From 9a969b66c17dbf16bd97a20b932dbdd7e537c203 Mon Sep 17 00:00:00 2001 From: Peter Kolbus Date: Tue, 11 Dec 2018 13:55:56 -0600 Subject: [PATCH 01/19] Reduce code size when mbedtls_x509_*_info() unused Introduce MBEDTLS_X509_INFO to indicate the availability of the mbedtls_x509_*_info() function and closely related APIs. When this is not defined, also omit name and description from mbedtls_oid_descriptor_t, and omit OID arrays, macros, and types that are entirely unused. This saves several KB of code space. Signed-off-by: Hanno Becker Signed-off-by: Chris Jones --- include/mbedtls/config.h | 11 ++ include/mbedtls/debug.h | 8 +- include/mbedtls/oid.h | 4 + include/mbedtls/x509.h | 2 + include/mbedtls/x509_crl.h | 2 + include/mbedtls/x509_crt.h | 5 + include/mbedtls/x509_csr.h | 2 + library/debug.c | 4 +- library/oid.c | 201 +++++++++++---------- library/version_features.c | 3 + library/x509.c | 2 + library/x509_crl.c | 2 + library/x509_crt.c | 102 ++++++----- library/x509_csr.c | 2 + programs/ssl/dtls_client.c | 4 + programs/ssl/ssl_client1.c | 4 + programs/ssl/ssl_client2.c | 13 ++ programs/ssl/ssl_mail_client.c | 6 + programs/ssl/ssl_server2.c | 8 +- programs/test/query_config.c | 8 + programs/x509/cert_app.c | 4 +- programs/x509/crl_app.c | 6 +- programs/x509/req_app.c | 6 +- tests/suites/test_suite_debug.data | 4 +- tests/suites/test_suite_debug.function | 2 +- tests/suites/test_suite_oid.function | 2 +- tests/suites/test_suite_x509parse.data | 80 ++++---- tests/suites/test_suite_x509parse.function | 31 +++- 28 files changed, 322 insertions(+), 206 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index dabbb2889..f609435d7 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2143,6 +2143,17 @@ */ #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE +/** + * \def MBEDTLS_X509_INFO + * + * Enable mbedtls_x509_*_info() and related APIs. + * + * Comment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() + * and other functions/constants only used by these functions, thus reducing + * the code footprint by several KB. + */ +#define MBEDTLS_X509_INFO + /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT * diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index dd20ba087..a4d6a7e81 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -59,9 +59,13 @@ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_INFO) #define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \ mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ) -#endif +#else +#define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) +#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_ECDH_C) #define MBEDTLS_SSL_DEBUG_ECDH( level, ecdh, attr ) \ @@ -248,7 +252,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_ecp_point *X ); #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) /** * \brief Print a X.509 certificate structure to the debug output. This * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index e4c697b2d..89b5fe87f 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -441,8 +441,10 @@ typedef struct mbedtls_oid_descriptor_t { const char *asn1; /*!< OID ASN.1 representation */ size_t asn1_len; /*!< length of asn1 */ +#if defined(MBEDTLS_X509_INFO) const char *name; /*!< official name (e.g. from RFC) */ const char *description; /*!< human friendly description */ +#endif } mbedtls_oid_descriptor_t; /** @@ -582,6 +584,7 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); #endif /* MBEDTLS_MD_C */ +#if defined(MBEDTLS_X509_INFO) /** * \brief Translate Extended Key Usage OID into description * @@ -591,6 +594,7 @@ int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_ * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND */ int mbedtls_oid_get_extended_key_usage( const mbedtls_asn1_buf *oid, const char **desc ); +#endif /** * \brief Translate certificate policies OID into description diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index e5e83d664..44f2ed02d 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -316,9 +316,11 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ); +#if defined(MBEDTLS_X509_INFO) int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts ); +#endif int mbedtls_x509_key_size_helper( char *buf, size_t buf_size, const char *name ); int mbedtls_x509_string_to_names( mbedtls_asn1_named_data **head, const char *name ); int mbedtls_x509_set_extension( mbedtls_asn1_named_data **head, const char *oid, size_t oid_len, diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index 7e9e8885f..fb1de79f1 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -134,6 +134,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ +#if defined(MBEDTLS_X509_INFO) /** * \brief Returns an informational string about the CRL. * @@ -147,6 +148,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); */ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl ); +#endif /** * \brief Initialize a CRL (chain) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 8e389f8c0..fc3ea8eb4 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -509,6 +509,8 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); */ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san ); + +#if defined(MBEDTLS_X509_INFO) /** * \brief Returns an informational string about the * certificate. @@ -523,7 +525,9 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ); +#endif +#if defined(MBEDTLS_X509_INFO) /** * \brief Returns an informational string about the * verification status of a certificate. @@ -538,6 +542,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, */ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ); +#endif /** * \brief Verify a chain of certificates. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index b1dfc21f1..b9e5b93fb 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -121,6 +121,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); #endif /* MBEDTLS_FS_IO */ +#if defined(MBEDTLS_X509_INFO) /** * \brief Returns an informational string about the * CSR. @@ -135,6 +136,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); */ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_csr *csr ); +#endif /** * \brief Initialize a CSR diff --git a/library/debug.c b/library/debug.c index e91d1ad1d..fcd67dbe5 100644 --- a/library/debug.c +++ b/library/debug.c @@ -284,7 +284,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) static void debug_print_pk( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk ) @@ -379,7 +379,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, crt = crt->next; } } -#endif /* MBEDTLS_X509_CRT_PARSE_C */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_INFO */ #if defined(MBEDTLS_ECDH_C) static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl, diff --git a/library/oid.c b/library/oid.c index 19c8ac207..d8cbfb460 100644 --- a/library/oid.c +++ b/library/oid.c @@ -41,6 +41,17 @@ */ #define ADD_LEN(s) s, MBEDTLS_OID_SIZE(s) +/* + * Macro to generate mbedtls_oid_descriptor_t + */ +#if defined(MBEDTLS_X509_INFO) +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } +#define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } +#else +#define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s) } +#define NULL_OID_DESCRIPTOR { NULL, 0 } +#endif + /* * Macro to generate an internal function for oid_XXX_from_asn1() (used by * the other functions) @@ -64,6 +75,7 @@ return( NULL ); \ } +#if defined(MBEDTLS_X509_INFO) /* * Macro to generate a function for retrieving a single attribute from the * descriptor of an mbedtls_oid_descriptor_t wrapper. @@ -76,6 +88,7 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) *ATTR1 = data->descriptor.ATTR1; \ return( 0 ); \ } +#endif /* MBEDTLS_X509_INFO */ /* * Macro to generate a function for retrieving a single attribute from an @@ -157,83 +170,83 @@ typedef struct { static const oid_x520_attr_t oid_x520_attr_type[] = { { - { ADD_LEN( MBEDTLS_OID_AT_CN ), "id-at-commonName", "Common Name" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_CN, "id-at-commonName", "Common Name" ), "CN", }, { - { ADD_LEN( MBEDTLS_OID_AT_COUNTRY ), "id-at-countryName", "Country" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_COUNTRY, "id-at-countryName", "Country" ), "C", }, { - { ADD_LEN( MBEDTLS_OID_AT_LOCALITY ), "id-at-locality", "Locality" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_LOCALITY, "id-at-locality", "Locality" ), "L", }, { - { ADD_LEN( MBEDTLS_OID_AT_STATE ), "id-at-state", "State" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_STATE, "id-at-state", "State" ), "ST", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORGANIZATION ),"id-at-organizationName", "Organization" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_ORGANIZATION,"id-at-organizationName", "Organization" ), "O", }, { - { ADD_LEN( MBEDTLS_OID_AT_ORG_UNIT ), "id-at-organizationalUnitName", "Org Unit" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_ORG_UNIT, "id-at-organizationalUnitName", "Org Unit" ), "OU", }, { - { ADD_LEN( MBEDTLS_OID_PKCS9_EMAIL ), "emailAddress", "E-mail address" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS9_EMAIL, "emailAddress", "E-mail address" ), "emailAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_SERIAL_NUMBER ),"id-at-serialNumber", "Serial number" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_SERIAL_NUMBER,"id-at-serialNumber", "Serial number" ), "serialNumber", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_ADDRESS ),"id-at-postalAddress", "Postal address" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_ADDRESS,"id-at-postalAddress", "Postal address" ), "postalAddress", }, { - { ADD_LEN( MBEDTLS_OID_AT_POSTAL_CODE ), "id-at-postalCode", "Postal code" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_POSTAL_CODE, "id-at-postalCode", "Postal code" ), "postalCode", }, { - { ADD_LEN( MBEDTLS_OID_AT_SUR_NAME ), "id-at-surName", "Surname" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_SUR_NAME, "id-at-surName", "Surname" ), "SN", }, { - { ADD_LEN( MBEDTLS_OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_GIVEN_NAME, "id-at-givenName", "Given name" ), "GN", }, { - { ADD_LEN( MBEDTLS_OID_AT_INITIALS ), "id-at-initials", "Initials" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_INITIALS, "id-at-initials", "Initials" ), "initials", }, { - { ADD_LEN( MBEDTLS_OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_GENERATION_QUALIFIER, "id-at-generationQualifier", "Generation qualifier" ), "generationQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_TITLE ), "id-at-title", "Title" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_TITLE, "id-at-title", "Title" ), "title", }, { - { ADD_LEN( MBEDTLS_OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_DN_QUALIFIER,"id-at-dnQualifier", "Distinguished Name qualifier" ), "dnQualifier", }, { - { ADD_LEN( MBEDTLS_OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_PSEUDONYM, "id-at-pseudonym", "Pseudonym" ), "pseudonym", }, { - { ADD_LEN( MBEDTLS_OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" }, + OID_DESCRIPTOR( MBEDTLS_OID_DOMAIN_COMPONENT, "id-domainComponent", "Domain component" ), "DC", }, { - { ADD_LEN( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER ), "id-at-uniqueIdentifier", "Unique Identifier" }, + OID_DESCRIPTOR( MBEDTLS_OID_AT_UNIQUE_IDENTIFIER, "id-at-uniqueIdentifier", "Unique Identifier" ), "uniqueIdentifier", }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, NULL, } }; @@ -252,31 +265,31 @@ typedef struct { static const oid_x509_ext_t oid_x509_ext[] = { { - { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, + OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ), MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, }, { - { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, + OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ), MBEDTLS_OID_X509_EXT_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_EXTENDED_KEY_USAGE ), "id-ce-extKeyUsage", "Extended Key Usage" }, + OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ), MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, }, { - { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, + OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ), MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, }, { - { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, + OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ), MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, }, { - { ADD_LEN( MBEDTLS_OID_CERTIFICATE_POLICIES ), "id-ce-certificatePolicies", "Certificate Policies" }, + OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ), MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, 0, }, }; @@ -284,16 +297,17 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) +#if defined(MBEDTLS_X509_INFO) static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { - { ADD_LEN( MBEDTLS_OID_SERVER_AUTH ), "id-kp-serverAuth", "TLS Web Server Authentication" }, - { ADD_LEN( MBEDTLS_OID_CLIENT_AUTH ), "id-kp-clientAuth", "TLS Web Client Authentication" }, - { ADD_LEN( MBEDTLS_OID_CODE_SIGNING ), "id-kp-codeSigning", "Code Signing" }, - { ADD_LEN( MBEDTLS_OID_EMAIL_PROTECTION ), "id-kp-emailProtection", "E-mail Protection" }, - { ADD_LEN( MBEDTLS_OID_TIME_STAMPING ), "id-kp-timeStamping", "Time Stamping" }, - { ADD_LEN( MBEDTLS_OID_OCSP_SIGNING ), "id-kp-OCSPSigning", "OCSP Signing" }, - { ADD_LEN( MBEDTLS_OID_WISUN_FAN ), "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" }, - { NULL, 0, NULL, NULL }, + OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" ), + OID_DESCRIPTOR( MBEDTLS_OID_CLIENT_AUTH, "id-kp-clientAuth", "TLS Web Client Authentication" ), + OID_DESCRIPTOR( MBEDTLS_OID_CODE_SIGNING, "id-kp-codeSigning", "Code