mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 12:25:39 +01:00
Merge branch 'development' into iotssl-1619
This commit is contained in:
commit
32297e8314
4
.github/issue_template.md
vendored
4
.github/issue_template.md
vendored
@ -8,7 +8,7 @@ Note: This is just a template, so feel free to use/remove the unnecessary things
|
|||||||
## Bug
|
## Bug
|
||||||
|
|
||||||
**OS**
|
**OS**
|
||||||
mbed-OS|linux|windows|
|
Mbed OS|linux|windows|
|
||||||
|
|
||||||
**mbed TLS build:**
|
**mbed TLS build:**
|
||||||
Version: x.x.x or git commit id
|
Version: x.x.x or git commit id
|
||||||
@ -38,4 +38,4 @@ Version:
|
|||||||
|
|
||||||
## Question
|
## Question
|
||||||
|
|
||||||
**Please first check for answers in the [mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferebly file an issue in the [mbed TLS support forum](https://tls.mbed.org/discussions)**
|
**Please first check for answers in the [Mbed TLS knowledge Base](https://tls.mbed.org/kb), and preferably file an issue in the [Mbed TLS support forum](https://tls.mbed.org/discussions)**
|
||||||
|
136
ChangeLog
136
ChangeLog
@ -2,11 +2,66 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
|||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||||
|
|
||||||
Enhancement
|
Security
|
||||||
* Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In
|
* Fix a potential heap buffer overflow in mbedtls_ssl_write. When the (by
|
||||||
particular, don't require P,Q if neither CRT nor blinding are
|
default enabled) maximum fragment length extension is disabled in the
|
||||||
used. Reported and fix proposed independently by satur9nine and sliai
|
config and the application data buffer passed to mbedtls_ssl_write
|
||||||
on GitHub.
|
is larger than the internal message buffer (16384 bytes by default), the
|
||||||
|
latter overflows. The exploitability of this issue depends on whether the
|
||||||
|
application layer can be forced into sending such large packets. The issue
|
||||||
|
was independently reported by Tim Nordell via e-mail and by Florin Petriuc
|
||||||
|
and sjorsdewit on GitHub. Fix proposed by Florin Petriuc in #1022. Fixes #707.
|
||||||
|
|
||||||
|
Features
|
||||||
|
* Allow comments in test data files.
|
||||||
|
|
||||||
|
Bugfix
|
||||||
|
* Fix ssl_parse_record_header() to silently discard invalid DTLS records
|
||||||
|
as recommended in RFC 6347 Section 4.1.2.7.
|
||||||
|
* Fix memory leak in mbedtls_ssl_set_hostname() when called multiple times.
|
||||||
|
Found by projectgus and jethrogb, #836.
|
||||||
|
* Fix usage help in ssl_server2 example. Found and fixed by Bei Lin.
|
||||||
|
* Parse signature algorithm extension when renegotiating. Previously,
|
||||||
|
renegotiated handshakes would only accept signatures using SHA-1
|
||||||
|
regardless of the peer's preferences, or fail if SHA-1 was disabled.
|
||||||
|
* Fix leap year calculation in x509_date_is_valid() to ensure that invalid
|
||||||
|
dates on leap years with 100 and 400 intervals are handled correctly. Found
|
||||||
|
by Nicholas Wilson. #694
|
||||||
|
* Fix out-of-memory problem when parsing 4096-bit PKCS8-encrypted RSA keys.
|
||||||
|
Found independently by Florian in the mbed TLS forum and by Mishamax.
|
||||||
|
#878, #1019.
|
||||||
|
* Fix variable used before assignment compilation warnings with IAR
|
||||||
|
toolchain. Found by gkerrien38.
|
||||||
|
* Fix unchecked return codes from AES, DES and 3DES functions in
|
||||||
|
pem_aes_decrypt(), pem_des_decrypt() and pem_des3_decrypt() respectively.
|
||||||
|
If a call to one of the functions of the cryptographic primitive modules
|
||||||
|
failed, the error may not be noticed by the function
|
||||||
|
mbedtls_pem_read_buffer() causing it to return invalid values. Found by
|
||||||
|
Guido Vranken. #756
|
||||||
|
* Include configuration file in md.h, to fix compilation warnings.
|
||||||
|
Reported by aaronmdjones in #1001
|
||||||
|
* Correct extraction of signature-type from PK instance in X.509 CRT and CSR
|
||||||
|
writing routines that prevented these functions to work with alternative
|
||||||
|
RSA implementations. Raised by J.B. in the Mbed TLS forum. Fixes #1011.
|
||||||
|
* Don't print X.509 version tag for v1 CRT's, and omit extensions for
|
||||||
|
non-v3 CRT's.
|
||||||
|
* Fix bugs in RSA test suite under MBEDTLS_NO_PLATFORM_ENTROPY. #1023 #1024
|
||||||
|
* Fix net_would_block to avoid modification by errno through fcntl call.
|
||||||
|
Found by nkolban. Fixes #845.
|
||||||
|
* Fix handling of handshake messages in mbedtls_ssl_read in case
|
||||||
|
MBEDTLS_SSL_RENEGOTIATION is disabled. Found by erja-gp.
|
||||||
|
* Add a check for invalid private parameters in mbedtls_ecdsa_sign.
|
||||||
|
Reported by Yolan Romailler.
|
||||||
|
* Fix word size check in in pk.c to not depend on MBEDTLS_HAVE_INT64.
|
||||||
|
* Fix incorrect unit in benchmark output. #850
|
||||||
|
* Fix crash when calling mbedtls_ssl_cache_free() twice. Found by
|
||||||
|
MilenkoMitrovic, #1104
|
||||||
|
|
||||||
|
New deprecations
|
||||||
|
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
||||||
|
Users are advised to use the extended RSA API instead.
|
||||||
|
* Deprecate usage of RSA primitives with non-matching key-type
|
||||||
|
(e.g., signing with a public key).
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
* Extend RSA interface by multiple functions allowing structure-
|
* Extend RSA interface by multiple functions allowing structure-
|
||||||
@ -19,60 +74,91 @@ API Changes
|
|||||||
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
* The configuration option MBEDTLS_RSA_ALT can be used to define alternative
|
||||||
implementations of the RSA interface declared in rsa.h.
|
implementations of the RSA interface declared in rsa.h.
|
||||||
|
|
||||||
New deprecations
|
Changes
|
||||||
* Direct manipulation of structure fields of RSA contexts is deprecated.
|
* Extend cert_write example program by options to set the CRT version
|
||||||
Users are advised to use the extended RSA API instead.
|
and the message digest. Further, allow enabling/disabling of authority
|
||||||
|
identifier, subject identifier and basic constraints extensions.
|
||||||
|
* Only check for necessary RSA structure fields in `mbedtls_rsa_private`. In
|
||||||
|
particular, don't require P,Q if neither CRT nor blinding are
|
||||||
|
used. Reported and fix proposed independently by satur9nine and sliai
|
||||||
|
on GitHub.
|
||||||
|
|
||||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
= mbed TLS 2.6.0 branch released 2017-08-10
|
||||||
|
|
||||||
|
Security
|
||||||
|
* Fix authentication bypass in SSL/TLS: when authmode is set to optional,
|
||||||
|
mbedtls_ssl_get_verify_result() would incorrectly return 0 when the peer's
|
||||||
|
X.509 certificate chain had more than MBEDTLS_X509_MAX_INTERMEDIATE_CA
|
||||||
|
(default: 8) intermediates, even when it was not trusted. This could be
|
||||||
|
triggered remotely from either side. (With authmode set to 'required'
|
||||||
|
(the default), the handshake was correctly aborted).
|
||||||
|
* Reliably wipe sensitive data after use in the AES example applications
|
||||||
|
programs/aes/aescrypt2 and programs/aes/crypt_and_hash.
|
||||||
|
Found by Laurent Simon.
|
||||||
|
>>>>>>> development
|
||||||
|
|
||||||
Features
|
Features
|
||||||
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
* Add the functions mbedtls_platform_setup() and mbedtls_platform_teardown()
|
||||||
and the context struct mbedtls_platform_context to perform
|
and the context struct mbedtls_platform_context to perform
|
||||||
platform-specific setup and teardown operations. The macro
|
platform-specific setup and teardown operations. The macro
|
||||||
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT allows the functions to be overridden
|
||||||
by the user in a platform_alt.h file. This new APIs are required in some
|
by the user in a platform_alt.h file. These new functions are required in
|
||||||
embedded environments that have hardware acceleration support.
|
some embedded environments to provide a means of initialising underlying
|
||||||
|
cryptographic acceleration hardware.
|
||||||
|
|
||||||
API Changes
|
API Changes
|
||||||
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
* Reverted API/ABI breaking changes introduced in mbed TLS 2.5.1, to make the
|
||||||
API consistent with mbed TLS 2.5.0. Specifically removed the inline
|
API consistent with mbed TLS 2.5.0. Specifically removed the inline
|
||||||
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
|
qualifier from the functions mbedtls_aes_decrypt, mbedtls_aes_encrypt,
|
||||||
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. #978
|
mbedtls_ssl_ciphersuite_uses_ec and mbedtls_ssl_ciphersuite_uses_psk. Found
|
||||||
Found by James Cowgill.
|
by James Cowgill. #978
|
||||||
|
* Certificate verification functions now set flags to -1 in case the full
|
||||||
|
chain was not verified due to an internal error (including in the verify
|
||||||
|
callback) or chain length limitations.
|
||||||
|
* With authmode set to optional, the TLS handshake is now aborted if the
|
||||||
|
verification of the peer's certificate failed due to an overlong chain or
|
||||||
|
a fatal error in the verify callback.
|
||||||
|
|
||||||
Bugfix
|
Bugfix
|
||||||
* Add a check if iv_len is zero, and return an error if it is zero. reported
|
* Add a check if iv_len is zero in GCM, and return an error if it is zero.
|
||||||
by roberto. #716
|
Reported by roberto. #716
|
||||||
* Replace preproccessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
* Replace preprocessor condition from #if defined(MBEDTLS_THREADING_PTHREAD)
|
||||||
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
to #if defined(MBEDTLS_THREADING_C) as the library cannot assume they will
|
||||||
always be implemented by pthread support. Fix for #696
|
always be implemented by pthread support. #696
|
||||||
* Fix resource leak on windows platform, in mbedtls_x509_crt_parse_path.
|
* Fix a resource leak on Windows platforms in mbedtls_x509_crt_parse_path(),
|
||||||
In case of failure, when an error occures, goto cleanup.
|
in the case of an error. Found by redplait. #590
|
||||||
Found by redplait #590
|
|
||||||
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
* Add MBEDTLS_MPI_CHK to check for error value of mbedtls_mpi_fill_random.
|
||||||
Reported and fix suggested by guidovranken in #740
|
Reported and fix suggested by guidovranken. #740
|
||||||
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
* Fix conditional preprocessor directives in bignum.h to enable 64-bit
|
||||||
compilation when using ARM Compiler 6.
|
compilation when using ARM Compiler 6.
