite_${data_name}.c) target_link_libraries(test_suite_${data_name} ${libs}) - add_test(${data_name}-suite test_suite_${data_name} --verbose) + if(${data_name} MATCHES ${SKIP_TEST_SUITES_REGEX}) + message(STATUS "The test suite ${data_name} will not be executed.") + else() + add_test(${data_name}-suite test_suite_${data_name} --verbose) + endif() endfunction(add_test_suite) if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_CLANG) @@ -52,6 +63,7 @@ endif(MSVC) add_test_suite(aes aes.ecb) add_test_suite(aes aes.cbc) add_test_suite(aes aes.cfb) +add_test_suite(aes aes.ofb) add_test_suite(aes aes.rest) add_test_suite(aes aes.xts) add_test_suite(arc4) diff --git a/tests/Makefile b/tests/Makefile index b6e49bf8..4ef74177 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -113,8 +113,9 @@ ifneq ($(wildcard TESTS/.*),) endif endif +# Test suites caught by SKIP_TEST_SUITES are built but not executed. check: $(BINARIES) - perl scripts/run-test-suites.pl + perl scripts/run-test-suites.pl --skip=$(SKIP_TEST_SUITES) test: check diff --git a/tests/compat.sh b/tests/compat.sh index bf65e5e6..35983cd7 100755 --- a/tests/compat.sh +++ b/tests/compat.sh @@ -62,7 +62,8 @@ FILTER="" # avoid plain DES but keep 3DES-EDE-CBC (mbedTLS), DES-CBC3 (OpenSSL) # - ARIA: not in default config.h + requires OpenSSL >= 1.1.1 # - ChachaPoly: requires OpenSSL >= 1.1.0 -EXCLUDE='NULL\|DES-CBC-\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' +# - 3DES: not in default config +EXCLUDE='NULL\|DES\|RC4\|ARCFOUR\|ARIA\|CHACHA20-POLY1305' VERBOSE="" MEMCHECK=0 PEERS="OpenSSL$PEER_GNUTLS mbedTLS" diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile index 2ed32e68..09db60c8 100644 --- a/tests/data_files/Makefile +++ b/tests/data_files/Makefile @@ -16,7 +16,6 @@ FAKETIME ?= faketime MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write MBEDTLS_CERT_REQ ?= $(PWD)/../../programs/x509/cert_req - ## Build the generated test data. Note that since the final outputs ## are committed to the repository, this target should do nothing on a ## fresh checkout. Furthermore, since the generation is randomized, @@ -47,14 +46,30 @@ test-ca.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@ all_final += test-ca.crt +test-ca.crt.der: test-ca.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += test-ca.crt.der + +test-ca.key.der: $(test_ca_key_file_rsa) + $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)" +all_final += test-ca.key.der + test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA1 version=3 output_file=$@ all_final += test-ca-sha1.crt +test-ca-sha1.crt.der: test-ca-sha1.crt + $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER +all_final += test-ca-sha1.crt.der + test-ca-sha256.crt: $(test_ca_key_file_rsa) test-ca.req.sha256 $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144400 not_after=20210212144400 md=SHA256 version=3 output_file=$@ all_final += test-ca-sha256.crt +test-ca-sha256.crt.der: test-ca-sha256.crt + $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER +all_final += test-ca-sha256.crt.der + test_ca_key_file_rsa_alt = test-ca-alt.key $(test_ca_key_file_rsa_alt): @@ -75,6 +90,14 @@ all_final += test-ca-good-alt.crt test_ca_crt_file_ec = test-ca2.crt test_ca_key_file_ec = test-ca2.key +test-ca2.crt.der: $(test_ca_crt_file_ec) + $(OPENSSL) x509 -in $(test_ca_crt_file_ec) -out $@ -inform PEM -outform DER +all_final += test-ca2.crt.der + + test-ca2.key.der: $(test_ca_key_file_ec) + $(OPENSSL) pkey -in $(test_ca_key_file_ec) -out $@ -inform PEM -outform DER +all_final += test-ca2.key.der + test_ca_crt_cat12 = test-ca_cat12.crt $(test_ca_crt_cat12): $(test_ca_crt) $(test_ca_crt_file_ec) cat $(test_ca_crt) $(test_ca_crt_file_ec) > $@ @@ -113,6 +136,14 @@ cli-rsa-sha256.crt: cli-rsa.csr $(MBEDTLS_CERT_WRITE) request_file=$< serial=4 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@ all_final += cli-rsa-sha256.crt +cli-rsa-sha256.crt.der: cli-rsa-sha256.crt + $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER +all_final += cli-rsa-sha256.crt.der + + cli-rsa.key.der: $(cli_crt_key_file_rsa) + $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER +all_final += cli-rsa.key.der + test_ca_int_rsa1 = test-int-ca.crt server7.csr: server7.key @@ -131,6 +162,22 @@ server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt cat server7.crt test-int-ca-exp.crt > $@ all_final += server7_int-ca-exp.crt +cli2.crt.der: cli2.crt + $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER +all_final += cli2.crt.der + + cli2.key.der: cli2.key + $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER +all_final += cli2.key.der + + server5.crt.der: server5.crt + $(OPENSSL) x509 -in $< -out $@ -inform PEM -outform DER +all_final += server5.crt.der + + server5.key.der: server5.key + $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER +all_final += server5.key.der + server5-ss-expired.crt: server5.key $(FAKETIME) -f -3653d $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/OU=testsuite/CN=localhost" -days 3653 -sha256 -key $< -out $@ all_final += server5-ss-expired.crt @@ -151,7 +198,7 @@ test-int-ca3-badsign.crt: test-int-ca3.crt all_final += test-int-ca3-badsign.crt server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt cat server10.crt test-int-ca3-badsign.crt > $@ -all_final += server10-bs_int3-bs.pem +all_final += server10_int3-bs.pem rsa_pkcs1_2048_public.pem: server8.key $(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@ @@ -739,6 +786,37 @@ ec_prv.pk8param.pem: ec_prv.pk8param.der $(OPENSSL) pkey -in $< -inform DER -out $@ all_final += ec_prv.pk8param.pem +# server5* + +# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' +server5.req.ku.sha1: server5.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server5.req.ku.sha1 + +################################################################ +### Generate CSRs for X.509 write test suite +################################################################ + +server1.req.cert_type: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.cert_type + +server1.req.key_usage: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.key_usage + +server1.req.ku-ct: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation,key_encipherment ns_cert_type=ssl_server subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 +all_final += server1.req.ku-ct + +server1.req.key_usage_empty: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_key_usage=1 +all_final += server1.req.key_usage_empty + +server1.req.cert_type_empty: server1.key + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1 force_ns_cert_type=1 +all_final += server1.req.cert_type_empty + ################################################################ ### Generate CSRs for X.509 write test suite ################################################################ @@ -789,6 +867,18 @@ server2.req.sha256: server2.key $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=localhost" md=SHA256 all_intermediate += server2.req.sha256 +server2.crt.der: server2.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server2.crt.der + +server2-sha256.crt.der: server2-sha256.crt + $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ +all_final += server2-sha256.crt.der + +server2.key.der: server2.key + $(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER +all_final += server2.key.der + # server5* # The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.' @@ -818,9 +908,9 @@ server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rs $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@ server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@ -server1.der: server1.crt +server1.crt.der: server1.crt $(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@ -all_final += server1.crt server1.noauthid.crt server1.der +all_final += server1.crt server1.noauthid.crt server1.crt.der server1.key_usage.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa) $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@ @@ -879,7 +969,33 @@ server2-sha256.crt: server2.req.sha256 $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA256 version=3 output_file=$@ all_final += server2-sha256.crt +# MD2, MD4, MD5 test certificates + +cert_md_test_key = $(cli_crt_key_file_rsa) + +cert_md2.csr: $(cert_md_test_key) + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD2" md=MD2 +all_intermediate += cert_md2.csr + +cert_md2.crt: cert_md2.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=9 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD2 version=3 output_file=$@ +all_final += cert_md2.crt + +cert_md4.csr: $(cert_md_test_key) + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD4" md=MD4 +all_intermediate += cert_md4.csr + +cert_md4.crt: cert_md4.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=5 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD4 version=3 output_file=$@ +all_final += cert_md4.crt + +cert_md5.csr: $(cert_md_test_key) + $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Cert MD5" md=MD5 +all_intermediate += cert_md5.csr +cert_md5.crt: cert_md5.csr + $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@ +all_final += cert_md5.crt ################################################################ #### Meta targets diff --git a/tests/data_files/cert_md2.crt b/tests/data_files/cert_md2.crt index bfea77b6..94b89afc 100644 --- a/tests/data_files/cert_md2.crt +++ b/tests/data_files/cert_md2.crt @@ -1,77 +1,20 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 9 (0x9) - Signature Algorithm: md2WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Jul 12 10:56:59 2009 GMT - Not After : Jul 12 10:56:59 2011 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:dc:13:74:81:c6:12:f6:67:5d:a1:66:72:ed:dc: - 79:b6:58:5c:32:58:b3:d4:14:fd:6c:02:61:9e:0b: - 99:46:63:a3:0a:41:d4:42:33:21:e6:ed:43:07:5a: - 1d:a2:3b:64:29:a8:2a:c1:66:28:00:59:d8:0c:49: - 2d:30:b7:3d:8c:bb:60:62:31:83:27:7f:4b:95:92: - 2e:a0:d6:c6:84:94:4b:b3:e4:a6:cc:ff:32:3a:c5: - ec:4c:c9:24:58:bf:b3:33:77:6a:b5:17:8b:02:10: - 29:8e:95:aa:91:60:17:43:42:87:a8:7c:da:09:83: - 98:9d:7a:65:5e:20:52:07:2e:65:a5:31:fd:d9:74: - 1e:00:c9:ae:9d:81:56:8b:08:0a:f5:1e:9c:dc:a2: - 5e:6c:db:ff:11:83:15:f4:d1:24:57:9b:0f:eb:35: - c9:f1:aa:46:4e:74:7f:fe:1d:b0:91:1f:89:4a:84: - cb:df:75:e3:cd:77:82:62:09:e5:9f:6d:29:de:2e: - 25:d8:48:b6:20:be:51:97:4c:2d:20:65:2d:2a:50: - 9e:24:5d:72:95:e0:a2:06:41:8c:61:e4:50:57:74: - 96:b1:29:b5:a1:88:37:f1:5c:9e:b2:9e:8e:83:8d: - 72:3b:b5:5c:fe:bb:12:89:72:5c:a1:f9:d8:18:29: - b2:27 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - B7:51:D4:E5:20:D5:45:54:F4:C5:51:1B:E0:82:B5:61:05:AF:9B:B6 - X509v3 Authority Key Identifier: - keyid:CF:22:31:27:91:D8:C2:54:FF:1E:DA:D9:EE:8A:C5:89:32:AD:0C:21 - - Signature Algorithm: md2WithRSAEncryption - 28:5a:dd:48:fb:ec:80:fe:de:b7:20:c0:4c:05:a9:4b:51:e9: - a7:d1:4b:5e:76:42:d2:5d:9a:14:19:3b:cb:f9:91:d7:0f:11: - c9:cd:dd:00:8b:2c:76:73:22:a0:19:49:81:63:40:30:48:27: - 62:90:ca:b8:dc:33:35:b3:4b:58:ca:dc:07:66:87:2e:ea:44: - 2a:6a:13:67:7a:32:5e:48:1d:88:88:c5:70:e6:e7:ec:1b:2f: - a7:f4:61:71:29:f6:66:93:30:60:7e:b3:4c:01:c8:2c:53:ce: - 00:11:ec:bf:f6:f2:ce:51:97:d8:ed:ed:dc:c9:6b:b8:19:15: - c8:9a:61:6d:12:9a:99:25:d8:03:1d:a6:4c:20:a5:f8:46:a3: - 05:32:bb:1a:8e:1a:65:0d:f3:13:35:1d:6f:73:28:31:12:d7: - c4:9e:73:a0:a7:ce:82:25:d1:40:e8:1b:77:60:f3:3e:81:7f: - 19:ee:cf:97:4d:c8:c3:35:9b:72:98:3b:c3:35:43:14:0a:04: - 21:7b:f7:db:e6:5f:ce:21:d1:ce:bf:b7:ef:c1:63:21:c2:78: - e1:37:aa:b1:e0:31:b3:b6:63:4c:fd:66:c8:e6:cf:f8:d9:97: - 2f:cf:92:81:3f:d4:bf:ec:e2:ad:6e:39:c7:a6:a8:e0:32:b0: - 2e:0d:e1:30 -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MDkwNzEyMTA1NjU5WhcNMTEwNzEyMTA1NjU5WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3BN0gcYS9mddoWZy7dx5tlhcMliz -1BT9bAJhnguZRmOjCkHUQjMh5u1DB1odojtkKagqwWYoAFnYDEktMLc9jLtgYjGD -J39LlZIuoNbGhJRLs+SmzP8yOsXsTMkkWL+zM3dqtReLAhApjpWqkWAXQ0KHqHza -CYOYnXplXiBSBy5lpTH92XQeAMmunYFWiwgK9R6c3KJebNv/EYMV9NEkV5sP6zXJ -8apGTnR//h2wkR+JSoTL33XjzXeCYgnln20p3i4l2Ei2IL5Rl0wtIGUtKlCeJF1y -leCiBkGMYeRQV3SWsSm1oYg38Vyesp6Og41yO7Vc/rsSiXJcofnYGCmyJwIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBS3UdTlINVFVPTFURvggrVhBa+btjAf -BgNVHSMEGDAWgBTPIjEnkdjCVP8e2tnuisWJMq0MITANBgkqhkiG9w0BAQIFAAOC -AQEAKFrdSPvsgP7etyDATAWpS1Hpp9FLXnZC0l2aFBk7y/mR1w8Ryc3dAIssdnMi -oBlJgWNAMEgnYpDKuNwzNbNLWMrcB2aHLupEKmoTZ3oyXkgdiIjFcObn7Bsvp/Rh -cSn2ZpMwYH6zTAHILFPOABHsv/byzlGX2O3t3MlruBkVyJphbRKamSXYAx2mTCCl -+EajBTK7Go4aZQ3zEzUdb3MoMRLXxJ5zoKfOgiXRQOgbd2DzPoF/Ge7Pl03IwzWb -cpg7wzVDFAoEIXv32+ZfziHRzr+378FjIcJ44TeqseAxs7ZjTP1myObP+NmXL8+S -gT/Uv+zirW45x6ao4DKwLg3hMA== +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f +M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu +1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw +MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v +4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ +/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQIFAAOC +AQEAXLWqy34iaZ2YV+5eE1QMV/9m9nQI2X/yumRH1MT1R3oYde/YDV7+HSOM6qLs +qSgH1DSyXv1YnJww2OyTtAVhPalICLjVjUQCyeUCiFpAIO6Xz1VE6v4GMFLqhlV1 +Nox9dDtR5Go2zwPaH64Ze9GxuDZfW+VnPRNgYOrqqCBnuhnp2uPRfOewus2AAo50 +dx1XTooCEqElQlB9EIPWbvPdJZjRjruCUtDbz+oxG4J4Ml4KCYm+/MyXNPqxV9+H +5A9oQltuHMWasMWSfXeimQI5PPpdjndmJOhfT4RGmvTw/uNC/Xuy1kPxXQKoocz6 +93U8RQvyJxdIPtQuARNMRZ7G+Q== -----END CERTIFICATE----- diff --git a/tests/data_files/cert_md4.crt b/tests/data_files/cert_md4.crt index 16f166b8..7d0f7cb1 100644 --- a/tests/data_files/cert_md4.crt +++ b/tests/data_files/cert_md4.crt @@ -1,77 +1,20 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 5 (0x5) - Signature Algorithm: md4WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:07 2011 GMT - Not After : Feb 12 14:44:07 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71: - 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7: - be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b: - 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0: - 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5: - 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1: - fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5: - ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e: - 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef: - 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9: - 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc: - 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5: - 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d: - 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8: - 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e: - 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25: - ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d: - 17:f7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - - Signature Algorithm: md4WithRSAEncryption - 94:db:e1:86:71:2d:43:d6:51:61:a7:95:bc:e8:73:da:ff:e4: - fd:41:0f:5c:de:14:f4:c4:ba:5d:2c:30:2c:a6:dc:2d:e8:87: - 45:f1:c5:fe:d1:4a:64:99:19:09:2f:72:7c:3f:8d:c8:31:22: - dd:0a:69:03:3d:12:8c:4d:c3:f7:a3:c5:d1:5d:c9:ff:4b:83: - 6b:d6:b4:e5:d8:ce:94:5e:ec:bf:68:c5:b2:63:8e:5c:cb:f3: - 8d:62:73:82:62:7e:df:db:7d:0b:8d:21:10:db:9a:a1:62:4d: - 46:42:d1:bb:38:32:ef:c1:fc:a1:e2:7f:60:08:37:32:20:2c: - 7c:a2:c9:12:0d:89:fe:2b:15:08:91:79:e2:a9:79:a4:da:cd: - 81:43:01:e2:09:2d:1a:f4:16:ef:af:4d:50:46:5e:2d:dd:48: - 27:10:c0:42:b7:a5:9e:c2:1f:6e:50:36:03:ed:95:77:9a:a3: - d9:4c:d7:23:93:b1:24:2a:63:27:28:7a:de:3d:59:d2:92:c8: - 8f:f6:39:1d:65:ab:09:78:05:46:90:a9:f6:10:b1:ef:c8:8c: - 4d:7d:8d:f2:78:b7:88:15:09:7e:df:e9:87:a8:64:c1:95:53: - fb:da:05:b7:62:bc:ad:fb:d9:a4:a9:06:6c:6b:98:01:b9:39: - 78:d3:4e:87 -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1 -bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt -gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn -ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS -ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB -37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f +M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu +1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw +MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v +4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ +/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC -AQEAlNvhhnEtQ9ZRYaeVvOhz2v/k/UEPXN4U9MS6XSwwLKbcLeiHRfHF/tFKZJkZ -CS9yfD+NyDEi3QppAz0SjE3D96PF0V3J/0uDa9a05djOlF7sv2jFsmOOXMvzjWJz -gmJ+39t9C40hENuaoWJNRkLRuzgy78H8oeJ/YAg3MiAsfKLJEg2J/isVCJF54ql5 -pNrNgUMB4gktGvQW769NUEZeLd1IJxDAQrelnsIfblA2A+2Vd5qj2UzXI5OxJCpj -Jyh63j1Z0pLIj/Y5HWWrCXgFRpCp9hCx78iMTX2N8ni3iBUJft/ph6hkwZVT+9oF -t2K8rfvZpKkGbGuYAbk5eNNOhw== +AQEArXIW7Dy1hBXMKY8/TAfACqkFZzbGDJdD5ohQknENk6FzUHVw9SVibhi5J+nh +/mhUhoczFg78T8ZopDcsPHKQTuy0LNcLWhZDD4S4CJCibmsf+8BWmPcSp1tsS9Zj +etO5qNuUarL74W+rRa3qQcCXcglYTubv/PcCV+LGVqZ4XDlO5EBFJJREAREzG+iK +Epm2y0mi1WTwjy7m7rxYHs5i5ybDHDDwU55H5wh50Vs4/vDx2kZab2K9gx6V2ggY +CCYmRWKQHdI4XZBkpYFbbREZxMY4Y5c2PUMlr8GUq6s6eu9/GvmnIx/+EySSfxgv +9GpN+gnyx03hjYNGO7iX8nPnXA== -----END CERTIFICATE----- diff --git a/tests/data_files/cert_md5.crt b/tests/data_files/cert_md5.crt index 13d43f1a..e514fd63 100644 --- a/tests/data_files/cert_md5.crt +++ b/tests/data_files/cert_md5.crt @@ -1,77 +1,20 @@ -Certificate: - Data: - Version: 3 (0x2) - Serial Number: 6 (0x6) - Signature Algorithm: md5WithRSAEncryption - Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA - Validity - Not Before: Feb 12 14:44:07 2011 GMT - Not After : Feb 12 14:44:07 2021 GMT - Subject: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5 - Subject Public Key Info: - Public Key Algorithm: rsaEncryption - RSA Public Key: (2048 bit) - Modulus (2048 bit): - 00:b9:3c:4a:c5:c8:a3:8e:90:17:a4:9e:52:aa:71: - 75:26:61:80:e7:c7:b5:6d:8c:ff:aa:b6:41:26:b7: - be:11:ad:5c:73:16:0c:64:11:48:04:ff:d6:e1:3b: - 05:db:89:bb:b3:97:09:d5:1c:14:dd:68:87:39:b0: - 3d:71:cb:e2:76:d0:1a:d8:18:2d:80:1b:54:f6:e5: - 44:9a:f1:cb:af:61:2e:df:49:0d:9d:09:b7:ed:b1: - fd:3c:fd:3c:fa:24:cf:5d:bf:7c:e4:53:e7:25:b5: - ea:44:22:e9:26:d3:ea:20:94:9e:e6:61:67:ba:2e: - 07:67:0b:03:2f:a2:09:ed:f0:33:8f:0b:ce:10:ef: - 67:a4:c6:08:da:c1:ed:c2:3f:d7:4a:dd:15:3d:f9: - 5e:1c:81:60:46:3e:b5:b3:3d:2f:a6:de:47:1c:bc: - 92:ae:eb:df:27:6b:16:56:b7:dc:ec:d1:55:57:a5: - 6e:ec:75:25:f5:b7:7b:df:ab:d2:3a:5a:91:98:7d: - 97:17:0b:13:0a:a7:6b:4a:8b:c1:47:30:fb:3a:f8: - 41:04:d5:c1:df:b8:1d:bf:7b:01:a5:65:a2:e0:1e: - 36:b7:a6:5c:cc:30:5a:f8:cd:6f:cd:f1:19:62:25: - ca:01:e3:35:7f:fa:20:f5:dc:fd:69:b2:6a:00:7d: - 17:f7 - Exponent: 65537 (0x10001) - X509v3 extensions: - X509v3 Basic Constraints: - CA:FALSE - X509v3 Subject Key Identifier: - 7D:E4:9C:6B:E6:F9:71:7D:46:D2:12:3D:AD:6B:1D:FD:C2:AA:78:4C - X509v3 Authority Key Identifier: - keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF - - Signature Algorithm: md5WithRSAEncryption - 92:13:81:0c:ff:ac:ab:98:52:6c:28:c9:c6:3e:80:c6:ec:77: - d0:13:e1:a2:29:1d:2f:b7:c5:95:41:83:60:d9:50:9c:d0:d6: - 09:f7:0f:97:cd:c0:e6:b2:68:fa:31:c9:2a:a3:d3:1e:53:ae: - 79:dc:35:ba:b0:d9:e5:7a:37:1b:2a:92:fa:d2:59:90:43:1b: - 6a:91:c1:db:36:da:e9:39:d3:f5:ac:e3:46:01:ca:55:04:17: - 1a:b1:97:28:e8:ff:1b:e7:e1:10:c9:b5:31:d8:ce:a6:89:6a: - 4a:df:78:7b:02:2f:83:b3:41:d5:ef:0b:b6:44:ff:32:a6:cf: - 1b:c2:f4:b0:75:66:a9:da:6f:7c:a5:e3:c6:c1:3a:2f:bf:f8: - 12:6f:04:2c:37:f2:4e:fc:b9:09:ff:a4:5b:40:19:e9:58:91: - 64:82:d6:ad:b9:7f:c0:12:c2:ce:b7:b6:ba:fb:10:a2:3f:74: - 97:10:39:d4:dc:4a:e5:5c:f7:e5:3a:d9:68:d7:17:6b:f5:51: - 08:b4:a2:30:0d:cc:36:10:6d:4e:1d:22:cc:48:d1:38:44:ba: - cc:2b:47:99:f7:c6:8b:41:24:f3:f1:2c:10:1a:f2:88:bb:b2: - e0:fd:44:26:3d:ad:ea:af:1d:d0:00:56:41:4e:f4:b0:3b:9d: - 32:6f:48:c7 -----BEGIN CERTIFICATE----- MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER -MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN -MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G -A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN -BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTxKxcijjpAXpJ5SqnF1JmGA58e1 -bYz/qrZBJre+Ea1ccxYMZBFIBP/W4TsF24m7s5cJ1RwU3WiHObA9ccvidtAa2Bgt -gBtU9uVEmvHLr2Eu30kNnQm37bH9PP08+iTPXb985FPnJbXqRCLpJtPqIJSe5mFn -ui4HZwsDL6IJ7fAzjwvOEO9npMYI2sHtwj/XSt0VPfleHIFgRj61sz0vpt5HHLyS -ruvfJ2sWVrfc7NFVV6Vu7HUl9bd736vSOlqRmH2XFwsTCqdrSovBRzD7OvhBBNXB -37gdv3sBpWWi4B42t6ZczDBa+M1vzfEZYiXKAeM1f/og9dz9abJqAH0X9wIDAQAB -o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBR95Jxr5vlxfUbSEj2tax39wqp4TDAf +MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN +MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G +A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN +BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f +M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu +1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw +MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v +4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/ +/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB +o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC -AQEAkhOBDP+sq5hSbCjJxj6Axux30BPhoikdL7fFlUGDYNlQnNDWCfcPl83A5rJo -+jHJKqPTHlOuedw1urDZ5Xo3GyqS+tJZkEMbapHB2zba6TnT9azjRgHKVQQXGrGX -KOj/G+fhEMm1MdjOpolqSt94ewIvg7NB1e8LtkT/MqbPG8L0sHVmqdpvfKXjxsE6 -L7/4Em8ELDfyTvy5Cf+kW0AZ6ViRZILWrbl/wBLCzre2uvsQoj90lxA51NxK5Vz3 -5TrZaNcXa/VRCLSiMA3MNhBtTh0izEjROES6zCtHmffGi0Ek8/EsEBryiLuy4P1E -Jj2t6q8d0ABWQU70sDudMm9Ixw== +AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4 +imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/ +QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV +90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF +737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98 +6qG8UAYsSI7aMe1j7DZpkoPL9w== -----END CERTIFICATE----- diff --git a/tests/data_files/cli-rsa-sha256.crt.der b/tests/data_files/cli-rsa-sha256.crt.der Binary files differnew file mode 100644 index 00000000..8fa3d1b5 --- /dev/null +++ b/tests/data_files/cli-rsa-sha256.crt.der diff --git a/tests/data_files/cli-rsa-sha256.key.der b/tests/data_files/cli-rsa-sha256.key.der Binary files differnew file mode 100644 index 00000000..8ef5a046 --- /dev/null +++ b/tests/data_files/cli-rsa-sha256.key.der diff --git a/tests/data_files/cli-rsa.key.der b/tests/data_files/cli-rsa.key.der Binary files differnew file mode 100644 index 00000000..8ef5a046 --- /dev/null +++ b/tests/data_files/cli-rsa.key.der diff --git a/tests/data_files/cli2.crt.der b/tests/data_files/cli2.crt.der Binary files differnew file mode 100644 index 00000000..6ad236e2 --- /dev/null +++ b/tests/data_files/cli2.crt.der diff --git a/tests/data_files/cli2.key.der b/tests/data_files/cli2.key.der Binary files differnew file mode 100644 index 00000000..acba6a02 --- /dev/null +++ b/tests/data_files/cli2.key.der diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/server1-ms.req.sha256 new file mode 100644 index 00000000..b0d9414a --- /dev/null +++ b/tests/data_files/server1-ms.req.sha256 @@ -0,0 +1,16 @@ +-----BEGIN NEW CERTIFICATE REQUEST----- +MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRow +GAYDVQQDExFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA +A4IBAQBY/1nnYQ3ThVyeZb1Z2wLYoHZ5rfeJCedyP7N/gjJZjhrMbwioUft2uHpb ++OZQfxRXJTbtj/1wpRMCoUMLWzapS7/xGx3IjoPtl42aM4M+xVYvbLjExL13kUAr +eE4JWcMIbTEPol2zSdX/LuB+m27jEp5VsvM2ty9qOw/T4iKwjFSe6pcYZ2spks19 +3ltgjnaamwqKcN9zUA3IERTsWjr5exKYgfXm2OeeuSP0tHr7Dh+w/2XA9dGcLhrm +TA4P8QjIgSDlyzmhYYmsrioFPuCfdi1uzs8bxmbLXbiCGZ8TDMy5oLqLo1K+j2pF +ox+ATHKxQ/XpRQP+2OTb9sw1kM59 +-----END NEW CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.cert_type.crt b/tests/data_files/server1.cert_type.crt index cf384cba..fb59ab8b 100644 --- a/tests/data_files/server1.cert_type.crt +++ b/tests/data_files/server1.cert_type.crt @@ -11,10 +11,10 @@ lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC -AEAwDQYJKoZIhvcNAQEFBQADggEBAEQOk5Ejgu/GsxvMo+RknXcta5Qr6MiNo1EM -G5Xrf++aaf4Mi38p5ZxWDxQDyBmutSnuJgzO+Dxe5w/RNojFa4ri4g5Zk8zwfIcQ -8jR6a9DJtxarxDj/UqEzaiBa5MpxsbQqbmou7X7YW9LHDzmCgzbaabyWCuGYxvmh -lDbcISST73G+vJEeExcBHyom/GV9TNcFAGa66YV/FtABg2tiy9znmUeMnZeYkC9S -05m6UstAU6pMdwiTpjZjovsTlAcmC76XmE/GpREhRvtGCKTb2pUi3agqsrapABmF -EGZT9cpwkrl3cxh+jxAMEuhJLdEScDWHVsiNS5y9yxitWC4NqR4= +BkAwDQYJKoZIhvcNAQEFBQADggEBAK1WXZYd6k7/zE2NcszT6rxNaSixPZrDYzRt +Iz5rpH33IHkCdR956/ExCcDMqGNVtKtBdr8kw3+jzyPQhwyHVPNv4C/cgt0C89Pf +qZLQGuEPVp1X4tzEY2Kno9c1tllLVzJdvz1mRhSb9z5CWQKNMT+8MMl3k+0NZ4LT +NEx4gTZxYEsAGEuO/Yij9ctxp4RdSP585FXgiMC00ieMe/aJxlOIgpIhuWdu0KPP +G5guYd4hQ9ZrGVOGdjv2cZbh4DuQOsCwU9in/e1RKFV6eMmyOdvLJ4jkTauwkGJG +lCclZZQwzGawOiMl2OYPUia5bkaEsdE/0QW/lf36lco8CNjpUfY= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.cert_type_noauthid.crt b/tests/data_files/server1.cert_type_noauthid.crt index 7545e0b4..0082b148 100644 --- a/tests/data_files/server1.cert_type_noauthid.crt +++ b/tests/data_files/server1.cert_type_noauthid.crt @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB oz8wPTAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAR -BglghkgBhvhCAQEEBAMCAEAwDQYJKoZIhvcNAQEFBQADggEBAJc3yZUS9X3/lb63 -Nlt8rtXC45wbWZUoOK8N55IzEJC7FrttAStq24kq9QV0qiox8m1WLA+6xVaeZaXu -h2z3WlUlyCNaKqHEpuSYu/XQ0td6j3jCMj3VDSZGHnKgliQ9fkkt+waPVCAZldwj -rHsZibl2Dqzb3KttKqD1VyEVOUJ+saXRDJLFdK1M9nwdWMfOg/XE0WbqfVzw9COs -08dJ6KL7SOvXtiOVQLNv7XN/2j+wF6+IoLDdLCDByj5VtK2q2vyVk5tpDJI1S696 -dP8Zi7VbBTS9OlVC+Gw3CntDKZA8e215MNG6iBuEM2mgi4i0umo7mN8FoA1zusnE -8mCO55Q= +BglghkgBhvhCAQEEBAMCBkAwDQYJKoZIhvcNAQEFBQADggEBAGl6bYCGKvDCvfSU +PTyaiFPNGXV98AnIG0Hu4EJjs1owBU/Yf8UdFbWJtOymR80SbzmeQ6rEIoY1oXDA +o9Y8yRgW8t25Wmq/0DCu/5P0/L6asstLTxLG4qajClVwqDLEqZNixmq8QorAOtK1 +JngFA+A5jzc70Ikl9+Hbx/2SEMrCpo0QLSco7KDK7XpNOHbkRz2AqSm0se4jDMP1 +Cwd2UtcpctIZEbECZo6S9WrVMqIhRF1Y5FeauBA2ORvGIHohaYJ9VzYWYXIp7N8d +QXGv+M7ffpZiERcRr8lxtboPnTXKlv1mLCEX7g+KuiJQUm4OGfTCd5VHzWM7O5Id +b+IvZD0= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.crt.der b/tests/data_files/server1.crt.der Binary files differnew file mode 100644 index 00000000..fcf45cd7 --- /dev/null +++ b/tests/data_files/server1.crt.der diff --git a/tests/data_files/server1.key_usage.crt b/tests/data_files/server1.key_usage.crt index 3a678ff3..b5a2532c 100644 --- a/tests/data_files/server1.key_usage.crt +++ b/tests/data_files/server1.key_usage.crt @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf -BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCAeAw -DQYJKoZIhvcNAQEFBQADggEBAE4sz3ghfpolZ0rH6Q3CWIYQ1Q+aGBwQiCCBsApP -8qZd880Kt+BiEdSsaU16S8CIMdOcHGQGB7dXK9wdTWkIqaW9I7fRPgDNDIhJoYDD -67h1P+cEQeXT9900H173nYlM1vL9zLcnmmqEO7j8jXSpsR5mcCMPkR52RqxweLJw -LGPeSlA+DF0WbezJc28FUgXAl8Kxm3Od40exMeicHtfgCnIykH1NEW3gXpc91nFT -RoNRdEAIGHMX5Dd5QDlt2vlaKNXFtcx2xUXXIi71YNQybH3p6KXayPMFQzrBwoXJ -YHevmjUaw7UH31fULa1dtd/dWmp8cCaKB4vBr0DBJPiMJMw= +BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw +DQYJKoZIhvcNAQEFBQADggEBAE6xegEHvwuQ8I4YCLX7oXmDJiDb7m2nMin+um0v +TMqHAE3B9GvdWGUgMIEMf76ee7OMDzxfzM2vyNGemB0rn1djEv+knJBSdMQKD9X8 +tkT8cPqMHlRMYYbFFkkZEOeqeihZXQdUORao9ZSXrokYwv+Fr+PAmiUJEmkZHbA1 +Gqp6tPfGxJ2ah50Og9oAPwyND6kvE2o++Dth2evjljPCPM2Gw5kjQGw3V9CAUyUo +KtLrtZdOeRHRCWCf3UQ/tYkG70tY/+grftrHqKB2E4qkmDiCPS9sEpa7jOGT6e4k +jGVeZFNZZ10mD2Svr3xl/60++c7yLxrquujo8NOTCVcshfs= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.key_usage_noauthid.crt b/tests/data_files/server1.key_usage_noauthid.crt index 4a72ac1b..c82a9797 100644 --- a/tests/data_files/server1.key_usage_noauthid.crt +++ b/tests/data_files/server1.key_usage_noauthid.crt @@ -10,11 +10,11 @@ CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB ozwwOjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAO -BgNVHQ8BAf8EBAMCAeAwDQYJKoZIhvcNAQEFBQADggEBALqfFzzWOViKBXoFhtcc -Ulzg1ShK20z3zeD6TL5Ss2+kMIGhvvvUMtcATIFa9LxZ//a0as1CACphxmrsqaju -LDvnXjWLB+e7pJPQ+4XixKmA3QoQI6sduH03/4eRp/Er/+zXD7+uapz+GimiExJt -mjW1Oz5n2Q7L9vQabqz0n9+8rM/chsfgipQSKmV0rXe/K1N4yuggh62r8kn9UaUR -TKm6HaMIFBrZNwMy8TAc3gSq5rqbN8/ONiCBpW/LvwTnd7fFSl7yeetAbj08gpu2 -dkfYp/DK9Hs1KQFCi0u1pr9JIqFxNy6tUTO90ydq6QXj4E5yZhmitLPk5wPCozN+ -rIc= +BgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAKuveVlnjgJIkiH6HqZk ++oGpLPxpcoMEMskzyFxTfjP4L2Mj798qydBbobyVJdH5p/sIpcHsI0xajM/dcZKS +7b28KVwxOk+87DtwCikFT+jzWPe8fzowqsNAaKtvtDQnLYh8u2tDT1vhABwgTVAy +aHCzs+nm3o36NPSN9K+wmI+r1KFnhjtyOQ++7M8wRRT5jrC+1tYicjsnVMu07yB5 +04C99Fa3MToilg66Jos95U3gBF5GbSfDXYtd3/etNMkUiG8FEZJlkhKbTO+4E03a +X6+z2VojrAroYyO/F5ZlaC3/CsMQ8Zcate64nH/Lu/U78XAo8iKz5DLLOPBqodER +z4A= -----END CERTIFICATE----- diff --git a/tests/data_files/server1.req.cert_type b/tests/data_files/server1.req.cert_type index b9b9f067..39ff3fdb 100644 --- a/tests/data_files/server1.req.cert_type +++ b/tests/data_files/server1.req.cert_type @@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAkMCIGCSqGSIb3DQEJDjEV -MBMwEQYJYIZIAYb4QgEBBAQDAgBAMA0GCSqGSIb3DQEBBQUAA4IBAQCMX3H6BiGP -VRvLu8UHIhsj9WgrGDRogOMVHOrQm+0fnGyxZa2UwftSZf2qLBZ+DmJStHabXibw -QuWA9BMVFDih5yGMhdzQC8iQQCjfYOS0sfhy7p76q89rVO0E9KAtvFH2ApbaDAck -m1WdQvYey2rYnT1ucHGdn017Iu1CaY8qnmh7Fhuov++69eGGG4MjRVT/7Ywufjo5 -Fn+JsMhj4IonP/jwKIUBskK15MkTQhKpyl5rQK/8v+7bWlsuqhiNPSYg6rgIrjmN -QxxzqP5NLPdlS4ksN6zcuwdq21l+li8zakjbeUvyqZb7E6vTHJaNBOp7Y7jv25gG -5/PjwquYbKFr +MBMwEQYJYIZIAYb4QgEBBAQDAgZAMA0GCSqGSIb3DQEBBQUAA4IBAQBErZcEaEEO +hLbRVuB3+N5by0mogdJsatJFSgW2/VztLvQBYu0O+VmTbZwCAWejA8U+cr6uPlyf +b4lDqj3W+XykeK9bSzoSr1yNO2VAcE74Y0ZrSz2yXMfT5R9IyKqQZspaKD8MOmYH +BqUH9o/phnGcaEG5xeSfhM1O/YNZuGnlLDQBGwT5puHOaLfjECvs8eZLopIWEBlD +QkRlhYqZBwhGZ8D/TxqG4teFtnBX5FG7UoSSVuneBrkREQM7ElhtD9jCWjfMnqm1 +59G84OycClwaKU7/Dm6zeMGDyFoMksBud7lyDHMhxvwSbzb1JR5v8iBsmVY2dhHt +Ot3Fx2be0gIr -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.cert_type_empty b/tests/data_files/server1.req.cert_type_empty new file mode 100644 index 00000000..70fd1113 --- /dev/null +++ b/tests/data_files/server1.req.cert_type_empty @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICpDCCAYwCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAjMCEGCSqGSIb3DQEJDjEU +MBIwEAYJYIZIAYb4QgEBBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBACU0LLDBIMgG +B7gyNANHv42RovhQdzmUulqJPHNHx3v9G17F00bEykJb/r3awW6l5fhY/6oPydsY +hnWEM6VVCUkJ6Zqm2/wE49uaNTbFd9JU4OywRBfjHHSTOGnYFg+BYSfwaIkSCkx2 +kVhyklFm7My5wkyDPpFSU2tTfgsgaQMyTm93a2kxM7qJ/X3gFDG8o7R0vyojFVSI +mwsF9QsC6N9cygdFx23zCB0KsJ9KfmBqaTsdbKh8BsocYm5FJCw4WS/CBrCWBj+z +N7yEJj4SR5F+P7sFc5I0HANov5wQe8E3+WxxQt8jcqIje6DlaaGja44cXOzvFQyx +Hg/6H5EtBQc= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.key_usage b/tests/data_files/server1.req.key_usage index 4c20eede..30e48124 100644 --- a/tests/data_files/server1.req.key_usage +++ b/tests/data_files/server1.req.key_usage @@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAeMBwGCSqGSIb3DQEJDjEP -MA0wCwYDVR0PBAQDAgHgMA0GCSqGSIb3DQEBBQUAA4IBAQAIDkjGHokLINOSKAij -DuBWyW72udNBwSmRAFYDyNoybWX+KJLFckyReF1S0YRHXWOljwxERF6htUEqIJDI -vIzlXyV0YqHNmWEFpyRxyIllQ7X4NWnVm3zHYORx2utdy3EyNsNb4Rb/JNh6Qpqr -27DB+frWaBYk27RPTdZz/ItZIicX8iHrAHL0aC6raQYvZfM1ybYehAh7Qx3asHKI -XDcrbV50Kzrd0SgC4P6Z6/5C5uUL9AfcKnB2oj5VP2TM0BA6q+XRQFkJ3TO1UTLB -lCKb9B1cIpVsT0YsOg/qptUh90zgd0x7FDa084ccwUJG73VXtHC6eioE4fbfrm5L -9BNK +MA0wCwYDVR0PBAQDAgXgMA0GCSqGSIb3DQEBBQUAA4IBAQBsJ3v1Ar2X28GJsRSJ +WRQwFQwIbR/D0cHrwTf0ZfZttClytuc18JZlwkH3EG/rNkWaFp6MKIZoRMOBuSPc +MNvvKIo4nPaeouDPruymx0gNenlyRL3D4OZpBO/BmQIQjbUKWFbzEnEqvwvMDUnG +8w7UjPSFcxj2HzENr62HLPKKnVpL3nDXWK1a2A77KF9aMxyoWQ6FXb2xPD9cJjdo +c1jwskQbgosQzKKwwp5yxq0zRD3EAGw4A78mgHMfgFprq9e9azaB0JeyFG2Vn0t0 +L+vfiDEVQ3eJXSCen1kEVyHRju8g53UcSgd+JicWFboFj2/mJBuyW6yM++RGA9B5 +Zd62 -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.key_usage_empty b/tests/data_files/server1.req.key_usage_empty new file mode 100644 index 00000000..47e56bf1 --- /dev/null +++ b/tests/data_files/server1.req.key_usage_empty @@ -0,0 +1,17 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICnjCCAYYCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow +GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ +ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ +HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF +W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs +FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ +DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAdMBsGCSqGSIb3DQEJDjEO +MAwwCgYDVR0PBAMDAQAwDQYJKoZIhvcNAQEFBQADggEBAAqQ/EU/3oMt7YW4vWgm +0Q7F4v7DrFEoVMWfBzNWhMNIijzoaWKY8jwseZMzu8aCNQlJnM7c9FJF+OCgS7L5 +0ctwzjfCOi5I5cKgqv8WpuMZWHXNtB7YtjUWIZVri/RazCncZEwJGCKQjmQYrGJm +Qmu2+D+DWY+nEW47ZfDH9jOJtatnREjSNsKzc44L9zUaEy3bi+m455XGH+ABmeb7 +Iqmguh10xUyY6rEOFEuqvFyFr5g1eb53Rr5CQxGfw1j+2bbSh+rVb6Ehf9LAijyu +Ygqa91hGab/CjykS6HMrD91ouWtt2Rt3zCKo4Xxe8dlAszKB4W83M9OgDVVpiCfC +t3A= +-----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server1.req.ku-ct b/tests/data_files/server1.req.ku-ct index 98666d27..ebd01f5c 100644 --- a/tests/data_files/server1.req.ku-ct +++ b/tests/data_files/server1.req.ku-ct @@ -7,11 +7,11 @@ HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/ DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAxMC8GCSqGSIb3DQEJDjEi -MCAwCwYDVR0PBAQDAgHgMBEGCWCGSAGG+EIBAQQEAwIAQDANBgkqhkiG9w0BAQUF -AAOCAQEAhDH3BQWViy67+9sdlrTvv0cIJ1IbogaM221MUasNIbfLi+KKfw50mzTa -V/BCXPT+EzmOptBl+F2iZVQyr2c0nWbBZBHnykS3f0fgifm6yWVEYwJqxUC5+uxK -bZztsHocTuqODpqYILycYkFXCcY8ZFHmz9XZorpUVTpZULW33EmLee5/BYI7whkA -bVoSNB5tAb8kGZQffDnGkHiRfu8dbbEnkPYqm/cerN+4yCh1v1CGFh2lMn4d5p0L -o9GvMsPM8pxdffZWZI9T0JnlHwtAJDA5G/MFYJdHzLzcHpvDA99MdNO4DMAiUyWb -PCDL5e7mJ0lnBp8RppLBR7GEkznIQQ== +MCAwCwYDVR0PBAQDAgXgMBEGCWCGSAGG+EIBAQQEAwIGQDANBgkqhkiG9w0BAQUF +AAOCAQEAWUMyIXHi4BbIxOeCD/Vtu9LGV8ENMV7dwYVEQcwrt1AHahtYgUtkoGcP +lOPqg1lbg22bu8dLPoY4HAzxCOAGs27otWL5LlE9M5QPH1RedEycmOuYrMl6K988 +hfDBJ+OkgCShcM91+udrc0gpDEI7N01A+fmukQ6EiaQjIf7HME/EKQqhEuEQMXHC +GBvdNuEF5BfV3aAYuT+xfdXDU2ZWwXXWAHGmVh3ntnhtEG6SnXSnBATU2wa4tpBd +KLbEbcsiy2uj0OLJlvG6LqsNggtkD58GCGpLpaVxdW80yw+f/krwLpeyocE1KGcT +7eX+9yhLe9NIZojvevw+53dNE7BUfw== -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/server2-sha256.crt.der b/tests/data_files/server2-sha256.crt.der Binary files differnew file mode 100644 index 00000000..e66ad367 --- /dev/null +++ b/tests/data_files/server2-sha256.crt.der diff --git a/tests/data_files/server2.crt.der b/tests/data_files/server2.crt.der Binary files differnew file mode 100644 index 00000000..ec03190e --- /dev/null +++ b/tests/data_files/server2.crt.der diff --git a/tests/data_files/server2.key.der b/tests/data_files/server2.key.der Binary files differnew file mode 100644 index 00000000..9905ce76 --- /dev/null +++ b/tests/data_files/server2.key.der diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der Binary files differnew file mode 100644 index 00000000..08d8dd31 --- /dev/null +++ b/tests/data_files/server5.crt.der diff --git a/tests/data_files/server5.key.der b/tests/data_files/server5.key.der Binary files differnew file mode 100644 index 00000000..6bd4ebb8 --- /dev/null +++ b/tests/data_files/server5.key.der diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1 index 39fc346b..3281c946 100644 --- a/tests/data_files/server5.req.ku.sha1 +++ b/tests/data_files/server5.req.ku.sha1 @@ -1,8 +1,8 @@ -----BEGIN CERTIFICATE REQUEST----- -MIIBFzCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY +MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD -AgHAMAsGByqGSM49BAEFAANJADBGAiEA5MGFTJkpOtCV7bAx+N+t4gP3JDM9RH3W -mIXzSpcBwvACIQDf7f9ytclwouV1DQTFSUKxExIm48H60hk3lh19i3bGOw== +AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg +2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB -----END CERTIFICATE REQUEST----- diff --git a/tests/data_files/test-ca-sha1.crt.der b/tests/data_files/test-ca-sha1.crt.der Binary files differnew file mode 100644 index 00000000..039fb9e4 --- /dev/null +++ b/tests/data_files/test-ca-sha1.crt.der diff --git a/tests/data_files/test-ca-sha256.crt.der b/tests/data_files/test-ca-sha256.crt.der Binary files differnew file mode 100644 index 00000000..80a47e8d --- /dev/null +++ b/tests/data_files/test-ca-sha256.crt.der diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/test-ca.crt.der Binary files differnew file mode 100644 index 00000000..039fb9e4 --- /dev/null +++ b/tests/data_files/test-ca.crt.der diff --git a/tests/data_files/test-ca.key.der b/tests/data_files/test-ca.key.der Binary files differnew file mode 100644 index 00000000..4678a1ab --- /dev/null +++ b/tests/data_files/test-ca.key.der diff --git a/tests/data_files/test-ca2.crt.der b/tests/data_files/test-ca2.crt.der Binary files differnew file mode 100644 index 00000000..bb0b51f9 --- /dev/null +++ b/tests/data_files/test-ca2.crt.der diff --git a/tests/data_files/test-ca2.key.der b/tests/data_files/test-ca2.key.der Binary files differnew file mode 100644 index 00000000..bf64141a --- /dev/null +++ b/tests/data_files/test-ca2.key.der diff --git a/tests/data_files/test-ca2.key.enc b/tests/data_files/test-ca2.key.enc new file mode 100644 index 00000000..bb709901 --- /dev/null +++ b/tests/data_files/test-ca2.key.enc @@ -0,0 +1,9 @@ +-----BEGIN EC PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: DES-EDE3-CBC,307EAB469933D64E + +IxbrRmKcAzctJqPdTQLA4SWyBYYGYJVkYEna+F7Pa5t5Yg/gKADrFKcm6B72e7DG +ihExtZI648s0zdYw6qSJ74vrPSuWDe5qm93BqsfVH9svtCzWHW0pm1p0KTBCFfUq +UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb +a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm +-----END EC PRIVATE KEY----- diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index c5c0c3ad..7eaefe99 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -55,21 +55,46 @@ # Notes for maintainers # --------------------- # +# The bulk of the code is organized into functions that follow one of the +# following naming conventions: +# * pre_XXX: things to do before running the tests, in order. +# * component_XXX: independent components. They can be run in any order. +# * component_check_XXX: quick tests that aren't worth parallelizing. +# * component_build_XXX: build things but don't run them. +# * component_test_XXX: build and test. +# * support_XXX: if support_XXX exists and returns false then +# component_XXX is not run by default. +# * post_XXX: things to do after running the tests. +# * other: miscellaneous support functions. +# +# Each component must start by invoking `msg` with a short informative message. +# +# The framework performs some cleanup tasks after each component. This +# means that components can assume that the working directory is in a +# cleaned-up state, and don't need to perform the cleanup themselves. +# * Run `make clean`. +# * Restore `include/mbedtks/config.h` from a backup made before running +# the component. +# * Check out `Makefile`, `library/Makefile`, `programs/Makefile` and +# `tests/Makefile` from git. This cleans up after an in-tree use of +# CMake. +# +# Any command that is expected to fail must be protected so that the +# script keeps running in --keep-going mode despite `set -e`. In keep-going +# mode, if a protected command fails, this is logged as a failure and the +# script will exit with a failure status once it has run all components. +# Commands can be protected in any of the following ways: +# * `make` is a function which runs the `make` command with protection. +# Note that you must write `make VAR=value`, not `VAR=value make`, +# because the `VAR=value make` syntax doesn't work with functions. +# * Put `report_status` before the command to protect it. +# * Put `if_build_successful` before a command. This protects it, and +# additionally skips it if a prior invocation of `make` in the same +# component failed. +# # The tests are roughly in order from fastest to slowest. This doesn't # have to be exact, but in general you should add slower tests towards # the end and fast checks near the beginning. -# -# Sanity checks have the following form: -# 1. msg "short description of what is about to be done" -# 2. run sanity check (failure stops the script) -# -# Build or build-and-test steps have the following form: -# 1. msg "short description of what is about to be done" -# 2. cleanup -# 3. preparation (config.pl, cmake, ...) (failure stops the script) -# 4. make -# 5. Run tests if relevant. All tests must be prefixed with -# if_build_successful for the sake of --keep-going. @@ -80,50 +105,93 @@ # Abort on errors (and uninitialised variables) set -eu -if [ "$( uname )" != "Linux" ]; then - echo "This script only works in Linux" >&2 - exit 1 -elif [ -d library -a -d include -a -d tests ]; then :; else - echo "Must be run from mbed TLS root" >&2 - exit 1 -fi +pre_check_environment () { + if [ -d library -a -d include -a -d tests ]; then :; else + echo "Must be run from mbed TLS root" >&2 + exit 1 + fi +} -CONFIG_H='include/mbedtls/config.h' -CONFIG_BAK="$CONFIG_H.bak" - -MEMORY=0 -FORCE=0 -KEEP_GOING=0 -RUN_ARMCC=1 - -# Default commands, can be overriden by the environment -: ${OPENSSL:="openssl"} -: ${OPENSSL_LEGACY:="$OPENSSL"} -: ${OPENSSL_NEXT:="$OPENSSL"} -: ${GNUTLS_CLI:="gnutls-cli"} -: ${GNUTLS_SERV:="gnutls-serv"} -: ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} -: ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} -: ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} -: ${ARMC5_BIN_DIR:=/usr/bin} -: ${ARMC6_BIN_DIR:=/usr/bin} - -# if MAKEFLAGS is not set add the -j option to speed up invocations of make -if [ -n "${MAKEFLAGS+set}" ]; then - export MAKEFLAGS="-j" -fi +pre_initialize_variables () { + CONFIG_H='include/mbedtls/config.h' + CONFIG_BAK="$CONFIG_H.bak" + + MEMORY=0 + FORCE=0 + KEEP_GOING=0 + + # Default commands, can be overriden by the environment + : ${OPENSSL:="openssl"} + : ${OPENSSL_LEGACY:="$OPENSSL"} + : ${OPENSSL_NEXT:="$OPENSSL"} + : ${GNUTLS_CLI:="gnutls-cli"} + : ${GNUTLS_SERV:="gnutls-serv"} + : ${GNUTLS_LEGACY_CLI:="$GNUTLS_CLI"} + : ${GNUTLS_LEGACY_SERV:="$GNUTLS_SERV"} + : ${OUT_OF_SOURCE_DIR:=./mbedtls_out_of_source_build} + : ${ARMC5_BIN_DIR:=/usr/bin} + : ${ARMC6_BIN_DIR:=/usr/bin} + + # if MAKEFLAGS is not set add the -j option to speed up invocations of make + if [ -z "${MAKEFLAGS+set}" ]; then + export MAKEFLAGS="-j" + fi + + # Gather the list of available components. These are the functions + # defined in this script whose name starts with "component_". + # Parse the script with sed, because in sh there is no way to list + # defined functions. + ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0") + + # Exclude components that are not supported on this platform. + SUPPORTED_COMPONENTS= + for component in $ALL_COMPONENTS; do + case $(type "support_$component" 2>&1) in + *' function'*) + if ! support_$component; then continue; fi;; + esac + SUPPORTED_COMPONENTS="$SUPPORTED_COMPONENTS $component" + done +} + +# Test whether the component $1 is included in the command line patterns. +is_component_included() +{ + set -f + for pattern in $COMMAND_LINE_COMPONENTS; do + set +f + case ${1#component_} in $pattern) return 0;; esac + done + set +f + return 1 +} usage() { cat <<EOF -Usage: $0 [OPTION]... - -h|--help Print this help. +Usage: $0 [OPTION]... [COMPONENT]... +Run mbedtls release validation tests. +By default, run all tests. With one or more COMPONENT, run only those. +COMPONENT can be the name of a component or a shell wildcard pattern. + +Examples: + $0 "check_*" + Run all sanity checks. + $0 --no-armcc --except test_memsan + Run everything except builds that require armcc and MemSan. + +Special options: + -h|--help Print this help and exit. + --list-all-components List all available test components and exit. + --list-components List components supported on this platform and exit. General options: -f|--force Force the tests to overwrite any modified files. -k|--keep-going Run all tests and report errors at the end. -m|--memory Additional optional memory tests. --armcc Run ARM Compiler builds (on by default). + --except Exclude the COMPONENTs listed on the command line, + instead of running only those. --no-armcc Skip ARM Compiler builds. --no-force Refuse to overwrite modified files (default). --no-keep-going Stop at the first error (default). @@ -189,25 +257,27 @@ trap 'fatal_signal TERM' TERM msg() { + if [ -n "${current_component:-}" ]; then + current_section="${current_component#component_}: $1" + else + current_section="$1" + fi echo "" echo "******************************************************************" - echo "* $1 " + echo "* $current_section " printf "* "; date echo "******************************************************************" - current_section=$1 } -if [ $RUN_ARMCC -ne 0 ]; then - armc6_build_test() - { - FLAGS="$1" +armc6_build_test() +{ + FLAGS="$1" - msg "build: ARM Compiler 6 ($FLAGS), make" - ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ - WARNING_CFLAGS='-xc -std=c99' make lib - make clean - } -fi + msg "build: ARM Compiler 6 ($FLAGS), make" + ARM_TOOL_VARIANT="ult" CC="$ARMC6_CC" AR="$ARMC6_AR" CFLAGS="$FLAGS" \ + WARNING_CFLAGS='-xc -std=c99' make lib + make clean +} err_msg() { @@ -225,68 +295,102 @@ check_tools() } check_headers_in_cpp () { - ls include/mbedtls >headers.txt + ls include/mbedtls | grep "\.h$" >headers.txt <programs/test/cpp_dummy_build.cpp sed -n 's/"$//; s!^#include "mbedtls/!!p' | sort | diff headers.txt - rm headers.txt } -while [ $# -gt 0 ]; do - case "$1" in - --armcc) RUN_ARMCC=1;; - --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; - --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; - --force|-f) FORCE=1;; - --gnutls-cli) shift; GNUTLS_CLI="$1";; - --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; - --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; - --gnutls-serv) shift; GNUTLS_SERV="$1";; - --help|-h) usage; exit;; - --keep-going|-k) KEEP_GOING=1;; - --memory|-m) MEMORY=1;; - --no-armcc) RUN_ARMCC=0;; - --no-force) FORCE=0;; - --no-keep-going) KEEP_GOING=0;; - --no-memory) MEMORY=0;; - --openssl) shift; OPENSSL="$1";; - --openssl-legacy) shift; OPENSSL_LEGACY="$1";; - --openssl-next) shift; OPENSSL_NEXT="$1";; - --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; - --random-seed) unset SEED;; - --release-test|-r) SEED=1;; - --seed|-s) shift; SEED="$1";; - *) - echo >&2 "Unknown option: $1" - echo >&2 "Run $0 --help for usage." - exit 120 - ;; - esac - shift -done +pre_parse_command_line () { + COMMAND_LINE_COMPONENTS= + all_except=0 + no_armcc= + + while [ $# -gt 0 ]; do + case "$1" in + --armcc) no_armcc=;; + --armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";; + --armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";; + --except) all_except=1;; + --force|-f) FORCE=1;; + --gnutls-cli) shift; GNUTLS_CLI="$1";; + --gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";; + --gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";; + --gnutls-serv) shift; GNUTLS_SERV="$1";; + --help|-h) usage; exit;; + --keep-going|-k) KEEP_GOING=1;; + --list-all-components) printf '%s\n' $ALL_COMPONENTS; exit;; + --list-components) printf '%s\n' $SUPPORTED_COMPONENTS; exit;; + --memory|-m) MEMORY=1;; + --no-armcc) no_armcc=1;; + --no-force) FORCE=0;; + --no-keep-going) KEEP_GOING=0;; + --no-memory) MEMORY=0;; + --openssl) shift; OPENSSL="$1";; + --openssl-legacy) shift; OPENSSL_LEGACY="$1";; + --openssl-next) shift; OPENSSL_NEXT="$1";; + --out-of-source-dir) shift; OUT_OF_SOURCE_DIR="$1";; + --random-seed) unset SEED;; + --release-test|-r) SEED=1;; + --seed|-s) shift; SEED="$1";; + -*) + echo >&2 "Unknown option: $1" + echo >&2 "Run $0 --help for usage." + exit 120 + ;; + *) COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS $1";; + esac + shift + done -if [ $FORCE -eq 1 ]; then - git checkout-index -f -q $CONFIG_H - cleanup -else + # With no list of components, run everything. + if [ -z "$COMMAND_LINE_COMPONENTS" ]; then + all_except=1 + fi - if [ -d "$OUT_OF_SOURCE_DIR" ]; then - echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 - echo "You can either delete this directory manually, or force the test by rerunning" - echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" - exit 1 + # --no-armcc is a legacy option. The modern way is --except '*_armcc*'. + # Ignore it if components are listed explicitly on the command line. + if [ -n "$no_armcc" ] && [ $all_except -eq 1 ]; then + COMMAND_LINE_COMPONENTS="$COMMAND_LINE_COMPONENTS *_armcc*" fi - if ! git diff-files --quiet include/mbedtls/config.h; then - err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " - echo "You can either delete or preserve your work, or force the test by rerunning the" - echo "script as: $0 --force" - exit 1 + # Build the list of components to run. + RUN_COMPONENTS= + for component in $SUPPORTED_COMPONENTS; do + if is_component_included "$component"; [ $? -eq $all_except ]; then + RUN_COMPONENTS="$RUN_COMPONENTS $component" + fi + done + + unset all_except + unset no_armcc +} + +pre_check_git () { + if [ $FORCE -eq 1 ]; then + rm -rf "$OUT_OF_SOURCE_DIR" + git checkout-index -f -q $CONFIG_H + cleanup + else + + if [ -d "$OUT_OF_SOURCE_DIR" ]; then + echo "Warning - there is an existing directory at '$OUT_OF_SOURCE_DIR'" >&2 + echo "You can either delete this directory manually, or force the test by rerunning" + echo "the script as: $0 --force --out-of-source-dir $OUT_OF_SOURCE_DIR" + exit 1 + fi + + if ! git diff --quiet include/mbedtls/config.h; then + err_msg "Warning - the configuration file 'include/mbedtls/config.h' has been edited. " + echo "You can either delete or preserve your work, or force the test by rerunning the" + echo "script as: $0 --force" + exit 1 + fi fi -fi +} -build_status=0 -if [ $KEEP_GOING -eq 1 ]; then +pre_setup_keep_going () { failure_summary= failure_count=0 start_red= @@ -340,11 +444,8 @@ $text" echo "Killed by SIG$1." fi } -else - record_status () { - "$@" - } -fi +} + if_build_succeeded () { if [ $build_status -eq 0 ]; then record_status "$@" @@ -357,44 +458,84 @@ not() { ! "$@" } -msg "info: $0 configuration" -echo "MEMORY: $MEMORY" -echo "FORCE: $FORCE" -echo "SEED: ${SEED-"UNSET"}" -echo "OPENSSL: $OPENSSL" -echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" -echo "OPENSSL_NEXT: $OPENSSL_NEXT" -echo "GNUTLS_CLI: $GNUTLS_CLI" -echo "GNUTLS_SERV: $GNUTLS_SERV" -echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" -echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" -echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" -echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" - -ARMC5_CC="$ARMC5_BIN_DIR/armcc" -ARMC5_AR="$ARMC5_BIN_DIR/armar" -ARMC6_CC="$ARMC6_BIN_DIR/armclang" -ARMC6_AR="$ARMC6_BIN_DIR/armar" - -# To