Signing" ), + OID_DESCRIPTOR( MBEDTLS_OID_EMAIL_PROTECTION, "id-kp-emailProtection", "E-mail Protection" ), + OID_DESCRIPTOR( MBEDTLS_OID_TIME_STAMPING, "id-kp-timeStamping", "Time Stamping" ), + OID_DESCRIPTOR( MBEDTLS_OID_OCSP_SIGNING, "id-kp-OCSPSigning", "OCSP Signing" ), + OID_DESCRIPTOR( MBEDTLS_OID_WISUN_FAN, "id-kp-wisun-fan-device", "Wi-SUN Alliance Field Area Network (FAN)" ), + NULL_OID_DESCRIPTOR, }; FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, ext_key_usage, oid_ext_key_usage) @@ -301,12 +315,13 @@ FN_OID_GET_ATTR1(mbedtls_oid_get_extended_key_usage, mbedtls_oid_descriptor_t, e static const mbedtls_oid_descriptor_t oid_certificate_policies[] = { - { ADD_LEN( MBEDTLS_OID_ANY_POLICY ), "anyPolicy", "Any Policy" }, - { NULL, 0, NULL, NULL }, + OID_DESCRIPTOR( MBEDTLS_OID_ANY_POLICY, "anyPolicy", "Any Policy" ), + NULL_OID_DESCRIPTOR, }; FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description) +#endif /* MBEDTLS_X509_INFO */ #if defined(MBEDTLS_MD_C) /* @@ -323,51 +338,51 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(MBEDTLS_RSA_C) #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD2 ), "md2WithRSAEncryption", "RSA with MD2" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD2, "md2WithRSAEncryption", "RSA with MD2" ), MBEDTLS_MD_MD2, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD4 ), "md4WithRSAEncryption", "RSA with MD4" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD4, "md4WithRSAEncryption", "RSA with MD4" ), MBEDTLS_MD_MD4, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_MD5 ), "md5WithRSAEncryption", "RSA with MD5" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_MD5, "md5WithRSAEncryption", "RSA with MD5" ), MBEDTLS_MD_MD5, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA1 ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA1, "sha-1WithRSAEncryption", "RSA with SHA1" ), MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA224 ), "sha224WithRSAEncryption", "RSA with SHA-224" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA224, "sha224WithRSAEncryption", "RSA with SHA-224" ), MBEDTLS_MD_SHA224, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA256 ), "sha256WithRSAEncryption", "RSA with SHA-256" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA256, "sha256WithRSAEncryption", "RSA with SHA-256" ), MBEDTLS_MD_SHA256, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA384 ), "sha384WithRSAEncryption", "RSA with SHA-384" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA384, "sha384WithRSAEncryption", "RSA with SHA-384" ), MBEDTLS_MD_SHA384, MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_PKCS1_SHA512 ), "sha512WithRSAEncryption", "RSA with SHA-512" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_SHA512, "sha512WithRSAEncryption", "RSA with SHA-512" ), MBEDTLS_MD_SHA512, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_RSA_SHA_OBS ), "sha-1WithRSAEncryption", "RSA with SHA1" }, + OID_DESCRIPTOR( MBEDTLS_OID_RSA_SHA_OBS, "sha-1WithRSAEncryption", "RSA with SHA1" ), MBEDTLS_MD_SHA1, MBEDTLS_PK_RSA, }, #endif /* MBEDTLS_SHA1_C */ @@ -375,45 +390,49 @@ static const oid_sig_alg_t oid_sig_alg[] = #if defined(MBEDTLS_ECDSA_C) #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA1 ), "ecdsa-with-SHA1", "ECDSA with SHA1" }, + OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA1, "ecdsa-with-SHA1", "ECDSA with SHA1" ), MBEDTLS_MD_SHA1, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA224 ), "ecdsa-with-SHA224", "ECDSA with SHA224" }, + OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA224, "ecdsa-with-SHA224", "ECDSA with SHA224" ), MBEDTLS_MD_SHA224, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA256 ), "ecdsa-with-SHA256", "ECDSA with SHA256" }, + OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA256, "ecdsa-with-SHA256", "ECDSA with SHA256" ), MBEDTLS_MD_SHA256, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA384 ), "ecdsa-with-SHA384", "ECDSA with SHA384" }, + OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA384, "ecdsa-with-SHA384", "ECDSA with SHA384" ), MBEDTLS_MD_SHA384, MBEDTLS_PK_ECDSA, }, { - { ADD_LEN( MBEDTLS_OID_ECDSA_SHA512 ), "ecdsa-with-SHA512", "ECDSA with SHA512" }, + OID_DESCRIPTOR( MBEDTLS_OID_ECDSA_SHA512, "ecdsa-with-SHA512", "ECDSA with SHA512" ), MBEDTLS_MD_SHA512, MBEDTLS_PK_ECDSA, }, #endif /* MBEDTLS_SHA512_C */ #endif /* MBEDTLS_ECDSA_C */ #if defined(MBEDTLS_RSA_C) { - { ADD_LEN( MBEDTLS_OID_RSASSA_PSS ), "RSASSA-PSS", "RSASSA-PSS" }, + OID_DESCRIPTOR( MBEDTLS_OID_RSASSA_PSS, "RSASSA-PSS", "RSASSA-PSS" ), MBEDTLS_MD_NONE, MBEDTLS_PK_RSASSA_PSS, }, #endif /* MBEDTLS_RSA_C */ { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, MBEDTLS_PK_NONE, }, }; FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) + +#if defined(MBEDTLS_X509_INFO) FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) +#endif + FN_OID_GET_ATTR2(mbedtls_oid_get_sig_alg, oid_sig_alg_t, sig_alg, mbedtls_md_type_t, md_alg, mbedtls_pk_type_t, pk_alg) FN_OID_GET_OID_BY_ATTR2(mbedtls_oid_get_oid_by_sig_alg, oid_sig_alg_t, oid_sig_alg, mbedtls_pk_type_t, pk_alg, mbedtls_md_type_t, md_alg) #endif /* MBEDTLS_MD_C */ @@ -429,19 +448,19 @@ typedef struct { static const oid_pk_alg_t oid_pk_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS1_RSA ), "rsaEncryption", "RSA" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ), MBEDTLS_PK_RSA, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_UNRESTRICTED ), "id-ecPublicKey", "Generic EC key" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ), MBEDTLS_PK_ECKEY, }, { - { ADD_LEN( MBEDTLS_OID_EC_ALG_ECDH ), "id-ecDH", "EC key for ECDH" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ), MBEDTLS_PK_ECKEY_DH, }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_PK_NONE, }, }; @@ -463,72 +482,72 @@ static const oid_ecp_grp_t oid_ecp_grp[] = { #if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192R1 ), "secp192r1", "secp192r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192R1, "secp192r1", "secp192r1" ), MBEDTLS_ECP_DP_SECP192R1, }, #endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224R1 ), "secp224r1", "secp224r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224R1, "secp224r1", "secp224r1" ), MBEDTLS_ECP_DP_SECP224R1, }, #endif /* MBEDTLS_ECP_DP_SECP224R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256R1 ), "secp256r1", "secp256r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256R1, "secp256r1", "secp256r1" ), MBEDTLS_ECP_DP_SECP256R1, }, #endif /* MBEDTLS_ECP_DP_SECP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP384R1 ), "secp384r1", "secp384r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP384R1, "secp384r1", "secp384r1" ), MBEDTLS_ECP_DP_SECP384R1, }, #endif /* MBEDTLS_ECP_DP_SECP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP521R1 ), "secp521r1", "secp521r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP521R1, "secp521r1", "secp521r1" ), MBEDTLS_ECP_DP_SECP521R1, }, #endif /* MBEDTLS_ECP_DP_SECP521R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP192K1 ), "secp192k1", "secp192k1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP192K1, "secp192k1", "secp192k1" ), MBEDTLS_ECP_DP_SECP192K1, }, #endif /* MBEDTLS_ECP_DP_SECP192K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP224K1 ), "secp224k1", "secp224k1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP224K1, "secp224k1", "secp224k1" ), MBEDTLS_ECP_DP_SECP224K1, }, #endif /* MBEDTLS_ECP_DP_SECP224K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_SECP256K1 ), "secp256k1", "secp256k1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_SECP256K1, "secp256k1", "secp256k1" ), MBEDTLS_ECP_DP_SECP256K1, }, #endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP256R1 ), "brainpoolP256r1","brainpool256r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP256R1, "brainpoolP256r1","brainpool256r1" ), MBEDTLS_ECP_DP_BP256R1, }, #endif /* MBEDTLS_ECP_DP_BP256R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP384R1 ), "brainpoolP384r1","brainpool384r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP384R1, "brainpoolP384r1","brainpool384r1" ), MBEDTLS_ECP_DP_BP384R1, }, #endif /* MBEDTLS_ECP_DP_BP384R1_ENABLED */ #if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED) { - { ADD_LEN( MBEDTLS_OID_EC_GRP_BP512R1 ), "brainpoolP512r1","brainpool512r1" }, + OID_DESCRIPTOR( MBEDTLS_OID_EC_GRP_BP512R1, "brainpoolP512r1","brainpool512r1" ), MBEDTLS_ECP_DP_BP512R1, }, #endif /* MBEDTLS_ECP_DP_BP512R1_ENABLED */ { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_ECP_DP_NONE, }, }; @@ -550,15 +569,15 @@ typedef struct { static const oid_cipher_alg_t oid_cipher_alg[] = { { - { ADD_LEN( MBEDTLS_OID_DES_CBC ), "desCBC", "DES-CBC" }, + OID_DESCRIPTOR( MBEDTLS_OID_DES_CBC, "desCBC", "DES-CBC" ), MBEDTLS_CIPHER_DES_CBC, }, { - { ADD_LEN( MBEDTLS_OID_DES_EDE3_CBC ), "des-ede3-cbc", "DES-EDE3-CBC" }, + OID_DESCRIPTOR( MBEDTLS_OID_DES_EDE3_CBC, "des-ede3-cbc", "DES-EDE3-CBC" ), MBEDTLS_CIPHER_DES_EDE3_CBC, }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_CIPHER_NONE, }, }; @@ -580,56 +599,56 @@ static const oid_md_alg_t oid_md_alg[] = { #if defined(MBEDTLS_MD2_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD2 ), "id-md2", "MD2" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD2, "id-md2", "MD2" ), MBEDTLS_MD_MD2, }, #endif /* MBEDTLS_MD2_C */ #if defined(MBEDTLS_MD4_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD4 ), "id-md4", "MD4" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD4, "id-md4", "MD4" ), MBEDTLS_MD_MD4, }, #endif /* MBEDTLS_MD4_C */ #if defined(MBEDTLS_MD5_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_MD5 ), "id-md5", "MD5" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_MD5, "id-md5", "MD5" ), MBEDTLS_MD_MD5, }, #endif /* MBEDTLS_MD5_C */ #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA1 ), "id-sha1", "SHA-1" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA1, "id-sha1", "SHA-1" ), MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA224 ), "id-sha224", "SHA-224" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA224, "id-sha224", "SHA-224" ), MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA256 ), "id-sha256", "SHA-256" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA256, "id-sha256", "SHA-256" ), MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA384 ), "id-sha384", "SHA-384" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA384, "id-sha384", "SHA-384" ), MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_SHA512 ), "id-sha512", "SHA-512" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_SHA512, "id-sha512", "SHA-512" ), MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ #if defined(MBEDTLS_RIPEMD160_C) { - { ADD_LEN( MBEDTLS_OID_DIGEST_ALG_RIPEMD160 ), "id-ripemd160", "RIPEMD-160" }, + OID_DESCRIPTOR( MBEDTLS_OID_DIGEST_ALG_RIPEMD160, "id-ripemd160", "RIPEMD-160" ), MBEDTLS_MD_RIPEMD160, }, #endif /* MBEDTLS_RIPEMD160_C */ { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, }, }; @@ -650,32 +669,32 @@ static const oid_md_hmac_t oid_md_hmac[] = { #if defined(MBEDTLS_SHA1_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA1 ), "hmacSHA1", "HMAC-SHA-1" }, + OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA1, "hmacSHA1", "HMAC-SHA-1" ), MBEDTLS_MD_SHA1, }, #endif /* MBEDTLS_SHA1_C */ #if defined(MBEDTLS_SHA256_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA224 ), "hmacSHA224", "HMAC-SHA-224" }, + OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA224, "hmacSHA224", "HMAC-SHA-224" ), MBEDTLS_MD_SHA224, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA256 ), "hmacSHA256", "HMAC-SHA-256" }, + OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA256, "hmacSHA256", "HMAC-SHA-256" ), MBEDTLS_MD_SHA256, }, #endif /* MBEDTLS_SHA256_C */ #if defined(MBEDTLS_SHA512_C) { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA384 ), "hmacSHA384", "HMAC-SHA-384" }, + OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA384, "hmacSHA384", "HMAC-SHA-384" ), MBEDTLS_MD_SHA384, }, { - { ADD_LEN( MBEDTLS_OID_HMAC_SHA512 ), "hmacSHA512", "HMAC-SHA-512" }, + OID_DESCRIPTOR( MBEDTLS_OID_HMAC_SHA512, "hmacSHA512", "HMAC-SHA-512" ), MBEDTLS_MD_SHA512, }, #endif /* MBEDTLS_SHA512_C */ { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, }, }; @@ -697,15 +716,15 @@ typedef struct { static const oid_pkcs12_pbe_alg_t oid_pkcs12_pbe_alg[] = { { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC ), "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES3_EDE_CBC, "pbeWithSHAAnd3-KeyTripleDES-CBC", "PBE with SHA1 and 3-Key 3DES" ), MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE3_CBC, }, { - { ADD_LEN( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC ), "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" }, + OID_DESCRIPTOR( MBEDTLS_OID_PKCS12_PBE_SHA1_DES2_EDE_CBC, "pbeWithSHAAnd2-KeyTripleDES-CBC", "PBE with SHA1 and 2-Key 3DES" ), MBEDTLS_MD_SHA1, MBEDTLS_CIPHER_DES_EDE_CBC, }, { - { NULL, 0, NULL, NULL }, + NULL_OID_DESCRIPTOR, MBEDTLS_MD_NONE, MBEDTLS_CIPHER_NONE, }, }; diff --git a/library/version_features.c b/library/version_features.c index 7af2474fe..a937d1423 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -597,6 +597,9 @@ static const char * const features[] = { #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ +#if defined(MBEDTLS_X509_INFO) + "MBEDTLS_X509_INFO", +#endif /* MBEDTLS_X509_INFO */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) "MBEDTLS_X509_RSASSA_PSS_SUPPORT", #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ diff --git a/library/x509.c b/library/x509.c index f0a9101e5..0cfcc5357 100644 --- a/library/x509.c +++ b/library/x509.c @@ -831,6 +831,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se return( (int) ( size - n ) ); } +#if