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
encoded X509 CRLs. The overflow would enable maliciously constructed CRLs
|
encoded X.509 CRLs. The overflow could enable maliciously constructed CRLs
|
||||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
KNOX Security, Samsung Research America
|
KNOX Security, Samsung Research America
|
||||||
* Fix potential integer overflow in the version verification for DER
|
* Fix potential integer overflow in the version verification for DER
|
||||||
encoded X509 CSRs. The overflow would enable maliciously constructed CSRs
|
encoded X.509 CSRs. The overflow could enable maliciously constructed CSRs
|
||||||
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
to bypass the version verification check. Found by Peng Li/Yueh-Hsun Lin,
|
||||||
KNOX Security, Samsung Research America
|
KNOX Security, Samsung Research America
|
||||||
* Fix a potential integer overflow in the version verification for DER
|
* Fix a potential integer overflow in the version verification for DER
|
||||||
encoded X509 certificates. The overflow would enable maliciously
|
encoded X.509 certificates. The overflow could enable maliciously
|
||||||
constructed certificates to bypass the certificate verification check.
|
constructed certificates to bypass the certificate verification check.
|
||||||
|
* Fix a call to the libc function time() to call the platform abstraction
|
||||||
|
function mbedtls_time() instead. Found by wairua. #666
|
||||||
|
* Avoid shadowing of time and index functions through mbed TLS function
|
||||||
|
arguments. Found by inestlerode. #557.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
* Added config.h option MBEDTLS_NO_UDBL_DIVISION, to prevent the use of
|
||||||
64-bit division. #708
|
64-bit division. This is useful on embedded platforms where 64-bit division
|
||||||
|
created a dependency on external libraries. #708
|
||||||
* Removed mutexes from ECP hardware accelerator code. Now all hardware
|
* Removed mutexes from ECP hardware accelerator code. Now all hardware
|
||||||
accelerator code in the library leaves concurrency handling to the
|
accelerator code in the library leaves concurrency handling to the
|
||||||
platform. Reported by Steven Cooreman. #863
|
platform. Reported by Steven Cooreman. #863
|
||||||
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
|
* Define the macro MBEDTLS_AES_ROM_TABLES in the configuration file
|
||||||
config-no-entropy.h to reduce the RAM footprint.
|
config-no-entropy.h to reduce the RAM footprint.
|
||||||
|
* Added a test script that can be hooked into git that verifies commits
|
||||||
|
before they are pushed.
|
||||||
|
* Improve documentation of PKCS1 decryption functions.
|
||||||
|
|
||||||
= mbed TLS 2.5.1 released 2017-06-21
|
= mbed TLS 2.5.1 released 2017-06-21
|
||||||
|
|
||||||
|
50
README.md
50
README.md
@ -1,37 +1,37 @@
|
|||||||
README for mbed TLS
|
README for Mbed TLS
|
||||||
===================
|
===================
|
||||||
|
|
||||||
Configuration
|
Configuration
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
|
Mbed TLS should build out of the box on most systems. Some platform specific options are available in the fully documented configuration file `include/mbedtls/config.h`, which is also the place where features can be selected. This file can be edited manually, or in a more programmatic way using the Perl script `scripts/config.pl` (use `--help` for usage instructions).
|
||||||
|
|
||||||
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
|
Compiler options can be set using conventional environment variables such as `CC` and `CFLAGS` when using the Make and CMake build system (see below).
|
||||||
|
|
||||||
Compiling
|
Compiling
|
||||||
---------
|
---------
|
||||||
|
|
||||||
There are currently four active build systems used within mbed TLS releases:
|
There are currently four active build systems used within Mbed TLS releases:
|
||||||
|
|
||||||
- yotta
|
- yotta
|
||||||
- Make
|
- GNU Make
|
||||||
- CMake
|
- CMake
|
||||||
- Microsoft Visual Studio (Visual Studio 6 and Visual Studio 2010)
|
- Microsoft Visual Studio (Microsoft Visual Studio 2010 or later)
|
||||||
|
|
||||||
The main systems used for development are CMake and Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
The main systems used for development are CMake and GNU Make. Those systems are always complete and up-to-date. The others should reflect all changes present in the CMake and Make build system, although features may not be ported there automatically.
|
||||||
|
|
||||||
Yotta, as a build system, is slightly different from the other build systems:
|
Yotta, as a build system, is slightly different from the other build systems:
|
||||||
|
|
||||||
- it provides a minimalistic configuration file by default
|
- it provides a minimalistic configuration file by default
|
||||||
- depending on the yotta target, features of mbed OS may be used in examples and tests
|
- depending on the yotta target, features of Mbed OS may be used in examples and tests
|
||||||
|
|
||||||
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
|
The Make and CMake build systems create three libraries: libmbedcrypto, libmbedx509, and libmbedtls. Note that libmbedtls depends on libmbedx509 and libmbedcrypto, and libmbedx509 depends on libmbedcrypto. As a result, some linkers will expect flags to be in a specific order, for example the GNU linker wants `-lmbedtls -lmbedx509 -lmbedcrypto`. Also, when loading shared libraries using dlopen(), you'll need to load libmbedcrypto first, then libmbedx509, before you can load libmbedtls.
|
||||||
|
|
||||||
### Yotta
|
### Yotta
|
||||||
|
|
||||||
[yotta](http://yottabuild.org) is a package manager and build system developed by mbed, and is the build system of mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
|
[yotta](http://yottabuild.org) is a package manager and build system developed by Mbed, and is the build system of Mbed OS 16.03. To install it on your platform, please follow the yotta [installation instructions](http://docs.yottabuild.org/#installing).
|
||||||
|
|
||||||
Once yotta is installed, you can use it to download the latest version of mbed TLS from the yotta registry with:
|
Once yotta is installed, you can use it to download the latest version of Mbed TLS from the yotta registry with:
|
||||||
|
|
||||||
yotta install mbedtls
|
yotta install mbedtls
|
||||||
|
|
||||||
@ -39,24 +39,26 @@ and build it with:
|
|||||||
|
|
||||||
yotta build
|
yotta build
|
||||||
|
|
||||||
If, on the other hand, you already have a copy of mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
|
If, on the other hand, you already have a copy of Mbed TLS from a source other than the yotta registry, for example from cloning our GitHub repository, or from downloading a tarball of the standalone edition, then you'll first need to generate the yotta module by running:
|
||||||
|
|
||||||
yotta/create-module.sh
|
yotta/create-module.sh
|
||||||
|
|
||||||
This should be executed from the root mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
|
This should be executed from the root Mbed TLS project directory. This will create the yotta module in the `yotta/module` directory within it. You can then change to that directory and build as usual:
|
||||||
|
|
||||||
cd yotta/module
|
cd yotta/module
|
||||||
yotta build
|
yotta build
|
||||||
|
|
||||||
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
|
In any case, you'll probably want to set the yotta target before building unless it has already been set globally. For more information on using yotta, please consult the [yotta documentation](http://docs.yottabuild.org/).
|
||||||
|
|
||||||
For more details on the yotta/mbed OS edition of mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
|
For more details on the yotta/Mbed OS edition of Mbed TLS, including example programs, please consult the [Readme at the root of the yotta module](https://github.com/ARMmbed/mbedtls/blob/development/yotta/data/README.md).
|
||||||
|
|
||||||
### Make
|
### Make
|
||||||
|
|
||||||
We intentionally only use the minimum of `Make` functionality, as a lot of `Make` features are not supported on all different implementations of Make or on different platforms. As such, the Makefiles sometimes require some manual changes or export statements in order to work for your platform.
|
We require GNU Make. To build the library and the sample programs, GNU Make and a C compiler are sufficient. Some of the more advanced build targets require some Unix/Linux tools.
|
||||||
|
|
||||||
In order to build from the source code using Make, just enter at the command line:
|
We intentionally only use a minimum of functionality in the makefiles in order to keep them as simple and independent of different toolchains as possible, to allow users to more easily move between different platforms. Users who need more features are recommended to use CMake.
|
||||||
|
|
||||||
|
In order to build from the source code using GNU Make, just enter at the command line:
|
||||||
|
|
||||||
make
|
make
|
||||||
|
|
||||||
@ -76,9 +78,9 @@ In order to build for a Windows platform, you should use `WINDOWS_BUILD=1` if th
|
|||||||
|
|
||||||
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
|
Setting the variable `SHARED` in your environment will build shared libraries in addition to the static libraries. Setting `DEBUG` gives you a debug build. You can override `CFLAGS` and `LDFLAGS` by setting them in your environment or on the make command line; if you do so, essential parts such as `-I` will still be preserved. Warning options may be overridden separately using `WARNING_CFLAGS`.
|
||||||
|
|
||||||
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
Depending on your platform, you might run into some issues. Please check the Makefiles in `library/`, `programs/` and `tests/` for options to manually add or remove for specific platforms. You can also check [the Mbed TLS Knowledge Base](https://tls.mbed.org/kb) for articles on your platform or issue.
|
||||||
|
|
||||||
In case you find that you need to do something else as well, please let us know what, so we can add it to the [mbed TLS knowledge base](https://tls.mbed.org/kb).
|
In case you find that you need to do something else as well, please let us know what, so we can add it to the [Mbed TLS knowledge base](https://tls.mbed.org/kb).
|
||||||
|
|
||||||
### CMake
|
### CMake
|
||||||
|
|
||||||
@ -141,7 +143,7 @@ We've included example programs for a lot of different features and uses in `pro
|
|||||||
Tests
|
Tests
|
||||||
-----
|
-----
|
||||||
|
|
||||||
mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
|
Mbed TLS includes an elaborate test suite in `tests/` that initially requires Perl to generate the tests files (e.g. `test\_suite\_mpi.c`). These files are generated from a `function file` (e.g. `suites/test\_suite\_mpi.function`) and a `data file` (e.g. `suites/test\_suite\_mpi.data`). The `function file` contains the test functions. The `data file` contains the test cases, specified as parameters that will be passed to the test function.