avoid setting OpenSSL and GnuTLS for each call to compat.sh and ssl-opt.sh -# we just export the variables they require -export OPENSSL_CMD="$OPENSSL" -export GNUTLS_CLI="$GNUTLS_CLI" -export GNUTLS_SERV="$GNUTLS_SERV" - -# Avoid passing --seed flag in every call to ssl-opt.sh -if [ -n "${SEED-}" ]; then - export SEED -fi +pre_print_configuration () { + msg "info: $0 configuration" + echo "MEMORY: $MEMORY" + echo "FORCE: $FORCE" + echo "SEED: ${SEED-"UNSET"}" + echo "OPENSSL: $OPENSSL" + echo "OPENSSL_LEGACY: $OPENSSL_LEGACY" + echo "OPENSSL_NEXT: $OPENSSL_NEXT" + echo "GNUTLS_CLI: $GNUTLS_CLI" + echo "GNUTLS_SERV: $GNUTLS_SERV" + echo "GNUTLS_LEGACY_CLI: $GNUTLS_LEGACY_CLI" + echo "GNUTLS_LEGACY_SERV: $GNUTLS_LEGACY_SERV" + echo "ARMC5_BIN_DIR: $ARMC5_BIN_DIR" + echo "ARMC6_BIN_DIR: $ARMC6_BIN_DIR" +} # Make sure the tools we need are available. -check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ - "$GNUTLS_CLI" "$GNUTLS_SERV" \ - "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" "doxygen" "dot" \ - "arm-none-eabi-gcc" "i686-w64-mingw32-gcc" "gdb" -if [ $RUN_ARMCC -ne 0 ]; then - check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR" -fi +pre_check_tools () { + # Build the list of variables to pass to output_env.sh. + set env + + case " $RUN_COMPONENTS " in + # Require OpenSSL and GnuTLS if running any tests (as opposed to + # only doing builds). Not all tests run OpenSSL and GnuTLS, but this + # is a good enough approximation in practice. + *" test_"*) + # To avoid setting OpenSSL and GnuTLS for each call to compat.sh + # and ssl-opt.sh, we just export the variables they require. + export OPENSSL_CMD="$OPENSSL" + export GNUTLS_CLI="$GNUTLS_CLI" + export GNUTLS_SERV="$GNUTLS_SERV" + # Avoid passing --seed flag in every call to ssl-opt.sh + if [ -n "${SEED-}" ]; then + export SEED + fi + set "$@" OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" + set "$@" GNUTLS_CLI="$GNUTLS_CLI" GNUTLS_SERV="$GNUTLS_SERV" + set "$@" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" + set "$@" GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" + check_tools "$OPENSSL" "$OPENSSL_LEGACY" "$OPENSSL_NEXT" \ + "$GNUTLS_CLI" "$GNUTLS_SERV" \ + "$GNUTLS_LEGACY_CLI" "$GNUTLS_LEGACY_SERV" + ;; + esac + + case " $RUN_COMPONENTS " in + *_doxygen[_\ ]*) check_tools "doxygen" "dot";; + esac + + case " $RUN_COMPONENTS " in + *_arm_none_eabi_gcc[_\ ]*) check_tools "arm-none-eabi-gcc";; + esac + + case " $RUN_COMPONENTS " in + *_mingw[_\ ]*) check_tools "i686-w64-mingw32-gcc";; + esac + + case " $RUN_COMPONENTS " in + *" test_zeroize "*) check_tools "gdb";; + esac + + case " $RUN_COMPONENTS " in + *_armcc*) + ARMC5_CC="$ARMC5_BIN_DIR/armcc" + ARMC5_AR="$ARMC5_BIN_DIR/armar" + ARMC6_CC="$ARMC6_BIN_DIR/armclang" + ARMC6_AR="$ARMC6_BIN_DIR/armar" + check_tools "$ARMC5_CC" "$ARMC5_AR" "$ARMC6_CC" "$ARMC6_AR";; + esac + + msg "info: output_env.sh" + case $RUN_COMPONENTS in + *_armcc*) + set "$@" ARMC5_CC="$ARMC5_CC" ARMC6_CC="$ARMC6_CC" RUN_ARMCC=1;; + *) set "$@" RUN_ARMCC=0;; + esac + "$@" scripts/output_env.sh +} @@ -413,32 +554,35 @@ fi # # Indicative running times are given for reference. -msg "info: output_env.sh" -OPENSSL="$OPENSSL" OPENSSL_LEGACY="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_CLI" \ - GNUTLS_SERV="$GNUTLS_SERV" GNUTLS_LEGACY_CLI="$GNUTLS_LEGACY_CLI" \ - GNUTLS_LEGACY_SERV="$GNUTLS_LEGACY_SERV" ARMC5_CC="$ARMC5_CC" \ - ARMC6_CC="$ARMC6_CC" RUN_ARMCC="$RUN_ARMCC" scripts/output_env.sh - -msg "test: recursion.pl" # < 1s -record_status tests/scripts/recursion.pl library/*.c +component_check_recursion () { + msg "test: recursion.pl" # < 1s + record_status tests/scripts/recursion.pl library/*.c +} -msg "test: freshness of generated source files" # < 1s -record_status tests/scripts/check-generated-files.sh +component_check_generated_files () { + msg "test: freshness of generated source files" # < 1s + record_status tests/scripts/check-generated-files.sh +} -msg "test: doxygen markup outside doxygen blocks" # < 1s -record_status tests/scripts/check-doxy-blocks.pl +component_check_doxy_blocks () { + msg "test: doxygen markup outside doxygen blocks" # < 1s + record_status tests/scripts/check-doxy-blocks.pl +} -msg "test: check-files.py" # < 1s -cleanup -record_status tests/scripts/check-files.py +component_check_files () { + msg "test: check-files.py" # < 1s + record_status tests/scripts/check-files.py +} -msg "test/build: declared and exported names" # < 3s -cleanup -record_status tests/scripts/check-names.sh +component_check_names () { + msg "test/build: declared and exported names" # < 3s + record_status tests/scripts/check-names.sh -v +} -msg "test: doxygen warnings" # ~ 3s -cleanup -record_status tests/scripts/doxygen.sh +component_check_doxygen_warnings () { + msg "test: doxygen warnings" # ~ 3s + record_status tests/scripts/doxygen.sh +} @@ -446,500 +590,553 @@ record_status tests/scripts/doxygen.sh #### Build and test many configurations and targets ################################################################ -msg "build: cmake, gcc, ASan" # ~ 1 min 50s -cleanup -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_default_out_of_box () { + msg "build: make, default config (out-of-box)" # ~1min + make -msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: main suites make, default config (out-of-box)" # ~10s + make test -msg "test: ssl-opt.sh (ASan build)" # ~ 1 min -if_build_succeeded tests/ssl-opt.sh + msg "selftest: make, default config (out-of-box)" # ~10s + programs/test/selftest +} -msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s -record_status tests/scripts/test-ref-configs.pl +component_test_default_cmake_gcc_asan () { + msg "build: cmake, gcc, ASan" # ~ 1 min 50s + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: with ASan (rebuild after ref-configs)" # ~ 1 min -make + msg "test: main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh + msg "test: ssl-opt.sh (ASan build)" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh -msg "build: Default + SSLv3 (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh +} -msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s -make test +component_test_ref_configs () { + msg "test/build: ref-configs (ASan build)" # ~ 6 min 20s + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + record_status tests/scripts/test-ref-configs.pl +} -msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' +component_test_sslv3 () { + msg "build: Default + SSLv3 (ASan build)" # ~ 6 min + scripts/config.pl set MBEDTLS_SSL_PROTO_SSL3 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh + msg "test: SSLv3 - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "build: SSLv3 - compat.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/compat.sh -m 'tls1 tls1_1 tls1_2 dtls1 dtls1_2' + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" tests/compat.sh -m 'ssl3' -msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "build: SSLv3 - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} -msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min -if_build_succeeded tests/ssl-opt.sh +component_test_no_renegotiation () { + msg "build: Default + !MBEDTLS_SSL_RENEGOTIATION (ASan build)" # ~ 6 min + scripts/config.pl unset MBEDTLS_SSL_RENEGOTIATION + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: !MBEDTLS_SSL_RENEGOTIATION - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s -make test + msg "test: !MBEDTLS_SSL_RENEGOTIATION - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} -msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s -if_build_succeeded tests/ssl-opt.sh -f RSA +component_test_no_pem_no_fs () { + msg "build: Default + !MBEDTLS_PEM_PARSE_C + !MBEDTLS_FS_IO (ASan build)" + scripts/config.pl unset MBEDTLS_PEM_PARSE_C + scripts/config.pl unset MBEDTLS_FS_IO + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min -if_build_succeeded tests/compat.sh -t RSA + msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: !MBEDTLS_PEM_PARSE_C !MBEDTLS_FS_IO - ssl-opt.sh (ASan build)" # ~ 6 min + if_build_succeeded tests/ssl-opt.sh +} -msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" +component_test_rsa_no_crt () { + msg "build: Default + RSA_NO_CRT (ASan build)" # ~ 6 min + scripts/config.pl set MBEDTLS_RSA_NO_CRT + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: small SSL_IN_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: RSA_NO_CRT - main suites (inc. selftests) (ASan build)" # ~ 50s + make test -msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment" + msg "test: RSA_NO_CRT - RSA-related part of ssl-opt.sh (ASan build)" # ~ 5s + if_build_succeeded tests/ssl-opt.sh -f RSA -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: RSA_NO_CRT - RSA-related part of compat.sh (ASan build)" # ~ 3 min + if_build_succeeded tests/compat.sh -t RSA +} -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" +component_test_small_ssl_out_content_len () { + msg "build: small SSL_OUT_CONTENT_LEN (ASan build)" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "test: small SSL_OUT_CONTENT_LEN - ssl-opt.sh MFL and large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment\|Large packet" +} -msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" -if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" +component_test_small_ssl_in_content_len () { + msg "build: small SSL_IN_CONTENT_LEN (ASan build)" + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 4096 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 16384 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: cmake, full config, clang" # ~ 50s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . -make + msg "test: small SSL_IN_CONTENT_LEN - ssl-opt.sh MFL tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment" +} -msg "test: main suites (full config)" # ~ 5s -make test +component_test_small_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 1000 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s -if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #0 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer out-of-order hs msg before reassembling next, free buffered msg" +} -msg "test: compat.sh RC4, DES & NULL (full config)" # ~ 2 min -if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' +component_test_small_mbedtls_ssl_dtls_max_buffering () { + msg "build: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1" + scripts/config.pl set MBEDTLS_SSL_DTLS_MAX_BUFFERING 240 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: compat.sh ARIA + ChachaPoly" -if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' + msg "test: small MBEDTLS_SSL_DTLS_MAX_BUFFERING #1 - ssl-opt.sh specific reordering test" + if_build_succeeded tests/ssl-opt.sh -f "DTLS reordering: Buffer encrypted Finished message, drop for fragmented NewSessionTicket" +} -msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_DEPRECATED_WARNING -# Build with -O -Wextra to catch a maximum of issues. -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests - -msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s -# No cleanup, just tweak the configuration and rebuild -make clean -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED -# Build with -O -Wextra to catch a maximum of issues. -make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs -make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests - -msg "test/build: curves.pl (gcc)" # ~ 4 min -cleanup -record_status tests/scripts/curves.pl +component_test_full_cmake_clang () { + msg "build: cmake, full config, clang" # ~ 50s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + CC=clang cmake -D CMAKE_BUILD_TYPE:String=Check -D ENABLE_TESTING=On . + make -msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-hashes.pl + msg "test: main suites (full config)" # ~ 5s + make test -msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min -cleanup -record_status tests/scripts/depends-pkalgs.pl + msg "test: ssl-opt.sh default, ECJPAKE, SSL async (full config)" # ~ 1s + if_build_succeeded tests/ssl-opt.sh -f 'Default\|ECJPAKE\|SSL async private' -msg "test/build: key-exchanges (gcc)" # ~ 1 min -cleanup -record_status tests/scripts/key-exchanges.pl + msg "test: compat.sh RC4, DES, 3DES & NULL (full config)" # ~ 2 min + if_build_succeeded env OPENSSL_CMD="$OPENSSL_LEGACY" GNUTLS_CLI="$GNUTLS_LEGACY_CLI" GNUTLS_SERV="$GNUTLS_LEGACY_SERV" tests/compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' -msg "build: Unix make, -Os (gcc)" # ~ 30s -cleanup -make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' + msg "test: compat.sh ARIA + ChachaPoly" + if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA' +} -msg "test: verify header list in cpp_dummy_build.cpp" -record_status check_headers_in_cpp +component_build_deprecated () { + msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s + scripts/config.pl full + scripts/config.pl set MBEDTLS_DEPRECATED_WARNING + # Build with -O -Wextra to catch a maximum of issues. + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests -msg "build: Unix make, incremental g++" -make TEST_CPP=1 + msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s + # No cleanup, just tweak the configuration and rebuild + make clean + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl set MBEDTLS_DEPRECATED_REMOVED + # Build with -O -Wextra to catch a maximum of issues. + make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs + make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests +} -msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full # includes CHECK_PARAMS -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C -scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY -scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_PLATFORM_C -make CC=gcc CFLAGS='-Werror -O1' all test - -msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full # includes CHECK_PARAMS -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" -make CC=gcc CFLAGS='-Werror -O1' all test +component_test_depends_curves () { + msg "test/build: curves.pl (gcc)" # ~ 4 min + record_status tests/scripts/curves.pl +} +component_test_depends_hashes () { + msg "test/build: depends-hashes.pl (gcc)" # ~ 2 min + record_status tests/scripts/depends-hashes.pl +} -# Full configuration build, without platform support, file IO and net sockets. -# This should catch missing mbedtls_printf definitions, and by disabling file -# IO, it should catch missing '#include <stdio.h>' -msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_PLATFORM_C -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY -scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT -scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C -scripts/config.pl unset MBEDTLS_FS_IO -# Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, -# to re-enable platform integration features otherwise disabled in C99 builds -make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test - -# catch compile bugs in _uninit functions -msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +component_test_depends_pkalgs () { + msg "test/build: depends-pkalgs.pl (gcc)" # ~ 2 min + record_status tests/scripts/depends-pkalgs.pl +} -msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_SRV_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +component_build_key_exchanges () { + msg "test/build: key-exchanges (gcc)" # ~ 1 min + record_status tests/scripts/key-exchanges.pl +} -msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_SSL_CLI_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' - -# Note, C99 compliance can also be tested with the sockets support disabled, -# as that requires a POSIX platform (which isn't the same as C99). -msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux -make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib - -# Run max fragment length tests with MFL disabled -msg "build: default config except MFL extension (ASan build)" # ~ 30s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_build_default_make_gcc_and_cxx () { + msg "build: Unix make, -Os (gcc)" # ~ 30s + make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os' -msg "test: ssl-opt.sh, MFL-related tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" + msg "test: verify header list in cpp_dummy_build.cpp" + record_status check_headers_in_cpp -msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH -scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 -scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make + msg "build: Unix make, incremental g++" + make TEST_CPP=1 +} -msg "test: MFL tests (disabled MFL extension case) & large packet tests" -if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" +component_test_check_params_without_platform () { + msg "build+test: MBEDTLS_CHECK_PARAMS without MBEDTLS_PLATFORM_C" + scripts/config.pl full # includes CHECK_PARAMS + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_PLATFORM_C + make CC=gcc CFLAGS='-Werror -O1' all test +} -msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY -scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES -scripts/config.pl set MBEDTLS_ENTROPY_C -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT -scripts/config.pl unset MBEDTLS_HAVEGE_C -CC=gcc cmake -D UNSAFE_BUILD=ON -D CMAKE_C_FLAGS:String="-fsanitize=address -fno-common -O3" . -make - -msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" -make test - -msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_PLATFORM_MEMORY -scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc -scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make +component_test_check_params_silent () { + msg "build+test: MBEDTLS_CHECK_PARAMS with alternative MBEDTLS_PARAM_FAILED()" + scripts/config.pl full # includes CHECK_PARAMS + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + sed -i 's/.*\(#define MBEDTLS_PARAM_FAILED( cond )\).*/\1/' "$CONFIG_H" + make CC=gcc CFLAGS='-Werror -O1' all test +} -msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" -make test +component_test_no_platform () { + # Full configuration build, without platform support, file IO and net sockets. + # This should catch missing mbedtls_printf definitions, and by disabling file + # IO, it should catch missing '#include <stdio.h>' + msg "build: full config except platform/fsio/net, make, gcc, C99" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_PLATFORM_C + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_PLATFORM_MEMORY + scripts/config.pl unset MBEDTLS_PLATFORM_PRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_FPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_SNPRINTF_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT + scripts/config.pl unset MBEDTLS_PLATFORM_EXIT_ALT + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_FS_IO + # Note, _DEFAULT_SOURCE needs to be defined for platforms using glibc version >2.19, + # to re-enable platform integration features otherwise disabled in C99 builds + make CC=gcc CFLAGS='-Werror -Wall -Wextra -std=c99 -pedantic -O0 -D_DEFAULT_SOURCE' lib programs + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' test +} -msg "build: default config with AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' +component_build_no_std_function () { + # catch compile bugs in _uninit functions + msg "build: full config with NO_STD_FUNCTION, make, gcc" # ~ 30s + scripts/config.pl full + scripts/config.pl set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} -msg "test: AES_FEWER_TABLES" -make test +component_build_no_ssl_srv () { + msg "build: full config except ssl_srv.c, make, gcc" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_SRV_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} -msg "build: default config with AES_ROM_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' +component_build_no_ssl_cli () { + msg "build: full config except ssl_cli.c, make, gcc" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_SSL_CLI_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0' +} + +component_build_no_sockets () { + # Note, C99 compliance can also be tested with the sockets support disabled, + # as that requires a POSIX platform (which isn't the same as C99). + msg "build: full config except net_sockets.c, make, gcc -std=c99 -pedantic" # ~ 30s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C # getaddrinfo() undeclared, etc. + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY # uses syscall() on GNU/Linux + make CC=gcc CFLAGS='-Werror -Wall -Wextra -O0 -std=c99 -pedantic' lib +} -msg "test: AES_ROM_TABLES" -make test +component_test_no_max_fragment_length () { + # Run max fragment length tests with MFL disabled + msg "build: default config except MFL extension (ASan build)" # ~ 30s + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_AES_FEWER_TABLES -scripts/config.pl set MBEDTLS_AES_ROM_TABLES -make CC=gcc CFLAGS='-Werror -Wall -Wextra' + msg "test: ssl-opt.sh, MFL-related tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length" +} + +component_test_no_max_fragment_length_small_ssl_out_content_len () { + msg "build: no MFL extension, small SSL_OUT_CONTENT_LEN (ASan build)" + scripts/config.pl unset MBEDTLS_SSL_MAX_FRAGMENT_LENGTH + scripts/config.pl set MBEDTLS_SSL_IN_CONTENT_LEN 16384 + scripts/config.pl set MBEDTLS_SSL_OUT_CONTENT_LEN 4096 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: MFL tests (disabled MFL extension case) & large packet tests" + if_build_succeeded tests/ssl-opt.sh -f "Max fragment length\|Large buffer" +} + +component_test_null_entropy () { + msg "build: default config with MBEDTLS_TEST_NULL_ENTROPY (ASan build)" + scripts/config.pl set MBEDTLS_TEST_NULL_ENTROPY + scripts/config.pl set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES + scripts/config.pl set MBEDTLS_ENTROPY_C + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_ENTROPY_HARDWARE_ALT + scripts/config.pl unset MBEDTLS_HAVEGE_C + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON . + make + + msg "test: MBEDTLS_TEST_NULL_ENTROPY - main suites (inc. selftests) (ASan build)" + make test +} + +component_test_platform_calloc_macro () { + msg "build: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + scripts/config.pl set MBEDTLS_PLATFORM_MEMORY + scripts/config.pl set MBEDTLS_PLATFORM_CALLOC_MACRO calloc + scripts/config.pl set MBEDTLS_PLATFORM_FREE_MACRO free + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make + + msg "test: MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO enabled (ASan build)" + make test +} -msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" -make test +component_test_aes_fewer_tables () { + msg "build: default config with AES_FEWER_TABLES enabled" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' -if uname -a | grep -F Linux >/dev/null; then + msg "test: AES_FEWER_TABLES" + make test +} + +component_test_aes_rom_tables () { + msg "build: default config with AES_ROM_TABLES enabled" + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + msg "test: AES_ROM_TABLES" + make test +} + +component_test_aes_fewer_tables_and_rom_tables () { + msg "build: default config with AES_ROM_TABLES and AES_FEWER_TABLES enabled" + scripts/config.pl set MBEDTLS_AES_FEWER_TABLES + scripts/config.pl set MBEDTLS_AES_ROM_TABLES + make CC=gcc CFLAGS='-Werror -Wall -Wextra' + + msg "test: AES_FEWER_TABLES + AES_ROM_TABLES" + make test +} + +component_test_make_shared () { msg "build/test: make shared" # ~ 40s - cleanup make SHARED=1 all check -fi +} -if uname -a | grep -F x86_64 >/dev/null; then +component_test_m32_o0 () { # Build once with -O0, to compile out the i386 specific inline assembly msg "build: i386, make, gcc -O0 (ASan build)" # ~ 30s - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-O0 -Werror -Wall -Wextra -m32 -fsanitize=address' msg "test: i386, make, gcc -O0 (ASan build)" make test +} +support_test_m32_o0 () { + case $(uname -m) in + *64*) true;; + *) false;; + esac +} +component_test_m32_o1 () { # Build again with -O1, to compile in the i386 specific inline assembly msg "build: i386, make, gcc -O1 (ASan build)" # ~ 30s - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C + scripts/config.pl unset MBEDTLS_MEMORY_DEBUG make CC=gcc CFLAGS='-O1 -Werror -Wall -Wextra -m32 -fsanitize=address' msg "test: i386, make, gcc -O1 (ASan build)" make test + msg "test ssl-opt.sh, i386, make, gcc-O1" + if_build_succeeded tests/ssl-opt.sh +} +support_test_m32_o1 () { + support_test_m32_o0 "$@" +} + +component_test_mx32 () { msg "build: 64-bit ILP32, make, gcc" # ~ 30s - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl full make CC=gcc CFLAGS='-Werror -Wall -Wextra -mx32' msg "test: 64-bit ILP32, make, gcc" make test -fi # x86_64 +} +support_test_mx32 () { + case $(uname -m) in + amd64|x86_64) true;; + *) false;; + esac +} -msg "build: gcc, force 32-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' +component_test_min_mpi_window_size () { + msg "build: Default + MBEDTLS_MPI_WINDOW_SIZE=1 (ASan build)" # ~ 10s + scripts/config.pl set MBEDTLS_MPI_WINDOW_SIZE 1 + CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . + make -msg "test: gcc, force 32-bit bignum limbs" -make test + msg "test: MBEDTLS_MPI_WINDOW_SIZE=1 - main suites (inc. selftests) (ASan build)" # ~ 10s + make test +} -msg "build: gcc, force 64-bit bignum limbs" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl unset MBEDTLS_HAVE_ASM -scripts/config.pl unset MBEDTLS_AESNI_C -scripts/config.pl unset MBEDTLS_PADLOCK_C -make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' +component_test_have_int32 () { + msg "build: gcc, force 32-bit bignum limbs" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT32' -msg "test: gcc, force 64-bit bignum limbs" -make test + msg "test: gcc, force 32-bit bignum limbs" + make test +} +component_test_have_int64 () { + msg "build: gcc, force 64-bit bignum limbs" + scripts/config.pl unset MBEDTLS_HAVE_ASM + scripts/config.pl unset MBEDTLS_AESNI_C + scripts/config.pl unset MBEDTLS_PADLOCK_C + make CC=gcc CFLAGS='-Werror -Wall -Wextra -DMBEDTLS_HAVE_INT64' -msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CFLAGS='-Werror -O1' + msg "test: gcc, force 64-bit bignum limbs" + make test +} -msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s -make test +component_test_no_udbl_division () { + msg "build: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CFLAGS='-Werror -O1' + msg "test: MBEDTLS_NO_UDBL_DIVISION native" # ~ 10s + make test +} -msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CFLAGS='-Werror -O1' +component_test_no_64bit_multiplication () { + msg "build: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CFLAGS='-Werror -O1' -msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s -make test + msg "test: MBEDTLS_NO_64BIT_MULTIPLICATION native" # ~ 10s + make test +} +component_build_arm_none_eabi_gcc () { + msg "build: arm-none-eabi-gcc, make" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib +} + +component_build_arm_none_eabi_gcc_no_udbl_division () { + msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib + echo "Checking that software 64-bit division is not required" + if_build_succeeded not grep __aeabi_uldiv library/*.o +} + +component_build_arm_none_eabi_gcc_no_64bit_multiplication () { + msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION + make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib + echo "Checking that software 64-bit multiplication is not required" + if_build_succeeded not grep __aeabi_lmul library/*.o +} + +component_build_armcc () { + msg "build: ARM Compiler 5, make" + scripts/config.pl full + scripts/config.pl unset MBEDTLS_NET_C + scripts/config.pl unset MBEDTLS_TIMING_C + scripts/config.pl unset MBEDTLS_FS_IO + scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED + scripts/config.pl unset MBEDTLS_HAVE_TIME + scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE + scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY + # following things are not in the default config + scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING + scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c + scripts/config.pl unset MBEDTLS_THREADING_PTHREAD + scripts/config.pl unset MBEDTLS_THREADING_C + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h + scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit + scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME -msg "build: arm-none-eabi-gcc, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib - -msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_UDBL_DIVISION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib -echo "Checking that software 64-bit division is not required" -if_build_succeeded not grep __aeabi_uldiv library/*.o - -msg "build: arm-none-eabi-gcc MBEDTLS_NO_64BIT_MULTIPLICATION, make" # ~ 10s -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl set MBEDTLS_NO_64BIT_MULTIPLICATION -make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -O1 -march=armv6-m -mthumb' lib -echo "Checking that software 64-bit multiplication is not required" -if_build_succeeded not grep __aeabi_lmul library/*.o - -msg "build: ARM Compiler 5, make" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl full -scripts/config.pl unset MBEDTLS_NET_C -scripts/config.pl unset MBEDTLS_TIMING_C -scripts/config.pl unset MBEDTLS_FS_IO -scripts/config.pl unset MBEDTLS_ENTROPY_NV_SEED -scripts/config.pl unset MBEDTLS_HAVE_TIME -scripts/config.pl unset MBEDTLS_HAVE_TIME_DATE -scripts/config.pl set MBEDTLS_NO_PLATFORM_ENTROPY -# following things are not in the default config -scripts/config.pl unset MBEDTLS_DEPRECATED_WARNING -scripts/config.pl unset MBEDTLS_HAVEGE_C # depends on timing.c -scripts/config.pl unset MBEDTLS_THREADING_PTHREAD -scripts/config.pl unset MBEDTLS_THREADING_C -scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # execinfo.h -scripts/config.pl unset MBEDTLS_MEMORY_BUFFER_ALLOC_C # calls exit -scripts/config.pl unset MBEDTLS_PLATFORM_TIME_ALT # depends on MBEDTLS_HAVE_TIME - -if [ $RUN_ARMCC -ne 0 ]; then make CC="$ARMC5_CC" AR="$ARMC5_AR" WARNING_CFLAGS='--strict --c99' lib make clean @@ -957,46 +1154,33 @@ if [ $RUN_ARMCC -ne 0 ]; then # ARM Compiler 6 - Target ARMv8-A - AArch64 armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a" -fi - -msg "build: allow SHA1 in certificates by default" -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES -make CFLAGS='-Werror -Wall -Wextra' -msg "test: allow SHA1 in certificates by default" -make test -if_build_succeeded tests/ssl-opt.sh -f SHA-1 - -msg "build: Default + MBEDTLS_RSA_NO_CRT (ASan build)" # ~ 6 min -cleanup -cp "$CONFIG_H" "$CONFIG_BAK" -scripts/config.pl set MBEDTLS_RSA_NO_CRT -CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan . -make - -msg "test: MBEDTLS_RSA_NO_CRT - main suites (inc. selftests) (ASan build)" -make test +} -msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s -cleanup -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs +component_test_allow_sha1 () { + msg "build: allow SHA1 in certificates by default" + scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES + make CFLAGS='-Werror -Wall -Wextra' + msg "test: allow SHA1 in certificates by default" + make test + if_build_succeeded tests/ssl-opt.sh -f SHA-1 +} -# note Make tests only builds the tests, but doesn't run them -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests -make WINDOWS_BUILD=1 clean +component_build_mingw () { + msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 lib programs -msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs -make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests -make WINDOWS_BUILD=1 clean + # note Make tests only builds the tests, but doesn't run them + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror' WINDOWS_BUILD=1 tests + make WINDOWS_BUILD=1 clean -# MemSan currently only available on Linux 64 bits -if uname -a | grep 'Linux.*x86_64' >/dev/null; then + msg "build: Windows cross build - mingw64, make (DLL)" # ~ 30s + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 lib programs + make CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 SHARED=1 tests + make WINDOWS_BUILD=1 clean +} +component_test_memsan () { msg "build: MSan (clang)" # ~ 1 min 20s - cleanup - cp "$CONFIG_H" "$CONFIG_BAK" scripts/config.pl unset MBEDTLS_AESNI_C # memsan doesn't grok asm CC=clang cmake -D CMAKE_BUILD_TYPE:String=MemSan . make @@ -1013,21 +1197,18 @@ if uname -a | grep 'Linux.*x86_64' >/dev/null; then msg "test: compat.sh (MSan)" # ~ 6 min 20s if_build_succeeded tests/compat.sh fi +} -else # no MemSan - +component_test_valgrind () { msg "build: Release (clang)" - cleanup CC=clang cmake -D CMAKE_BUILD_TYPE:String=Release . make msg "test: main suites valgrind (Release)" make memcheck - # Optional part(s) - # Currently broken, programs don't seem to receive signals - # under valgrind on OS X - + # Optional parts (slow; currently broken on OS X because programs don't + # seem to receive signals under valgrind on OS X). if [ "$MEMORY" -gt 0 ]; then msg "test: ssl-opt.sh --memcheck (Release)" if_build_succeeded tests/ssl-opt.sh --memcheck @@ -1037,63 +1218,126 @@ else # no MemSan msg "test: compat.sh --memcheck (Release)" if_build_succeeded tests/compat.sh --memcheck fi +} -fi # MemSan +component_test_cmake_out_of_source () { + msg "build: cmake 'out-of-source' build" + MBEDTLS_ROOT_DIR="$PWD" + mkdir "$OUT_OF_SOURCE_DIR" + cd "$OUT_OF_SOURCE_DIR" + cmake "$MBEDTLS_ROOT_DIR" + make -msg "build: cmake 'out-of-source' build" -cleanup -MBEDTLS_ROOT_DIR="$PWD" -mkdir "$OUT_OF_SOURCE_DIR" -cd "$OUT_OF_SOURCE_DIR" -cmake "$MBEDTLS_ROOT_DIR" -make - -msg "test: cmake 'out-of-source' build" -make test -# Test an SSL option that requires an auxiliary script in test/scripts/. -# Also ensure that there are no error messages such as -# "No such file or directory", which would indicate that some required -# file is missing (ssl-opt.sh tolerates the absence of some files so -# may exit with status 0 but emit errors). -if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err -if [ -s ssl-opt.err ]; then - cat ssl-opt.err >&2 - record_status [ ! -s ssl-opt.err ] - rm ssl-opt.err -fi -cd "$MBEDTLS_ROOT_DIR" -rm -rf "$OUT_OF_SOURCE_DIR" -unset MBEDTLS_ROOT_DIR - -# Test that the function mbedtls_platform_zeroize() is not optimized away by -# different combinations of compilers and optimization flags by using an -# auxiliary GDB script. Unfortunately, GDB does not return error values to the -# system in all cases that the script fails, so we must manually search the -# output to check whether the pass string is present and no failure strings -# were printed. -for optimization_flag in -O2 -O3 -Ofast -Os; do - for compiler in clang gcc; do - msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" - cleanup - make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" - if_build_succeeded gdb -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log - if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log - if_build_succeeded not grep -i "error" test_zeroize.log - rm -f test_zeroize.log + msg "test: cmake 'out-of-source' build" + make test + # Test an SSL option that requires an auxiliary script in test/scripts/. + # Also ensure that there are no error messages such as + # "No such file or directory", which would indicate that some required + # file is missing (ssl-opt.sh tolerates the absence of some files so + # may exit with status 0 but emit errors). + if_build_succeeded ./tests/ssl-opt.sh -f 'Fallback SCSV: beginning of list' 2>ssl-opt.err + if [ -s ssl-opt.err ]; then + cat ssl-opt.err >&2 + record_status [ ! -s ssl-opt.err ] + rm ssl-opt.err + fi + cd "$MBEDTLS_ROOT_DIR" + rm -rf "$OUT_OF_SOURCE_DIR" + unset MBEDTLS_ROOT_DIR +} + +component_test_zeroize () { + # Test that the function mbedtls_platform_zeroize() is not optimized away by + # different combinations of compilers and optimization flags by using an + # auxiliary GDB script. Unfortunately, GDB does not return error values to the + # system in all cases that the script fails, so we must manually search the + # output to check whether the pass string is present and no failure strings + # were printed. + + # Don't try to disable ASLR. We don't care about ASLR here. We do care + # about a spurious message if Gdb tries and fails, so suppress that. + gdb_disable_aslr= + if [ -z "$(gdb -batch -nw -ex 'set disable-randomization off' 2>&1)" ]; then + gdb_disable_aslr='set disable-randomization off' + fi + + for optimization_flag in -O2 -O3 -Ofast -Os; do + for compiler in clang gcc; do + msg "test: $compiler $optimization_flag, mbedtls_platform_zeroize()" + make programs CC="$compiler" DEBUG=1 CFLAGS="$optimization_flag" + if_build_succeeded gdb -ex "$gdb_disable_aslr" -x tests/scripts/test_zeroize.gdb -nw -batch -nx 2>&1 | tee test_zeroize.log + if_build_succeeded grep "The buffer was correctly zeroized" test_zeroize.log + if_build_succeeded not grep -i "error" test_zeroize.log + rm -f test_zeroize.log + make clean + done done -done -msg "Lint: Python scripts" -record_status tests/scripts/check-python-files.sh + unset gdb_disable_aslr +} -msg "uint test: generate_test_code.py" -record_status ./tests/scripts/test_generate_test_code.py +support_check_python_files () { + type pylint3 >/dev/null 2>/dev/null +} +component_check_python_files () { + msg "Lint: Python scripts" + record_status tests/scripts/check-python-files.sh +} + +component_check_generate_test_code () { + msg "uint test: generate_test_code.py" + record_status ./tests/scripts/test_generate_test_code.py +} ################################################################ #### Termination ################################################################ -msg "Done, cleaning up" +post_report () { + msg "Done, cleaning up" + cleanup + + final_report +} + + + +################################################################ +#### Run all the things +################################################################ + +# Run one component and clean up afterwards. +run_component () { + # Back up the configuration in case the component modifies it. + # The cleanup function will restore it. + cp -p "$CONFIG_H" "$CONFIG_BAK" + current_component="$1" + "$@" + cleanup +} + +# Preliminary setup +pre_check_environment +pre_initialize_variables +pre_parse_command_line "$@" + +pre_check_git +build_status=0 +if [ $KEEP_GOING -eq 1 ]; then + pre_setup_keep_going +else + record_status () { + "$@" + } +fi +pre_print_configuration +pre_check_tools cleanup -final_report +# Run the requested tests. +for component in $RUN_COMPONENTS; do + run_component "component_$component" +done + +# We're done. +post_report diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh index 28fc6874..8990dfbe 100755 --- a/tests/scripts/basic-build-test.sh +++ b/tests/scripts/basic-build-test.sh @@ -91,7 +91,7 @@ OPENSSL_CMD="$OPENSSL_LEGACY" \ OPENSSL_CMD="$OPENSSL_LEGACY" \ GNUTLS_CLI="$GNUTLS_LEGACY_CLI" \ GNUTLS_SERV="$GNUTLS_LEGACY_SERV" \ - sh compat.sh -e '3DES\|DES-CBC3' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ + sh compat.sh -e '^$' -f 'NULL\|DES\|RC4\|ARCFOUR' | \ tee -a compat-test-$TEST_OUTPUT OPENSSL_CMD="$OPENSSL_NEXT" \ sh compat.sh -e '^$' -f 'ARIA\|CHACHA' | \ diff --git a/tests/scripts/check-files.py b/tests/scripts/check-files.py index 005a077c..00fd0edf 100755 --- a/tests/scripts/check-files.py +++ b/tests/scripts/check-files.py @@ -19,14 +19,23 @@ import codecs import sys -class IssueTracker(object): - """Base class for issue tracking. Issues should inherit from this and - overwrite either issue_with_line if they check the file line by line, or - overwrite check_file_for_issue if they check the file as a whole.""" +class FileIssueTracker(object): + """Base class for file-wide issue tracking. + + To implement a checker that processes a file as a whole, inherit from + this class and implement `check_file_for_issue` and define ``heading``. + + ``files_exemptions``: files whose name ends with a string in this set + will not be checked. + + ``heading``: human-readable description of the issue + """ + + files_exemptions = frozenset() + # heading must be defined in derived classes. + # pylint: disable=no-member def __init__(self): - self.heading = "" - self.files_exemptions = [] self.files_with_issues = {} def should_check_file(self, filepath): @@ -35,23 +44,14 @@ class IssueTracker(object): return False return True - def issue_with_line(self, line): - raise NotImplementedError - def check_file_for_issue(self, filepath): - with open(filepath, "rb") as f: - for i, line in enumerate(iter(f.readline, b"")): - self.check_file_line(filepath, line, i + 1) + raise NotImplementedError def record_issue(self, filepath, line_number): if filepath not in self.files_with_issues.keys(): self.files_with_issues[filepath] = [] self.files_with_issues[filepath].append(line_number) - def check_file_line(self, filepath, line, line_number): - if self.issue_with_line(line): - self.record_issue(filepath, line_number) - def output_file_issues(self, logger): if self.files_with_issues.values(): logger.info(self.heading) @@ -64,24 +64,44 @@ class IssueTracker(object): logger.info(filename) logger.info("") +class LineIssueTracker(FileIssueTracker): + """Base class for line-by-line issue tracking. -class PermissionIssueTracker(IssueTracker): + To implement a checker that processes files line by line, inherit from + this class and implement `line_with_issue`. + """ - def __init__(self): - super().__init__() - self.heading = "Incorrect permissions:" + def issue_with_line(self, line, filepath): + raise NotImplementedError + + def check_file_line(self, filepath, line, line_number): + if self.issue_with_line(line, filepath): + self.record_issue(filepath, line_number) + + def check_file_for_issue(self, filepath): + with open(filepath, "rb") as f: + for i, line in enumerate(iter(f.readline, b"")): + self.check_file_line(filepath, line, i + 1) + +class PermissionIssueTracker(FileIssueTracker): + """Track files with bad permissions. + + Files that are not executable scripts must not be executable.""" + + heading = "Incorrect permissions:" def check_file_for_issue(self, filepath): - if not (os.access(filepath, os.X_OK) == - filepath.endswith((".sh", ".pl", ".py"))): + is_executable = os.access(filepath, os.X_OK) + should_be_executable = filepath.endswith((".sh", ".pl", ".py")) + if is_executable != should_be_executable: self.files_with_issues[filepath] = None -class EndOfFileNewlineIssueTracker(IssueTracker): +class EndOfFileNewlineIssueTracker(FileIssueTracker): + """Track files that end with an incomplete line + (no newline character at the end of the last line).""" - def __init__(self): - super().__init__() - self.heading = "Missing newline at end of file:" + heading = "Missing newline at end of file:" def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: @@ -89,11 +109,11 @@ class EndOfFileNewlineIssueTracker(IssueTracker): self.files_with_issues[filepath] = None -class Utf8BomIssueTracker(IssueTracker): +class Utf8BomIssueTracker(FileIssueTracker): + """Track files that start with a UTF-8 BOM. + Files should be ASCII or UTF-8. Valid UTF-8 does not start with a BOM.""" - def __init__(self): - super().__init__() - self.heading = "UTF-8 BOM present:" + heading = "UTF-8 BOM present:" def check_file_for_issue(self, filepath): with open(filepath, "rb") as f: @@ -101,79 +121,76 @@ class Utf8BomIssueTracker(IssueTracker): self.files_with_issues[filepath] = None -class LineEndingIssueTracker(IssueTracker): +class LineEndingIssueTracker(LineIssueTracker): + """Track files with non-Unix line endings (i.e. files with CR).""" - def __init__(self): - super().__init__() - self.heading = "Non Unix line endings:" + heading = "Non Unix line endings:" - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"\r" in line -class TrailingWhitespaceIssueTracker(IssueTracker): +class TrailingWhitespaceIssueTracker(LineIssueTracker): + """Track lines with trailing whitespace.""" - def __init__(self): - super().__init__() - self.heading = "Trailing whitespace:" - self.files_exemptions = [".md"] + heading = "Trailing whitespace:" + files_exemptions = frozenset(".md") - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return line.rstrip(b"\r\n") != line.rstrip() -class TabIssueTracker(IssueTracker): +class TabIssueTracker(LineIssueTracker): + """Track lines with tabs.""" - def __init__(self): - super().__init__() - self.heading = "Tabs present:" - self.files_exemptions = [ - "Makefile", "generate_visualc_files.pl" - ] + heading = "Tabs present:" + files_exemptions = frozenset([ + "Makefile", + "generate_visualc_files.pl", + ]) - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"\t" in line -class MergeArtifactIssueTracker(IssueTracker): +class MergeArtifactIssueTracker(LineIssueTracker): + """Track lines with merge artifacts. + These are leftovers from a ``git merge`` that wasn't fully edited.""" - def __init__(self): - super().__init__() - self.heading = "Merge artifact:" + heading = "Merge artifact:" - def issue_with_line(self, filepath, line): + def issue_with_line(self, line, _filepath): # Detect leftover git conflict markers. if line.startswith(b'<<<<<<< ') or line.startswith(b'>>>>>>> '): return True if line.startswith(b'||||||| '): # from merge.conflictStyle=diff3 return True if line.rstrip(b'\r\n') == b'=======' and \ - not filepath.endswith('.md'): + not _filepath.endswith('.md'): return True return False - def check_file_line(self, filepath, line, line_number): - if self.issue_with_line(filepath, line): - self.record_issue(filepath, line_number) - -class TodoIssueTracker(IssueTracker): +class TodoIssueTracker(LineIssueTracker): + """Track lines containing ``TODO``.""" - def __init__(self): - super().__init__() - self.heading = "TODO present:" - self.files_exemptions = [ - os.path.basename(__file__), - "benchmark.c", - "pull_request_template.md", - ] + heading = "TODO present:" + files_exemptions = frozenset([ + os.path.basename(__file__), + "benchmark.c", + "pull_request_template.md", + ]) - def issue_with_line(self, line): + def issue_with_line(self, line, _filepath): return b"todo" in line.lower() class IntegrityChecker(object): + """Sanity-check files under the current directory.""" def __init__(self, log_file): + """Instantiate the sanity checker. + Check files under the current directory. + Write a report of issues to log_file.""" self.check_repo_path() self.logger = None self.setup_logger(log_file) @@ -197,7 +214,8 @@ class IntegrityChecker(object): TodoIssueTracker(), ] - def check_repo_path(self): + @staticmethod + def check_repo_path(): if not all(os.path.isdir(d) for d in ["include", "library", "tests"]): raise Exception("Must be run from Mbed TLS root") diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh index 4976bacf..065ea33a 100755 --- a/tests/scripts/check-generated-files.sh +++ b/tests/scripts/check-generated-files.sh @@ -65,5 +65,6 @@ check() } check scripts/generate_errors.pl library/error.c +check scripts/generate_query_config.pl programs/ssl/query_config.c check scripts/generate_features.pl library/version_features.c check scripts/generate_visualc_files.pl visualc/VS2010 diff --git a/tests/scripts/check-names.sh b/tests/scripts/check-names.sh index f18a162c..90ecfd27 100755 --- a/tests/scripts/check-names.sh +++ b/tests/scripts/check-names.sh @@ -2,26 +2,42 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved -# -# Purpose -# -# This script confirms that the naming of all symbols and identifiers in mbed -# TLS are consistent with the house style and are also self-consistent. -# +# Copyright (c) 2015-2019, ARM Limited, All Rights Reserved + set -eu +if [ $# -ne 0 ] && [ "$1" = "--help" ]; then + cat <<EOF +$0 [-v] +This script confirms that the naming of all symbols and identifiers in mbed +TLS are consistent with the house style and are also self-consistent. + + -v If the script fails unexpectedly, print a command trace. +EOF + exit +fi + if grep --version|head -n1|grep GNU >/dev/null; then :; else echo "This script requires GNU grep.">&2 exit 1 fi +trace= +if [ $# -ne 0 ] && [ "$1" = "-v" ]; then + shift + trace='-x' + exec 2>check-names.err + trap 'echo "FAILED UNEXPECTEDLY, status=$?"; + cat check-names.err' EXIT + set -x +fi + printf "Analysing source code...\n" -tests/scripts/list-macros.sh +sh $trace tests/scripts/list-macros.sh tests/scripts/list-enum-consts.pl -tests/scripts/list-identifiers.sh -tests/scripts/list-symbols.sh +sh $trace tests/scripts/list-identifiers.sh +sh $trace tests/scripts/list-symbols.sh FAIL=0 @@ -82,6 +98,12 @@ else FAIL=1 fi +if [ -n "$trace" ]; then + set +x + trap - EXIT + rm check-names.err +fi + printf "\nOverall: " if [ "$FAIL" -eq 0 ]; then rm macros actual-macros enum-consts identifiers exported-symbols diff --git a/tests/scripts/check-python-files.sh b/tests/scripts/check-python-files.sh index 009ba4cb..92904182 100755 --- a/tests/scripts/check-python-files.sh +++ b/tests/scripts/check-python-files.sh @@ -9,10 +9,4 @@ # Run 'pylint' on Python files for programming errors and helps enforcing # PEP8 coding standards. -if `hash pylint > /dev/null 2>&1`; then - pylint -j 2 tests/scripts/generate_test_code.py --rcfile .pylint - pylint -j 2 tests/scripts/test_generate_test_code.py --rcfile .pylint - pylint -j 2 tests/scripts/mbedtls_test.py --rcfile .pylint -else - echo "$0: WARNING: 'pylint' not found! Skipping checks on Python files." -fi +pylint3 -j 2 scripts/*.py tests/scripts/*.py diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py index ce6f88c3..1fff0999 100755 --- a/tests/scripts/generate_test_code.py +++ b/tests/scripts/generate_test_code.py @@ -184,7 +184,13 @@ BEGIN_CASE_REGEX = r'/\*\s*BEGIN_CASE\s*(?P<depends_on>.*?)\s*\*/' END_CASE_REGEX = r'/\*\s*END_CASE\s*\*/' DEPENDENCY_REGEX = r'depends_on:(?P<dependencies>.*)' -C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*$' +C_IDENTIFIER_REGEX = r'!?