defined(MBEDTLS_X509_INFO) /* * Helper for writing signature algorithms */ @@ -875,6 +876,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s return( (int)( size - n ) ); } +#endif /* MBEDTLS_X509_INFO */ /* * Helper for writing "RSA key size", "EC key size", etc diff --git a/library/x509_crl.c b/library/x509_crl.c index edeb39b02..4c898c931 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -614,6 +614,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) } #endif /* MBEDTLS_FS_IO */ +#if defined(MBEDTLS_X509_INFO) /* * Return an informational string about the certificate. */ @@ -693,6 +694,7 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } +#endif /* MBEDTLS_X509_INFO */ /* * Initialize a CRL chain diff --git a/library/x509_crt.c b/library/x509_crt.c index 783f3ba5c..51330e9d7 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -1763,6 +1763,57 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, return( 0 ); } +int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, + mbedtls_x509_subject_alternative_name *san ) +{ + int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; + switch( san_buf->tag & + ( MBEDTLS_ASN1_TAG_CLASS_MASK | + MBEDTLS_ASN1_TAG_VALUE_MASK ) ) + { + /* + * otherName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): + { + mbedtls_x509_san_other_name other_name; + + ret = x509_get_other_name( san_buf, &other_name ); + if( ret != 0 ) + return( ret ); + + memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + san->type = MBEDTLS_X509_SAN_OTHER_NAME; + memcpy( &san->san.other_name, + &other_name, sizeof( other_name ) ); + + } + break; + + /* + * dNSName + */ + case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): + { + memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); + san->type = MBEDTLS_X509_SAN_DNS_NAME; + + memcpy( &san->san.unstructured_name, + san_buf, sizeof( *san_buf ) ); + + } + break; + + /* + * Type not supported + */ + default: + return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); + } + return( 0 ); +} + +#if !defined(MBEDTLS_X509_REMOVE_INFO) static int x509_info_subject_alt_name( char **buf, size_t *size, const mbedtls_x509_sequence *subject_alt_name, @@ -1876,56 +1927,6 @@ static int x509_info_subject_alt_name( char **buf, size_t *size, return( 0 ); } -int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, - mbedtls_x509_subject_alternative_name *san ) -{ - int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; - switch( san_buf->tag & - ( MBEDTLS_ASN1_TAG_CLASS_MASK | - MBEDTLS_ASN1_TAG_VALUE_MASK ) ) - { - /* - * otherName - */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_OTHER_NAME ): - { - mbedtls_x509_san_other_name other_name; - - ret = x509_get_other_name( san_buf, &other_name ); - if( ret != 0 ) - return( ret ); - - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); - san->type = MBEDTLS_X509_SAN_OTHER_NAME; - memcpy( &san->san.other_name, - &other_name, sizeof( other_name ) ); - - } - break; - - /* - * dNSName - */ - case( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_X509_SAN_DNS_NAME ): - { - memset( san, 0, sizeof( mbedtls_x509_subject_alternative_name ) ); - san->type = MBEDTLS_X509_SAN_DNS_NAME; - - memcpy( &san->san.unstructured_name, - san_buf, sizeof( *san_buf ) ); - - } - break; - - /* - * Type not supported - */ - default: - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE ); - } - return( 0 ); -} - #define PRINT_ITEM(i) \ { \ ret = mbedtls_snprintf( p, n, "%s" i, sep ); \ @@ -2250,6 +2251,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } +#endif /* MBEDTLS_X509_INFO */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, diff --git a/library/x509_csr.c b/library/x509_csr.c index 5463f8a9e..0a5d2cb27 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -323,6 +323,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) } #endif /* MBEDTLS_FS_IO */ +#if defined(MBEDTLS_X509_INFO) #define BEFORE_COLON 14 #define BC "14" /* @@ -367,6 +368,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } +#endif /* MBEDTLS_X509_INFO */ /* * Initialize a CSR diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index acaae599f..d8353a98d 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -241,13 +241,17 @@ int main( int argc, char *argv[] ) * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { +#if defined(MBEDTLS_X509_INFO) char vrfy_buf[512]; +#endif mbedtls_printf( " failed\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); +#endif } else mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index 2c1688721..eea3c9bd9 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -216,13 +216,17 @@ int main( void ) /* In real life, we probably want to bail out when ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { +#if defined(MBEDTLS_X509_INFO) char vrfy_buf[512]; +#endif mbedtls_printf( " failed\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); +#endif } else mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 10fc332aa..bf260c38d 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -529,9 +529,12 @@ static unsigned char peer_crt_info[1024]; static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) { +#if defined(MBEDTLS_X509_INFO) char buf[1024]; +#endif ((void) data); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); if( depth == 0 ) memcpy( peer_crt_info, buf, sizeof( buf ) ); @@ -541,13 +544,19 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth ); mbedtls_printf( "%s", buf ); +#else + ((void) crt); + ((void) depth); +#endif if ( ( *flags ) == 0 ) mbedtls_printf( " This certificate has no flags\n" ); else { +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags ); mbedtls_printf( "%s\n", buf ); +#endif } return( 0 ); @@ -2275,14 +2284,18 @@ int main( int argc, char *argv[] ) if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { +#if defined(MBEDTLS_X509_INFO) char vrfy_buf[512]; +#endif mbedtls_printf( " failed\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); +#endif } else mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 0392a4646..7990376d1 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -208,21 +208,27 @@ static int do_handshake( mbedtls_ssl_context *ssl ) /* In real life, we probably want to bail out when ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 ) { +#if defined(MBEDTLS_X509_INFO) char vrfy_buf[512]; +#endif mbedtls_printf( " failed\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); +#endif } else mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", mbedtls_ssl_get_peer_cert( ssl ) ); mbedtls_printf( "%s\n", buf ); +#endif return( 0 ); } diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 2bb34334c..6d1ef6cb3 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3134,7 +3134,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) { char vrfy_buf[512]; @@ -3188,17 +3188,22 @@ handshake: if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { +#if defined(MBEDTLS_X509_INFO) char vrfy_buf[512]; +#endif mbedtls_printf( " failed\n" ); +#if defined(MBEDTLS_X509_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); +#endif } else mbedtls_printf( " ok\n" ); +#if defined(MBEDTLS_X509_INFO) if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL ) { char crt_buf[512]; @@ -3208,6 +3213,7 @@ handshake: mbedtls_ssl_get_peer_cert( &ssl ) ); mbedtls_printf( "%s\n", crt_buf ); } +#endif /* MBEDTLS_X509_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 05b3df824..98ea30e54 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1643,6 +1643,14 @@ int query_config( const char *config ) } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ +#if defined(MBEDTLS_X509_INFO) + if( strcmp( "MBEDTLS_X509_INFO", config ) == 0 ) + { + MACRO_EXPANSION_TO_STR( MBEDTLS_X509_INFO ); + return( 0 ); + } +#endif /* MBEDTLS_X509_INFO */ + #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) { diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 89b25a832..765a82e4f 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -41,14 +41,14 @@ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_X509_INFO) || !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_CTR_DRBG_C not defined.\n"); + "MBEDTLS_X509_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index ffb539fdb..8502812b5 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -35,11 +35,13 @@ #endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_X509_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_X509_INFO not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 0256a7636..df1dba80f 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -35,11 +35,13 @@ #endif /* MBEDTLS_PLATFORM_C */ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ - !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) + !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ + !defined(MBEDTLS_X509_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined.\n"); + "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or " + "MBEDTLS_X509_INFO not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index eb99b7911..bb34b2d72 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -38,11 +38,11 @@ Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index 377d630d9..c8fbd048a 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -131,7 +131,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ void mbedtls_debug_print_crt( char * crt_file, char * file, int line, char * prefix, char * result_str ) { diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 9e8d43739..8c42d70be 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_OID_C + * depends_on:MBEDTLS_OID_C:MBEDTLS_X509_INFO * END_DEPENDENCIES */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 0cc1d3fd6..32d26c067 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -203,79 +203,79 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_parse_san:"data_files/server5-unsupported_othername.crt":"" X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" X509 CRL Information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) @@ -291,71 +291,71 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 X509 CSR Information RSA with MD4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA224 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA256 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA384 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA512 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384 +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA with SHA-256 - Microsoft header @@ -2131,7 +2131,7 @@ x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b060355040 # 03020001 signatureValue BIT STRING # The subsequent TBSCertList negative tests remove or modify some elements. X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (TBSCertList, signatureValue missing) @@ -2167,7 +2167,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (invalid version 2) @@ -2197,7 +2197,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 X509 CRT parse path #2 (one cert) @@ -2536,7 +2536,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1) x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 46d97240d..4006c9c7e 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -398,6 +398,7 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf * END_DEPENDENCIES */ + /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_parse_san( char * crt_file, char * result_str ) { @@ -438,7 +439,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_INFO:MBEDTLS_X509_CRT_PARSE_C */ void x509_cert_info( char * crt_file, char * result_str ) { mbedtls_x509_crt crt; @@ -461,7 +462,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */ void mbedtls_x509_crl_info( char * crl_file, char * result_str ) { mbedtls_x509_crl crl; @@ -500,7 +501,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */ void mbedtls_x509_csr_info( char * csr_file, char * result_str ) { mbedtls_x509_csr csr; @@ -523,7 +524,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ void x509_verify_info( int flags, char * prefix, char * result_str ) { char buf[2000]; @@ -738,7 +739,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str ) { mbedtls_x509_crt crt; @@ -826,30 +827,37 @@ exit: void x509parse_crt( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; +#if defined(MBEDTLS_X509_INFO) unsigned char output[2000]; int res; +#endif mbedtls_x509_crt_init( &crt ); - memset( output, 0, 2000 ); TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) ); +#if defined(MBEDTLS_X509_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); - TEST_ASSERT( res != -1 ); TEST_ASSERT( res != -2 ); TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } +#endif mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); +#if defined(MBEDTLS_X509_INFO) memset( output, 0, 2000 ); +#endif TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) ); +#if defined(MBEDTLS_X509_INFO) if( ( result ) == 0 ) { + memset( output, 0, 2000 ); + res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); TEST_ASSERT( res != -1 ); @@ -857,6 +865,9 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } +#else + ((void)result_str); +#endif mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); @@ -939,7 +950,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */ void x509parse_crl( data_t * buf, char * result_str, int result ) { mbedtls_x509_crl crl; @@ -966,7 +977,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */ void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret ) { mbedtls_x509_csr csr; @@ -1099,7 +1110,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:MBEDTLS_X509_INFO */ void x509_oid_desc( data_t * buf, char * ref_desc ) { mbedtls_x509_buf oid; From 612a2f1504d13c8a4a4a2fe199c77edc28126860 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 09:19:39 +0100 Subject: [PATCH 02/19] Rename MBEDTLS_X509_INFO to !MBEDTLS_X509_REMOVE_INFO The introduction of positive options to control the presence of pre-existing functionality breaks the build for users of handwritten configurations. Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 4 +- include/mbedtls/debug.h | 6 +- include/mbedtls/oid.h | 4 +- include/mbedtls/x509.h | 2 +- include/mbedtls/x509_crl.h | 2 +- include/mbedtls/x509_crt.h | 4 +- include/mbedtls/x509_csr.h | 2 +- library/debug.c | 4 +- library/oid.c | 12 ++-- library/version_features.c | 6 +- library/x509.c | 4 +- library/x509_crl.c | 4 +- library/x509_crt.c | 2 +- library/x509_csr.c | 4 +- programs/ssl/dtls_client.c | 4 +- programs/ssl/ssl_client1.c | 4 +- programs/ssl/ssl_client2.c | 10 +-- programs/ssl/ssl_mail_client.c | 6 +- programs/ssl/ssl_server2.c | 10 +-- programs/test/query_config.c | 8 +-- programs/x509/cert_app.c | 4 +- programs/x509/crl_app.c | 4 +- programs/x509/req_app.c | 4 +- tests/suites/test_suite_debug.data | 4 +- tests/suites/test_suite_debug.function | 2 +- tests/suites/test_suite_oid.function | 2 +- tests/suites/test_suite_x509parse.data | 78 +++++++++++----------- tests/suites/test_suite_x509parse.function | 24 +++---- 28 files changed, 112 insertions(+), 112 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index f609435d7..462a0fa2d 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2144,7 +2144,7 @@ #define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE /** - * \def MBEDTLS_X509_INFO + * \def MBEDTLS_X509_REMOVE_INFO * * Enable mbedtls_x509_*_info() and related APIs. * @@ -2152,7 +2152,7 @@ * and other functions/constants only used by these functions, thus reducing * the code footprint by several KB. */ -#define MBEDTLS_X509_INFO +//#define MBEDTLS_X509_REMOVE_INFO /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/include/mbedtls/debug.h b/include/mbedtls/debug.h index a4d6a7e81..c8d4403d8 100644 --- a/include/mbedtls/debug.h +++ b/include/mbedtls/debug.h @@ -59,12 +59,12 @@ #endif #if defined(MBEDTLS_X509_CRT_PARSE_C) -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) #define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) \ mbedtls_debug_print_crt( ssl, level, __FILE__, __LINE__, text, crt ) #else #define MBEDTLS_SSL_DEBUG_CRT( level, text, crt ) do { } while( 0 ) -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_ECDH_C) @@ -252,7 +252,7 @@ void mbedtls_debug_print_ecp( const mbedtls_ssl_context *ssl, int level, const char *text, const mbedtls_ecp_point *X ); #endif -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Print a X.509 certificate structure to the debug output. This * function is always used through the MBEDTLS_SSL_DEBUG_CRT() macro, diff --git a/include/mbedtls/oid.h b/include/mbedtls/oid.h index 89b5fe87f..4198eb107 100644 --- a/include/mbedtls/oid.h +++ b/include/mbedtls/oid.h @@ -441,7 +441,7 @@ typedef struct mbedtls_oid_descriptor_t { const char *asn1; /*!< OID ASN.1 representation */ size_t asn1_len; /*!< length of asn1 */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) const char *name; /*!< official name (e.g. from RFC) */ const char *description; /*!< human friendly description */ #endif @@ -584,7 +584,7 @@ int mbedtls_oid_get_md_alg( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_a int mbedtls_oid_get_md_hmac( const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_hmac ); #endif /* MBEDTLS_MD_C */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Translate Extended Key Usage OID into description * diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h index 44f2ed02d..3091de1d1 100644 --- a/include/mbedtls/x509.h +++ b/include/mbedtls/x509.h @@ -316,7 +316,7 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *serial ); int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *ext, int tag ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *sig_oid, mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg, const void *sig_opts ); diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index fb1de79f1..f89547c25 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -134,7 +134,7 @@ int mbedtls_x509_crl_parse( mbedtls_x509_crl *chain, const unsigned char *buf, s int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the CRL. * diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index fc3ea8eb4..433c3b734 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -510,7 +510,7 @@ int mbedtls_x509_crt_parse_path( mbedtls_x509_crt *chain, const char *path ); int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, mbedtls_x509_subject_alternative_name *san ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the * certificate. @@ -527,7 +527,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ); #endif -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the * verification status of a certificate. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index b9e5b93fb..9f3cae255 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -121,7 +121,7 @@ int mbedtls_x509_csr_parse( mbedtls_x509_csr *csr, const unsigned char *buf, siz int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the * CSR. diff --git a/library/debug.c b/library/debug.c index fcd67dbe5..4be2cba19 100644 --- a/library/debug.c +++ b/library/debug.c @@ -284,7 +284,7 @@ void mbedtls_debug_print_mpi( const mbedtls_ssl_context *ssl, int level, } #endif /* MBEDTLS_BIGNUM_C */ -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) static void debug_print_pk( const mbedtls_ssl_context *ssl, int level, const char *file, int line, const char *text, const mbedtls_pk_context *pk ) @@ -379,7 +379,7 @@ void mbedtls_debug_print_crt( const mbedtls_ssl_context *ssl, int level, crt = crt->next; } } -#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C && MBEDTLS_X509_REMOVE_INFO */ #if defined(MBEDTLS_ECDH_C) static void mbedtls_debug_printf_ecdh_internal( const mbedtls_ssl_context *ssl, diff --git a/library/oid.c b/library/oid.c index d8cbfb460..c03d0d5c6 100644 --- a/library/oid.c +++ b/library/oid.c @@ -44,7 +44,7 @@ /* * Macro to generate mbedtls_oid_descriptor_t */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) #define OID_DESCRIPTOR(s, name, description) { ADD_LEN(s), name, description } #define NULL_OID_DESCRIPTOR { NULL, 0, NULL, NULL } #else @@ -75,7 +75,7 @@ return( NULL ); \ } -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /* * Macro to generate a function for retrieving a single attribute from the * descriptor of an mbedtls_oid_descriptor_t wrapper. @@ -88,7 +88,7 @@ int FN_NAME( const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1 ) *ATTR1 = data->descriptor.ATTR1; \ return( 0 ); \ } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ /* * Macro to generate a function for retrieving a single attribute from an @@ -297,7 +297,7 @@ static const oid_x509_ext_t oid_x509_ext[] = FN_OID_TYPED_FROM_ASN1(oid_x509_ext_t, x509_ext, oid_x509_ext) FN_OID_GET_ATTR1(mbedtls_oid_get_x509_ext_type, oid_x509_ext_t, x509_ext, int, ext_type) -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) static const mbedtls_oid_descriptor_t oid_ext_key_usage[] = { OID_DESCRIPTOR( MBEDTLS_OID_SERVER_AUTH, "id-kp-serverAuth", "TLS Web Server Authentication" ), @@ -321,7 +321,7 @@ static const mbedtls_oid_descriptor_t oid_certificate_policies[] = FN_OID_TYPED_FROM_ASN1(mbedtls_oid_descriptor_t, certificate_policies, oid_certificate_policies) FN_OID_GET_ATTR1(mbedtls_oid_get_certificate_policies, mbedtls_oid_descriptor_t, certificate_policies, const char *, description) -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ #if defined(MBEDTLS_MD_C) /* @@ -429,7 +429,7 @@ static const oid_sig_alg_t oid_sig_alg[] = FN_OID_TYPED_FROM_ASN1(oid_sig_alg_t, sig_alg, oid_sig_alg) -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) FN_OID_GET_DESCRIPTOR_ATTR1(mbedtls_oid_get_sig_alg_desc, oid_sig_alg_t, sig_alg, const char *, description) #endif diff --git a/library/version_features.c b/library/version_features.c index a937d1423..5d114fbc4 100644 --- a/library/version_features.c +++ b/library/version_features.c @@ -597,9 +597,9 @@ static const char * const features[] = { #if defined(MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE) "MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE", #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ -#if defined(MBEDTLS_X509_INFO) - "MBEDTLS_X509_INFO", -#endif /* MBEDTLS_X509_INFO */ +#if defined(MBEDTLS_X509_REMOVE_INFO) + "MBEDTLS_X509_REMOVE_INFO", +#endif /* MBEDTLS_X509_REMOVE_INFO */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) "MBEDTLS_X509_RSASSA_PSS_SUPPORT", #endif /* MBEDTLS_X509_RSASSA_PSS_SUPPORT */ diff --git a/library/x509.c b/library/x509.c index 0cfcc5357..d63a4305d 100644 --- a/library/x509.c +++ b/library/x509.c @@ -831,7 +831,7 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se return( (int) ( size - n ) ); } -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /* * Helper for writing signature algorithms */ @@ -876,7 +876,7 @@ int mbedtls_x509_sig_alg_gets( char *buf, size_t size, const mbedtls_x509_buf *s return( (int)( size - n ) ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ /* * Helper for writing "RSA key size", "EC key size", etc diff --git a/library/x509_crl.c b/library/x509_crl.c index 4c898c931..dbaad7d51 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -614,7 +614,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ) } #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) /* * Return an informational string about the certificate. */ @@ -694,7 +694,7 @@ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ /* * Initialize a CRL chain diff --git a/library/x509_crt.c b/library/x509_crt.c index 51330e9d7..19c4f40f5 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2251,7 +2251,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ #if defined(MBEDTLS_X509_CHECK_KEY_USAGE) int mbedtls_x509_crt_check_key_usage( const mbedtls_x509_crt *crt, diff --git a/library/x509_csr.c b/library/x509_csr.c index 0a5d2cb27..b78c04277 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -323,7 +323,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ) } #endif /* MBEDTLS_FS_IO */ -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) #define BEFORE_COLON 14 #define BC "14" /* @@ -368,7 +368,7 @@ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ /* * Initialize a CSR diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c index d8353a98d..1e9779533 100644 --- a/programs/ssl/dtls_client.c +++ b/programs/ssl/dtls_client.c @@ -241,13 +241,13 @@ int main( int argc, char *argv[] ) * MBEDTLS_SSL_VERIFY_OPTIONAL, we would bail out here if ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; #endif mbedtls_printf( " failed\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c index eea3c9bd9..6624224af 100644 --- a/programs/ssl/ssl_client1.c +++ b/programs/ssl/ssl_client1.c @@ -216,13 +216,13 @@ int main( void ) /* In real life, we probably want to bail out when ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; #endif mbedtls_printf( " failed\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index bf260c38d..6e957f50b 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -529,12 +529,12 @@ static unsigned char peer_crt_info[1024]; static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char buf[1024]; #endif ((void) data); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); if( depth == 0 ) memcpy( peer_crt_info, buf, sizeof( buf ) ); @@ -553,7 +553,7 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, mbedtls_printf( " This certificate has no flags\n" ); else { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags ); mbedtls_printf( "%s\n", buf ); #endif @@ -2284,13 +2284,13 @@ int main( int argc, char *argv[] ) if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; #endif mbedtls_printf( " failed\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c index 7990376d1..428c64362 100644 --- a/programs/ssl/ssl_mail_client.c +++ b/programs/ssl/ssl_mail_client.c @@ -208,13 +208,13 @@ static int do_handshake( mbedtls_ssl_context *ssl ) /* In real life, we probably want to bail out when ret != 0 */ if( ( flags = mbedtls_ssl_get_verify_result( ssl ) ) != 0 ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; #endif mbedtls_printf( " failed\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); @@ -223,7 +223,7 @@ static int do_handshake( mbedtls_ssl_context *ssl ) else mbedtls_printf( " ok\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", mbedtls_ssl_get_peer_cert( ssl ) ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index 6d1ef6cb3..d3a4ed340 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -3134,7 +3134,7 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_X509_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) { char vrfy_buf[512]; @@ -3188,13 +3188,13 @@ handshake: if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; #endif mbedtls_printf( " failed\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); @@ -3203,7 +3203,7 @@ handshake: else mbedtls_printf( " ok\n" ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( mbedtls_ssl_get_peer_cert( &ssl ) != NULL ) { char crt_buf[512]; @@ -3213,7 +3213,7 @@ handshake: mbedtls_ssl_get_peer_cert( &ssl ) ); mbedtls_printf( "%s\n", crt_buf ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_EXPORT_KEYS) diff --git a/programs/test/query_config.c b/programs/test/query_config.c index 98ea30e54..0cd3b819c 100644 --- a/programs/test/query_config.c +++ b/programs/test/query_config.c @@ -1643,13 +1643,13 @@ int query_config( const char *config ) } #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ -#if defined(MBEDTLS_X509_INFO) - if( strcmp( "MBEDTLS_X509_INFO", config ) == 0 ) +#if defined(MBEDTLS_X509_REMOVE_INFO) + if( strcmp( "MBEDTLS_X509_REMOVE_INFO", config ) == 0 ) { - MACRO_EXPANSION_TO_STR( MBEDTLS_X509_INFO ); + MACRO_EXPANSION_TO_STR( MBEDTLS_X509_REMOVE_INFO ); return( 0 ); } -#endif /* MBEDTLS_X509_INFO */ +#endif /* MBEDTLS_X509_REMOVE_INFO */ #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( strcmp( "MBEDTLS_X509_RSASSA_PSS_SUPPORT", config ) == 0 ) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 765a82e4f..531947498 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -41,14 +41,14 @@ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_X509_INFO) || !defined(MBEDTLS_CTR_DRBG_C) + !!defined(MBEDTLS_X509_REMOVE_INFO) || !defined(MBEDTLS_CTR_DRBG_C) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); + "MBEDTLS_X509_REMOVE_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 8502812b5..029bdd361 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -36,12 +36,12 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_X509_INFO) + !!defined(MBEDTLS_X509_REMOVE_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_INFO not defined.