|
||||||
|
|
||||||
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
|
For machines with a Unix shell and OpenSSL (and optionally GnuTLS) installed, additional test scripts are available:
|
||||||
|
|
||||||
@ -156,14 +158,14 @@ Configurations
|
|||||||
|
|
||||||
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
|
We provide some non-standard configurations focused on specific use cases in the `configs/` directory. You can read more about those in `configs/README.txt`
|
||||||
|
|
||||||
Porting mbed TLS
|
Porting Mbed TLS
|
||||||
----------------
|
----------------
|
||||||
|
|
||||||
mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
|
Mbed TLS can be ported to many different architectures, OS's and platforms. Before starting a port, you may find the following knowledge base articles useful:
|
||||||
|
|
||||||
- [Porting mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
|
- [Porting Mbed TLS to a new environment or OS](https://tls.mbed.org/kb/how-to/how-do-i-port-mbed-tls-to-a-new-environment-OS)
|
||||||
- [What external dependencies does mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
|
- [What external dependencies does Mbed TLS rely on?](https://tls.mbed.org/kb/development/what-external-dependencies-does-mbedtls-rely-on)
|
||||||
- [How do I configure mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
|
- [How do I configure Mbed TLS](https://tls.mbed.org/kb/compiling-and-building/how-do-i-configure-mbedtls)
|
||||||
|
|
||||||
Contributing
|
Contributing
|
||||||
------------
|
------------
|
||||||
@ -174,12 +176,12 @@ We gratefully accept bug reports and contributions from the community. There are
|
|||||||
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
|
- We would ask that contributions conform to [our coding standards](https://tls.mbed.org/kb/development/mbedtls-coding-standards), and that contributions should be fully tested before submission.
|
||||||
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
- As with any open source project, contributions will be reviewed by the project team and community and may need some modifications to be accepted.
|
||||||
|
|
||||||
To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an mbed account and [accepting the online agreement here with a click through](https://developer.mbed.org/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to ARM as described in the instructions given.
|
To accept the Contributor’s Licence Agreement (CLA), individual contributors can do this by creating an Mbed account and [accepting the online agreement here with a click through](https://os.mbed.com/contributor_agreement/). Alternatively, for contributions from corporations, or those that do not wish to create an Mbed account, a slightly different agreement can be found [here](https://www.mbed.com/en/about-mbed/contributor-license-agreements/). This agreement should be signed and returned to Arm as described in the instructions given.
|
||||||
|
|
||||||
### Making a Contribution
|
### Making a Contribution
|
||||||
|
|
||||||
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
1. [Check for open issues](https://github.com/ARMmbed/mbedtls/issues) or [start a discussion](https://tls.mbed.org/discussions) around a feature idea or a bug.
|
||||||
2. Fork the [mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
2. Fork the [Mbed TLS repository on GitHub](https://github.com/ARMmbed/mbedtls) to start making your changes. As a general rule, you should use the "development" branch as a basis.
|
||||||
3. Write a test which shows that the bug was fixed or that the feature works as expected.
|
3. Write a test which shows that the bug was fixed or that the feature works as expected.
|
||||||
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
|
4. Send a pull request and bug us until it gets merged and published. Contributions may need some modifications, so work with us to get your change accepted. We will include your name in the ChangeLog :)
|
||||||
|
|
||||||
|
@ -8,7 +8,7 @@ These files are complete replacements for the default config.h. To use one of
|
|||||||
them, you can pick one of the following methods:
|
them, you can pick one of the following methods:
|
||||||
|
|
||||||
1. Replace the default file include/mbedtls/config.h with the chosen one.
|
1. Replace the default file include/mbedtls/config.h with the chosen one.
|
||||||
(Depending on your compiler, you may need to ajust the line with
|
(Depending on your compiler, you may need to adjust the line with
|
||||||
#include "mbedtls/check_config.h" then.)
|
#include "mbedtls/check_config.h" then.)
|
||||||
|
|
||||||
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
|
2. Define MBEDTLS_CONFIG_FILE and adjust the include path accordingly.
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @mainpage mbed TLS v2.5.1 source code documentation
|
* @mainpage mbed TLS v2.6.0 source code documentation
|
||||||
*
|
*
|
||||||
* This documentation describes the internal structure of mbed TLS. It was
|
* This documentation describes the internal structure of mbed TLS. It was
|
||||||
* automatically generated from specially formatted comment blocks in
|
* automatically generated from specially formatted comment blocks in
|
||||||
|
@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
|
|||||||
# identify the project. Note that if you do not use Doxywizard you need
|
# identify the project. Note that if you do not use Doxywizard you need
|
||||||
# to put quotes around the project name if it contains spaces.
|
# to put quotes around the project name if it contains spaces.
|
||||||
|
|
||||||
PROJECT_NAME = "mbed TLS v2.5.1"
|
PROJECT_NAME = "mbed TLS v2.6.0"
|
||||||
|
|
||||||
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
|
||||||
# This could be handy for archiving the generated documentation or
|
# This could be handy for archiving the generated documentation or
|
||||||
|
@ -59,7 +59,7 @@
|
|||||||
|
|
||||||
/**
|
/**
|
||||||
* \name DER constants
|
* \name DER constants
|
||||||
* These constants comply with DER encoded the ANS1 type tags.
|
* These constants comply with the DER encoded ASN.1 type tags.
|
||||||
* DER encoding uses hexadecimal representation.
|
* DER encoding uses hexadecimal representation.
|
||||||
* An example DER sequence is:\n
|
* An example DER sequence is:\n
|
||||||
* - 0x02 -- tag indicating INTEGER
|
* - 0x02 -- tag indicating INTEGER
|
||||||
|
@ -1156,6 +1156,13 @@
|
|||||||
* misuse/misunderstand.
|
* misuse/misunderstand.
|
||||||
*
|
*
|
||||||
* Comment this to disable support for renegotiation.
|
* Comment this to disable support for renegotiation.
|
||||||
|
*
|
||||||
|
* \note Even if this option is disabled, both client and server are aware
|
||||||
|
* of the Renegotiation Indication Extension (RFC 5746) used to
|
||||||
|
* prevent the SSL renegotiation attack (see RFC 5746 Sect. 1).
|
||||||
|
* (See \c mbedtls_ssl_conf_legacy_renegotiation for the
|
||||||
|
* configuration of this extension).
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_SSL_RENEGOTIATION
|
#define MBEDTLS_SSL_RENEGOTIATION
|
||||||
|
|
||||||
|
@ -461,7 +461,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
|
|||||||
* \brief Set a group using well-known domain parameters
|
* \brief Set a group using well-known domain parameters
|
||||||
*
|
*
|
||||||
* \param grp Destination group
|
* \param grp Destination group
|
||||||
* \param index Index in the list of well-known domain parameters
|
* \param id Index in the list of well-known domain parameters
|
||||||
*
|
*
|
||||||
* \return 0 if successful,
|
* \return 0 if successful,
|
||||||
* MBEDTLS_ERR_MPI_XXX if initialization failed
|
* MBEDTLS_ERR_MPI_XXX if initialization failed
|
||||||
@ -470,7 +470,7 @@ int mbedtls_ecp_tls_write_point( const mbedtls_ecp_group *grp, const mbedtls_ecp
|
|||||||
* \note Index should be a value of RFC 4492's enum NamedCurve,
|
* \note Index should be a value of RFC 4492's enum NamedCurve,
|
||||||
* usually in the form of a MBEDTLS_ECP_DP_XXX macro.
|
* usually in the form of a MBEDTLS_ECP_DP_XXX macro.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id index );
|
int mbedtls_ecp_group_load( mbedtls_ecp_group *grp, mbedtls_ecp_group_id id );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Set a group from a TLS ECParameters record
|
* \brief Set a group from a TLS ECParameters record
|
||||||
|
@ -71,11 +71,11 @@
|
|||||||
* Name ID Nr of Errors
|
* Name ID Nr of Errors
|
||||||
* PEM 1 9
|
* PEM 1 9
|
||||||
* PKCS#12 1 4 (Started from top)
|
* PKCS#12 1 4 (Started from top)
|
||||||
* X509 2 19
|
* X509 2 20
|
||||||
* PKCS5 2 4 (Started from top)
|
* PKCS5 2 4 (Started from top)
|
||||||
* DHM 3 9
|
* DHM 3 9
|
||||||
* PK 3 14 (Started from top)
|
* PK 3 14 (Started from top)
|
||||||
* RSA 4 9
|
* RSA 4 10
|
||||||
* ECP 4 8 (Started from top)
|
* ECP 4 8 (Started from top)
|
||||||
* MD 5 4
|
* MD 5 4
|
||||||
* CIPHER 6 6
|
* CIPHER 6 6
|
||||||
|
@ -27,6 +27,12 @@
|
|||||||
|
|
||||||
#include <stddef.h>
|
#include <stddef.h>
|
||||||
|
|
||||||
|
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||||
|
#include "config.h"
|
||||||
|
#else
|
||||||
|
#include MBEDTLS_CONFIG_FILE
|
||||||
|
#endif
|
||||||
|
|
||||||
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
#define MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE -0x5080 /**< The selected feature is not available. */
|
||||||
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
#define MBEDTLS_ERR_MD_BAD_INPUT_DATA -0x5100 /**< Bad input parameters to function. */
|
||||||
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
#define MBEDTLS_ERR_MD_ALLOC_FAILED -0x5180 /**< Failed to allocate memory. */
|
||||||
|
@ -48,7 +48,7 @@
|
|||||||
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
|
#define MBEDTLS_ERR_RSA_VERIFY_FAILED -0x4380 /**< The PKCS#1 verification failed. */
|
||||||
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
|
#define MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE -0x4400 /**< The output buffer for decryption is not large enough. */
|
||||||
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
|
#define MBEDTLS_ERR_RSA_RNG_FAILED -0x4480 /**< The random generator failed to generate non-zeros. */
|
||||||
#define MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED -0x4500 /**< The requested parameter export is not possible/allowed. */
|
#define MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION -0x4500 /**< The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* RSA constants
|
* RSA constants
|
||||||
@ -516,7 +516,16 @@ int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
|
|||||||
* \param input buffer holding the data to be encrypted
|
* \param input buffer holding the data to be encrypted
|
||||||
* \param output buffer that will hold the ciphertext
|
* \param output buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
@ -539,7 +548,16 @@ int mbedtls_rsa_pkcs1_encrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param input buffer holding the data to be encrypted
|
* \param input buffer holding the data to be encrypted
|
||||||
* \param output buffer that will hold the ciphertext
|
* \param output buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
@ -565,7 +583,16 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param input buffer holding the data to be encrypted
|
* \param input buffer holding the data to be encrypted
|
||||||
* \param output buffer that will hold the ciphertext
|
* \param output buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer must be as large as the size
|
* \note The output buffer must be as large as the size
|
||||||
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
@ -593,7 +620,16 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param output buffer that will hold the plaintext
|
* \param output buffer that will hold the plaintext
|
||||||
* \param output_max_len maximum length of the output buffer
|
* \param output_max_len maximum length of the output buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
@ -625,7 +661,16 @@ int mbedtls_rsa_pkcs1_decrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param output buffer that will hold the plaintext
|
* \param output buffer that will hold the plaintext
|
||||||
* \param output_max_len maximum length of the output buffer
|
* \param output_max_len maximum length of the output buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
@ -659,7 +704,16 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param output buffer that will hold the plaintext
|
* \param output buffer that will hold the plaintext
|
||||||
* \param output_max_len maximum length of the output buffer
|
* \param output_max_len maximum length of the output buffer
|
||||||
*
|
*
|
||||||
* \return 0 if successful, or an \c MBEDTLS_ERR_RSA_XXX error code
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
|
* \return 0 if successful, or an MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
* \note The output buffer length \c output_max_len should be
|
* \note The output buffer length \c output_max_len should be
|
||||||
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
* as large as the size \c ctx->len of \c ctx->N (eg. 128 bytes
|
||||||
@ -670,6 +724,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_decrypt( mbedtls_rsa_context *ctx,
|
|||||||
*
|
*
|
||||||
* \note The input buffer must be as large as the size
|
* \note The input buffer must be as large as the size
|
||||||
* of \c ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of \c ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
||||||
int (*f_rng)(void *, unsigned char *, size_t),
|
int (*f_rng)(void *, unsigned char *, size_t),
|
||||||
@ -697,6 +752,15 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer that will hold the ciphertext
|
* \param sig buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the signing operation was successful,
|
* \return 0 if the signing operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
@ -704,7 +768,7 @@ int mbedtls_rsa_rsaes_oaep_decrypt( mbedtls_rsa_context *ctx,
|
|||||||
* of \c ctx->N (eg. 128 bytes if RSA-1024 is used).