[a-z_][a-z0-9_]*' +CONDITION_OPERATOR_REGEX = r'[!=]=|[<>]=?' +# forbid 0ddd which might be accidentally octal or accidentally decimal +CONDITION_VALUE_REGEX = r'[-+]?(0x[0-9a-f]+|0|[1-9][0-9]*)' +CONDITION_REGEX = r'({})(?:\s*({})\s*({}))?$'.format(C_IDENTIFIER_REGEX, + CONDITION_OPERATOR_REGEX, + CONDITION_VALUE_REGEX) TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\(' INT_CHECK_REGEX = r'int\s+.*' CHAR_CHECK_REGEX = r'char\s*\*\s*.*' @@ -232,7 +238,7 @@ class FileWrapper(io.FileIO, object): if hasattr(parent, '__next__'): line = parent.__next__() # Python 3 else: - line = parent.next() # Python 2 + line = parent.next() # Python 2 # pylint: disable=no-member if line is not None: self._line_no += 1 # Convert byte array to string with correct encoding and @@ -383,7 +389,7 @@ def validate_dependency(dependency): :return: input dependency stripped of leading & trailing white spaces. """ dependency = dependency.strip() - if not re.match(C_IDENTIFIER_REGEX, dependency, re.I): + if not re.match(CONDITION_REGEX, dependency, re.I): raise GeneratorInputError('Invalid dependency %s' % dependency) return dependency @@ -733,16 +739,27 @@ def gen_dep_check(dep_id, dep): _not, dep = ('!', dep[1:]) if dep[0] == '!' else ('', dep) if not dep: raise GeneratorInputError("Dependency should not be an empty string.") + + dependency = re.match(CONDITION_REGEX, dep, re.I) + if not dependency: + raise GeneratorInputError('Invalid dependency %s' % dep) + + _defined = '' if dependency.group(2) else 'defined' + _cond = dependency.group(2) if dependency.group(2) else '' + _value = dependency.group(3) if dependency.group(3) else '' + dep_check = ''' case {id}: {{ -#if {_not}defined({macro}) +#if {_not}{_defined}({macro}{_cond}{_value}) ret = DEPENDENCY_SUPPORTED; #else ret = DEPENDENCY_NOT_SUPPORTED; #endif }} - break;'''.format(_not=_not, macro=dep, id=dep_id) + break;'''.format(_not=_not, _defined=_defined, + macro=dependency.group(1), id=dep_id, + _cond=_cond, _value=_value) return dep_check diff --git a/tests/scripts/list-identifiers.sh b/tests/scripts/list-identifiers.sh index 130d9d63..cc9c54fa 100755 --- a/tests/scripts/list-identifiers.sh +++ b/tests/scripts/list-identifiers.sh @@ -1,4 +1,10 @@ -#!/bin/sh +#!/bin/bash +# +# Create a file named identifiers containing identifiers from internal header +# files or all header files, based on --internal flag. +# Outputs the line count of the file to stdout. +# +# Usage: list-identifiers.sh [ -i | --internal ] set -eu @@ -7,7 +13,29 @@ if [ -d include/mbedtls ]; then :; else exit 1 fi -HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' ) +INTERNAL="" + +until [ -z "${1-}" ] +do + case "$1" in + -i|--internal) + INTERNAL="1" + ;; + *) + # print error + echo "Unknown argument: '$1'" + exit 1 + ;; + esac + shift +done + +if [ $INTERNAL ] +then + HEADERS=$( ls include/mbedtls/*_internal.h | egrep -v 'compat-1\.3\.h|bn_mul' ) +else + HEADERS=$( ls include/mbedtls/*.h | egrep -v 'compat-1\.3\.h|bn_mul' ) +fi rm -f identifiers diff --git a/tests/scripts/list-symbols.sh b/tests/scripts/list-symbols.sh index c2587194..930722c1 100755 --- a/tests/scripts/list-symbols.sh +++ b/tests/scripts/list-symbols.sh @@ -14,8 +14,21 @@ fi cp include/mbedtls/config.h include/mbedtls/config.h.bak scripts/config.pl full -CFLAGS=-fno-asynchronous-unwind-tables make clean lib >/dev/null 2>&1 +make clean +make_ret= +CFLAGS=-fno-asynchronous-unwind-tables make lib \ + >list-symbols.make.log 2>&1 || + { + make_ret=$? + echo "Build failure: CFLAGS=-fno-asynchronous-unwind-tables make lib" + cat list-symbols.make.log >&2 + } +rm list-symbols.make.log mv include/mbedtls/config.h.bak include/mbedtls/config.h +if [ -n "$make_ret" ]; then + exit "$make_ret" +fi + if uname | grep -F Darwin >/dev/null; then nm -gUj library/libmbed*.a 2>/dev/null | sed -n -e 's/^_//p' elif uname | grep -F Linux >/dev/null; then diff --git a/tests/scripts/mbedtls_test.py b/tests/scripts/mbedtls_test.py index f9e88cf9..ac2912d4 100755 --- a/tests/scripts/mbedtls_test.py +++ b/tests/scripts/mbedtls_test.py @@ -37,7 +37,8 @@ https://github.com/ARMmbed/greentea import re import os import binascii -from mbed_host_tests import BaseHostTest, event_callback + +from mbed_host_tests import BaseHostTest, event_callback # pylint: disable=import-error class TestDataParserError(Exception): @@ -75,11 +76,10 @@ class TestDataParser(object): :param split_char: Split character :return: List of splits """ + split_colon_fn = lambda x: re.sub(r'\\' + split_char, split_char, x) if len(split_char) > 1: raise ValueError('Expected split character. Found string!') - out = re.sub(r'(\\.)|' + split_char, - lambda m: m.group(1) or '\n', inp_str, - len(inp_str)).split('\n') + out = map(split_colon_fn, re.split(r'(?<!\\)' + split_char, inp_str)) out = [x for x in out if x] return out @@ -112,8 +112,8 @@ class TestDataParser(object): args = parts[1:] args_count = len(args) if args_count % 2 != 0: - raise TestDataParserError("Number of test arguments should " - "be even: %s" % line) + err_str_fmt = "Number of test arguments({}) should be even: {}" + raise TestDataParserError(err_str_fmt.format(args_count, line)) grouped_args = [(args[i * 2], args[(i * 2) + 1]) for i in range(len(args)/2)] self.tests.append((name, function_name, dependencies, @@ -163,6 +163,7 @@ class MbedTlsTest(BaseHostTest): self.tests = [] self.test_index = -1 self.dep_index = 0 + self.suite_passed = True self.error_str = dict() self.error_str[self.DEPENDENCY_SUPPORTED] = \ 'DEPENDENCY_SUPPORTED' @@ -293,7 +294,7 @@ class MbedTlsTest(BaseHostTest): name, function_id, dependencies, args = self.tests[self.test_index] self.run_test(name, function_id, dependencies, args) else: - self.notify_complete(True) + self.notify_complete(self.suite_passed) def run_test(self, name, function_id, dependencies, args): """ @@ -353,6 +354,8 @@ class MbedTlsTest(BaseHostTest): self.log('{{__testcase_start;%s}}' % name) self.log('{{__testcase_finish;%s;%d;%d}}' % (name, int_val == 0, int_val != 0)) + if int_val != 0: + self.suite_passed = False self.run_next_test() @event_callback("F") diff --git a/tests/scripts/run-test-suites.pl b/tests/scripts/run-test-suites.pl index d0d40462..1c9dc1df 100755 --- a/tests/scripts/run-test-suites.pl +++ b/tests/scripts/run-test-suites.pl @@ -4,19 +4,24 @@ # # This file is part of mbed TLS (https://tls.mbed.org) # -# Copyright (c) 2015-2016, ARM Limited, All Rights Reserved -# -# Purpose -# -# Executes all the available test suites, and provides a basic summary of the -# results. -# -# Usage: run-test-suites.pl [-v] -# -# Options : -# -v|--verbose - Provide a pass/fail/skip breakdown per test suite and -# in total -# +# Copyright (c) 2015-2018, ARM Limited, All Rights Reserved + +=head1 SYNOPSIS + +Execute all the test suites and print a summary of the results. + + run-test-suites.pl [[-v|--verbose] [VERBOSITY]] [--skip=SUITE[...]] + +Options: + + -v|--verbose Print detailed failure information. + -v 2|--verbose=2 Print detailed failure information and summary messages. + -v 3|--verbose=3 Print detailed information about every test case. + --skip=SUITE[,SUITE...] + Skip the specified SUITE(s). This option can be used + multiple times. + +=cut use warnings; use strict; @@ -24,10 +29,15 @@ use strict; use utf8; use open qw(:std utf8); -use Getopt::Long; +use Getopt::Long qw(:config auto_help gnu_compat); +use Pod::Usage; my $verbose = 0; -GetOptions( "verbose|v:1" => \$verbose ); +my @skip_patterns = (); +GetOptions( + 'skip=s' => \@skip_patterns, + 'verbose|v:1' => \$verbose, + ) or die; # All test suites = executable files, excluding source files, debug # and profiling information, etc. We can't just grep {! /\./} because @@ -36,6 +46,17 @@ my @suites = grep { -x $_ || /\.exe$/ } glob 'test_suite_*'; @suites = grep { !/\.c$/ && !/\.data$/ && -f } @suites; die "$0: no test suite found\n" unless @suites; +# "foo" as a skip pattern skips "test_suite_foo" and "test_suite_foo.bar" +# but not "test_suite_foobar". +my $skip_re = + ( '\Atest_suite_(' . + join('|', map { + s/[ ,;]/|/g; # allow any of " ,;|" as separators + s/\./\./g; # "." in the input means ".", not "any character" + $_ + } @skip_patterns) . + ')(\z|\.)' ); + # in case test suites are linked dynamically $ENV{'LD_LIBRARY_PATH'} = '../library'; $ENV{'DYLD_LIBRARY_PATH'} = '../library'; @@ -45,6 +66,7 @@ my $prefix = $^O eq "MSWin32" ? '' : './'; my ($failed_suites, $total_tests_run, $failed, $suite_cases_passed, $suite_cases_failed, $suite_cases_skipped, $total_cases_passed, $total_cases_failed, $total_cases_skipped ); +my $suites_skipped = 0; sub pad_print_center { my( $width, $padchar, $string ) = @_; @@ -55,6 +77,12 @@ sub pad_print_center { for my $suite (@suites) { print "$suite ", "." x ( 72 - length($suite) - 2 - 4 ), " "; + if( $suite =~ /$skip_re/o ) { + print "SKIP\n"; + ++$suites_skipped; + next; + } + my $command = "$prefix$suite"; if( $verbose ) { $command .= ' -v'; @@ -101,7 +129,10 @@ for my $suite (@suites) print "-" x 72, "\n"; print $failed_suites ? "FAILED" : "PASSED"; -printf " (%d suites, %d tests run)\n", scalar @suites, $total_tests_run; +printf( " (%d suites, %d tests run%s)\n", + scalar(@suites) - $suites_skipped, + $total_tests_run, + $suites_skipped ? ", $suites_skipped suites skipped" : "" ); if( $verbose > 1 ) { print " test cases passed :", $total_cases_passed, "\n"; @@ -111,8 +142,11 @@ if( $verbose > 1 ) { "\n"; print " of available tests :", ( $total_cases_passed + $total_cases_failed + $total_cases_skipped ), - "\n" + "\n"; + if( $suites_skipped != 0 ) { + print "Note: $suites_skipped suites were skipped.\n"; } +} exit( $failed_suites ? 1 : 0 ); diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py index 2ef12e18..6d7113e1 100755 --- a/tests/scripts/test_generate_test_code.py +++ b/tests/scripts/test_generate_test_code.py @@ -22,7 +22,7 @@ Unit tests for generate_test_code.py """ - +# pylint: disable=wrong-import-order try: # Python 2 from StringIO import StringIO @@ -36,6 +36,7 @@ try: except ImportError: # Python 3 from unittest.mock import patch +# pylint: enable=wrong-import-order from generate_test_code import gen_dependencies, gen_dependencies_one_line from generate_test_code import gen_function_wrapper, gen_dispatch from generate_test_code import parse_until_pattern, GeneratorInputError @@ -336,6 +337,7 @@ class StringIOWrapper(StringIO, object): :param length: :return: """ + # pylint: disable=unused-argument line = super(StringIOWrapper, self).readline() if line is not None: self.line_no += 1 diff --git a/tests/scripts/test_zeroize.gdb b/tests/scripts/test_zeroize.gdb index 77c812a0..2f995d2a 100644 --- a/tests/scripts/test_zeroize.gdb +++ b/tests/scripts/test_zeroize.gdb @@ -41,8 +41,6 @@ # number does not need to be updated often. set confirm off -# We don't need to turn off ASLR, so don't try. -set disable-randomization off file ./programs/test/zeroize break zeroize.c:100 diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index 335f59d0..d2f36e69 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -165,22 +165,34 @@ requires_config_disabled() { } get_config_value_or_default() { - NAME="$1" - DEF_VAL=$( grep ".*#define.*${NAME}" ../include/mbedtls/config.h | - sed 's/^.*\s\([0-9]*\)$/\1/' ) - ../scripts/config.pl get $NAME || echo "$DEF_VAL" + # This function uses the query_config command line option to query the + # required Mbed TLS compile time configuration from the ssl_server2 + # program. The command will always return a success value if the + # configuration is defined and the value will be printed to stdout. + # + # Note that if the configuration is not defined or is defined to nothing, + # the output of this function will be an empty string. + ${P_SRV} "query_config=${1}" } requires_config_value_at_least() { - VAL=$( get_config_value_or_default "$1" ) - if [ "$VAL" -lt "$2" ]; then + VAL="$( get_config_value_or_default "$1" )" + if [ -z "$VAL" ]; then + # Should never happen + echo "Mbed TLS configuration $1 is not defined" + exit 1 + elif [ "$VAL" -lt "$2" ]; then SKIP_NEXT="YES" fi } requires_config_value_at_most() { VAL=$( get_config_value_or_default "$1" ) - if [ "$VAL" -gt "$2" ]; then + if [ -z "$VAL" ]; then + # Should never happen + echo "Mbed TLS configuration $1 is not defined" + exit 1 + elif [ "$VAL" -gt "$2" ]; then SKIP_NEXT="YES" fi } @@ -541,6 +553,20 @@ run_test() { CLI_EXPECT="$3" shift 3 + # Check if test uses files + TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" ) + if [ ! -z "$TEST_USES_FILES" ]; then + requires_config_enabled MBEDTLS_FS_IO + fi + + # should we skip? + if [ "X$SKIP_NEXT" = "XYES" ]; then + SKIP_NEXT="NO" + echo "SKIP" + SKIPS=$(( $SKIPS + 1 )) + return + fi + # fix client port if [ -n "$PXY_CMD" ]; then CLI_CMD=$( echo "$CLI_CMD" | sed s/+SRV_PORT/$PXY_PORT/g ) @@ -3981,26 +4007,37 @@ run_test "ECJPAKE: working, DTLS, nolog" \ # Tests for ciphersuites per version requires_config_enabled MBEDTLS_SSL_PROTO_SSL3 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: SSL3" \ - "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV min_version=ssl3 version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=ssl3" \ 0 \ - -c "Ciphersuite is TLS-RSA-WITH-3DES-EDE-CBC-SHA" + -c "Ciphersuite is TLS-RSA-WITH-CAMELLIA-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.0" \ - "$P_SRV arc4=1 version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1 arc4=1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-256-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_1 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.1" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_1" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-CBC-SHA" +requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2 +requires_config_enabled MBEDTLS_CAMELLIA_C +requires_config_enabled MBEDTLS_AES_C run_test "Per-version suites: TLS 1.2" \ - "$P_SRV version_suites=TLS-RSA-WITH-3DES-EDE-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ + "$P_SRV version_suites=TLS-RSA-WITH-CAMELLIA-128-CBC-SHA,TLS-RSA-WITH-AES-256-CBC-SHA,TLS-RSA-WITH-AES-128-CBC-SHA,TLS-RSA-WITH-AES-128-GCM-SHA256" \ "$P_CLI force_version=tls1_2" \ 0 \ -c "Ciphersuite is TLS-RSA-WITH-AES-128-GCM-SHA256" @@ -4009,7 +4046,7 @@ run_test "Per-version suites: TLS 1.2" \ requires_gnutls run_test "ClientHello without extensions, SHA-1 allowed" \ - "$P_SRV debug_level=3" \ + "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \ 0 \ -s "dumping 'client hello extensions' (0 bytes)" @@ -6701,13 +6738,7 @@ run_test "DTLS fragmenting: 3d, gnutls server, DTLS 1.0" \ -c "fragmenting handshake message" \ -C "error" -## The two tests below are disabled due to a bug in GnuTLS client that causes -## handshake failures when the NewSessionTicket message is lost, see -## https://gitlab.com/gnutls/gnutls/issues/543 -## We can re-enable them when a fixed version fo GnuTLS is available -## and installed in our CI system. -skip_next_test -requires_gnutls +requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6719,12 +6750,11 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.2" \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=250-60000 mtu=512 force_version=dtls1_2" \ - "$G_CLI -u --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ -s "fragmenting handshake message" -skip_next_test -requires_gnutls +requires_gnutls_next requires_config_enabled MBEDTLS_SSL_PROTO_DTLS requires_config_enabled MBEDTLS_RSA_C requires_config_enabled MBEDTLS_ECDSA_C @@ -6736,7 +6766,7 @@ run_test "DTLS fragmenting: 3d, gnutls client, DTLS 1.0" \ crt_file=data_files/server7_int-ca.crt \ key_file=data_files/server7.key \ hs_timeout=250-60000 mtu=512 force_version=dtls1" \ - "$G_CLI -u --insecure 127.0.0.1" \ + "$G_NEXT_CLI -u --insecure 127.0.0.1" \ 0 \ -s "fragmenting handshake message" @@ -7306,29 +7336,23 @@ run_test "DTLS proxy: 3d, gnutls server" \ -s "Extra-header:" \ -c "Extra-header:" -# The next two test are disabled because they tend to trigger a bug in the -# version of GnuTLS that's currently installed on our CI. The bug occurs when -# different fragments of the same handshake message are received out-of-order -# by GnuTLS and results in a timeout. It's been fixed in GnuTLS 3.5.2. -skip_next_test -requires_gnutls +requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_SRV -u --mtu 512" \ + "$G_NEXT_SRV -u --mtu 512" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000" \ 0 \ -s "Extra-header:" \ -c "Extra-header:" -skip_next_test -requires_gnutls +requires_gnutls_next client_needs_more_time 8 not_with_valgrind # risk of non-mbedtls peer timing out run_test "DTLS proxy: 3d, gnutls server, fragmentation, nbio" \ -p "$P_PXY drop=5 delay=5 duplicate=5" \ - "$G_SRV -u --mtu 512" \ + "$G_NEXT_SRV -u --mtu 512" \ "$P_CLI dgram_packing=0 dtls=1 hs_timeout=500-60000 nbio=2" \ 0 \ -s "Extra-header:" \ diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function index 2e227f02..1255ff4b 100644 --- a/tests/suites/helpers.function +++ b/tests/suites/helpers.function @@ -342,6 +342,7 @@ static int redirect_output( FILE** out_stream, const char* path ) if( *out_stream == NULL ) { + close( stdout_fd ); return -1; } diff --git a/tests/suites/test_suite_ccm.data b/tests/suites/test_suite_ccm.data index 819b3b71..ac9c565d 100644 --- a/tests/suites/test_suite_ccm.data +++ b/tests/suites/test_suite_ccm.data @@ -42,6 +42,7 @@ CCM lengths #6 tag length not even ccm_lengths:5:10:5:7:MBEDTLS_ERR_CCM_BAD_INPUT CCM lenghts #7 AD too long (2^16 - 2^8 + 1) +depends_on:!MBEDTLS_CCM_ALT ccm_lengths:5:10:65281:8:MBEDTLS_ERR_CCM_BAD_INPUT CCM lengths #8 msg too long for this IV length (2^16, q = 2) diff --git a/tests/suites/test_suite_cipher.aes.data b/tests/suites/test_suite_cipher.aes.data index e8108636..1b345012 100644 --- a/tests/suites/test_suite_cipher.aes.data +++ b/tests/suites/test_suite_cipher.aes.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 -dec_empty_buf: +dec_empty_buf:MBEDTLS_CIPHER_AES_128_CBC AES-128 CBC - Encrypt and decrypt 0 bytes with PKCS7 padding depends_on:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_CIPHER_PADDING_PKCS7 diff --git a/tests/suites/test_suite_cipher.chacha20.data b/tests/suites/test_suite_cipher.chacha20.data index c67e582e..11de1038 100644 --- a/tests/suites/test_suite_cipher.chacha20.data +++ b/tests/suites/test_suite_cipher.chacha20.data @@ -1,7 +1,3 @@ -Decrypt empty buffer -depends_on:MBEDTLS_CHACHA20_C -dec_empty_buf: - Chacha20 RFC 7539 Test Vector #1 depends_on:MBEDTLS_CHACHA20_C decrypt_test_vec:MBEDTLS_CIPHER_CHACHA20:-1:"0000000000000000000000000000000000000000000000000000000000000000":"000000000000000000000000":"76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586":"00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000":"":"":0:0 diff --git a/tests/suites/test_suite_cipher.chachapoly.data b/tests/suites/test_suite_cipher.chachapoly.data index 9d74d566..61c48512 100644 --- a/tests/suites/test_suite_cipher.chachapoly.data +++ b/tests/suites/test_suite_cipher.chachapoly.data @@ -1,6 +1,6 @@ Decrypt empty buffer depends_on:MBEDTLS_CHACHAPOLY_C -dec_empty_buf: +dec_empty_buf:MBEDTLS_CIPHER_CHACHA20_POLY1305 ChaCha20+Poly1305 Encrypt and decrypt 0 bytes depends_on:MBEDTLS_CHACHAPOLY_C diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function index 773c792c..02bf5f7e 100644 --- a/tests/suites/test_suite_cipher.function +++ b/tests/suites/test_suite_cipher.function @@ -710,7 +710,7 @@ exit: /* END_CASE */ /* BEGIN_CASE */ -void dec_empty_buf( ) +void dec_empty_buf( int cipher ) { unsigned char key[32]; unsigned char iv[16]; @@ -723,6 +723,8 @@ void dec_empty_buf( ) size_t outlen = 0; + int expected_ret; + memset( key, 0, 32 ); memset( iv , 0, 16 ); @@ -732,12 +734,15 @@ void dec_empty_buf( ) memset( decbuf, 0, 64 ); /* Initialise context */ - cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); + cipher_info = mbedtls_cipher_info_from_type( cipher ); TEST_ASSERT( NULL != cipher_info); + TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen ); TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); - TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, 128, MBEDTLS_DECRYPT ) ); + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, + key, cipher_info->key_bitlen, + MBEDTLS_DECRYPT ) ); TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); @@ -750,8 +755,23 @@ void dec_empty_buf( ) /* decode 0-byte string */ TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); TEST_ASSERT( 0 == outlen ); - TEST_ASSERT( MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED == mbedtls_cipher_finish( - &ctx_dec, decbuf + outlen, &outlen ) ); + + if ( cipher_info->mode == MBEDTLS_MODE_CBC || + cipher_info->mode == MBEDTLS_MODE_ECB ) + { + /* CBC and ECB ciphers need a full block of input. */ + expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; + } + else + { + /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and + * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when + * decrypting an empty buffer. */ + expected_ret = 0; + } + + TEST_ASSERT( expected_ret == mbedtls_cipher_finish( + &ctx_dec, decbuf + outlen, &outlen ) ); TEST_ASSERT( 0 == outlen ); exit: @@ -976,6 +996,9 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 ); /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */ + TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, + MBEDTLS_ENCRYPT ) ); + memset( output, 0xFF, sizeof( output ) ); outlen = 0; @@ -984,8 +1007,8 @@ void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, my_tag, tag->len ); TEST_ASSERT( ret == 0 ); - TEST_ASSERT( outlen == clear->len ); - TEST_ASSERT( memcmp( output, cipher->x, clear->len ) == 0 ); + TEST_ASSERT( outlen == cipher->len ); + TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 ); TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 ); /* make sure we didn't overwrite */ diff --git a/tests/suites/test_suite_ecdh.data b/tests/suites/test_suite_ecdh.data index fe24ed46..af25359d 100644 --- a/tests/suites/test_suite_ecdh.data +++ b/tests/suites/test_suite_ecdh.data @@ -79,3 +79,19 @@ ecdh_restart:MBEDTLS_ECP_DP_SECP256R1:"C88F01F510D9AC3F70A292DAA2316DE544E9AAB8A ECDH exchange legacy context depends_on:MBEDTLS_ECP_DP_SECP192R1_ENABLED ecdh_exchange_legacy:MBEDTLS_ECP_DP_SECP192R1 + +ECDH calc_secret: ours first, SECP256R1 (RFC 5903) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" + +ECDH calc_secret: theirs first, SECP256R1 (RFC 5903) +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecdh_exchange_calc_secret:MBEDTLS_ECP_DP_SECP256R1:"c6ef9c5d78ae012a011164acb397ce2088685d8f06bf9be0b283ab46476bee53":"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:"d6840f6b42f6edafd13116e0e12565202fef8e9ece7dce03812464d04b9442de" + +ECDH get_params with mismatched groups: our BP256R1, their SECP256R1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":0:MBEDTLS_ERR_ECP_BAD_INPUT_DATA + +ECDH get_params with mismatched groups: their SECP256R1, our BP256R1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_BP256R1_ENABLED +ecdh_exchange_get_params_fail:MBEDTLS_ECP_DP_BP256R1:"1234567812345678123456781234567812345678123456781234567812345678":MBEDTLS_ECP_DP_SECP256R1:"04dad0b65394221cf9b051e1feca5787d098dfe637fc90b9ef945d0c37725811805271a0461cdb8252d61f1c456fa3e59ab1f45b33accf5f58389e0577b8990bb3":1:MBEDTLS_ERR_ECP_BAD_INPUT_DATA diff --git a/tests/suites/test_suite_ecdh.function b/tests/suites/test_suite_ecdh.function index 08a1686e..9a9cf5f7 100644 --- a/tests/suites/test_suite_ecdh.function +++ b/tests/suites/test_suite_ecdh.function @@ -1,5 +1,41 @@ /* BEGIN_HEADER */ #include "mbedtls/ecdh.h" + +static int load_public_key( int grp_id, data_t *point, + mbedtls_ecp_keypair *ecp ) +{ + int ok = 0; + TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 ); + TEST_ASSERT( mbedtls_ecp_point_read_binary( &ecp->grp, + &ecp->Q, + point->x, + point->len ) == 0 ); + TEST_ASSERT( mbedtls_ecp_check_pubkey( &ecp->grp, + &ecp->Q ) == 0 ); + ok = 1; +exit: + return( ok ); +} + +static int load_private_key( int grp_id, data_t *private_key, + mbedtls_ecp_keypair *ecp, + rnd_pseudo_info *rnd_info ) +{ + int ok = 0; + TEST_ASSERT( mbedtls_ecp_group_load( &ecp->grp, grp_id ) == 0 ); + TEST_ASSERT( mbedtls_mpi_read_binary( &ecp->d, + private_key->x, + private_key->len ) == 0 ); + TEST_ASSERT( mbedtls_ecp_check_privkey( &ecp->grp, &ecp->d ) == 0 ); + /* Calculate the public key from the private key. */ + TEST_ASSERT( mbedtls_ecp_mul( &ecp->grp, &ecp->Q, &ecp->d, + &ecp->grp.G, + &rnd_pseudo_rand, rnd_info ) == 0 ); + ok = 1; +exit: + return( ok ); +} + /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -464,3 +500,107 @@ exit: mbedtls_ecdh_free( &cli ); } /* END_CASE */ + +/* BEGIN_CASE */ +void ecdh_exchange_calc_secret( int grp_id, + data_t *our_private_key, + data_t *their_point, + int ours_first, + data_t *expected ) +{ + rnd_pseudo_info rnd_info; + mbedtls_ecp_keypair our_key; + mbedtls_ecp_keypair their_key; + mbedtls_ecdh_context ecdh; + unsigned char shared_secret[MBEDTLS_ECP_MAX_BYTES]; + size_t