\n"); + "MBEDTLS_X509_REMOVE_INFO not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index df1dba80f..351dd16ae 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -36,12 +36,12 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !defined(MBEDTLS_X509_INFO) + !!defined(MBEDTLS_X509_REMOVE_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_INFO not defined.\n"); + "MBEDTLS_X509_REMOVE_INFO not defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data index bb34b2d72..0935c1244 100644 --- a/tests/suites/test_suite_debug.data +++ b/tests/suites/test_suite_debug.data @@ -38,11 +38,11 @@ Debug print buffer #5 mbedtls_debug_print_buf:"MyFile":999:"Test return value":"000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30":"MyFile(0999)\: dumping 'Test return value' (49 bytes)\nMyFile(0999)\: 0000\: 00 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ................\nMyFile(0999)\: 0010\: 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f ................\nMyFile(0999)\: 0020\: 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f !"#$%&'()*+,-./\nMyFile(0999)\: 0030\: 30 0\n" Debug print certificate #1 (RSA) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:06\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:06\nMyFile(0999)\: signed using \: RSA with SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: basic constraints \: CA=false\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: a9 02 1f 3d 40 6a d5 55 53 8b fd 36 ee 82 65 2e\nMyFile(0999)\: 15 61 5e 89 bf b8 e8 45 90 db ee 88 16 52 d3 f1\nMyFile(0999)\: 43 50 47 96 12 59 64 87 6b fd 2b e0 46 f9 73 be\nMyFile(0999)\: dd cf 92 e1 91 5b ed 66 a0 6f 89 29 79 45 80 d0\nMyFile(0999)\: 83 6a d5 41 43 77 5f 39 7c 09 04 47 82 b0 57 39\nMyFile(0999)\: 70 ed a3 ec 15 19 1e a8 33 08 47 c1 05 42 a9 fd\nMyFile(0999)\: 4c c3 b4 df dd 06 1f 4d 10 51 40 67 73 13 0f 40\nMyFile(0999)\: f8 6d 81 25 5f 0a b1 53 c6 30 7e 15 39 ac f9 5a\nMyFile(0999)\: ee 7f 92 9e a6 05 5b e7 13 97 85 b5 23 92 d9 d4\nMyFile(0999)\: 24 06 d5 09 25 89 75 07 dd a6 1a 8f 3f 09 19 be\nMyFile(0999)\: ad 65 2c 64 eb 95 9b dc fe 41 5e 17 a6 da 6c 5b\nMyFile(0999)\: 69 cc 02 ba 14 2c 16 24 9c 4a dc cd d0 f7 52 67\nMyFile(0999)\: 73 f1 2d a0 23 fd 7e f4 31 ca 2d 70 ca 89 0b 04\nMyFile(0999)\: db 2e a6 4f 70 6e 9e ce bd 58 89 e2 53 59 9e 6e\nMyFile(0999)\: 5a 92 65 e2 88 3f 0c 94 19 a3 dd e5 e8 9d 95 13\nMyFile(0999)\: ed 29 db ab 70 12 dc 5a ca 6b 17 ab 52 82 54 b1\nMyFile(0999)\: value of 'crt->rsa.E' (17 bits) is\:\nMyFile(0999)\: 01 00 01\n" Debug print certificate #2 (EC) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n" Debug print mbedtls_mpi #1 diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function index c8fbd048a..ad50e53fd 100644 --- a/tests/suites/test_suite_debug.function +++ b/tests/suites/test_suite_debug.function @@ -131,7 +131,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_debug_print_crt( char * crt_file, char * file, int line, char * prefix, char * result_str ) { diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function index 8c42d70be..5c56ef498 100644 --- a/tests/suites/test_suite_oid.function +++ b/tests/suites/test_suite_oid.function @@ -6,7 +6,7 @@ /* END_HEADER */ /* BEGIN_DEPENDENCIES - * depends_on:MBEDTLS_OID_C:MBEDTLS_X509_INFO + * depends_on:MBEDTLS_OID_C:!MBEDTLS_X509_REMOVE_INFO * END_DEPENDENCIES */ diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data index 32d26c067..0fc674fc3 100644 --- a/tests/suites/test_suite_x509parse.data +++ b/tests/suites/test_suite_x509parse.data @@ -203,79 +203,79 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED: x509_parse_san:"data_files/server5-unsupported_othername.crt":"" X509 CRL information #1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information MD2 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n" X509 CRL Information MD4 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n" X509 CRL Information MD5 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n" X509 CRL Information SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n" X509 CRL Information SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n" X509 CRL Information SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n" X509 CRL Information SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n" X509 CRL Information SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n" X509 CRL information RSA-PSS, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n" X509 CRL information RSA-PSS, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n" X509 CRL information RSA-PSS, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n" X509 CRL information RSA-PSS, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n" X509 CRL information RSA-PSS, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n" X509 CRL Information EC, SHA1 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n" X509 CRL Information EC, SHA224 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n" X509 CRL Information EC, SHA256 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n" X509 CRL Information EC, SHA384 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n" X509 CRL Information EC, SHA512 Digest -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n" X509 CRL Malformed Input (trailing spaces at end of file) @@ -291,19 +291,19 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0 X509 CSR Information RSA with MD4 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with MD5 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA-256 @@ -311,51 +311,51 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n" X509 CSR Information RSA with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n" X509 CSR Information EC with SHA1 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA224 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA256 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA384 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n" X509 CSR Information EC with SHA512 -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n" X509 CSR Information RSA-PSS with SHA1 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA224 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA256 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA384 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA-PSS with SHA512 -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n" X509 CSR Information RSA with SHA-256 - Microsoft header @@ -2131,7 +2131,7 @@ x509parse_crl:"305d3047020100300d06092a864886f70d01010e0500300f310d300b060355040 # 03020001 signatureValue BIT STRING # The subsequent TBSCertList negative tests remove or modify some elements. X509 CRL ASN1 (TBSCertList, sig present) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128202abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nserial number\: AB\:CD revocation date\: 2008-12-31 23\:59\:59\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (TBSCertList, signatureValue missing) @@ -2167,7 +2167,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"305c3047020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030301430128402abcd170c303831323331323335393539300d06092a864886f70d01010e050003020001":"":MBEDTLS_ERR_X509_INVALID_SERIAL + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG X509 CRL ASN1 (TBSCertList, no entries) -depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0 X509 CRL ASN1 (invalid version 2) @@ -2197,7 +2197,7 @@ depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c0101ff041e301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH X509 CRL ASN1 (extension not critical explicit, crl-idp.pem byte 129) -depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:!MBEDTLS_X509_REMOVE_INFO x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0 X509 CRT parse path #2 (one cert) @@ -2536,7 +2536,7 @@ X509 RSASSA-PSS parameters ASN1 (trailerField not 1) x509_parse_rsassa_pss_params:"a303020102":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA1:20:MBEDTLS_ERR_X509_INVALID_ALG X509 CSR ASN.1 (OK) -depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_X509_INFO +depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C:!MBEDTLS_X509_REMOVE_INFO mbedtls_x509_csr_parse:"308201183081bf0201003034310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c31123010060355040313096c6f63616c686f73743059301306072a8648ce3d020106082a8648ce3d0301070342000437cc56d976091e5a723ec7592dff206eee7cf9069174d0ad14b5f768225962924ee500d82311ffea2fd2345d5d16bd8a88c26b770d55cd8a2a0efa01c8b4edffa029302706092a864886f70d01090e311a301830090603551d1304023000300b0603551d0f0404030205e0300906072a8648ce3d04010349003046022100b49fd8c8f77abfa871908dfbe684a08a793d0f490a43d86fcf2086e4f24bb0c2022100f829d5ccd3742369299e6294394717c4b723a0f68b44e831b6e6c3bcabf97243":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n":0 X509 CSR ASN.1 (bad first tag) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 4006c9c7e..8289cd2fb 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -439,7 +439,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_INFO:MBEDTLS_X509_CRT_PARSE_C */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:!MBEDTLS_X509_REMOVE_INFO:MBEDTLS_X509_CRT_PARSE_C */ void x509_cert_info( char * crt_file, char * result_str ) { mbedtls_x509_crt crt; @@ -462,7 +462,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_x509_crl_info( char * crl_file, char * result_str ) { mbedtls_x509_crl crl; @@ -501,7 +501,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_x509_csr_info( char * csr_file, char * result_str ) { mbedtls_x509_csr csr; @@ -524,7 +524,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509_verify_info( int flags, char * prefix, char * result_str ) { char buf[2000]; @@ -739,7 +739,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_x509_dn_gets( char * crt_file, char * entity, char * result_str ) { mbedtls_x509_crt crt; @@ -827,7 +827,7 @@ exit: void x509parse_crt( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000]; int res; #endif @@ -835,7 +835,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_init( &crt ); TEST_ASSERT( mbedtls_x509_crt_parse_der( &crt, buf->x, buf->len ) == ( result ) ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -848,12 +848,12 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) memset( output, 0, 2000 ); #endif TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) ); -#if defined(MBEDTLS_X509_INFO) +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { memset( output, 0, 2000 ); @@ -950,7 +950,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CRL_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509parse_crl( data_t * buf, char * result_str, int result ) { mbedtls_x509_crl crl; @@ -977,7 +977,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_CSR_PARSE_C:!MBEDTLS_X509_REMOVE_INFO */ void mbedtls_x509_csr_parse( data_t * csr_der, char * ref_out, int ref_ret ) { mbedtls_x509_csr csr; @@ -1110,7 +1110,7 @@ exit: } /* END_CASE */ -/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:MBEDTLS_X509_INFO */ +/* BEGIN_CASE depends_on:MBEDTLS_X509_USE_C:!MBEDTLS_X509_REMOVE_INFO */ void x509_oid_desc( data_t * buf, char * ref_desc ) { mbedtls_x509_buf oid; From 5d4c4b1f95ce1878664fd3ca28787b4633ab3f25 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Tue, 11 Jun 2019 17:16:13 +0100 Subject: [PATCH 03/19] Add missing dependencies on !MBEDTLS_X509_REMOVE_INFO Signed-off-by: Chris Jones --- programs/ssl/ssl_client2.c | 2 ++ tests/suites/test_suite_x509parse.function | 2 ++ 2 files changed, 4 insertions(+) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 6e957f50b..963006069 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -2300,8 +2300,10 @@ int main( int argc, char *argv[] ) else mbedtls_printf( " ok\n" ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_printf( " . Peer certificate information ...