|
* of \c ctx->N (eg. 128 bytes if RSA-1024 is used).
|
||||||
*
|
*
|
||||||
* \note In case of PKCS#1 v2.1 encoding, see comments on
|
* \note In case of PKCS#1 v2.1 encoding, see comments on
|
||||||
* \note \c mbedtls_rsa_rsassa_pss_sign() for details on
|
* \c mbedtls_rsa_rsassa_pss_sign() for details on
|
||||||
* \c md_alg and \c hash_id.
|
* \c md_alg and \c hash_id.
|
||||||
*/
|
*/
|
||||||
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
||||||
@ -729,6 +793,15 @@ int mbedtls_rsa_pkcs1_sign( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer that will hold the ciphertext
|
* \param sig buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the signing operation was successful,
|
* \return 0 if the signing operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
@ -758,6 +831,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_sign( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer that will hold the ciphertext
|
* \param sig buffer that will hold the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PUBLIC. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PRIVATE.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PUBLIC and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the signing operation was successful,
|
* \return 0 if the signing operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
@ -792,6 +874,15 @@ int mbedtls_rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer holding the ciphertext
|
* \param sig buffer holding the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the verify operation was successful,
|
* \return 0 if the verify operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
@ -823,6 +914,15 @@ int mbedtls_rsa_pkcs1_verify( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer holding the ciphertext
|
* \param sig buffer holding the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the verify operation was successful,
|
* \return 0 if the verify operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
@ -851,6 +951,15 @@ int mbedtls_rsa_rsassa_pkcs1_v15_verify( mbedtls_rsa_context *ctx,
|
|||||||
* \param hash buffer holding the message digest
|
* \param hash buffer holding the message digest
|
||||||
* \param sig buffer holding the ciphertext
|
* \param sig buffer holding the ciphertext
|
||||||
*
|
*
|
||||||
|
* \deprecated It is deprecated and discouraged to call this function
|
||||||
|
* in mode MBEDTLS_RSA_PRIVATE. Future versions of the libary
|
||||||
|
* are likely to remove the mode argument and have it implicitly
|
||||||
|
* set to MBEDTLS_RSA_PUBLIC.
|
||||||
|
*
|
||||||
|
* \note Alternative implementations of RSA need not support
|
||||||
|
* mode being set to MBEDTLS_RSA_PRIVATE and may instead
|
||||||
|
* return MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION.
|
||||||
|
*
|
||||||
* \return 0 if the verify operation was successful,
|
* \return 0 if the verify operation was successful,
|
||||||
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
* or an \c MBEDTLS_ERR_RSA_XXX error code
|
||||||
*
|
*
|
||||||
|
@ -1052,7 +1052,7 @@ void mbedtls_ssl_conf_authmode( mbedtls_ssl_config *conf, int authmode );
|
|||||||
*
|
*
|
||||||
* If set, the verify callback is called for each
|
* If set, the verify callback is called for each
|
||||||
* certificate in the chain. For implementation
|
* certificate in the chain. For implementation
|
||||||
* information, please see \c x509parse_verify()
|
* information, please see \c mbedtls_x509_crt_verify()
|
||||||
*
|
*
|
||||||
* \param conf SSL configuration
|
* \param conf SSL configuration
|
||||||
* \param f_vrfy verification function
|
* \param f_vrfy verification function
|
||||||
@ -1794,15 +1794,22 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
/**
|
/**
|
||||||
* \brief Set the hostname to check against the received server
|
* \brief Set or reset the hostname to check against the received
|
||||||
* certificate. It sets the ServerName TLS extension too,
|
* server certificate. It sets the ServerName TLS extension,
|
||||||
* if the extension is enabled.
|
* too, if that extension is enabled. (client-side only)
|
||||||
* (client-side only)
|
|
||||||
*
|
*
|
||||||
* \param ssl SSL context
|
* \param ssl SSL context
|
||||||
* \param hostname the server hostname
|
* \param hostname the server hostname, may be NULL to clear hostname
|
||||||
|
|
||||||
|
* \note Maximum hostname length MBEDTLS_SSL_MAX_HOST_NAME_LEN.
|
||||||
*
|
*
|
||||||
* \return 0 if successful or MBEDTLS_ERR_SSL_ALLOC_FAILED
|
* \return 0 if successful, MBEDTLS_ERR_SSL_ALLOC_FAILED on
|
||||||
|
* allocation failure, MBEDTLS_ERR_SSL_BAD_INPUT_DATA on
|
||||||
|
* too long input hostname.
|
||||||
|
*
|
||||||
|
* Hostname set to the one provided on success (cleared
|
||||||
|
* when NULL). On allocation failure hostname is cleared.
|
||||||
|
* On too long input failure, old hostname is unchanged.
|
||||||
*/
|
*/
|
||||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname );
|
||||||
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
@ -38,17 +38,17 @@
|
|||||||
* Major, Minor, Patchlevel
|
* Major, Minor, Patchlevel
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_MAJOR 2
|
#define MBEDTLS_VERSION_MAJOR 2
|
||||||
#define MBEDTLS_VERSION_MINOR 5
|
#define MBEDTLS_VERSION_MINOR 6
|
||||||
#define MBEDTLS_VERSION_PATCH 1
|
#define MBEDTLS_VERSION_PATCH 0
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The single version number has the following structure:
|
* The single version number has the following structure:
|
||||||
* MMNNPP00
|
* MMNNPP00
|
||||||
* Major version | Minor version | Patch version
|
* Major version | Minor version | Patch version
|
||||||
*/
|
*/
|
||||||
#define MBEDTLS_VERSION_NUMBER 0x02050100
|
#define MBEDTLS_VERSION_NUMBER 0x02060000
|
||||||
#define MBEDTLS_VERSION_STRING "2.5.1"
|
#define MBEDTLS_VERSION_STRING "2.6.0"
|
||||||
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.1"
|
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.6.0"
|
||||||
|
|
||||||
#if defined(MBEDTLS_VERSION_C)
|
#if defined(MBEDTLS_VERSION_C)
|
||||||
|
|
||||||
|
@ -76,6 +76,7 @@
|
|||||||
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
|
#define MBEDTLS_ERR_X509_ALLOC_FAILED -0x2880 /**< Allocation of memory failed. */
|
||||||
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
|
#define MBEDTLS_ERR_X509_FILE_IO_ERROR -0x2900 /**< Read/write of file failed. */
|
||||||
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */
|
#define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL -0x2980 /**< Destination buffer is too small. */
|
||||||
|
#define MBEDTLS_ERR_X509_FATAL_ERROR -0x3000 /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
|
||||||
/* \} name */
|
/* \} name */
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -246,12 +247,12 @@ int mbedtls_x509_serial_gets( char *buf, size_t size, const mbedtls_x509_buf *se
|
|||||||
* \note Intended usage is "if( is_past( valid_to ) ) ERROR".
|
* \note Intended usage is "if( is_past( valid_to ) ) ERROR".
|
||||||
* Hence the return value of 1 if on internal errors.
|
* Hence the return value of 1 if on internal errors.
|
||||||
*
|
*
|
||||||
* \param time mbedtls_x509_time to check
|
* \param to mbedtls_x509_time to check
|
||||||
*
|
*
|
||||||
* \return 1 if the given time is in the past or an error occured,
|
* \return 1 if the given time is in the past or an error occured,
|
||||||
* 0 otherwise.
|
* 0 otherwise.
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
|
int mbedtls_x509_time_is_past( const mbedtls_x509_time *to );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Check a given mbedtls_x509_time against the system time
|
* \brief Check a given mbedtls_x509_time against the system time
|
||||||
@ -260,12 +261,12 @@ int mbedtls_x509_time_is_past( const mbedtls_x509_time *time );
|
|||||||
* \note Intended usage is "if( is_future( valid_from ) ) ERROR".
|
* \note Intended usage is "if( is_future( valid_from ) ) ERROR".
|
||||||
* Hence the return value of 1 if on internal errors.
|
* Hence the return value of 1 if on internal errors.
|
||||||
*
|
*
|
||||||
* \param time mbedtls_x509_time to check
|
* \param from mbedtls_x509_time to check
|
||||||
*
|
*
|
||||||
* \return 1 if the given time is in the future or an error occured,
|
* \return 1 if the given time is in the future or an error occured,
|
||||||
* 0 otherwise.
|
* 0 otherwise.