shared_secret_length = 0; + + memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_ecp_keypair_init( &our_key ); + mbedtls_ecp_keypair_init( &their_key ); + + if( ! load_private_key( grp_id, our_private_key, &our_key, &rnd_info ) ) + goto exit; + if( ! load_public_key( grp_id, their_point, &their_key ) ) + goto exit; + + /* Import the keys to the ECDH calculation. */ + if( ours_first ) + { + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 ); + } + else + { + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 ); + } + + /* Perform the ECDH calculation. */ + TEST_ASSERT( mbedtls_ecdh_calc_secret( + &ecdh, + &shared_secret_length, + shared_secret, sizeof( shared_secret ), + &rnd_pseudo_rand, &rnd_info ) == 0 ); + TEST_ASSERT( shared_secret_length == expected->len ); + TEST_ASSERT( memcmp( expected->x, shared_secret, + shared_secret_length ) == 0 ); + +exit: + mbedtls_ecdh_free( &ecdh ); + mbedtls_ecp_keypair_free( &our_key ); + mbedtls_ecp_keypair_free( &their_key ); +} +/* END_CASE */ + +/* BEGIN_CASE */ +void ecdh_exchange_get_params_fail( int our_grp_id, + data_t *our_private_key, + int their_grp_id, + data_t *their_point, + int ours_first, + int expected_ret ) +{ + rnd_pseudo_info rnd_info; + mbedtls_ecp_keypair our_key; + mbedtls_ecp_keypair their_key; + mbedtls_ecdh_context ecdh; + + memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) ); + mbedtls_ecdh_init( &ecdh ); + mbedtls_ecp_keypair_init( &our_key ); + mbedtls_ecp_keypair_init( &their_key ); + + if( ! load_private_key( our_grp_id, our_private_key, &our_key, &rnd_info ) ) + goto exit; + if( ! load_public_key( their_grp_id, their_point, &their_key ) ) + goto exit; + + if( ours_first ) + { + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == + expected_ret ); + } + else + { + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &their_key, MBEDTLS_ECDH_THEIRS ) == 0 ); + TEST_ASSERT( mbedtls_ecdh_get_params( + &ecdh, &our_key, MBEDTLS_ECDH_OURS ) == + expected_ret ); + } + +exit: + mbedtls_ecdh_free( &ecdh ); + mbedtls_ecp_keypair_free( &our_key ); + mbedtls_ecp_keypair_free( &their_key ); +} +/* END_CASE */ diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function index 606ddd22..0b2e0299 100644 --- a/tests/suites/test_suite_ecp.function +++ b/tests/suites/test_suite_ecp.function @@ -43,7 +43,9 @@ void ecp_invalid_param( ) unsigned char buf[42] = { 0 }; const unsigned char *null_buf = NULL; mbedtls_ecp_group_id valid_group = MBEDTLS_ECP_DP_SECP192R1; +#if defined(MBEDTLS_ECP_RESTARTABLE) mbedtls_ecp_restart_ctx restart_ctx; +#endif /* MBEDTLS_ECP_RESTARTABLE */ TEST_INVALID_PARAM( mbedtls_ecp_point_init( NULL ) ); TEST_INVALID_PARAM( mbedtls_ecp_keypair_init( NULL ) ); diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function index c85a51a7..3e872073 100644 --- a/tests/suites/test_suite_hkdf.function +++ b/tests/suites/test_suite_hkdf.function @@ -14,12 +14,16 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, { int ret; size_t ikm_len, salt_len, info_len, okm_len; - unsigned char ikm[1024] = { '\0' }; - unsigned char salt[1024] = { '\0' }; - unsigned char info[1024] = { '\0' }; - unsigned char expected_okm[1024] = { '\0' }; - unsigned char okm[1024] = { '\0' }; - unsigned char okm_string[1000] = { '\0' }; + unsigned char ikm[128] = { '\0' }; + unsigned char salt[128] = { '\0' }; + unsigned char info[128] = { '\0' }; + unsigned char expected_okm[128] = { '\0' }; + unsigned char okm[128] = { '\0' }; + /* + * okm_hex is the string representation of okm, + * so its size is twice the size of okm, and an extra null-termination. + */ + unsigned char okm_hex[257] = { '\0' }; const mbedtls_md_info_t *md = mbedtls_md_info_from_type( md_alg ); TEST_ASSERT( md != NULL ); @@ -34,8 +38,8 @@ void test_hkdf( int md_alg, char *hex_ikm_string, char *hex_salt_string, TEST_ASSERT( ret == 0 ); // Run hexify on it so that it looks nicer if the assertion fails - hexify( okm_string, okm, okm_len ); - TEST_ASSERT( !strcmp( (char *)okm_string, hex_okm_string ) ); + hexify( okm_hex, okm, okm_len ); + TEST_ASSERT( !strcmp( (char *)okm_hex, hex_okm_string ) ); } /* END_CASE */ diff --git a/tests/suites/test_suite_mpi.data b/tests/suites/test_suite_mpi.data index 8b5f97d3..425e93ad 100644 --- a/tests/suites/test_suite_mpi.data +++ b/tests/suites/test_suite_mpi.data @@ -25,6 +25,9 @@ mpi_read_write_string:16:"-20":10:"-32":100:0:0 Base test mpi_read_write_string #3 (Negative decimal) mpi_read_write_string:16:"-23":16:"-23":100:0:0 +Base test mpi_read_write_string #4 (Buffer just fits) +mpi_read_write_string:16:"-4":4:"-10":4:0:0 + Test mpi_read_write_string #1 (Invalid character) mpi_read_write_string:10:"a28":0:"":100:MBEDTLS_ERR_MPI_INVALID_CHARACTER:0 diff --git a/tests/suites/test_suite_mpi.function b/tests/suites/test_suite_mpi.function index d1fa5a46..f982385e 100644 --- a/tests/suites/test_suite_mpi.function +++ b/tests/suites/test_suite_mpi.function @@ -294,6 +294,8 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A, mbedtls_mpi_init( &X ); + memset( str, '!', sizeof( str ) ); + TEST_ASSERT( mbedtls_mpi_read_string( &X, radix_X, input_X ) == result_read ); if( result_read == 0 ) { @@ -301,6 +303,7 @@ void mpi_read_write_string( int radix_X, char * input_X, int radix_A, if( result_write == 0 ) { TEST_ASSERT( strcasecmp( str, input_A ) == 0 ); + TEST_ASSERT( str[len] == '!' ); } } diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data index a25d61c8..5f49ad67 100644 --- a/tests/suites/test_suite_rsa.data +++ b/tests/suites/test_suite_rsa.data @@ -330,6 +330,7 @@ RSA Check Public key #5 (N smaller than 128 bits) mbedtls_rsa_check_pubkey:16:"7edcba9876543210deadbeefcafe4321":16:"3":MBEDTLS_ERR_RSA_KEY_CHECK_FAILED RSA Check Public key #6 (N exactly 8192 bits) +depends_on:MBEDTLS_MPI_MAX_SIZE>=1024 mbedtls_rsa_check_pubkey:16:"88F48075BF29E95C1C6AE8716678B74E957B69CC2E49708C160C6343AAD2F076D25397ACE74220311ED18AEEB681F463611B3340C3945CAAEAD3ACC616E08A25A55683A32979BD55EA5DAB7630AF393886896F11DDC5F07E15EDF949324CF0F0B2A5C0E85DFA23167193182D1A43079DC8645F6C2C029629F475575802F7D326DE5BD891A9C5F84A433D45154181EC05685A4B368A5B6434775A00ABC6B0A04647D4598CEEE566B552230F691C98CA30B402A76C686A94B373CCD2F60EFA3878A867BB5F585D088E27C507937262D098A477B9218BE7C03B2E4C102D244CA701645F1827CD947E5E796446378B848862E689F0D1773F752056841A1F0EECE7CAB74921A42DBF2EF264ADCF4ABE05A1242E5F629A657A2D67958A2DAC9A2245074A37099B45064723ABE21241058252632C2BA6FE85AB1C75FF310891B84C9C40AB646FE1D90BC716FB3A4B56DA3EA25CA397C04B994F7C6AD1DD0CB9E994CA6B835F7830F4F4E0F976BBEA5AE8556BC7C90B3E50E21C19AD1F6BC4A8FF15F2909D9CC5F3DA533BADFF50F487869D631C3E34D69636B4C25A55127EF5B715F2FC0565734B38DF996D1970E56F7F64EBECB9D00A587AAEC608F2D3AAA51E66BF53E92C3096BF78D1DCBCE1A645FA4F0542E6F68E5A94AAA6E839F75620FABED5D2BCF40AB8EAF95F838BFA962429F281578882DF0F2721C27C8905C9E776B1D3251FC066A8BC64C0CE7FBA2B8E21F65EF6739AB6F19EC2AB07817DFF03DAB7C846AB5CC86C103642D7664A85DC2D846A8004CD6A144C72CCCAC86DB5901A047324927B80E281F5F7315FA2F9083BDE0DB7AA46DC055E36BB73FB6DBD3A14759D06CBBE8D57CBC213C4D55DE4478679E0A5902C8655BE1391C0E88D2B1FBD57E9232A2CEBC67569ECD94E4BF0FCC6C003F9AA51A2A5E6EE084A46DAE65E52400A727F9713D29E92CD6CA37FD599598B3F677624A2A484A8B36B98EFEAD662C0A23BC1D9280EF2A31F887065EB20A93B41F7A264ECFA65B3555F3E400927018186EAA2D4F00C6B7AB1BCED5F893D64478177592C7F2B945307AB474D7EC7FF2E7E55834CC763BEF81DA9BD70FB3D423AE5ADB86B336734C8A3BEC90CEB05438B5BA030D0D30DEC1442D2EB08450480FBAE090FFA1A5ADD748A415BDCDE45094E792420F0AF94BCA0A80A2096D1A478D3428A214A7E68C0F07F58C6FB232ECC3D8B821AE29AE76E13EB751193F6ECA670016D54F3D796937DDBB8900062EF116CCA3F5B3AECA618272875336C9C050FBC0FC7EDD5B88D85DA0061D21E176E1419CF573629BE7B0496E761EAD45FE32B59EB00D47CDD178AC8F8EC8D6F26DED34F7576CD938422E18E936F16A704B483A48EE3BEA59D95F688136119894930EC8E9282E5974740CF031DF8DBB07EB08F2DA0ACCADECE15A6A57502890F4A03740E60BD":16:"010001":0 RSA Check Public key #7 (N larger than 8192 bits) diff --git a/tests/suites/test_suite_timing.data b/tests/suites/test_suite_timing.data index 4dddcf7f..2522da1e 100644 --- a/tests/suites/test_suite_timing.data +++ b/tests/suites/test_suite_timing.data @@ -1,41 +1,17 @@ -Timing: basic timer operation -timing_timer_simple: - -Timing: timer reset -timing_timer_reset: - -Timing: two parallel timers, delay 0 -timing_two_timers:0: - -Timing: two parallel timers, delay 100 -timing_two_timers:100: - -Timing: two parallel timers, delay 1000 -timing_two_timers:1000: - -Timing: two parallel timers, delay 10000 -timing_two_timers:10000: - -Timing: delay 0ms, 0ms -timing_delay:0:0: - -Timing: delay 0ms, 50ms -timing_delay:0:50: - -Timing: delay 50ms, 50ms -timing_delay:50:50: +Timing: hardclock +timing_hardclock: -Timing: delay 50ms, 100ms -timing_delay:50:100: +Timing: get timer +timing_get_timer: -Timing: delay 50ms, 200ms -timing_delay:50:200: +Timing: set alarm with no delay +timing_set_alarm:0: -Timing: alarm in 0 second -timing_alarm:0: +Timing: set alarm with 1s delay +timing_set_alarm:1: -Timing: alarm in 1 second -timing_alarm:1: +Timing: delay 0ms +timing_delay:0: -Timing: hardclock -timing_hardclock: +Timing: delay 100ms +timing_delay:100: diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function index 1610155f..74dc8231 100644 --- a/tests/suites/test_suite_timing.function +++ b/tests/suites/test_suite_timing.function @@ -1,51 +1,14 @@ /* BEGIN_HEADER */ -/* This test module exercises the timing module. One of the expected failure - modes is for timers to never expire, which could lead to an infinite loop. - The function timing_timer_simple is protected against this failure mode and - checks that timers do expire. Other functions will terminate if their - timers do expire. Therefore it is recommended to run timing_timer_simple - first and run other test functions only if that timing_timer_simple - succeeded. */ +/* This test module exercises the timing module. Since, depending on the + * underlying operating system, the timing routines are not always reliable, + * this suite only performs very basic sanity checks of the timing API. + */ #include <limits.h> #include "mbedtls/timing.h" -/* Wait this many milliseconds for a short timing test. This duration - should be large enough that, in practice, if you read the timer - value twice in a row, it won't have jumped by that much. */ -#define TIMING_SHORT_TEST_MS 100 - -/* A loop that waits TIMING_SHORT_TEST_MS must not take more than this many - iterations. This value needs to be large enough to accommodate fast - platforms (e.g. at 4GHz and 10 cycles/iteration a CPU can run through 20 - million iterations in 50ms). The only motivation to keep this value low is - to avoid having an infinite loop if the timer functions are not implemented - correctly. Ideally this value should be based on the processor speed but we - don't have this information! */ -#define TIMING_SHORT_TEST_ITERATIONS_MAX 1e8 - -/* alarm(0) must fire in no longer than this amount of time. */ -#define TIMING_ALARM_0_DELAY_MS TIMING_SHORT_TEST_MS - -static int expected_delay_status( uint32_t int_ms, uint32_t fin_ms, - unsigned long actual_ms ) -{ - return( fin_ms == 0 ? -1 : - actual_ms >= fin_ms ? 2 : - actual_ms >= int_ms ? 1 : - 0 ); -} - -/* Some conditions in timing_timer_simple suggest that timers are unreliable. - Most other test cases rely on timers to terminate, and could loop - indefinitely if timers are too broken. So if timing_timer_simple detected a - timer that risks not terminating (going backwards, or not reaching the - desired count in the alloted clock cycles), set this flag to immediately - fail those other tests without running any timers. */ -static int timers_are_badly_broken = 0; - /* END_HEADER */ /* BEGIN_DEPENDENCIES @@ -54,350 +17,58 @@ static int timers_are_badly_broken = 0; */ /* BEGIN_CASE */ -void timing_timer_simple( ) +void timing_hardclock( ) { - struct mbedtls_timing_hr_time timer; - unsigned long millis = 0; - unsigned long new_millis = 0; - unsigned long iterations = 0; - /* Start the timer. */ - (void) mbedtls_timing_get_timer( &timer, 1 ); - /* Busy-wait loop for a few milliseconds. */ - do - { - new_millis = mbedtls_timing_get_timer( &timer, 0 ); - ++iterations; - /* Check that the timer didn't go backwards */ - TEST_ASSERT( new_millis >= millis ); - millis = new_millis; - } - while( millis < TIMING_SHORT_TEST_MS && - iterations <= TIMING_SHORT_TEST_ITERATIONS_MAX ); - /* The wait duration should have been large enough for at least a - few runs through the loop, even on the slowest realistic platform. */ - TEST_ASSERT( iterations >= 2 ); - /* The wait duration shouldn't have overflowed the iteration count. */ - TEST_ASSERT( iterations < TIMING_SHORT_TEST_ITERATIONS_MAX ); - return; - -exit: - if( iterations >= TIMING_SHORT_TEST_ITERATIONS_MAX || - new_millis < millis ) - { - /* The timer was very unreliable: it didn't increment and the loop ran - out, or it went backwards. Other tests that use timers might go - into an infinite loop, so we'll skip them. */ - timers_are_badly_broken = 1; - } - - /* No cleanup needed, but show some diagnostic iterations, because timing - problems can be hard to reproduce. */ - mbedtls_fprintf( stdout, " Finished with millis=%lu new_millis=%lu get(timer)<=%lu iterations=%lu\n", - millis, new_millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + (void) mbedtls_timing_hardclock(); + /* This goto is added to avoid warnings from the generated code. */ + goto exit; } /* END_CASE */ /* BEGIN_CASE */ -void timing_timer_reset( ) +void timing_get_timer( ) { - struct mbedtls_timing_hr_time timer; - unsigned long millis = 0; - unsigned long iterations = 0; - - /* Skip this test if it looks like timers don't work at all, to avoid an - infinite loop below. */ - TEST_ASSERT( !timers_are_badly_broken ); - - /* Start the timer. Timers are always reset to 0. */ - TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); - /* Busy-wait loop for a few milliseconds */ - do - { - ++iterations; - millis = mbedtls_timing_get_timer( &timer, 0 ); - } - while( millis < TIMING_SHORT_TEST_MS ); - - /* Reset the timer and check that it has restarted. */ - TEST_ASSERT( mbedtls_timing_get_timer( &timer, 1 ) == 0 ); - /* Read the timer immediately after reset. It should be 0 or close - to it. */ - TEST_ASSERT( mbedtls_timing_get_timer( &timer, 0 ) < TIMING_SHORT_TEST_MS ); - return; - -exit: - /* No cleanup needed, but show some diagnostic information, because timing - problems can be hard to reproduce. */ - if( !timers_are_badly_broken ) - mbedtls_fprintf( stdout, " Finished with millis=%lu get(timer)<=%lu iterations=%lu\n", - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); + struct mbedtls_timing_hr_time time; + (void) mbedtls_timing_get_timer( &time, 1 ); + (void) mbedtls_timing_get_timer( &time, 0 ); + /* This goto is added to avoid warnings from the generated code. */ + goto exit; } /* END_CASE */ /* BEGIN_CASE */ -void timing_two_timers( int delta ) +void timing_set_alarm( int seconds ) { - struct mbedtls_timing_hr_time timer1, timer2; - unsigned long millis1 = 0, millis2 = 0; - - /* Skip this test if it looks like timers don't work at all, to avoid an - infinite loop below. */ - TEST_ASSERT( !timers_are_badly_broken ); - - /* Start the first timer and wait for a short time. */ - (void) mbedtls_timing_get_timer( &timer1, 1 ); - do - { - millis1 = mbedtls_timing_get_timer( &timer1, 0 ); - } - while( millis1 < TIMING_SHORT_TEST_MS ); - - /* Do a short busy-wait, so that the difference between timer1 and timer2 - doesn't practically always end up being very close to a whole number of - milliseconds. */ - while( delta > 0 ) - --delta; - - /* Start the second timer and compare it with the first. */ - mbedtls_timing_get_timer( &timer2, 1 ); - do + if( seconds == 0 ) { - millis1 = mbedtls_timing_get_timer( &timer1, 0 ); - millis2 = mbedtls_timing_get_timer( &timer2, 0 ); - /* The first timer should always be ahead of the first. */ - TEST_ASSERT( millis1 > millis2 ); - /* The timers shouldn't drift apart, i.e. millis2-millis1 should stay - roughly constant, but this is hard to test reliably, especially in - a busy environment such as an overloaded continuous integration - system, so we don't test it it. */ + mbedtls_set_alarm( seconds ); + TEST_ASSERT( mbedtls_timing_alarmed == 1 ); } - while( millis2 < TIMING_SHORT_TEST_MS ); - - return; - -exit: - /* No cleanup needed, but show some diagnostic iterations, because timing - problems can be hard to reproduce. */ - if( !timers_are_badly_broken ) - mbedtls_fprintf( stdout, " Finished with millis1=%lu get(timer1)<=%lu millis2=%lu get(timer2)<=%lu\n", - millis1, mbedtls_timing_get_timer( &timer1, 0 ), - millis2, mbedtls_timing_get_timer( &timer2, 0 ) ); -} -/* END_CASE */ - -/* BEGIN_CASE */ -void timing_alarm( int seconds ) -{ - struct mbedtls_timing_hr_time timer; - unsigned long millis = 0; - /* We check that about the desired number of seconds has elapsed. Be - slightly liberal with the lower bound, so as to allow platforms where - the alarm (with second resolution) and the timer (with millisecond - resolution) are based on different clocks. Be very liberal with the - upper bound, because the platform might be busy. */ - unsigned long millis_min = ( seconds > 0 ? - seconds * 900 : - 0 ); - unsigned long millis_max = ( seconds > 0 ? - seconds * 1100 + 400 : - TIMING_ALARM_0_DELAY_MS ); - unsigned long iterations = 0; - - /* Skip this test if it looks like timers don't work at all, to avoid an - infinite loop below. */ - TEST_ASSERT( !timers_are_badly_broken ); - - /* Set an alarm and count how long it takes with a timer. */ - (void) mbedtls_timing_get_timer( &timer, 1 ); - mbedtls_set_alarm( seconds ); - - if( seconds > 0 ) - { - /* We set the alarm for at least 1 second. It should not have fired - immediately, even on a slow and busy platform. */ - TEST_ASSERT( !mbedtls_timing_alarmed ); - } - /* A 0-second alarm should fire quickly, but we don't guarantee that it - fires immediately, so mbedtls_timing_alarmed may or may not be set at - this point. */ - - /* Busy-wait until the alarm rings */ - do + else { - ++iterations; - millis = mbedtls_timing_get_timer( &timer, 0 ); + mbedtls_set_alarm( seconds ); + TEST_ASSERT( mbedtls_timing_alarmed == 0 || + mbedtls_timing_alarmed == 1 ); } - while( !mbedtls_timing_alarmed && millis <= millis_max ); - - TEST_ASSERT( mbedtls_timing_alarmed ); - TEST_ASSERT( millis >= millis_min ); - TEST_ASSERT( millis <= millis_max ); - - mbedtls_timing_alarmed = 0; - return; - -exit: - /* Show some diagnostic iterations, because timing - problems can be hard to reproduce. */ - if( !timers_are_badly_broken ) - mbedtls_fprintf( stdout, " Finished with alarmed=%d millis=%lu get(timer)<=%lu iterations=%lu\n", - mbedtls_timing_alarmed, - millis, mbedtls_timing_get_timer( &timer, 0 ), - iterations ); - /* Cleanup */ - mbedtls_timing_alarmed = 0; } /* END_CASE */ /* BEGIN_CASE */ -void timing_delay( int int_ms, int fin_ms ) +void timing_delay( int fin_ms ) { - /* This function assumes that if int_ms is nonzero then it is large - enough that we have time to read all timers at least once in an - interval of time lasting int_ms milliseconds, and likewise for (fin_ms - - int_ms). So don't call it with arguments that are too small. */ - - mbedtls_timing_delay_context delay; - struct mbedtls_timing_hr_time timer; - unsigned long delta = 0; /* delay started between timer=0 and timer=delta */ - unsigned long before = 0, after = 0; - unsigned long iterations = 0; - int status = -2; - int saw_status_1 = 0; - int warn_inconclusive = 0; - - assert( int_ms >= 0 ); - assert( fin_ms >= 0 ); - - /* Skip this test if it looks like timers don't work at all, to avoid an - infinite loop below. */ - TEST_ASSERT( !timers_are_badly_broken ); - - /* Start a reference timer. Program a delay, and verify that the status of - the delay is consistent with the time given by the reference timer. */ - (void) mbedtls_timing_get_timer( &timer, 1 ); - mbedtls_timing_set_delay( &delay, int_ms, fin_ms ); - /* Set delta to an upper bound for the interval between the start of timer - and the start of delay. Reading timer after starting delay gives us an - upper bound for the interval, rounded to a 1ms precision. Since this - might have been rounded down, but we need an upper bound, we add 1. */ - delta = mbedtls_timing_get_timer( &timer, 0 ) + 1; - - status = mbedtls_timing_get_delay( &delay ); + mbedtls_timing_delay_context ctx; + int result; if( fin_ms == 0 ) { - /* Cancelled timer. Just check the correct status for this case. */ - TEST_ASSERT( status == -1 ); - return; - } - - /* Initially, none of the delays must be passed yet if they're nonzero. - This could fail for very small values of int_ms and fin_ms, where "very - small" depends how fast and how busy the platform is. */ - if( int_ms > 0 ) - { - TEST_ASSERT( status == 0 ); + mbedtls_timing_set_delay( &ctx, 0, 0 ); + result = mbedtls_timing_get_delay( &ctx ); + TEST_ASSERT( result == -1 ); } else { - TEST_ASSERT( status == 1 ); + mbedtls_timing_set_delay( &ctx, fin_ms / 2, fin_ms ); + result = mbedtls_timing_get_delay( &ctx ); + TEST_ASSERT( result >= 0 && result <= 2 ); } - - do - { - unsigned long delay_min, delay_max; - int status_min, status_max; - ++iterations; - before = mbedtls_timing_get_timer( &timer, 0 ); - status = mbedtls_timing_get_delay( &delay ); - after = mbedtls_timing_get_timer( &timer, 0 ); - /* At a time between before and after, the delay's status was status. - Check that this is consistent given that the delay was started - between times 0 and delta. */ - delay_min = ( before > delta ? before - delta : 0 ); - status_min = expected_delay_status( int_ms, fin_ms, delay_min ); - delay_max = after; - status_max = expected_delay_status( int_ms, fin_ms, delay_max ); - TEST_ASSERT( status >= status_min ); - TEST_ASSERT( status <= status_max ); - if( status == 1 ) - saw_status_1 = 1; - } - while ( before <= fin_ms + delta && status != 2 ); - - /* Since we've waited at least fin_ms, the delay must have fully - expired. */ - TEST_ASSERT( status == 2 ); - - /* If the second delay is more than the first, then there must have been a - point in time when the first delay was passed but not the second delay. - This could fail for very small values of (fin_ms - int_ms), where "very - small" depends how fast and how busy the platform is. In practice, this - is the test that's most likely to fail on a heavily loaded machine. */ - if( fin_ms > int_ms ) - { - warn_inconclusive = 1; - TEST_ASSERT( saw_status_1 ); - } - - return; - -exit: - /* No cleanup needed, but show some diagnostic iterations, because timing - problems can be hard to reproduce. */ - if( !timers_are_badly_broken ) - mbedtls_fprintf( stdout, " Finished with delta=%lu before=%lu after=%lu status=%d iterations=%lu\n", - delta, before, after, status, iterations ); - if( warn_inconclusive ) - mbedtls_fprintf( stdout, " Inconclusive test, try running it on a less heavily loaded machine.