\n" ); mbedtls_printf( "%s\n", peer_crt_info ); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 8289cd2fb..82f7da54a 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -844,6 +844,8 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } +#else + ((void) result_str); #endif mbedtls_x509_crt_free( &crt ); From e111356194848812e59138c31b7a6ad62782c31f Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 12 Jun 2019 13:59:14 +0100 Subject: [PATCH 04/19] Remove MBEDTLS_X509_REMOVE_INFO from `scripts/config.pl full` Signed-off-by: Chris Jones --- scripts/config.py | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/config.py b/scripts/config.py index 489760464..a77ead054 100755 --- a/scripts/config.py +++ b/scripts/config.py @@ -196,6 +196,7 @@ EXCLUDE_FROM_FULL = frozenset([ 'MBEDTLS_TEST_CONSTANT_FLOW_VALGRIND', # build dependency (valgrind headers) 'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature 'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS + 'MBEDTLS_X509_REMOVE_INFO', # removes a feature ]) def is_seamless_alt(name): From 7ac83f91bf0d7a56e26691bf81eb21026ef0f336 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 10:48:22 +0100 Subject: [PATCH 05/19] Print X.509 verify info strings even if MBEDTLS_X509_REMOVE_INFO The new compile-time option MBEDTLS_X509_REMOVE_INFO removes various X.509 debugging strings and functionality, including ``` mbedtls_x509_crt_verify_info() ``` which ssl_client2.c and ssl_server2.c use to print human readable descriptions of X.509 verification failure conditions. Those conditions are also grepped for in numerous ssl-opt.sh tests. Instead of disabling those tests if MBEDTLS_X509_REMOVE_INFO is set, this commit essentially moves mbedtls_x509_crt_verify_info() to ssl_client2.c and ssl_server2.c. However, instead of just copy-pasting the code from x509_crt.c, the following approach is used: A macro MBEDTLS_X509_CRT_ERROR_INFO_LIST is introduced which for each verification failure condition invokes a user-defined macro X509_CRT_ERROR_INFO with (a) the numerical error code, (b) the string presentation of the corresponding error macro, (c) the info string for the error condition. This macro can thus be used to generate code which somehow iterates over the verifiation failure conditions, but the list of error conditions and information strings is nowhere duplicated. This is then used to re-implement mbedtls_x509_crt_verify_info() in x509_crt.c and to provide a functionally equivalent (yet slightly different) version in ssl_client2.c and ssl_server2.c in case MBEDTLS_X509_REMOVE_INFO is set. This way, little changes to ssl-opt.sh will be necessary in case MBEDTLS_X509_REMOVE_INFO is set because the info strings for the verification failure conditions will be printed regardless of whether MBEDTLS_X509_REMOVE_INFO is set or not. Signed-off-by: Hanno Becker --- include/mbedtls/config.h | 2 +- include/mbedtls/x509_crt.h | 68 ++++++++++++++++++++++++++++++++++++++ library/x509_crt.c | 23 ++----------- programs/ssl/ssl_client2.c | 52 ++++++++++++++++++++++------- programs/ssl/ssl_server2.c | 47 +++++++++++++++++++++----- 5 files changed, 151 insertions(+), 41 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 462a0fa2d..6b6388689 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2152,7 +2152,7 @@ * and other functions/constants only used by these functions, thus reducing * the code footprint by several KB. */ -//#define MBEDTLS_X509_REMOVE_INFO +#define MBEDTLS_X509_REMOVE_INFO /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 433c3b734..6906585c0 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -176,6 +176,74 @@ mbedtls_x509_crt_profile; #define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 #endif +/* This macro unfolds to the concatenation of macro invocations + * X509_CRT_ERROR_INFO( error code, + * error code as string, + * human readable description ) + * where X509_CRT_ERROR_INFO is defined by the user. + * See x509_crt.c for an example of how to use this. */ +#define MBEDTLS_X509_CRT_ERROR_INFO_LIST \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXPIRED, \ + "MBEDTLS_X509_BADCERT_EXPIRED", \ + "The certificate validity has expired" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_REVOKED, \ + "MBEDTLS_X509_BADCERT_REVOKED", \ + "The certificate has been revoked (is on a CRL)" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_CN_MISMATCH, \ + "MBEDTLS_X509_BADCERT_CN_MISMATCH", \ + "The certificate Common Name (CN) does not match with the expected CN" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NOT_TRUSTED, \ + "MBEDTLS_X509_BADCERT_NOT_TRUSTED", \ + "The certificate is not correctly signed by the trusted CA" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_NOT_TRUSTED, \ + "MBEDTLS_X509_BADCRL_NOT_TRUSTED", \ + "The CRL is not correctly signed by the trusted CA" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_EXPIRED, \ + "MBEDTLS_X509_BADCRL_EXPIRED", \ + "The CRL is expired" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_MISSING, \ + "MBEDTLS_X509_BADCERT_MISSING", \ + "Certificate was missing" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_SKIP_VERIFY, \ + "MBEDTLS_X509_BADCERT_SKIP_VERIFY", \ + "Certificate verification was skipped" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_OTHER, \ + "MBEDTLS_X509_BADCERT_OTHER", \ + "Other reason (can be used by verify callback)" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_FUTURE, \ + "MBEDTLS_X509_BADCERT_FUTURE", \ + "The certificate validity starts in the future" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_FUTURE, \ + "MBEDTLS_X509_BADCRL_FUTURE", \ + "The CRL is from the future" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_KEY_USAGE, \ + "MBEDTLS_X509_BADCERT_KEY_USAGE", \ + "Usage does not match the keyUsage extension" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, \ + "MBEDTLS_X509_BADCERT_EXT_KEY_USAGE", \ + "Usage does not match the extendedKeyUsage extension" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_NS_CERT_TYPE, \ + "MBEDTLS_X509_BADCERT_NS_CERT_TYPE", \ + "Usage does not match the nsCertType extension" ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_MD, \ + "MBEDTLS_X509_BADCERT_BAD_MD", \ + "The certificate is signed with an unacceptable hash." ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_PK, \ + "MBEDTLS_X509_BADCERT_BAD_PK", \ + "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCERT_BAD_KEY, \ + "MBEDTLS_X509_BADCERT_BAD_KEY", \ + "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_MD, \ + "MBEDTLS_X509_BADCRL_BAD_MD", \ + "The CRL is signed with an unacceptable hash." ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_PK, \ + "MBEDTLS_X509_BADCRL_BAD_PK", \ + "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." ) \ + X509_CRT_ERROR_INFO( MBEDTLS_X509_BADCRL_BAD_KEY, \ + "MBEDTLS_X509_BADCRL_BAD_KEY", \ + "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." ) + /** * Container for writing a certificate (CRT) */ diff --git a/library/x509_crt.c b/library/x509_crt.c index 19c4f40f5..27e3e33b6 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2200,29 +2200,12 @@ struct x509_crt_verify_string { const char *string; }; +#define X509_CRT_ERROR_INFO( err, err_str, info ) { err, info }, static const struct x509_crt_verify_string x509_crt_verify_strings[] = { - { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" }, - { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, - { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, - { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, - { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, - { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, - { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" }, - { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, - { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, - { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, - { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" }, - { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, - { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, - { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, - { MBEDTLS_X509_BADCERT_BAD_MD, "The certificate is signed with an unacceptable hash." }, - { MBEDTLS_X509_BADCERT_BAD_PK, "The certificate is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, - { MBEDTLS_X509_BADCERT_BAD_KEY, "The certificate is signed with an unacceptable key (eg bad curve, RSA too short)." }, - { MBEDTLS_X509_BADCRL_BAD_MD, "The CRL is signed with an unacceptable hash." }, - { MBEDTLS_X509_BADCRL_BAD_PK, "The CRL is signed with an unacceptable PK alg (eg RSA vs ECDSA)." }, - { MBEDTLS_X509_BADCRL_BAD_KEY, "The CRL is signed with an unacceptable key (eg bad curve, RSA too short)." }, + MBEDTLS_X509_CRT_ERROR_INFO_LIST { 0, NULL } }; +#undef X509_CRT_ERROR_INFO int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 963006069..5be162f1e 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -523,17 +523,53 @@ struct options #if defined(MBEDTLS_X509_CRT_PARSE_C) static unsigned char peer_crt_info[1024]; +#if !defined(MBEDTLS_X509_REMOVE_INFO) +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + uint32_t flags ) +{ + return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); +} +#else /* !MBEDTLS_X509_REMOVE_INFO */ +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + uint32_t flags ) +{ + int ret; + char *p = buf; + size_t n = size; + +#define X509_CRT_ERROR_INFO( err, err_str, info ) \ + if( ( flags & err ) != 0 ) \ + { \ + ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + flags ^= err; \ + } + + MBEDTLS_X509_CRT_ERROR_INFO_LIST +#undef X509_CRT_ERROR_INFO + + if( flags != 0 ) + { + ret = mbedtls_snprintf( p, n, "%sUnknown reason " + "(this should not happen)\n", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + + return( (int) ( size - n ) ); +} +#endif /* MBEDTLS_X509_REMOVE_INFO */ + /* * Enabled if debug_level > 1 in code below */ static int my_verify( void *data, mbedtls_x509_crt *crt, int depth, uint32_t *flags ) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) char buf[1024]; -#endif ((void) data); + mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth ); + #if !defined(MBEDTLS_X509_REMOVE_INFO) mbedtls_x509_crt_info( buf, sizeof( buf ) - 1, "", crt ); if( depth == 0 ) @@ -542,7 +578,6 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, if( opt.debug_level == 0 ) return( 0 ); - mbedtls_printf( "\nVerify requested for (Depth %d):\n", depth ); mbedtls_printf( "%s", buf ); #else ((void) crt); @@ -553,10 +588,8 @@ static int my_verify( void *data, mbedtls_x509_crt *crt, mbedtls_printf( " This certificate has no flags\n" ); else { -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags ); + x509_crt_verify_info( buf, sizeof( buf ), " ! ", *flags ); mbedtls_printf( "%s\n", buf ); -#endif } return( 0 ); @@ -2284,18 +2317,13 @@ int main( int argc, char *argv[] ) if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; -#endif - mbedtls_printf( " failed\n" ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), + x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); -#endif } else mbedtls_printf( " ok\n" ); diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index d3a4ed340..a8cc15045 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -623,6 +623,42 @@ struct options #include "ssl_test_common_source.c" +#if !defined(MBEDTLS_X509_REMOVE_INFO) +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + uint32_t flags ) +{ + return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); +} +#else /* !MBEDTLS_X509_REMOVE_INFO */ +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + uint32_t flags ) +{ + int ret; + char *p = buf; + size_t n = size; + +#define X509_CRT_ERROR_INFO( err, err_str, info ) \ + if( ( flags & err ) != 0 ) \ + { \ + ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + flags ^= err; \ + } + + MBEDTLS_X509_CRT_ERROR_INFO_LIST +#undef X509_CRT_ERROR_INFO + + if( flags != 0 ) + { + ret = mbedtls_snprintf( p, n, "%sUnknown reason " + "(this should not happen)\n", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + + return( (int) ( size - n ) ); +} +#endif /* MBEDTLS_X509_REMOVE_INFO */ + /* * Return authmode from string, or -1 on error */ @@ -3134,13 +3170,13 @@ handshake: { mbedtls_printf( " failed\n ! mbedtls_ssl_handshake returned -0x%x\n\n", (unsigned int) -ret ); -#if defined(MBEDTLS_X509_CRT_PARSE_C) && !defined(MBEDTLS_X509_REMOVE_INFO) +#if defined(MBEDTLS_X509_CRT_PARSE_C) if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED ) { char vrfy_buf[512]; flags = mbedtls_ssl_get_verify_result( &ssl ); - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); + x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); } @@ -3188,17 +3224,12 @@ handshake: if( ( flags = mbedtls_ssl_get_verify_result( &ssl ) ) != 0 ) { -#if !defined(MBEDTLS_X509_REMOVE_INFO) char vrfy_buf[512]; -#endif mbedtls_printf( " failed\n" ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - mbedtls_x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); - + x509_crt_verify_info( vrfy_buf, sizeof( vrfy_buf ), " ! ", flags ); mbedtls_printf( "%s\n", vrfy_buf ); -#endif } else mbedtls_printf( " ok\n" ); From c5722d1fb1d95185ac1597c51da82c99e4d2d464 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 11:10:42 +0100 Subject: [PATCH 06/19] Add missing MBEDTLS_X509_REMOVE_INFO guards to ssl-opt.sh Signed-off-by: Hanno Becker Signed-off-by: Chris Jones --- tests/scripts/all.sh | 15 +++++++++++++++ tests/ssl-opt.sh | 13 +++++++++++++ 2 files changed, 28 insertions(+) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 5862ff6c3..0bb9b0446 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2410,6 +2410,7 @@ component_test_no_64bit_multiplication () { make test } +<<<<<<< HEAD component_test_no_strings () { msg "build: no strings" # ~10s scripts/config.py full @@ -2424,6 +2425,20 @@ component_test_no_strings () { make test } +component_test_no_x509_info () { + msg "build: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s + scripts/config.pl full + scripts/config.pl unset MBEDTLS_MEMORY_BACKTRACE # too slow for tests + scripts/config.pl set MBEDTLS_X509_REMOVE_INFO + make CFLAGS='-Werror -O1' + + msg "test: full + MBEDTLS_X509_REMOVE_INFO" # ~ 10s + make test + + msg "test: ssl-opt.sh, full + MBEDTLS_X509_REMOVE_INFO" # ~ 1 min + if_build_succeeded tests/ssl-opt.sh +} + component_build_arm_none_eabi_gcc () { msg "build: ${ARM_NONE_EABI_GCC_PREFIX}gcc -O1" # ~ 10s scripts/config.py baremetal diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh index db898cfa9..b91e87ac0 100755 --- a/tests/ssl-opt.sh +++ b/tests/ssl-opt.sh @@ -4448,6 +4448,7 @@ run_test "Authentication, CA callback: client max_int chain, server required" # Tests for certificate selection based on SHA verson +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4458,6 +4459,7 @@ run_test "Certificate hash: client TLS 1.2 -> SHA-2" \ -c "signed using.