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_time_is_future( const mbedtls_x509_time *time );
|
int mbedtls_x509_time_is_future( const mbedtls_x509_time *from );
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* \brief Checkup routine
|
* \brief Checkup routine
|
||||||
@ -294,7 +295,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50
|
|||||||
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
|
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg,
|
||||||
void **sig_opts );
|
void **sig_opts );
|
||||||
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
||||||
mbedtls_x509_time *time );
|
mbedtls_x509_time *t );
|
||||||
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
|
int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
|
||||||
mbedtls_x509_buf *serial );
|
mbedtls_x509_buf *serial );
|
||||||
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
|
int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
|
||||||
|
@ -267,7 +267,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
|||||||
*
|
*
|
||||||
* All flags left after returning from the callback
|
* All flags left after returning from the callback
|
||||||
* are also returned to the application. The function should
|
* are also returned to the application. The function should
|
||||||
* return 0 for anything but a fatal error.
|
* return 0 for anything (including invalid certificates)
|
||||||
|
* other than fatal error, as a non-zero return code
|
||||||
|
* immediately aborts the verification process. For fatal
|
||||||
|
* errors, a specific error code should be used (different
|
||||||
|
* from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
|
||||||
|
* be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
|
||||||
|
* can be used if no better code is available.
|
||||||
*
|
*
|
||||||
* \note In case verification failed, the results can be displayed
|
* \note In case verification failed, the results can be displayed
|
||||||
* using \c mbedtls_x509_crt_verify_info()
|
* using \c mbedtls_x509_crt_verify_info()
|
||||||
@ -289,12 +295,13 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
|
|||||||
* \param f_vrfy verification function
|
* \param f_vrfy verification function
|
||||||
* \param p_vrfy verification parameter
|
* \param p_vrfy verification parameter
|
||||||
*
|
*
|
||||||
* \return 0 if successful or MBEDTLS_ERR_X509_CERT_VERIFY_FAILED
|
* \return 0 (and flags set to 0) if the chain was verified and valid,
|
||||||
* in which case *flags will have one or more
|
* MBEDTLS_ERR_X509_CERT_VERIFY_FAILED if the chain was verified
|
||||||
* MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX flags
|
* but found to be invalid, in which case *flags will have one
|
||||||
* set,
|
* or more MBEDTLS_X509_BADCERT_XXX or MBEDTLS_X509_BADCRL_XXX
|
||||||
* or another error in case of a fatal error encountered
|
* flags set, or another error (and flags set to 0xffffffff)
|
||||||
* during the verification process.
|
* in case of a fatal error encountered during the
|
||||||
|
* verification process.
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
|
||||||
mbedtls_x509_crt *trust_ca,
|
mbedtls_x509_crt *trust_ca,
|
||||||
|
@ -141,15 +141,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
|
|||||||
|
|
||||||
if(USE_SHARED_MBEDTLS_LIBRARY)
|
if(USE_SHARED_MBEDTLS_LIBRARY)
|
||||||
add_library(mbedcrypto SHARED ${src_crypto})
|
add_library(mbedcrypto SHARED ${src_crypto})
|
||||||
set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.1 SOVERSION 0)
|
set_target_properties(mbedcrypto PROPERTIES VERSION 2.6.0 SOVERSION 0)
|
||||||
target_link_libraries(mbedcrypto ${libs})
|
target_link_libraries(mbedcrypto ${libs})
|
||||||
|
|
||||||
add_library(mbedx509 SHARED ${src_x509})
|
add_library(mbedx509 SHARED ${src_x509})
|
||||||
set_target_properties(mbedx509 PROPERTIES VERSION 2.5.1 SOVERSION 0)
|
set_target_properties(mbedx509 PROPERTIES VERSION 2.6.0 SOVERSION 0)
|
||||||
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
target_link_libraries(mbedx509 ${libs} mbedcrypto)
|
||||||
|
|
||||||
add_library(mbedtls SHARED ${src_tls})
|
add_library(mbedtls SHARED ${src_tls})
|
||||||
set_target_properties(mbedtls PROPERTIES VERSION 2.5.1 SOVERSION 10)
|
set_target_properties(mbedtls PROPERTIES VERSION 2.6.0 SOVERSION 10)
|
||||||
target_link_libraries(mbedtls ${libs} mbedx509)
|
target_link_libraries(mbedtls ${libs} mbedx509)
|
||||||
|
|
||||||
install(TARGETS mbedtls mbedx509 mbedcrypto
|
install(TARGETS mbedtls mbedx509 mbedcrypto
|
||||||
|
@ -169,10 +169,10 @@ static void cmac_xor_block( unsigned char *output, const unsigned char *input1,
|
|||||||
const unsigned char *input2,
|
const unsigned char *input2,
|
||||||
const size_t block_size )
|
const size_t block_size )
|
||||||
{
|
{
|
||||||
size_t index;
|
size_t idx;
|
||||||
|
|
||||||
for( index = 0; index < block_size; index++ )
|
for( idx = 0; idx < block_size; idx++ )
|
||||||
output[ index ] = input1[ index ] ^ input2[ index ];
|
output[ idx ] = input1[ idx ] ^ input2[ idx ];
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -81,6 +81,10 @@ int mbedtls_ecdsa_sign( mbedtls_ecp_group *grp, mbedtls_mpi *r, mbedtls_mpi *s,
|
|||||||
if( grp->N.p == NULL )
|
if( grp->N.p == NULL )
|
||||||
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
|
||||||
|
|
||||||
|
/* Make sure d is in range 1..n-1 */
|
||||||
|
if( mbedtls_mpi_cmp_int( d, 1 ) < 0 || mbedtls_mpi_cmp_mpi( d, &grp->N ) >= 0 )
|
||||||
|
return( MBEDTLS_ERR_ECP_INVALID_KEY );
|
||||||
|
|
||||||
mbedtls_ecp_point_init( &R );
|
mbedtls_ecp_point_init( &R );
|
||||||
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
|
mbedtls_mpi_init( &k ); mbedtls_mpi_init( &e ); mbedtls_mpi_init( &t );
|
||||||
|
|
||||||
|
@ -83,6 +83,9 @@ void mbedtls_entropy_init( mbedtls_entropy_context *ctx )
|
|||||||
mbedtls_havege_init( &ctx->havege_data );
|
mbedtls_havege_init( &ctx->havege_data );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Reminder: Update ENTROPY_HAVE_STRONG in the test files
|
||||||
|
* when adding more strong entropy sources here. */
|
||||||
|
|
||||||
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
|
||||||
mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
|
mbedtls_entropy_add_source( ctx, mbedtls_null_entropy_poll, NULL,
|
||||||
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
|
1, MBEDTLS_ENTROPY_SOURCE_STRONG );
|
||||||
@ -132,24 +135,24 @@ int mbedtls_entropy_add_source( mbedtls_entropy_context *ctx,
|
|||||||
mbedtls_entropy_f_source_ptr f_source, void *p_source,
|
mbedtls_entropy_f_source_ptr f_source, void *p_source,
|
||||||
size_t threshold, int strong )
|
size_t threshold, int strong )
|
||||||
{
|
{
|
||||||
int index, ret = 0;
|
int idx, ret = 0;
|
||||||
|
|
||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
index = ctx->source_count;
|
idx = ctx->source_count;
|
||||||
if( index >= MBEDTLS_ENTROPY_MAX_SOURCES )
|
if( idx >= MBEDTLS_ENTROPY_MAX_SOURCES )
|
||||||
{
|
{
|
||||||
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
|
ret = MBEDTLS_ERR_ENTROPY_MAX_SOURCES;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ctx->source[index].f_source = f_source;
|
ctx->source[idx].f_source = f_source;
|
||||||
ctx->source[index].p_source = p_source;
|
ctx->source[idx].p_source = p_source;
|
||||||
ctx->source[index].threshold = threshold;
|
ctx->source[idx].threshold = threshold;
|
||||||
ctx->source[index].strong = strong;
|
ctx->source[idx].strong = strong;
|
||||||
|
|
||||||
ctx->source_count++;
|
ctx->source_count++;
|
||||||
|
|
||||||
|
@ -331,8 +331,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||||||
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
|
mbedtls_snprintf( buf, buflen, "RSA - The output buffer for decryption is not large enough" );
|
||||||
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
|
if( use_ret == -(MBEDTLS_ERR_RSA_RNG_FAILED) )
|
||||||
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
|
mbedtls_snprintf( buf, buflen, "RSA - The random generator failed to generate non-zeros" );
|
||||||
if( use_ret == -(MBEDTLS_ERR_RSA_EXPORT_UNSUPPORTED) )
|
if( use_ret == -(MBEDTLS_ERR_RSA_UNSUPPORTED_OPERATION) )
|
||||||
mbedtls_snprintf( buf, buflen, "RSA - The requested parameter export is not possible/allowed" );
|
mbedtls_snprintf( buf, buflen, "RSA - The implementation doesn't offer the requested operation, e.g. because of security violations or lack of functionality" );
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_TLS_C)
|
#if defined(MBEDTLS_SSL_TLS_C)
|
||||||
@ -482,6 +482,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
|
|||||||
mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
|
||||||
if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
|
if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
|
||||||
mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
|
mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
|
||||||
|
if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
|
||||||
|
mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
|
||||||
#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
|
#endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
|
||||||
// END generated code
|
// END generated code
|
||||||
|
|
||||||
|
@ -63,8 +63,8 @@
|
|||||||
#endif
|
#endif
|
||||||
#endif /* _MSC_VER */
|
#endif /* _MSC_VER */
|
||||||
|
|
||||||
#define read(fd,buf,len) recv(fd,(char*)buf,(int) len,0)
|
#define read(fd,buf,len) recv( fd, (char*)( buf ), (int)( len ), 0 )
|
||||||
#define write(fd,buf,len) send(fd,(char*)buf,(int) len,0)
|
#define write(fd,buf,len) send( fd, (char*)( buf ), (int)( len ), 0 )
|
||||||
#define close(fd) closesocket(fd)
|
#define close(fd) closesocket(fd)
|
||||||
|
|
||||||
static int wsa_init_done = 0;
|
static int wsa_init_done = 0;
|
||||||
@ -85,7 +85,7 @@ static int wsa_init_done = 0;
|
|||||||
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
|
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
|
||||||
|
|
||||||
/* Some MS functions want int and MSVC warns if we pass size_t,
|
/* Some MS functions want int and MSVC warns if we pass size_t,
|
||||||
* but the standard fucntions use socklen_t, so cast only for MSVC */
|
* but the standard functions use socklen_t, so cast only for MSVC */
|
||||||
#if defined(_MSC_VER)
|
#if defined(_MSC_VER)
|
||||||
#define MSVC_INT_CAST (int)
|
#define MSVC_INT_CAST (int)
|
||||||
#else
|
#else
|
||||||
@ -270,13 +270,18 @@ static int net_would_block( const mbedtls_net_context *ctx )
|
|||||||
*/
|
*/
|
||||||
static int net_would_block( const mbedtls_net_context *ctx )
|
static int net_would_block( const mbedtls_net_context *ctx )
|
||||||
{
|
{
|
||||||
|