\n" ); - } -/* END_CASE */ - -/* BEGIN_CASE */ -void timing_hardclock( ) -{ - /* We make very few guarantees about mbedtls_timing_hardclock: its rate is - platform-dependent, it can wrap around. So there isn't much we can - test. But we do at least test that it doesn't crash, stall or return - completely nonsensical values. */ - - struct mbedtls_timing_hr_time timer; - unsigned long hardclock0 = -1, hardclock1 = -1, delta1 = -1; - - /* Skip this test if it looks like timers don't work at all, to avoid an - infinite loop below. */ - TEST_ASSERT( !timers_are_badly_broken ); - - hardclock0 = mbedtls_timing_hardclock( ); - /* Wait 2ms to ensure a nonzero delay. Since the timer interface has 1ms - resolution and unspecified precision, waiting 1ms might be a very small - delay that's rounded up. */ - (void) mbedtls_timing_get_timer( &timer, 1 ); - while( mbedtls_timing_get_timer( &timer, 0 ) < 2 ) - /*busy-wait loop*/; - hardclock1 = mbedtls_timing_hardclock( ); - - /* Although the hardclock counter can wrap around, the difference - (hardclock1 - hardclock0) is taken modulo the type size, so it is - correct as long as the counter only wrapped around at most once. We - further require the difference to be nonzero (after a wait of more than - 1ms, the counter must have changed), and not to be overly large (after - a wait of less than 3ms, plus time lost because other processes were - scheduled on the CPU). If the hardclock counter runs at 4GHz, then - 1000000000 (which is 1/4 of the counter wraparound on a 32-bit machine) - allows 250ms. */ - delta1 = hardclock1 - hardclock0; - TEST_ASSERT( delta1 > 0 ); - TEST_ASSERT( delta1 < 1000000000 ); - return; - -exit: - /* No cleanup needed, but show some diagnostic iterations, because timing - problems can be hard to reproduce. */ - if( !timers_are_badly_broken ) - mbedtls_fprintf( stdout, " Finished with hardclock=%lu,%lu\n", - hardclock0, hardclock1 ); } /* END_CASE */ diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data index 62bb7821..cd1cee46 100644 --- a/tests/suites/test_suite_version.data +++ b/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.0" +check_compiletime_version:"2.16.2" Check runtime library version -check_runtime_version:"2.16.0" +check_runtime_version:"2.16.2" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 8f97c0cc..b64414a6 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -2,25 +2,37 @@ X509 Certificate information #1 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +X509 Certificate information #1 (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509_cert_info:"data_files/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" + X509 Certificate information #2 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +X509 Certificate information #2 (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509_cert_info:"data_files/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2011-02-12 14\:44\:06\nexpires on \: 2021-02-12 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" + X509 Certificate information #3 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" +X509 Certificate information #3 (DER) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2011-02-12 14\:44\:00\nexpires on \: 2021-02-12 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n" + X509 Certificate information MD2 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD4 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C -x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information MD5 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C -x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2011-02-12 14\:44\:07\nexpires on \: 2021-02-12 14\:44\:07\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" +x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n" X509 Certificate information SHA1 Digest depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C @@ -226,7 +238,7 @@ X509 CSR Information RSA with SHA224 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" -X509 CSR Information RSA with SHA256 +X509 CSR Information RSA with SHA-256 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" @@ -278,6 +290,10 @@ X509 CSR Information RSA-PSS with SHA512 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" +X509 CSR Information RSA with SHA-256 - Microsoft header +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" + X509 Verify Information: empty x509_verify_info:0:"":"" @@ -447,14 +463,30 @@ X509 Certificate verification #10 (Not trusted Cert, Expired CRL) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL" -X509 Certificate verification #12 (Valid Cert MD4 Digest) +X509 Certificate verification #12 (Valid Cert MD2 Digest, MD2 forbidden) +depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" + +X509 Certificate verification #12 (Valid Cert MD4 Digest, MD4 forbidden) depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" -X509 Certificate verification #13 (Valid Cert MD5 Digest) +X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 forbidden) depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL" +X509 Certificate verification #12 (Valid Cert MD2 Digest, MD2 allowed) +depends_on:MBEDTLS_MD2_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" + +X509 Certificate verification #12 (Valid Cert MD4 Digest, MD4 allowed) +depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" + +X509 Certificate verification #13 (Valid Cert MD5 Digest, MD5 allowed) +depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"all":"NULL" + X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile) depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL" @@ -972,171 +1004,171 @@ X509 Certificate ASN1 (TBSCertificate, correct alg, unknown alg_id) x509parse_crt:"30173015a0030201028204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 Certificate ASN1 (TBSCertificate, correct alg, specific alg_id) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d01010b0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, correct alg, unknown specific alg_id) x509parse_crt:"301c301aa0030201028204deadbeef300d06092a864886f70d0101010500":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 Certificate ASN1 (TBSCertificate, correct alg, bad RSASSA-PSS params) depends_on:MBEDTLS_X509_RSASSA_PSS_SUPPORT -x509parse_crt:"30193017A003020102020118300D06092A864886F70D01010A3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"30193017a003020102020118300d06092a864886f70d01010a3100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, issuer no set data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010205003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"301e301ca0030201028204deadbeef300d06092a864886f70d01010b05003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer no inner seq data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d010102050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3020301ea0030201028204deadbeef300d06092a864886f70d01010b050030023100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer no inner set data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d0101020500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30223020a0030201028204deadbeef300d06092a864886f70d01010b0500300431023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer two inner set datas) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010b05003006310430003000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer no oid data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010205003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30243022a0030201028204deadbeef300d06092a864886f70d01010b05003006310430020600":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer invalid tag) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600060454657374":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, issuer, no string data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d0101020500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30253023a0030201028204deadbeef300d06092a864886f70d01010b0500300731053003060013":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, issuer, no full following string) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d0101020500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"302b3029a0030201028204deadbeef300d06092a864886f70d01010b0500300d310b3009060013045465737400":"":MBEDTLS_ERR_X509_INVALID_NAME+MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, valid issuer, no validity) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"302a3028a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, too much date data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301d170c303930313031303030303030170c30393132333132333539353900":"":MBEDTLS_ERR_X509_INVALID_DATE + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, invalid from date) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303000000000170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE X509 Certificate ASN1 (TBSCertificate, invalid to date) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30483046a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323300000000":"":MBEDTLS_ERR_X509_INVALID_DATE X509 Certificate ASN1 (TBSCertificate, valid validity, no subject) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30493047a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c30393132333132333539353930":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, no pubkeyinfo) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30563054a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no alg) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30583056a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743000":"":MBEDTLS_ERR_PK_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, valid subject, unknown pk alg) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092a864886f70d0101000500":"":MBEDTLS_ERR_PK_UNKNOWN_PK_ALG X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092A864886F70D0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30673065a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374300f300d06092a864886f70d0101010500":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, no bitstring data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092A864886F70D01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30693067a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743011300d06092a864886f70d01010105000300":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid bitstring start) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092A864886F70D0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"306a3068a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743012300d06092a864886f70d0101010500030101":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring length) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092a864886f70d0101010500030400300000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, invalid internal bitstring tag) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092A864886F70D0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"306d306ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a300806001304546573743015300d06092a864886f70d0101010500030400310000":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, invalid mbedtls_mpi) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092a864886f70d0101010500030b0030080202ffff0302ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate, pubkey, total length mismatch) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092A864886F70D0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30753073a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301d300d06092a864886f70d0101010500030b0030080202ffff0202ffff00":"":MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate, pubkey, check failed) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092A864886F70D0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30743072a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374301c300d06092a864886f70d0101010500030b0030080202ffff0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 Certificate ASN1 (TBSCertificate, pubkey, check failed, expanded length notation) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210fffffffffffffffffffffffffffffffe0202ffff":"":MBEDTLS_ERR_PK_INVALID_PUBKEY X509 Certificate ASN1 (TBSCertificate v3, Optional UIDs, Extensions not present) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308183308180a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, issuerID wrong tag) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308184308181a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff00":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, UIDs, no ext) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bb":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, UIDs, invalid length) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_ASN1_INVALID_LENGTH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308189308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa185aaa201bb":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_INVALID_LENGTH X509 Certificate ASN1 (TBSCertificate v3, ext empty) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30818b308188a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba300":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext length mismatch) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30818e30818ba0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba303300000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (TBSCertificate v3, first ext invalid) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30818f30818ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30330023000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, first ext invalid tag) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819030818da0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba3043002310000":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, bool len missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30060603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, data missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30c300a30080603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no octet present) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308195a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba30d300b30090603551d1301010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet data missing) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819c308199a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba311300f300d0603551d130101010403300100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, no pathlen) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819f30819ca0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba314301230100603551d130101010406300402010102":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (TBSCertificate v3, ext BasicContraint tag, octet len mismatch) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"3081a230819fa0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa101aaa201bba317301530130603551d130101010409300702010102010100":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 Certificate ASN1 (ExtKeyUsage, bad second tag) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C @@ -1144,101 +1176,101 @@ x509parse_crt:"3081de3081dba003020102020900ebdbcd14105e1839300906072a8648ce3d040 X509 Certificate ASN1 (SubjectAltName repeated) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS +x509parse_crt:"3081fd3081faa003020102020900a8b31ff37d09a37f300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313231333731365a170d3234313130383231333731365a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (ExtKeyUsage repeated) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C x509parse_crt:"3081fd3081faa003020102020900ebdbcd14105e1839300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3134313131313230353935345a170d3234313130383230353935345a300f310d300b06035504031304546573743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa340303e301d0603551d250416301406082b0601050507030106082b06010505070302301d0603551d250416301406082b0601050507030106082b06010505070302":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS X509 Certificate ASN1 (correct pubkey, no sig_alg) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308183308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (sig_alg mismatch) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0102020500":"":MBEDTLS_ERR_X509_SIG_MISMATCH X509 Certificate ASN1 (sig_alg, no sig) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308192308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 Certificate ASN1 (signature, invalid sig data) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308195308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030100":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_INVALID_DATA X509 Certificate ASN1 (signature, data left) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308197308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff00":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH -X509 Certificate ASN1 (correct) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +X509 Certificate ASN1 (well-formed) +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308196308180a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (GeneralizedTime instead of UTCTime) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d0101020500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308198308182a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301e180e3230313030313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2010-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 CN) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550403130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: CN=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 C) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550406130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: C=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 L) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550407130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: L=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 ST) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b0603550408130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ST=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 O) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040a130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: O=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with X520 OU) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b060355040b130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: OU=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown X520 part) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d0101020500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"308199308183a0030201008204deadbeef300d06092a864886f70d01010b0500300f310d300b06035504de130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with composite RDN) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C x509parse_crt:"3082029f30820208a00302010202044c20e3bd300d06092a864886f70d01010505003056310b3009060355040613025553310b300906035504080c0243413121301f060355040a0c18496e7465726e6574205769646769747320507479204c74643117301506035504030c0e4672616e6b656e63657274204341301e170d3133303830323135313433375a170d3135303831373035353433315a3081d1310b3009060355040613025553311330110603550408130a57617368696e67746f6e31133011060b2b0601040182373c0201031302555331193017060b2b0601040182373c020102130844656c6177617265311a3018060355040a1311417574686f72697a652e4e6574204c4c43311d301b060355040f131450726976617465204f7267616e697a6174696f6e312a300e06035504051307343336393139313018060355040313117777772e617574686f72697a652e6e6574311630140603550407130d53616e204672616e636973636f30819f300d06092a864886f70d010101050003818d0030818902818100d885c62e209b6ac005c64f0bcfdaac1f2b67a18802f75b08851ff933deed888b7b68a62fcabdb21d4a8914becfeaaa1b7e08a09ffaf9916563586dc95e2877262b0b5f5ec27eb4d754aa6facd1d39d25b38a2372891bacdd3e919f791ed25704e8920e380e5623a38e6a23935978a3aec7a8e761e211d42effa2713e44e7de0b0203010001300d06092a864886f70d010105050003818100092f7424d3f6da4b8553829d958ed1980b9270b42c0d3d5833509a28c66bb207df9f3c51d122065e00b87c08c2730d2745fe1c279d16fae4d53b4bf5bdfa3631fceeb2e772b6b08a3eca5a2e2c687aefd23b4b73bf77ac6099711342cf070b35c6f61333a7cbf613d8dd4bd73e9df34bcd4284b0b4df57c36c450613f11e5dac":"cert. version \: 3\nserial number \: 4C\:20\:E3\:BD\nissuer name \: C=US, ST=CA, O=Internet Widgits Pty Ltd, CN=Frankencert CA\nsubject name \: C=US, ST=Washington, ??=US, ??=Delaware, O=Authorize.Net LLC, ??=Private Organization, serialNumber=4369191 + CN=www.authorize.net, L=San Francisco\nissued on \: 2013-08-02 15\:14\:37\nexpires on \: 2015-08-17 05\:54\:31\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\n":0 X509 Certificate ASN1 (Name with PKCS9 email) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d010901130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: emailAddress=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (Name with unknown PKCS9 part) -depends_on:MBEDTLS_RSA_C:MBEDTLS_MD2_C -x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d010102050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d0101020500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with MD2\nRSA key size \: 128 bits\n":0 +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +x509parse_crt:"30819f308189a0030201008204deadbeef300d06092a864886f70d01010b050030153113301106092a864886f70d0109ab130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092a864886f70d010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ?\?=Test\nsubject name \: ?\?=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\n":0 X509 Certificate ASN1 (ECDSA signature, RSA key) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C -x509parse_crt:"3081E630819E020103300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343631385A170D3233303730383039343631385A300F310D300B0603550403130454657374304C300D06092A864886F70D0101010500033B003038023100E8F546061D3B49BC2F6B7524B7EA4D73A8D5293EE8C64D9407B70B5D16BAEBC32B8205591EAB4E1EB57E9241883701250203010001300906072A8648CE3D0401033800303502186E18209AFBED14A0D9A796EFCAD68891E3CCD5F75815C833021900E92B4FD460B1994693243B9FFAD54729DE865381BDA41D25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 +x509parse_crt:"3081e630819e020103300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343631385a170d3233303730383039343631385a300f310d300b0603550403130454657374304c300d06092a864886f70d0101010500033b003038023100e8f546061d3b49bc2f6b7524b7ea4d73a8d5293ee8c64d9407b70b5d16baebc32b8205591eab4e1eb57e9241883701250203010001300906072a8648ce3d0401033800303502186e18209afbed14a0d9a796efcad68891e3ccd5f75815c833021900e92b4fd460b1994693243b9ffad54729de865381bda41d25":"cert. version \: 1\nserial number \: 03\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:46\:18\nexpires on \: 2023-07-08 09\:46\:18\nsigned using \: ECDSA with SHA1\nRSA key size \: 384 bits\n":0 X509 Certificate ASN1 (ECDSA signature, EC key) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C -x509parse_crt:"3081EB3081A3020900F41534662EC7E912300906072A8648CE3D0401300F310D300B0603550403130454657374301E170D3133303731303039343031395A170D3233303730383039343031395A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D030101033200042137969FABD4E370624A0E1A33E379CAB950CCE00EF8C3C3E2ADAEB7271C8F07659D65D3D777DCF21614363AE4B6E617300906072A8648CE3D04010338003035021858CC0F957946FE6A303D92885A456AA74C743C7B708CBD37021900FE293CAC21AF352D16B82EB8EA54E9410B3ABAADD9F05DD6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 +x509parse_crt:"3081eb3081a3020900f41534662ec7e912300906072a8648ce3d0401300f310d300b0603550403130454657374301e170d3133303731303039343031395a170d3233303730383039343031395a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d030101033200042137969fabd4e370624a0e1a33e379cab950cce00ef8c3c3e2adaeb7271c8f07659d65d3d777dcf21614363ae4b6e617300906072a8648ce3d04010338003035021858cc0f957946fe6a303d92885a456aa74c743c7b708cbd37021900fe293cac21af352d16b82eb8ea54e9410b3abaadd9f05dd6":"cert. version \: 1\nserial number \: F4\:15\:34\:66\:2E\:C7\:E9\:12\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 09\:40\:19\nexpires on \: 2023-07-08 09\:40\:19\nsigned using \: ECDSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (RSA signature, EC key) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C -x509parse_crt:"3081E430819F020104300D06092A864886F70D0101050500300F310D300B0603550403130454657374301E170D3133303731303135303233375A170D3233303730383135303233375A300F310D300B06035504031304546573743049301306072A8648CE3D020106082A8648CE3D03010103320004E962551A325B21B50CF6B990E33D4318FD16677130726357A196E3EFE7107BCB6BDC6D9DB2A4DF7C964ACFE81798433D300D06092A864886F70D01010505000331001A6C18CD1E457474B2D3912743F44B571341A7859A0122774A8E19A671680878936949F904C9255BDD6FFFDB33A7E6D8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 +x509parse_crt:"3081e430819f020104300d06092a864886f70d0101050500300f310d300b0603550403130454657374301e170d3133303731303135303233375a170d3233303730383135303233375a300f310d300b06035504031304546573743049301306072a8648ce3d020106082a8648ce3d03010103320004e962551a325b21b50cf6b990e33d4318fd16677130726357a196e3efe7107bcb6bdc6d9db2a4df7c964acfe81798433d300d06092a864886f70d01010505000331001a6c18cd1e457474b2d3912743f44b571341a7859a0122774a8e19a671680878936949f904c9255bdd6fffdb33a7e6d8":"cert. version \: 1\nserial number \: 04\nissuer name \: CN=Test\nsubject name \: CN=Test\nissued on \: 2013-07-10 15\:02\:37\nexpires on \: 2023-07-08 15\:02\:37\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\n":0 X509 Certificate ASN1 (invalid version 3) x509parse_crt:"30173015a0030201038204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 Certificate ASN1 (invalid version overflow) -x509parse_crt:"301A3018a00602047FFFFFFF8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crt:"301a3018a00602047fffffff8204deadbeef30080604cafed00d0500":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 Certificate ASN1 (invalid SubjectAltNames tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509parse_crt:"308203723082025AA003020102020111300D06092A864886F70D0101050500303B310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C3119301706035504031310506F6C617253534C2054657374204341301E170D3132303531303133323334315A170D3232303531313133323334315A303A310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C311830160603550403130F7777772E6578616D706C652E636F6D30820122300D06092A864886F70D01010105000382010F003082010A0282010100B93C4AC5C8A38E9017A49E52AA7175266180E7C7B56D8CFFAAB64126B7BE11AD5C73160C64114804FFD6E13B05DB89BBB39709D51C14DD688739B03D71CBE276D01AD8182D801B54F6E5449AF1CBAF612EDF490D9D09B7EDB1FD3CFD3CFA24CF5DBF7CE453E725B5EA4422E926D3EA20949EE66167BA2E07670B032FA209EDF0338F0BCE10EF67A4C608DAC1EDC23FD74ADD153DF95E1C8160463EB5B33D2FA6DE471CBC92AEEBDF276B1656B7DCECD15557A56EEC7525F5B77BDFABD23A5A91987D97170B130AA76B4A8BC14730FB3AF84104D5C1DFB81DBF7B01A565A2E01E36B7A65CCC305AF8CD6FCDF1196225CA01E3357FFA20F5DCFD69B26A007D17F70203010001A38181307F30090603551D1304023000301D0603551D0E041604147DE49C6BE6F9717D46D2123DAD6B1DFDC2AA784C301F0603551D23041830168014B45AE4A5B3DED252F6B9D5A6950FEB3EBCC7FDFF30320603551D11042B3029C20B6578616D706C652E636F6D820B6578616D706C652E6E6574820D2A2E6578616D706C652E6F7267300D06092A864886F70D010105050003820101004F09CB7AD5EEF5EF620DDC7BA285D68CCA95B46BDA115B92007513B9CA0BCEEAFBC31FE23F7F217479E2E6BCDA06E52F6FF655C67339CF48BC0D2F0CD27A06C34A4CD9485DA0D07389E4D4851D969A0E5799C66F1D21271F8D0529E840AE823968C39707CF3C934C1ADF2FA6A455487F7C8C1AC922DA24CD9239C68AECB08DF5698267CB04EEDE534196C127DC2FFE33FAD30EB8D432A9842853A5F0D189D5A298E71691BB9CC0418E8C58ACFFE3DD2E7AABB0B97176AD0F2733F7A929D3C076C0BF06407C0ED5A47C8AE2326E16AEDA641FB0557CDBDDF1A4BA447CB39958D2346E00EA976C143AF2101E0AA249107601F4F2C818FDCC6346128B091BF194E6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509parse_crt:"308203723082025aa003020102020111300d06092a864886f70d0101050500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341301e170d3132303531303133323334315a170d3232303531313133323334315a303a310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c311830160603550403130f7777772e6578616d706c652e636f6d30820122300d06092a864886f70d01010105000382010f003082010a0282010100b93c4ac5c8a38e9017a49e52aa7175266180e7c7b56d8cffaab64126b7be11ad5c73160c64114804ffd6e13b05db89bbb39709d51c14dd688739b03d71cbe276d01ad8182d801b54f6e5449af1cbaf612edf490d9d09b7edb1fd3cfd3cfa24cf5dbf7ce453e725b5ea4422e926d3ea20949ee66167ba2e07670b032fa209edf0338f0bce10ef67a4c608dac1edc23fd74add153df95e1c8160463eb5b33d2fa6de471cbc92aeebdf276b1656b7dcecd15557a56eec7525f5b77bdfabd23a5a91987d97170b130aa76b4a8bc14730fb3af84104d5c1dfb81dbf7b01a565a2e01e36b7a65ccc305af8cd6fcdf1196225ca01e3357ffa20f5dcfd69b26a007d17f70203010001a38181307f30090603551d1304023000301d0603551d0e041604147de49c6be6f9717d46d2123dad6b1dfdc2aa784c301f0603551d23041830168014b45ae4a5b3ded252f6b9d5a6950feb3ebcc7fdff30320603551d11042b3029c20b6578616d706c652e636f6d820b6578616d706c652e6e6574820d2a2e6578616d706c652e6f7267300d06092a864886f70d010105050003820101004f09cb7ad5eef5ef620ddc7ba285d68cca95b46bda115b92007513b9ca0bceeafbc31fe23f7f217479e2e6bcda06e52f6ff655c67339cf48bc0d2f0cd27a06c34a4cd9485da0d07389e4d4851d969a0e5799c66f1d21271f8d0529e840ae823968c39707cf3c934c1adf2fa6a455487f7c8c1ac922da24cd9239c68aecb08df5698267cb04eede534196c127dc2ffe33fad30eb8d432a9842853a5f0d189d5a298e71691bb9cc0418e8c58acffe3dd2e7aabb0b97176ad0f2733f7a929d3c076c0bf06407c0ed5a47c8ae2326e16aeda641fb0557cdbddf1a4ba447cb39958d2346e00ea976c143af2101e0aa249107601f4f2c818fdcc6346128b091bf194e6":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (Incorrect first tag) x509parse_crl:"":"":MBEDTLS_ERR_X509_INVALID_FORMAT @@ -1308,7 +1340,7 @@ X509 CRL ASN1 (invalid version 2) x509parse_crl:"30463031020102300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRL ASN1 (invalid version overflow) -x509parse_crl:"3049303102047FFFFFFF300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +x509parse_crl:"3049303102047fffffff300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 CRL ASN1 (extension seq too long, crl-idp.pem byte 121) depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C @@ -1463,28 +1495,28 @@ depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBE mbedtls_x509_crt_verify_chain:"data_files/server10_int3_int-ca2_ca.crt":"data_files/test-ca2.crt":-1:-4:"":8 X509 OID description #1 -x509_oid_desc:"2B06010505070301":"TLS Web Server Authentication" +x509_oid_desc:"2b06010505070301":"TLS Web Server Authentication" X509 OID description #2 -x509_oid_desc:"2B0601050507030f":"notfound" +x509_oid_desc:"2b0601050507030f":"notfound" X509 OID description #3 -x509_oid_desc:"2B0601050507030100":"notfound" +x509_oid_desc:"2b0601050507030100":"notfound" X509 OID numstring #1 (wide buffer) -x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":20:17 +x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":20:17 X509 OID numstring #2 (buffer just fits) -x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":18:17 +x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":18:17 X509 OID numstring #3 (buffer too small) -x509_oid_numstr:"2B06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL +x509_oid_numstr:"2b06010505070301":"1.3.6.1.5.5.7.3.1":17:MBEDTLS_ERR_OID_BUF_TOO_SMALL X509 OID numstring #4 (larger number) -x509_oid_numstr:"2A864886F70D":"1.2.840.113549":15:14 +x509_oid_numstr:"2a864886f70d":"1.2.840.113549":15:14 X509 OID numstring #5 (arithmetic overflow) -x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL +x509_oid_numstr:"2a8648f9f8f7f6f5f4f3f2f1f001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL X509 crt keyUsage #1 (no extension, expected KU) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C @@ -1532,31 +1564,31 @@ x509_check_key_usage:"data_files/keyUsage.decipherOnly.crt":MBEDTLS_X509_KU_DIGI X509 crt extendedKeyUsage #1 (no extension, serverAuth) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.crt":"2B06010505070301":0 +x509_check_extended_key_usage:"data_files/server5.crt":"2b06010505070301":0 X509 crt extendedKeyUsage #2 (single value, present) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2B06010505070301":0 +x509_check_extended_key_usage:"data_files/server5.eku-srv.crt":"2b06010505070301":0 X509 crt extendedKeyUsage #3 (single value, absent) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2B06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA +x509_check_extended_key_usage:"data_files/server5.eku-cli.crt":"2b06010505070301":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #4 (two values, first) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070301":0 +x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070301":0 X509 crt extendedKeyUsage #5 (two values, second) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070302":0 +x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070302":0 X509 crt extendedKeyUsage #6 (two values, other) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2B06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA +x509_check_extended_key_usage:"data_files/server5.eku-srv_cli.crt":"2b06010505070303":MBEDTLS_ERR_X509_BAD_INPUT_DATA X509 crt extendedKeyUsage #7 (any, random) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C -x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2B060105050703FF":0 +x509_check_extended_key_usage:"data_files/server5.eku-cs_any.crt":"2b060105050703ff":0 X509 RSASSA-PSS parameters ASN1 (good, all defaults) x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 @@ -1565,113 +1597,113 @@ X509 RSASSA-PSS parameters ASN1 (wrong initial tag) x509_parse_rsassa_pss_params:"":MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (unknown tag in top-level sequence) -x509_parse_rsassa_pss_params:"A400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a400":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (good, HashAlg SHA256) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A00D300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 +x509_parse_rsassa_pss_params:"a00d300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit HashAlg = default) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_parse_rsassa_pss_params:"A009300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 +x509_parse_rsassa_pss_params:"a009300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #1) -x509_parse_rsassa_pss_params:"A00A300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a00a300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (HashAlg wrong len #2) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_parse_rsassa_pss_params:"A00A300706052B0E03021A00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a00a300706052b0e03021a00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters) -x509_parse_rsassa_pss_params:"A00F300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA +x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_INVALID_DATA X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID) -x509_parse_rsassa_pss_params:"A00D300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND +x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (good, explicit MGAlg = default) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C -x509_parse_rsassa_pss_params:"A116301406092A864886F70D010108300706052B0E03021A":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 +x509_parse_rsassa_pss_params:"a116301406092a864886f70d010108300706052b0e03021a":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #1) -x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg wrong len #2) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A11B301806092A864886F70D010108300B060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a11b301806092a864886f70d010108300b060960864801650304020100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1) -x509_parse_rsassa_pss_params:"A11A301906092A864886F70D010108300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1) -x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010109300B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + MBEDTLS_ERR_OID_NOT_FOUND X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag) -x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108310B0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1a) -x509_parse_rsassa_pss_params:"A10F300D06092A864886F70D0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a10f300d06092a864886f70d0101083000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1b) -x509_parse_rsassa_pss_params:"A11B301906092A864886F70D010108300C0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a11b301906092a864886f70d010108300c0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID) -x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID) -x509_parse_rsassa_pss_params:"A11A301806092A864886F70D010108300B06096086480165030402FF":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND +x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_OID_NOT_FOUND X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 +x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:0 X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params wrong tag) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A11C301A06092A864886F70D010108300D06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_parse_rsassa_pss_params:"a11c301a06092a864886f70d010108300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #1c) -x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e06096086480165030402010500":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong len #2) depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C -x509_parse_rsassa_pss_params:"A11D301B06092A864886F70D010108300E0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a11d301b06092a864886f70d010108300e0609608648016503040201050000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (good, saltLen = 94) -x509_parse_rsassa_pss_params:"A20302015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0 +x509_parse_rsassa_pss_params:"a20302015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:0 X509 RSASSA-PSS parameters ASN1 (good, explicit saltLen = default) -x509_parse_rsassa_pss_params:"A203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 +x509_parse_rsassa_pss_params:"a203020114":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #1) -x509_parse_rsassa_pss_params:"A20402015E":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a20402015e":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (saltLen wrong len #2) -x509_parse_rsassa_pss_params:"A20402015E00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a20402015e00":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (saltLen not an int) -x509_parse_rsassa_pss_params:"A2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_parse_rsassa_pss_params:"a2023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:94:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (good, explicit trailerField = default) -x509_parse_rsassa_pss_params:"A303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 +x509_parse_rsassa_pss_params:"a303020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:0 X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #1) -x509_parse_rsassa_pss_params:"A304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +x509_parse_rsassa_pss_params:"a304020101":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 RSASSA-PSS parameters ASN1 (trailerField wrong len #2) -x509_parse_rsassa_pss_params:"A30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +x509_parse_rsassa_pss_params:"a30402010100":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 RSASSA-PSS parameters ASN1 (trailerField not an int) -x509_parse_rsassa_pss_params:"A3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +x509_parse_rsassa_pss_params:"a3023000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 RSASSA-PSS parameters ASN1 (trailerField not 1) -x509_parse_rsassa_pss_params:"A303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG +x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -mbedtls_x509_csr_parse:"308201183081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 +mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) mbedtls_x509_csr_parse:"3100":"":MBEDTLS_ERR_X509_INVALID_FORMAT @@ -1704,63 +1736,63 @@ X509 CSR ASN.1 (bad CRI.Name payload: not a set) mbedtls_x509_csr_parse:"3009300702010030023000":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad CRI.Name payload: overlong) -mbedtls_x509_csr_parse:"300A30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"300a30080201003002310100":"":MBEDTLS_ERR_X509_INVALID_NAME + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad SubjectPublicKeyInfo: missing) -mbedtls_x509_csr_parse:"30143012020100300D310B3009060355040613024E4C":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"30143012020100300d310b3009060355040613024e4c":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad SubjectPublicKeyInfo: not a sequence) -mbedtls_x509_csr_parse:"30163014020100300D310B3009060355040613024E4C3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse:"30163014020100300d310b3009060355040613024e4c3100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad SubjectPublicKeyInfo: overlong) -mbedtls_x509_csr_parse:"30173014020100300D310B3009060355040613024E4C300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"30173014020100300d310b3009060355040613024e4c300100":"":MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: missing) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081973081940201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"3081973081940201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad attributes: bad tag) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081993081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFF0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse:"3081993081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edff0500":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad attributes: overlong) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"30819A3081960201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"30819a3081960201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa00100":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: missing) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081C23081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"3081c23081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: not a sequence) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03100":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sigAlg: overlong) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081C43081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"3081c43081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e03001":"":MBEDTLS_ERR_X509_INVALID_ALG + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sigAlg: unknown) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED -mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04FF":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG +mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04ff":"":MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG X509 CSR ASN.1 (bad sig: missing) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -mbedtls_x509_csr_parse:"3081CD3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"3081cd3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d0401":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (bad sig: not a bit string) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG +mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010400":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CSR ASN.1 (bad sig: overlong) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -mbedtls_x509_csr_parse:"3081CF3081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA +mbedtls_x509_csr_parse:"3081cf3081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010301":"":MBEDTLS_ERR_X509_INVALID_SIGNATURE + MBEDTLS_ERR_ASN1_OUT_OF_DATA X509 CSR ASN.1 (extra data after signature) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C -mbedtls_x509_csr_parse:"308201193081BF0201003034310B3009060355040613024E4C3111300F060355040A1308506F6C617253534C31123010060355040313096C6F63616C686F73743059301306072A8648CE3D020106082A8648CE3D0301070342000437CC56D976091E5A723EC7592DFF206EEE7CF9069174D0AD14B5F768225962924EE500D82311FFEA2FD2345D5D16BD8A88C26B770D55CD8A2A0EFA01C8B4EDFFA029302706092A864886F70D01090E311A301830090603551D1304023000300B0603551D0F0404030205E0300906072A8648CE3D04010349003046022100B49FD8C8F77ABFA871908DFBE684A08A793D0F490A43D86FCF2086E4F24BB0C2022100F829D5CCD3742369299E6294394717C4B723A0F68B44E831B6E6C3BCABF9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH +mbedtls_x509_csr_parse:"308201193081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf9724300":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CSR ASN.1 (invalid version overflow) -mbedtls_x509_csr_parse:"3008300602047FFFFFFF":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION +mbedtls_x509_csr_parse:"3008300602047fffffff":"":MBEDTLS_ERR_X509_UNKNOWN_VERSION X509 File parse (no issues) depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 552c494b..e6b1b478 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -15,6 +15,15 @@ than the current threshold 19. To test larger values, please \ adapt the script tests/data_files/dir-max/long.sh." #endif +/* Test-only profile allowing all digests, PK algorithms, and curves. */ +const mbedtls_x509_crt_profile profile_all = +{ + 0xFFFFFFFF, /* Any MD */ + 0xFFFFFFFF, /* Any PK alg */ + 0xFFFFFFFF, /* Any curve */ + 1024, +}; + /* Profile for backward compatibility. Allows SHA-1, unlike the default profile. */ const mbedtls_x509_crt_profile compat_profile = @@ -349,6 +358,8 @@ void x509_verify( char *crt_file, char *ca_file, char *crl_file, profile = &mbedtls_x509_crt_profile_suiteb; else if( strcmp( profile_str, "compat" ) == 0 ) profile = &compat_profile; + else if( strcmp( profile_str, "all" ) == 0 ) + profile = &profile_all; else TEST_ASSERT( "Unknown algorithm profile" == 0 ); diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data index 5b54d858..c1966250 100644 --- a/tests/suites/test_suite_x509write.data +++ b/tests/suites/test_suite_x509write.data @@ -1,78 +1,86 @@ Certificate Request check Server1 SHA1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha1":MBEDTLS_MD_SHA1:0:0:0:0 Certificate Request check Server1 SHA224 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha224":MBEDTLS_MD_SHA224:0:0:0:0 Certificate Request check Server1 SHA256 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha256":MBEDTLS_MD_SHA256:0:0:0:0 Certificate Request check Server1 SHA384 depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha384":MBEDTLS_MD_SHA384:0:0:0:0 Certificate Request check Server1 SHA512 depends_on:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.sha512":MBEDTLS_MD_SHA512:0:0:0:0 Certificate Request check Server1 MD4 depends_on:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md4":MBEDTLS_MD_MD4:0:0:0:0 Certificate Request check Server1 MD5 depends_on:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_MD5:0:0:0:0 Certificate Request check Server1 key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0 + +Certificate Request check Server1 key_usage empty +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage_empty":MBEDTLS_MD_SHA1:0:1:0:0 Certificate Request check Server1 ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1 + +Certificate Request check Server1 ns_cert_type empty +depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 +x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type_empty":MBEDTLS_MD_SHA1:0:0:0:1 Certificate Request check Server1 key_usage + ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 -x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER +x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1 Certificate Request check Server5 ECDSA, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED -x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0 +x509_csr_check:"data_files/server5.key":"data_files/server5.req.ku.sha1":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:1:0:0 Certificate write check Server1 SHA1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:-1:"data_files/server1.crt":0 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0 Certificate write check Server1 SHA1, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:1:-1:"data_files/server1.key_usage.crt":0 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0 Certificate write check Server1 SHA1, ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:-1:"data_files/server1.cert_type.crt":0 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0 Certificate write check Server1 SHA1, version 1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0 Certificate write check Server1 SHA1, RSA_ALT depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:-1:"data_files/server1.noauthid.crt":1 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1 Certificate write check Server1 SHA1, RSA_ALT, key_usage depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1 Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:0:-1:"data_files/server1.cert_type_noauthid.crt":1 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1 Certificate write check Server1 SHA1, RSA_ALT, version 1 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C -x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1 +x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1 X509 String to Names #1 mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark, Inc., OU=PolarSSL":0 diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function index c00b1aca..535807e3 100644 --- a/tests/suites/test_suite_x509write.function +++ b/tests/suites/test_suite_x509write.function @@ -37,7 +37,8 @@ size_t mbedtls_rsa_key_len_func( void *ctx ) /* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C:MBEDTLS_X509_CSR_WRITE_C */ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, - int key_usage, int cert_type ) + int key_usage, int set_key_usage, int cert_type, + int set_cert_type ) { mbedtls_pk_context key; mbedtls_x509write_csr req; @@ -59,9 +60,9 @@ void x509_csr_check( char * key_file, char * cert_req_check_file, int md_type, mbedtls_x509write_csr_set_md_alg( &req, md_type ); mbedtls_x509write_csr_set_key( &req, &key ); TEST_ASSERT( mbedtls_x509write_csr_set_subject_name( &req, subject_name ) == 0 ); - if( key_usage != 0 ) + if( set_key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_key_usage( &req, key_usage ) == 0 ); - if( cert_type != 0 ) + if( set_cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_csr_set_ns_cert_type( &req, cert_type ) == 0 ); ret = mbedtls_x509write_csr_pem( &req, buf, sizeof( buf ), @@ -100,7 +101,8 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, char *subject_name, char *issuer_key_file, char *issuer_pwd, char *issuer_name, char *serial_str, char *not_before, char *not_after, - int md_type, int key_usage, int cert_type, int auth_ident, + int md_type, int key_usage, int set_key_usage, + int cert_type, int set_cert_type, int auth_ident, int ver, char *cert_check_file, int rsa_alt ) { mbedtls_pk_context subject_key, issuer_key, issuer_key_alt; @@ -168,9 +170,9 @@ void x509_crt_check( char *subject_key_file, char *subject_pwd, TEST_ASSERT( mbedtls_x509write_crt_set_subject_key_identifier( &crt ) == 0 ); if( auth_ident ) TEST_ASSERT( mbedtls_x509write_crt_set_authority_key_identifier( &crt ) == 0 ); - if( key_usage != 0 ) + if( set_key_usage != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_key_usage( &crt, key_usage ) == 0 ); - if( cert_type != 0 ) + if( set_cert_type != 0 ) TEST_ASSERT( mbedtls_x509write_crt_set_ns_cert_type( &crt, cert_type ) == 0 ); } |