*ECDSA with SHA256" \ -C "signed using.*ECDSA with SHA1" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4468,6 +4470,7 @@ run_test "Certificate hash: client TLS 1.1 -> SHA-1" \ -C "signed using.*ECDSA with SHA256" \ -c "signed using.*ECDSA with SHA1" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4478,6 +4481,7 @@ run_test "Certificate hash: client TLS 1.0 -> SHA-1" \ -C "signed using.*ECDSA with SHA256" \ -c "signed using.*ECDSA with SHA1" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ "$P_SRV crt_file=data_files/server5.crt \ key_file=data_files/server5.key \ @@ -4489,6 +4493,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 1)" \ -c "signed using.*ECDSA with SHA256" \ -C "signed using.*ECDSA with SHA1" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ "$P_SRV crt_file=data_files/server6.crt \ key_file=data_files/server6.key \ @@ -4502,6 +4507,7 @@ run_test "Certificate hash: client TLS 1.1, no SHA-1 -> SHA-2 (order 2)" \ # tests for SNI +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: no SNI callback" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4511,6 +4517,7 @@ run_test "SNI: no SNI callback" \ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: matching cert 1" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4521,6 +4528,7 @@ run_test "SNI: matching cert 1" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: matching cert 2" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4531,6 +4539,7 @@ run_test "SNI: matching cert 2" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=polarssl.example" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: no matching cert" \ "$P_SRV debug_level=3 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4638,6 +4647,7 @@ run_test "SNI: CA override with CRL" \ # Tests for SNI and DTLS +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: DTLS, no SNI callback" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key" \ @@ -4647,6 +4657,7 @@ run_test "SNI: DTLS, no SNI callback" \ -c "issuer name *: C=NL, O=PolarSSL, CN=Polarssl Test EC CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: DTLS, matching cert 1" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -4657,6 +4668,7 @@ run_test "SNI: DTLS, matching cert 1" \ -c "issuer name *: C=NL, O=PolarSSL, CN=PolarSSL Test CA" \ -c "subject name *: C=NL, O=PolarSSL, CN=localhost" +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SNI: DTLS, matching cert 2" \ "$P_SRV debug_level=3 dtls=1 \ crt_file=data_files/server5.crt key_file=data_files/server5.key \ @@ -6671,6 +6683,7 @@ run_test "SSL async private: sign, RSA, TLS 1.1" \ -s "Async resume (slot [0-9]): sign done, status=0" requires_config_enabled MBEDTLS_SSL_ASYNC_PRIVATE +requires_config_disabled MBEDTLS_X509_REMOVE_INFO run_test "SSL async private: sign, SNI" \ "$P_SRV debug_level=3 \ async_operations=s async_private_delay1=0 async_private_delay2=0 \ From 88c2bf311a7bde3c0f9001511b48ddb540615607 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 14 Jun 2019 17:21:24 +0100 Subject: [PATCH 07/19] Minor style improvements Signed-off-by: Chris Jones --- include/mbedtls/x509_crl.h | 2 +- include/mbedtls/x509_crt.h | 4 +--- include/mbedtls/x509_csr.h | 2 +- library/oid.c | 18 +++++++++--------- 4 files changed, 12 insertions(+), 14 deletions(-) diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h index f89547c25..fcaa1495d 100644 --- a/include/mbedtls/x509_crl.h +++ b/include/mbedtls/x509_crl.h @@ -148,7 +148,7 @@ int mbedtls_x509_crl_parse_file( mbedtls_x509_crl *chain, const char *path ); */ int mbedtls_x509_crl_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crl *crl ); -#endif +#endif /* !MBEDTLS_X509_REMOVE_INFO */ /** * \brief Initialize a CRL (chain) diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h index 6906585c0..23a20d10b 100644 --- a/include/mbedtls/x509_crt.h +++ b/include/mbedtls/x509_crt.h @@ -593,9 +593,7 @@ int mbedtls_x509_parse_subject_alt_name( const mbedtls_x509_buf *san_buf, */ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_crt *crt ); -#endif -#if !defined(MBEDTLS_X509_REMOVE_INFO) /** * \brief Returns an informational string about the * verification status of a certificate. @@ -610,7 +608,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix, */ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ); -#endif +#endif /* !MBEDTLS_X509_REMOVE_INFO */ /** * \brief Verify a chain of certificates. diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h index 9f3cae255..07a371729 100644 --- a/include/mbedtls/x509_csr.h +++ b/include/mbedtls/x509_csr.h @@ -136,7 +136,7 @@ int mbedtls_x509_csr_parse_file( mbedtls_x509_csr *csr, const char *path ); */ int mbedtls_x509_csr_info( char *buf, size_t size, const char *prefix, const mbedtls_x509_csr *csr ); -#endif +#endif /* !MBEDTLS_X509_REMOVE_INFO */ /** * \brief Initialize a CSR diff --git a/library/oid.c b/library/oid.c index c03d0d5c6..14a1a92fe 100644 --- a/library/oid.c +++ b/library/oid.c @@ -265,27 +265,27 @@ typedef struct { static const oid_x509_ext_t oid_x509_ext[] = { { - OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ), + OID_DESCRIPTOR( MBEDTLS_OID_BASIC_CONSTRAINTS, "id-ce-basicConstraints", "Basic Constraints" ), MBEDTLS_OID_X509_EXT_BASIC_CONSTRAINTS, }, { - OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ), + OID_DESCRIPTOR( MBEDTLS_OID_KEY_USAGE, "id-ce-keyUsage", "Key Usage" ), MBEDTLS_OID_X509_EXT_KEY_USAGE, }, { - OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ), + OID_DESCRIPTOR( MBEDTLS_OID_EXTENDED_KEY_USAGE, "id-ce-extKeyUsage", "Extended Key Usage" ), MBEDTLS_OID_X509_EXT_EXTENDED_KEY_USAGE, }, { - OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ), + OID_DESCRIPTOR( MBEDTLS_OID_SUBJECT_ALT_NAME, "id-ce-subjectAltName", "Subject Alt Name" ), MBEDTLS_OID_X509_EXT_SUBJECT_ALT_NAME, }, { - OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ), + OID_DESCRIPTOR( MBEDTLS_OID_NS_CERT_TYPE, "id-netscape-certtype", "Netscape Certificate Type" ), MBEDTLS_OID_X509_EXT_NS_CERT_TYPE, }, { - OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ), + OID_DESCRIPTOR( MBEDTLS_OID_CERTIFICATE_POLICIES, "id-ce-certificatePolicies", "Certificate Policies" ), MBEDTLS_OID_X509_EXT_CERTIFICATE_POLICIES, }, { @@ -448,15 +448,15 @@ typedef struct { static const oid_pk_alg_t oid_pk_alg[] = { { - OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ), + OID_DESCRIPTOR( MBEDTLS_OID_PKCS1_RSA, "rsaEncryption", "RSA" ), MBEDTLS_PK_RSA, }, { - OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ), + OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_UNRESTRICTED, "id-ecPublicKey", "Generic EC key" ), MBEDTLS_PK_ECKEY, }, { - OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ), + OID_DESCRIPTOR( MBEDTLS_OID_EC_ALG_ECDH, "id-ecDH", "EC key for ECDH" ), MBEDTLS_PK_ECKEY_DH, }, { From b4e5ddce1b83170c6660a0b18d2951b9de6954f4 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 09:36:01 +0100 Subject: [PATCH 08/19] Fix X.509 CRT parsing test if MBEDTLS_X509_REMOVE_INFO is set Signed-off-by: Hanno Becker --- tests/suites/test_suite_x509parse.function | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 82f7da54a..54a39ff7c 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -830,6 +830,8 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) #if !defined(MBEDTLS_X509_REMOVE_INFO) unsigned char output[2000]; int res; +#else + ((void) result_str); #endif mbedtls_x509_crt_init( &crt ); @@ -844,15 +846,11 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } -#else - ((void) result_str); + memset( output, 0, 2000 ); #endif mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); -#if !defined(MBEDTLS_X509_REMOVE_INFO) - memset( output, 0, 2000 ); -#endif TEST_ASSERT( mbedtls_x509_crt_parse_der_nocopy( &crt, buf->x, buf->len ) == ( result ) ); #if !defined(MBEDTLS_X509_REMOVE_INFO) @@ -867,15 +865,14 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } -#else - ((void)result_str); -#endif + memset( output, 0, 2000 ); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); - memset( output, 0, 2000 ); TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, NULL, NULL ) == ( result ) ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -885,12 +882,14 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } + memset( output, 0, 2000 ); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); - memset( output, 0, 2000 ); TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, NULL, NULL ) == ( result ) ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -900,6 +899,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } +#endif /* !MBEDTLS_X509_REMOVE_INFO */ exit: mbedtls_x509_crt_free( &crt ); From 2c2722d6374867545024d46ac7eadcd8f0250755 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 09:36:23 +0100 Subject: [PATCH 09/19] Add missing MBEDTLS_X509_REMOVE_INFO guards in ssl_context_info.c Signed-off-by: Hanno Becker --- programs/ssl/ssl_context_info.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c index 4a7c77340..ec24fa8e0 100644 --- a/programs/ssl/ssl_context_info.c +++ b/programs/ssl/ssl_context_info.c @@ -494,6 +494,7 @@ size_t read_next_b64_code( uint8_t **b64, size_t *max_len ) return 0; } +#if !defined(MBEDTLS_X509_REMOVE_INFO) /* * This function deserializes and prints to the stdout all obtained information * about the certificates from provided data. @@ -548,6 +549,7 @@ void print_deserialized_ssl_cert( const uint8_t *ssl, uint32_t len ) mbedtls_x509_crt_free( &crt ); } +#endif /* !MBEDTLS_X509_REMOVE_INFO */ /* * This function deserializes and prints to the stdout all obtained information @@ -680,7 +682,9 @@ void print_deserialized_ssl_session( const uint8_t *ssl, uint32_t len, if( cert_len > 0 ) { CHECK_SSL_END( cert_len ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) print_deserialized_ssl_cert( ssl, cert_len ); +#endif ssl += cert_len; } } From fff2d5711cc8098a3317a7df65565d93b722edcf Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 09:45:19 +0100 Subject: [PATCH 10/19] Fix X.509 parsing tests if MBEDTLS_X509_REMOVE_INFO is set Signed-off-by: Hanno Becker --- tests/suites/test_suite_x509parse.function | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 54a39ff7c..408f08b09 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -828,7 +828,7 @@ void x509parse_crt( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; #if !defined(MBEDTLS_X509_REMOVE_INFO) - unsigned char output[2000]; + unsigned char output[2000] = { 0 }; int res; #else ((void) result_str); @@ -911,17 +911,22 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) { mbedtls_x509_crt crt; mbedtls_x509_buf oid; - unsigned char output[2000]; + +#if !defined(MBEDTLS_X509_REMOVE_INFO) + unsigned char output[2000] = { 0 }; int res; +#else + ((void) result_str); +#endif oid.tag = MBEDTLS_ASN1_OID; oid.len = MBEDTLS_OID_SIZE(MBEDTLS_OID_PKIX "\x01\x1F"); oid.p = (unsigned char *)MBEDTLS_OID_PKIX "\x01\x1F"; mbedtls_x509_crt_init( &crt ); - memset( output, 0, 2000 ); TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 0, parse_crt_ext_cb, &oid ) == ( result ) ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -931,12 +936,15 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } + memset( output, 0, 2000 ); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); - memset( output, 0, 2000 ); + TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) { res = mbedtls_x509_crt_info( (char *) output, 2000, "", &crt ); @@ -946,6 +954,7 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) TEST_ASSERT( strcmp( (char *) output, result_str ) == 0 ); } +#endif /* !MBEDTLS_X509_REMOVE_INFO */ exit: mbedtls_x509_crt_free( &crt ); From 54ac185f334fca8461b39068fa2ca0a2ada4a254 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 09:45:29 +0100 Subject: [PATCH 11/19] Adapt X.509 fuzzing code to support MBEDTLS_X509_REMOVE_INFO Signed-off-by: Hanno Becker --- programs/fuzz/fuzz_x509crl.c | 4 ++++ programs/fuzz/fuzz_x509crt.c | 4 ++++ programs/fuzz/fuzz_x509csr.c | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index 02f521cc8..fbfdfe821 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -9,9 +9,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_x509_crl_init( &crl ); ret = mbedtls_x509_crl_parse( &crl, Data, Size ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_crl_info( (char *) buf, sizeof( buf ) - 1, " ", &crl ); } +#else + ((void) ret); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crl_free( &crl ); #else (void) Data; diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 8f593a141..7d274a8be 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -9,9 +9,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_x509_crt_init( &crt ); ret = mbedtls_x509_crt_parse( &crt, Data, Size ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_crt_info( (char *) buf, sizeof( buf ) - 1, " ", &crt ); } +#else + ((void) ret); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crt_free( &crt ); #else (void) Data; diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 3cf28a6fa..9c21412b0 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -9,9 +9,13 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { mbedtls_x509_csr_init( &csr ); ret = mbedtls_x509_csr_parse( &csr, Data, Size ); +#if !defined(MBEDTLS_X509_REMOVE_INFO) if (ret == 0) { ret = mbedtls_x509_csr_info( (char *) buf, sizeof( buf ) - 1, " ", &csr ); } +#else + ((void) ret); +#endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_csr_free( &csr ); #else (void) Data; From 54dcf5e6c99563cf35dae4a4779f032b9651fec2 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 10:59:23 +0100 Subject: [PATCH 12/19] Add ChangeLog entry Signed-off-by: Hanno Becker --- ChangeLog.d/x509_remove_info.txt | 6 ++++++ 1 file changed, 6 insertions(+) create mode 100644 ChangeLog.d/x509_remove_info.txt diff --git a/ChangeLog.d/x509_remove_info.txt b/ChangeLog.d/x509_remove_info.txt new file mode 100644 index 000000000..c103b1bd8 --- /dev/null +++ b/ChangeLog.d/x509_remove_info.txt @@ -0,0 +1,6 @@ +API changes + * Add configuration option MBEDTLS_X509_REMOVE_INFO which + removes the mbedtls_x509_*_info(), mbedtls_debug_print_crt() + as well as other functions and constants only used by + those functions. This reduces the code footprint by + several kB. From da121744da9b25ffbb6517bfe173dda7e40d7020 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 9 Oct 2020 12:52:43 +0100 Subject: [PATCH 13/19] Fix preprocessor guard in ssl_server2.c Signed-off-by: Hanno Becker --- programs/ssl/ssl_server2.