int err = errno;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Never return 'WOULD BLOCK' on a non-blocking socket
|
* Never return 'WOULD BLOCK' on a non-blocking socket
|
||||||
*/
|
*/
|
||||||
if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
|
if( ( fcntl( ctx->fd, F_GETFL ) & O_NONBLOCK ) != O_NONBLOCK )
|
||||||
|
{
|
||||||
|
errno = err;
|
||||||
return( 0 );
|
return( 0 );
|
||||||
|
}
|
||||||
|
|
||||||
switch( errno )
|
switch( errno = err )
|
||||||
{
|
{
|
||||||
#if defined EAGAIN
|
#if defined EAGAIN
|
||||||
case EAGAIN:
|
case EAGAIN:
|
||||||
|
@ -134,45 +134,55 @@ static void pem_pbkdf1( unsigned char *key, size_t keylen,
|
|||||||
/*
|
/*
|
||||||
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
* Decrypt with DES-CBC, using PBKDF1 for key derivation
|
||||||
*/
|
*/
|
||||||
static void pem_des_decrypt( unsigned char des_iv[8],
|
static int pem_des_decrypt( unsigned char des_iv[8],
|
||||||
unsigned char *buf, size_t buflen,
|
unsigned char *buf, size_t buflen,
|
||||||
const unsigned char *pwd, size_t pwdlen )
|
const unsigned char *pwd, size_t pwdlen )
|
||||||
{
|
{
|
||||||
mbedtls_des_context des_ctx;
|
mbedtls_des_context des_ctx;
|
||||||
unsigned char des_key[8];
|
unsigned char des_key[8];
|
||||||
|
int ret;
|
||||||
|
|
||||||
mbedtls_des_init( &des_ctx );
|
mbedtls_des_init( &des_ctx );
|
||||||
|
|
||||||
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
|
||||||
|
|
||||||
mbedtls_des_setkey_dec( &des_ctx, des_key );
|
if( ( ret = mbedtls_des_setkey_dec( &des_ctx, des_key ) ) != 0 )
|
||||||
mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
goto exit;
|
||||||
|
ret = mbedtls_des_crypt_cbc( &des_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||||
des_iv, buf, buf );
|
des_iv, buf, buf );
|
||||||
|
|
||||||
|
exit:
|
||||||
mbedtls_des_free( &des_ctx );
|
mbedtls_des_free( &des_ctx );
|
||||||
mbedtls_zeroize( des_key, 8 );
|
mbedtls_zeroize( des_key, 8 );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
|
||||||
*/
|
*/
|
||||||
static void pem_des3_decrypt( unsigned char des3_iv[8],
|
static int pem_des3_decrypt( unsigned char des3_iv[8],
|
||||||
unsigned char *buf, size_t buflen,
|
unsigned char *buf, size_t buflen,
|
||||||
const unsigned char *pwd, size_t pwdlen )
|
const unsigned char *pwd, size_t pwdlen )
|
||||||
{
|
{
|
||||||
mbedtls_des3_context des3_ctx;
|
mbedtls_des3_context des3_ctx;
|
||||||
unsigned char des3_key[24];
|
unsigned char des3_key[24];
|
||||||
|
int ret;
|
||||||
|
|
||||||
mbedtls_des3_init( &des3_ctx );
|
mbedtls_des3_init( &des3_ctx );
|
||||||
|
|
||||||
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
|
||||||
|
|
||||||
mbedtls_des3_set3key_dec( &des3_ctx, des3_key );
|
if( ( ret = mbedtls_des3_set3key_dec( &des3_ctx, des3_key ) ) != 0 )
|
||||||
mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
goto exit;
|
||||||
|
ret = mbedtls_des3_crypt_cbc( &des3_ctx, MBEDTLS_DES_DECRYPT, buflen,
|
||||||
des3_iv, buf, buf );
|
des3_iv, buf, buf );
|
||||||
|
|
||||||
|
exit:
|
||||||
mbedtls_des3_free( &des3_ctx );
|
mbedtls_des3_free( &des3_ctx );
|
||||||
mbedtls_zeroize( des3_key, 24 );
|
mbedtls_zeroize( des3_key, 24 );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_DES_C */
|
#endif /* MBEDTLS_DES_C */
|
||||||
|
|
||||||
@ -180,23 +190,28 @@ static void pem_des3_decrypt( unsigned char des3_iv[8],
|
|||||||
/*
|
/*
|
||||||
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
|
||||||
*/
|
*/
|
||||||
static void pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
|
||||||
unsigned char *buf, size_t buflen,
|
unsigned char *buf, size_t buflen,
|
||||||
const unsigned char *pwd, size_t pwdlen )
|
const unsigned char *pwd, size_t pwdlen )
|
||||||
{
|
{
|
||||||
mbedtls_aes_context aes_ctx;
|
mbedtls_aes_context aes_ctx;
|
||||||
unsigned char aes_key[32];
|
unsigned char aes_key[32];
|
||||||
|
int ret;
|
||||||
|
|
||||||
mbedtls_aes_init( &aes_ctx );
|
mbedtls_aes_init( &aes_ctx );
|
||||||
|
|
||||||
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
|
||||||
|
|
||||||
mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
|
if( ( ret = mbedtls_aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 ) ) != 0 )
|
||||||
mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
|
goto exit;
|
||||||
|
ret = mbedtls_aes_crypt_cbc( &aes_ctx, MBEDTLS_AES_DECRYPT, buflen,
|
||||||
aes_iv, buf, buf );
|
aes_iv, buf, buf );
|
||||||
|
|
||||||
|
exit:
|
||||||
mbedtls_aes_free( &aes_ctx );
|
mbedtls_aes_free( &aes_ctx );
|
||||||
mbedtls_zeroize( aes_key, keylen );
|
mbedtls_zeroize( aes_key, keylen );
|
||||||
|
|
||||||
|
return( ret );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_AES_C */
|
#endif /* MBEDTLS_AES_C */
|
||||||
|
|
||||||
@ -345,22 +360,30 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
|
|||||||
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
|
return( MBEDTLS_ERR_PEM_PASSWORD_REQUIRED );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
||||||
|
|
||||||
#if defined(MBEDTLS_DES_C)
|
#if defined(MBEDTLS_DES_C)
|
||||||
if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
|
if( enc_alg == MBEDTLS_CIPHER_DES_EDE3_CBC )
|
||||||
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
ret = pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||||
else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
|
else if( enc_alg == MBEDTLS_CIPHER_DES_CBC )
|
||||||
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
ret = pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
|
||||||
#endif /* MBEDTLS_DES_C */
|
#endif /* MBEDTLS_DES_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_AES_C)
|
#if defined(MBEDTLS_AES_C)
|
||||||
if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
|
if( enc_alg == MBEDTLS_CIPHER_AES_128_CBC )
|
||||||
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
ret = pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
|
||||||
else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
|
else if( enc_alg == MBEDTLS_CIPHER_AES_192_CBC )
|
||||||
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
ret = pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
|
||||||
else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
|
else if( enc_alg == MBEDTLS_CIPHER_AES_256_CBC )
|
||||||
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
ret = pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
|
||||||
#endif /* MBEDTLS_AES_C */
|
#endif /* MBEDTLS_AES_C */
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_free( buf );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
* The result will be ASN.1 starting with a SEQUENCE tag, with 1 to 3
|
||||||
* length bytes (allow 4 to be sure) in all known use cases.
|
* length bytes (allow 4 to be sure) in all known use cases.
|
||||||
|
@ -29,8 +29,6 @@
|
|||||||
#include "mbedtls/pk.h"
|
#include "mbedtls/pk.h"
|
||||||
#include "mbedtls/pk_internal.h"
|
#include "mbedtls/pk_internal.h"
|
||||||
|
|
||||||
#include "mbedtls/bignum.h"
|
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
#include "mbedtls/rsa.h"
|
#include "mbedtls/rsa.h"
|
||||||
#endif
|
#endif
|
||||||
@ -42,6 +40,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
@ -213,10 +212,10 @@ int mbedtls_pk_verify_ext( mbedtls_pk_type_t type, const void *options,
|
|||||||
int ret;
|
int ret;
|
||||||
const mbedtls_pk_rsassa_pss_options *pss_opts;
|
const mbedtls_pk_rsassa_pss_options *pss_opts;
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_INT64)
|
#if SIZE_MAX > UINT_MAX
|
||||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
#endif /* MBEDTLS_HAVE_INT64 */
|
#endif /* SIZE_MAX > UINT_MAX */
|
||||||
|
|
||||||
if( options == NULL )
|
if( options == NULL )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
|
@ -30,7 +30,6 @@
|
|||||||
|
|
||||||
/* Even if RSA not activated, for the sake of RSA-alt */
|
/* Even if RSA not activated, for the sake of RSA-alt */
|
||||||
#include "mbedtls/rsa.h"
|
#include "mbedtls/rsa.h"
|
||||||
#include "mbedtls/bignum.h"
|
|
||||||
|
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
@ -51,6 +50,7 @@
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
#include <limits.h>
|
#include <limits.h>
|
||||||
|
#include <stdint.h>
|
||||||
|
|
||||||
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
@ -80,10 +80,10 @@ static int rsa_verify_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||||
size_t rsa_len = mbedtls_rsa_get_len( rsa );
|
size_t rsa_len = mbedtls_rsa_get_len( rsa );
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_INT64)
|
#if SIZE_MAX > UINT_MAX
|
||||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
#endif /* MBEDTLS_HAVE_INT64 */
|
#endif /* SIZE_MAX > UINT_MAX */
|
||||||
|
|
||||||
if( sig_len < rsa_len )
|
if( sig_len < rsa_len )
|
||||||
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
|
||||||
@ -106,10 +106,10 @@ static int rsa_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
{
|
{
|
||||||
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
mbedtls_rsa_context * rsa = (mbedtls_rsa_context *) ctx;
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_INT64)
|
#if SIZE_MAX > UINT_MAX
|
||||||
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
#endif /* MBEDTLS_HAVE_INT64 */
|
#endif /* SIZE_MAX > UINT_MAX */
|
||||||
|
|
||||||
*sig_len = mbedtls_rsa_get_len( rsa );
|
*sig_len = mbedtls_rsa_get_len( rsa );
|
||||||
|
|
||||||
@ -423,10 +423,10 @@ static int rsa_alt_sign_wrap( void *ctx, mbedtls_md_type_t md_alg,
|
|||||||
{
|
{
|
||||||
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
|
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
|
||||||
|
|
||||||
#if defined(MBEDTLS_HAVE_INT64)
|
#if SIZE_MAX > UINT_MAX
|
||||||
if( UINT_MAX < hash_len )
|
if( UINT_MAX < hash_len )
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
||||||
#endif /* MBEDTLS_HAVE_INT64 */
|
#endif /* SIZE_MAX > UINT_MAX */
|
||||||
|
|
||||||
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
|
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
|
||||||
|
|
||||||
|
@ -60,12 +60,15 @@
|
|||||||
#define mbedtls_free free
|
#define mbedtls_free free
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
#if defined(MBEDTLS_FS_IO)
|
#if defined(MBEDTLS_FS_IO) || \
|
||||||
|
defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||||
/* Implementation that should never be optimized out by the compiler */
|
/* Implementation that should never be optimized out by the compiler */
|
||||||
static void mbedtls_zeroize( void *v, size_t n ) {
|
static void mbedtls_zeroize( void *v, size_t n ) {
|
||||||
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
|
||||||
}
|
}
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_FS_IO)
|
||||||
/*
|
/*
|
||||||
* Load all data from a file into a given buffer.
|
* Load all data from a file into a given buffer.
|
||||||
*
|
*
|
||||||
@ -904,6 +907,16 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse an unencrypted PKCS#8 encoded private key
|
* Parse an unencrypted PKCS#8 encoded private key
|
||||||
|
*
|
||||||
|
* Notes:
|
||||||
|
*
|
||||||
|
* - This function does not own the key buffer. It is the
|
||||||
|
* responsibility of the caller to take care of zeroizing
|
||||||
|
* and freeing it after use.
|
||||||
|
*
|
||||||
|
* - The function is responsible for freeing the provided
|
||||||
|
* PK context on failure.
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
static int pk_parse_key_pkcs8_unencrypted_der(
|
static int pk_parse_key_pkcs8_unencrypted_der(
|
||||||
mbedtls_pk_context *pk,
|
mbedtls_pk_context *pk,
|
||||||
@ -919,7 +932,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||||||
const mbedtls_pk_info_t *pk_info;
|
const mbedtls_pk_info_t *pk_info;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function parses the PrivatKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
* This function parses the PrivateKeyInfo object (PKCS#8 v1.2 = RFC 5208)
|
||||||
*
|
*
|
||||||
* PrivateKeyInfo ::= SEQUENCE {
|
* PrivateKeyInfo ::= SEQUENCE {
|
||||||
* version Version,
|
* version Version,
|
||||||
@ -992,16 +1005,22 @@ static int pk_parse_key_pkcs8_unencrypted_der(
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse an encrypted PKCS#8 encoded private key
|
* Parse an encrypted PKCS#8 encoded private key
|
||||||
|
*
|
||||||
|
* To save space, the decryption happens in-place on the given key buffer.
|
||||||
|
* Also, while this function may modify the keybuffer, it doesn't own it,
|
||||||
|
* and instead it is the responsibility of the caller to zeroize and properly
|
||||||
|
* free it after use.
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||||
static int pk_parse_key_pkcs8_encrypted_der(
|
static int pk_parse_key_pkcs8_encrypted_der(
|
||||||
mbedtls_pk_context *pk,
|
mbedtls_pk_context *pk,
|
||||||
const unsigned char *key, size_t keylen,
|
unsigned char *key, size_t keylen,
|
||||||
const unsigned char *pwd, size_t pwdlen )
|
const unsigned char *pwd, size_t pwdlen )
|
||||||
{
|
{
|
||||||
int ret, decrypted = 0;
|
int ret, decrypted = 0;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char buf[2048];
|
unsigned char *buf;
|
||||||
unsigned char *p, *end;
|
unsigned char *p, *end;
|
||||||
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
|
mbedtls_asn1_buf pbe_alg_oid, pbe_params;
|
||||||
#if defined(MBEDTLS_PKCS12_C)
|
#if defined(MBEDTLS_PKCS12_C)
|
||||||
@ -1009,16 +1028,14 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||||||
mbedtls_md_type_t md_alg;
|
mbedtls_md_type_t md_alg;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
memset( buf, 0, sizeof( buf ) );
|
p = key;
|
||||||
|
|
||||||
p = (unsigned char *) key;
|
|
||||||
end = p + keylen;
|
end = p + keylen;
|
||||||
|
|
||||||
if( pwdlen == 0 )
|
if( pwdlen == 0 )
|
||||||
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
return( MBEDTLS_ERR_PK_PASSWORD_REQUIRED );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* This function parses the EncryptedPrivatKeyInfo object (PKCS#8)
|
* This function parses the EncryptedPrivateKeyInfo object (PKCS#8)
|
||||||
*
|
*
|
||||||
* EncryptedPrivateKeyInfo ::= SEQUENCE {
|
* EncryptedPrivateKeyInfo ::= SEQUENCE {
|
||||||
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
* encryptionAlgorithm EncryptionAlgorithmIdentifier,
|
||||||
@ -1030,6 +1047,7 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||||||
* EncryptedData ::= OCTET STRING
|
* EncryptedData ::= OCTET STRING
|
||||||
*
|
*
|
||||||
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
* The EncryptedData OCTET STRING is a PKCS#8 PrivateKeyInfo
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
|
||||||
@ -1045,11 +1063,10 @@ static int pk_parse_key_pkcs8_encrypted_der(
|
|||||||
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
|
||||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
|
||||||
|
|
||||||
if( len > sizeof( buf ) )
|
buf = p;
|
||||||
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Decrypt EncryptedData with appropriate PDE
|
* Decrypt EncryptedData with appropriate PBE
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PKCS12_C)
|
#if defined(MBEDTLS_PKCS12_C)
|
||||||
if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
if( mbedtls_oid_get_pkcs12_pbe_alg( &pbe_alg_oid, &md_alg, &cipher_alg ) == 0 )
|
||||||
@ -1141,10 +1158,8 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||||||
|
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
||||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
|
||||||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
||||||
pem.buf, pem.buflen ) ) != 0 )
|
pem.buf, pem.buflen ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -1173,10 +1188,9 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||||||
key, pwd, pwdlen, &len );
|
key, pwd, pwdlen, &len );
|
||||||
if( ret == 0 )
|
if( ret == 0 )
|
||||||
{
|
{
|
||||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
|
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
||||||
pem.buf, pem.buflen ) ) != 0 )
|
pem.buf, pem.buflen ) ) != 0 )
|
||||||
{
|
{
|
||||||
@ -1254,12 +1268,24 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||||||
* error
|
* error
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
#if defined(MBEDTLS_PKCS12_C) || defined(MBEDTLS_PKCS5_C)
|
||||||
if( ( ret = pk_parse_key_pkcs8_encrypted_der( pk, key, keylen,
|
|
||||||
pwd, pwdlen ) ) == 0 )
|
|
||||||
{
|
{
|
||||||
return( 0 );
|
unsigned char *key_copy;
|
||||||
|
|
||||||
|
if( ( key_copy = mbedtls_calloc( 1, keylen ) ) == NULL )
|
||||||
|
return( MBEDTLS_ERR_PK_ALLOC_FAILED );
|
||||||
|
|
||||||
|
memcpy( key_copy, key, keylen );
|
||||||
|
|
||||||
|
ret = pk_parse_key_pkcs8_encrypted_der( pk, key_copy, keylen,
|
||||||
|
pwd, pwdlen );
|
||||||
|
|
||||||
|
mbedtls_zeroize( key_copy, keylen );
|
||||||
|
mbedtls_free( key_copy );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if( ret == 0 )
|
||||||
|
return( 0 );
|
||||||
|
|
||||||
mbedtls_pk_free( pk );
|
mbedtls_pk_free( pk );
|
||||||
|
|
||||||
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
|
if( ret == MBEDTLS_ERR_PK_PASSWORD_MISMATCH )
|
||||||
@ -1274,29 +1300,35 @@ int mbedtls_pk_parse_key( mbedtls_pk_context *pk,
|
|||||||
mbedtls_pk_free( pk );
|
mbedtls_pk_free( pk );
|
||||||
|
|
||||||
#if defined(MBEDTLS_RSA_C)
|
#if defined(MBEDTLS_RSA_C)
|
||||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == NULL )
|
|
||||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_RSA );
|
||||||
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ), key, keylen ) ) == 0 )
|
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||||
|
( ret = pk_parse_key_pkcs1_der( mbedtls_pk_rsa( *pk ),
|
||||||
|
key, keylen ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_pk_free( pk );
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_pk_free( pk );
|
|
||||||
#endif /* MBEDTLS_RSA_C */
|
#endif /* MBEDTLS_RSA_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
if( ( pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY ) ) == NULL )
|
|
||||||
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
pk_info = mbedtls_pk_info_from_type( MBEDTLS_PK_ECKEY );
|
||||||
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ), key, keylen ) ) == 0 )
|
if( ( ret = mbedtls_pk_setup( pk, pk_info ) ) != 0 ||
|
||||||
|
( ret = pk_parse_key_sec1_der( mbedtls_pk_ec( *pk ),
|
||||||
|
key, keylen ) ) != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_pk_free( pk );
|
||||||
|
}
|
||||||
|
else
|
||||||
{
|
{
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_pk_free( pk );
|
|
||||||
#endif /* MBEDTLS_ECP_C */
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
|
||||||
|
@ -138,7 +138,7 @@ int mbedtls_ssl_cache_set( void *data, const mbedtls_ssl_session *session )
|
|||||||
{
|
{
|
||||||
int ret = 1;
|
int ret = 1;
|
||||||
#if defined(MBEDTLS_HAVE_TIME)
|
#if defined(MBEDTLS_HAVE_TIME)
|
||||||
mbedtls_time_t t = time( NULL ), oldest = 0;
|
mbedtls_time_t t = mbedtls_time( NULL ), oldest = 0;
|
||||||
mbedtls_ssl_cache_entry *old = NULL;
|
mbedtls_ssl_cache_entry *old = NULL;
|
||||||
#endif
|
#endif
|
||||||
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
mbedtls_ssl_cache_context *cache = (mbedtls_ssl_cache_context *) data;
|
||||||
@ -321,6 +321,7 @@ void mbedtls_ssl_cache_free( mbedtls_ssl_cache_context *cache )
|
|||||||
#if defined(MBEDTLS_THREADING_C)
|
#if defined(MBEDTLS_THREADING_C)
|
||||||
mbedtls_mutex_free( &cache->mutex );
|
mbedtls_mutex_free( &cache->mutex );
|
||||||
#endif
|
#endif
|
||||||
|
cache->chain = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* MBEDTLS_SSL_CACHE_C */
|
#endif /* MBEDTLS_SSL_CACHE_C */
|
||||||
|
@ -80,6 +80,13 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
* Sect. 3, RFC 6066 (TLS Extensions Definitions)
|
||||||
|