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index a8cc15045..dc33381da 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -623,6 +623,7 @@ struct options #include "ssl_test_common_source.c" +#if defined(MBEDTLS_X509_CRT_PARSE_C) #if !defined(MBEDTLS_X509_REMOVE_INFO) int x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ) @@ -658,6 +659,7 @@ int x509_crt_verify_info( char *buf, size_t size, const char *prefix, return( (int) ( size - n ) ); } #endif /* MBEDTLS_X509_REMOVE_INFO */ +#endif /* MBEDTLS_X509_CRT_PARSE_C */ /* * Return authmode from string, or -1 on error From eb2efb0de7867b4a0e3bd4a62c380feea441d96b Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Fri, 16 Oct 2020 06:54:39 +0100 Subject: [PATCH 14/19] Avoid unused variable warning in X.509 CSR fuzzing Signed-off-by: Hanno Becker --- programs/fuzz/fuzz_x509crl.c | 1 + programs/fuzz/fuzz_x509crt.c | 1 + programs/fuzz/fuzz_x509csr.c | 1 + 3 files changed, 3 insertions(+) diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c index fbfdfe821..15affb59b 100644 --- a/programs/fuzz/fuzz_x509crl.c +++ b/programs/fuzz/fuzz_x509crl.c @@ -15,6 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } #else ((void) ret); + ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crl_free( &crl ); #else diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c index 7d274a8be..dbc153c49 100644 --- a/programs/fuzz/fuzz_x509crt.c +++ b/programs/fuzz/fuzz_x509crt.c @@ -15,6 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } #else ((void) ret); + ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_crt_free( &crt ); #else diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c index 9c21412b0..a270742a9 100644 --- a/programs/fuzz/fuzz_x509csr.c +++ b/programs/fuzz/fuzz_x509csr.c @@ -15,6 +15,7 @@ int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) { } #else ((void) ret); + ((void) buf); #endif /* !MBEDTLS_X509_REMOVE_INFO */ mbedtls_x509_csr_free( &csr ); #else From 2c7458677ac18188fc3744e55ba03a332d8e9cac Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 16 Dec 2020 11:41:06 +0000 Subject: [PATCH 15/19] Comment out MBEDTLS_X509_REMOVE_INFO in default config.h Fix an issue where `MBEDTLS_X509_REMOVE_INFO` was defined/enabled by default in `include/mbedtls/config.h`. This should also fix the `context-info.sh` test where it ran the default config and expected to see some output from the x509 info functions that were removed. Also updated relevant comments to more accurately explain how the configuration option works. Signed-off-by: Chris Jones --- include/mbedtls/config.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h index 6b6388689..0a386db56 100644 --- a/include/mbedtls/config.h +++ b/include/mbedtls/config.h @@ -2146,13 +2146,13 @@ /** * \def MBEDTLS_X509_REMOVE_INFO * - * Enable mbedtls_x509_*_info() and related APIs. + * Disable mbedtls_x509_*_info() and related APIs. * - * Comment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() + * Uncomment to omit mbedtls_x509_*_info(), as well as mbedtls_debug_print_crt() * and other functions/constants only used by these functions, thus reducing * the code footprint by several KB. */ -#define MBEDTLS_X509_REMOVE_INFO +//#define MBEDTLS_X509_REMOVE_INFO /** * \def MBEDTLS_X509_RSASSA_PSS_SUPPORT From ee33c60fc28c4872fdabf3fab3ebb006f3fc07e3 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 16 Dec 2020 11:52:37 +0000 Subject: [PATCH 16/19] Fix minor styling issues Remove some accidental newlines that were added previously. Update some definition guards to make it clearer that `MBEDTLS_X509_REMOVE_INFO` is defined and not undefined. Signed-off-by: Chris Jones --- programs/x509/cert_app.c | 4 ++-- programs/x509/crl_app.c | 6 +++--- programs/x509/req_app.c | 6 +++--- tests/suites/test_suite_x509parse.function | 2 -- 4 files changed, 8 insertions(+), 10 deletions(-) diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c index 531947498..fb2484337 100644 --- a/programs/x509/cert_app.c +++ b/programs/x509/cert_app.c @@ -41,14 +41,14 @@ !defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \ !defined(MBEDTLS_NET_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRT_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !!defined(MBEDTLS_X509_REMOVE_INFO) || !defined(MBEDTLS_CTR_DRBG_C) + !defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_X509_REMOVE_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_ENTROPY_C and/or " "MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or " "MBEDTLS_NET_C and/or MBEDTLS_RSA_C and/or " "MBEDTLS_X509_CRT_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_REMOVE_INFO and/or MBEDTLS_CTR_DRBG_C not defined.\n"); + "MBEDTLS_CTR_DRBG_C not defined and/or MBEDTLS_X509_REMOVE_INFO defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c index 029bdd361..db43c54a1 100644 --- a/programs/x509/crl_app.c +++ b/programs/x509/crl_app.c @@ -36,12 +36,12 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CRL_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !!defined(MBEDTLS_X509_REMOVE_INFO) + defined(MBEDTLS_X509_REMOVE_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_REMOVE_INFO not defined.\n"); + "MBEDTLS_X509_CRL_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " + "MBEDTLS_X509_REMOVE_INFO defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c index 351dd16ae..e151734d2 100644 --- a/programs/x509/req_app.c +++ b/programs/x509/req_app.c @@ -36,12 +36,12 @@ #if !defined(MBEDTLS_BIGNUM_C) || !defined(MBEDTLS_RSA_C) || \ !defined(MBEDTLS_X509_CSR_PARSE_C) || !defined(MBEDTLS_FS_IO) || \ - !!defined(MBEDTLS_X509_REMOVE_INFO) + defined(MBEDTLS_X509_REMOVE_INFO) int main( void ) { mbedtls_printf("MBEDTLS_BIGNUM_C and/or MBEDTLS_RSA_C and/or " - "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO and/or " - "MBEDTLS_X509_REMOVE_INFO not defined.\n"); + "MBEDTLS_X509_CSR_PARSE_C and/or MBEDTLS_FS_IO not defined and/or " + "MBEDTLS_X509_REMOVE_INFO defined.\n"); mbedtls_exit( 0 ); } #else diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 408f08b09..f536488ce 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -398,7 +398,6 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf * END_DEPENDENCIES */ - /* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */ void x509_parse_san( char * crt_file, char * result_str ) { @@ -942,7 +941,6 @@ void x509parse_crt_cb( data_t * buf, char * result_str, int result ) mbedtls_x509_crt_free( &crt ); mbedtls_x509_crt_init( &crt ); - TEST_ASSERT( mbedtls_x509_crt_parse_der_with_ext_cb( &crt, buf->x, buf->len, 1, parse_crt_ext_cb, &oid ) == ( result ) ); #if !defined(MBEDTLS_X509_REMOVE_INFO) if( ( result ) == 0 ) From 856db5f722048012dfc165d285a3c88a6bc79496 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 17 Dec 2020 12:09:14 +0000 Subject: [PATCH 17/19] Remove merge conflict marker Remove a merge conflict marker that was missed in `all.sh` and was causing building to fail. Signed-off-by: Chris Jones --- tests/scripts/all.sh | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh index 0bb9b0446..b3f141531 100755 --- a/tests/scripts/all.sh +++ b/tests/scripts/all.sh @@ -2410,7 +2410,6 @@ component_test_no_64bit_multiplication () { make test } -<<<<<<< HEAD component_test_no_strings () { msg "build: no strings" # ~10s scripts/config.py full From e383fa65d707168142a30859dad75ab15b6af76f Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 27 Apr 2021 14:50:43 +0100 Subject: [PATCH 18/19] Move x509_crt_verify_info to ssl_test_common_source.c This function was introduced before ssl_test_common_source.c and so the function is replicated in both ssl_client2.c and ssl_server2.c. Move the function to ssl_test_common_source.c to avoid duplication. Signed-off-by: Chris Jones --- programs/ssl/ssl_client2.c | 36 ------------------------- programs/ssl/ssl_server2.c | 38 --------------------------- programs/ssl/ssl_test_common_source.c | 38 +++++++++++++++++++++++++++ 3 files changed, 38 insertions(+), 74 deletions(-) diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c index 5be162f1e..24c859e38 100644 --- a/programs/ssl/ssl_client2.c +++ b/programs/ssl/ssl_client2.c @@ -523,42 +523,6 @@ struct options #if defined(MBEDTLS_X509_CRT_PARSE_C) static unsigned char peer_crt_info[1024]; -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) -{ - return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); -} -#else /* !MBEDTLS_X509_REMOVE_INFO */ -int x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) -{ - int ret; - char *p = buf; - size_t n = size; - -#define X509_CRT_ERROR_INFO( err, err_str, info ) \ - if( ( flags & err ) != 0 ) \ - { \ - ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - flags ^= err; \ - } - - MBEDTLS_X509_CRT_ERROR_INFO_LIST -#undef X509_CRT_ERROR_INFO - - if( flags != 0 ) - { - ret = mbedtls_snprintf( p, n, "%sUnknown reason " - "(this should not happen)\n", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return( (int) ( size - n ) ); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ - /* * Enabled if debug_level > 1 in code below */ diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c index dc33381da..8f97541af 100644 --- a/programs/ssl/ssl_server2.c +++ b/programs/ssl/ssl_server2.c @@ -623,44 +623,6 @@ struct options #include "ssl_test_common_source.c" -#if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) -int x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) -{ - return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); -} -#else /* !MBEDTLS_X509_REMOVE_INFO */ -int x509_crt_verify_info( char *buf, size_t size, const char *prefix, - uint32_t flags ) -{ - int ret; - char *p = buf; - size_t n = size; - -#define X509_CRT_ERROR_INFO( err, err_str, info ) \ - if( ( flags & err ) != 0 ) \ - { \ - ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \ - MBEDTLS_X509_SAFE_SNPRINTF; \ - flags ^= err; \ - } - - MBEDTLS_X509_CRT_ERROR_INFO_LIST -#undef X509_CRT_ERROR_INFO - - if( flags != 0 ) - { - ret = mbedtls_snprintf( p, n, "%sUnknown reason " - "(this should not happen)\n", prefix ); - MBEDTLS_X509_SAFE_SNPRINTF; - } - - return( (int) ( size - n ) ); -} -#endif /* MBEDTLS_X509_REMOVE_INFO */ -#endif /* MBEDTLS_X509_CRT_PARSE_C */ - /* * Return authmode from string, or -1 on error */ diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index d9e36078d..35dfa60c2 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -303,3 +303,41 @@ int ssl_sig_hashes_for_test[] = { MBEDTLS_MD_NONE }; #endif /* MBEDTLS_X509_CRT_PARSE_C */ + +#if defined(MBEDTLS_X509_CRT_PARSE_C) +#if !defined(MBEDTLS_X509_REMOVE_INFO) +/** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function + * for more info. + */ +int x509_crt_verify_info( char *buf, size_t size, const char *prefix, + uint32_t flags ) +{ + return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); + +#else /* !MBEDTLS_X509_REMOVE_INFO */ + int ret; + char *p = buf; + size_t n = size; + +#define X509_CRT_ERROR_INFO( err, err_str, info ) \ + if( ( flags & err ) != 0 ) \ + { \ + ret = mbedtls_snprintf( p, n, "%s%s\n", prefix, info ); \ + MBEDTLS_X509_SAFE_SNPRINTF; \ + flags ^= err; \ + } + + MBEDTLS_X509_CRT_ERROR_INFO_LIST +#undef X509_CRT_ERROR_INFO + + if( flags != 0 ) + { + ret = mbedtls_snprintf( p, n, "%sUnknown reason " + "(this should not happen)\n", prefix ); + MBEDTLS_X509_SAFE_SNPRINTF; + } + + return( (int) ( size - n ) ); +#endif /* MBEDTLS_X509_REMOVE_INFO */ +} +#endif /* MBEDTLS_X509_CRT_PARSE_C */ From fa1f9049902980b5ba9244a99103117ec82cfc79 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 28 Apr 2021 10:04:05 +0100 Subject: [PATCH 19/19] Fix an error when copy-pasting x509_crt_verify_info Made a mistake when copy-pasting and put the guard in the wrong place. Fix that by moving the compile time guard. Signed-off-by: Chris Jones --- programs/ssl/ssl_test_common_source.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/ssl/ssl_test_common_source.c b/programs/ssl/ssl_test_common_source.c index 35dfa60c2..73457a139 100644 --- a/programs/ssl/ssl_test_common_source.c +++ b/programs/ssl/ssl_test_common_source.c @@ -305,13 +305,13 @@ int ssl_sig_hashes_for_test[] = { #endif /* MBEDTLS_X509_CRT_PARSE_C */ #if defined(MBEDTLS_X509_CRT_PARSE_C) -#if !defined(MBEDTLS_X509_REMOVE_INFO) /** Functionally equivalent to mbedtls_x509_crt_verify_info, see that function * for more info. */ int x509_crt_verify_info( char *buf, size_t size, const char *prefix, uint32_t flags ) { +#if !defined(MBEDTLS_X509_REMOVE_INFO) return( mbedtls_x509_crt_verify_info( buf, size, prefix, flags ) ); #else /* !MBEDTLS_X509_REMOVE_INFO */