*
|
||||||
|
* In order to provide any of the server names, clients MAY include an
|
||||||
|
* extension of type "server_name" in the (extended) client hello. The
|
||||||
|
* "extension_data" field of this extension SHALL contain
|
||||||
|
* "ServerNameList" where:
|
||||||
|
*
|
||||||
* struct {
|
* struct {
|
||||||
* NameType name_type;
|
* NameType name_type;
|
||||||
* select (name_type) {
|
* select (name_type) {
|
||||||
@ -96,6 +103,7 @@ static void ssl_write_hostname_ext( mbedtls_ssl_context *ssl,
|
|||||||
* struct {
|
* struct {
|
||||||
* ServerName server_name_list<1..2^16-1>
|
* ServerName server_name_list<1..2^16-1>
|
||||||
* } ServerNameList;
|
* } ServerNameList;
|
||||||
|
*
|
||||||
*/
|
*/
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME >> 8 ) & 0xFF );
|
||||||
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );
|
*p++ = (unsigned char)( ( MBEDTLS_TLS_EXT_SERVERNAME ) & 0xFF );
|
||||||
@ -126,6 +134,9 @@ static void ssl_write_renegotiation_ext( mbedtls_ssl_context *ssl,
|
|||||||
|
|
||||||
*olen = 0;
|
*olen = 0;
|
||||||
|
|
||||||
|
/* We're always including an TLS_EMPTY_RENEGOTIATION_INFO_SCSV in the
|
||||||
|
* initial ClientHello, in which case also adding the renegotiation
|
||||||
|
* info extension is NOT RECOMMENDED as per RFC 5746 Section 3.4. */
|
||||||
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
if( ssl->renego_status != MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
||||||
return;
|
return;
|
||||||
|
|
||||||
@ -963,6 +974,8 @@ static int ssl_write_client_hello( mbedtls_ssl_context *ssl )
|
|||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
/* Note that TLS_EMPTY_RENEGOTIATION_INFO_SCSV is always added
|
||||||
|
* even if MBEDTLS_SSL_RENEGOTIATION is not defined. */
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
ssl_write_renegotiation_ext( ssl, p + 2 + ext_len, &olen );
|
||||||
ext_len += olen;
|
ext_len += olen;
|
||||||
@ -1440,9 +1453,6 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
#endif
|
#endif
|
||||||
int handshake_failure = 0;
|
int handshake_failure = 0;
|
||||||
const mbedtls_ssl_ciphersuite_t *suite_info;
|
const mbedtls_ssl_ciphersuite_t *suite_info;
|
||||||
#if defined(MBEDTLS_DEBUG_C)
|
|
||||||
uint32_t t;
|
|
||||||
#endif
|
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server hello" ) );
|
||||||
|
|
||||||
@ -1545,13 +1555,11 @@ static int ssl_parse_server_hello( mbedtls_ssl_context *ssl )
|
|||||||
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
return( MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION );
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_DEBUG_C)
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu",
|
||||||
t = ( (uint32_t) buf[2] << 24 )
|
( (uint32_t) buf[2] << 24 ) |
|
||||||
| ( (uint32_t) buf[3] << 16 )
|
( (uint32_t) buf[3] << 16 ) |
|
||||||
| ( (uint32_t) buf[4] << 8 )
|
( (uint32_t) buf[4] << 8 ) |
|
||||||
| ( (uint32_t) buf[5] );
|
( (uint32_t) buf[5] ) ) );
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "server hello, current time: %lu", t ) );
|
|
||||||
#endif
|
|
||||||
|
|
||||||
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
|
||||||
|
|
||||||
@ -2258,7 +2266,7 @@ static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
|
|||||||
int ret;
|
int ret;
|
||||||
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
|
||||||
ssl->transform_negotiate->ciphersuite_info;
|
ssl->transform_negotiate->ciphersuite_info;
|
||||||
unsigned char *p, *end;
|
unsigned char *p = NULL, *end = NULL;
|
||||||
|
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
|
||||||
|
|
||||||
|
@ -1694,11 +1694,8 @@ read_record_header:
|
|||||||
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
|
||||||
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
|
||||||
case MBEDTLS_TLS_EXT_SIG_ALG:
|
case MBEDTLS_TLS_EXT_SIG_ALG:
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found signature_algorithms extension" ) );
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
|
|
||||||
break;
|
|
||||||
#endif
|
|
||||||
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
@ -3493,8 +3493,15 @@ static int ssl_parse_record_header( mbedtls_ssl_context *ssl )
|
|||||||
ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
|
ssl->in_msgtype != MBEDTLS_SSL_MSG_APPLICATION_DATA )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "unknown record type" ) );
|
||||||
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
|
||||||
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
|
/* Silently ignore invalid DTLS records as recommended by RFC 6347
|
||||||
|
* Section 4.1.2.7 */
|
||||||
|
if( ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM )
|
||||||
|
#endif /* MBEDTLS_SSL_PROTO_DTLS */
|
||||||
|
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
|
||||||
|
MBEDTLS_SSL_ALERT_MSG_UNEXPECTED_MESSAGE );
|
||||||
|
|
||||||
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
return( MBEDTLS_ERR_SSL_INVALID_RECORD );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -6159,7 +6166,7 @@ void mbedtls_ssl_conf_sig_hashes( mbedtls_ssl_config *conf,
|
|||||||
{
|
{
|
||||||
conf->sig_hashes = hashes;
|
conf->sig_hashes = hashes;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
|
||||||
|
|
||||||
#if defined(MBEDTLS_ECP_C)
|
#if defined(MBEDTLS_ECP_C)
|
||||||
/*
|
/*
|
||||||
@ -6170,36 +6177,53 @@ void mbedtls_ssl_conf_curves( mbedtls_ssl_config *conf,
|
|||||||
{
|
{
|
||||||
conf->curve_list = curve_list;
|
conf->curve_list = curve_list;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* MBEDTLS_ECP_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
#if defined(MBEDTLS_X509_CRT_PARSE_C)
|
||||||
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
int mbedtls_ssl_set_hostname( mbedtls_ssl_context *ssl, const char *hostname )
|
||||||
{
|
{
|
||||||
size_t hostname_len;
|
/* Initialize to suppress unnecessary compiler warning */
|
||||||
|
size_t hostname_len = 0;
|
||||||
|
|
||||||
|
/* Check if new hostname is valid before
|
||||||
|
* making any change to current one */
|
||||||
|
if( hostname != NULL )
|
||||||
|
{
|
||||||
|
hostname_len = strlen( hostname );
|
||||||
|
|
||||||
|
if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
|
||||||
|
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Now it's clear that we will overwrite the old hostname,
|
||||||
|
* so we can free it safely */
|
||||||
|
|
||||||
|
if( ssl->hostname != NULL )
|
||||||
|
{
|
||||||
|
mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
|
||||||
|
mbedtls_free( ssl->hostname );
|
||||||
|
}
|
||||||
|
|
||||||
|
/* Passing NULL as hostname shall clear the old one */
|
||||||
|
|
||||||
if( hostname == NULL )
|
if( hostname == NULL )
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
{
|
||||||
|
ssl->hostname = NULL;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
|
||||||
|
if( ssl->hostname == NULL )
|
||||||
|
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
||||||
|
|
||||||
hostname_len = strlen( hostname );
|
memcpy( ssl->hostname, hostname, hostname_len );
|
||||||
|
|
||||||
if( hostname_len + 1 == 0 )
|
ssl->hostname[hostname_len] = '\0';
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
}
|
||||||
|
|
||||||
if( hostname_len > MBEDTLS_SSL_MAX_HOST_NAME_LEN )
|
|
||||||
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
ssl->hostname = mbedtls_calloc( 1, hostname_len + 1 );
|
|
||||||
|
|
||||||
if( ssl->hostname == NULL )
|
|
||||||
return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
|
|
||||||
|
|
||||||
memcpy( ssl->hostname, hostname, hostname_len );
|
|
||||||
|
|
||||||
ssl->hostname[hostname_len] = '\0';
|
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* MBEDTLS_X509_CRT_PARSE_C */
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
|
||||||
void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
|
void mbedtls_ssl_conf_sni( mbedtls_ssl_config *conf,
|
||||||
@ -6859,7 +6883,6 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
|
||||||
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
if( ssl->in_msgtype == MBEDTLS_SSL_MSG_HANDSHAKE )
|
||||||
{
|
{
|
||||||
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
MBEDTLS_SSL_DEBUG_MSG( 1, ( "received handshake message" ) );
|
||||||
@ -6901,12 +6924,35 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_SRV_C */
|
#endif /* MBEDTLS_SSL_SRV_C */
|
||||||
|
|
||||||
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
/* Determine whether renegotiation attempt should be accepted */
|
/* Determine whether renegotiation attempt should be accepted */
|
||||||
|
if( ! ( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
|
||||||
|
( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
||||||
|
ssl->conf->allow_legacy_renegotiation ==
|
||||||
|
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) ) )
|
||||||
|
{
|
||||||
|
/*
|
||||||
|
* Accept renegotiation request
|
||||||
|
*/
|
||||||
|
|
||||||
if( ssl->conf->disable_renegotiation == MBEDTLS_SSL_RENEGOTIATION_DISABLED ||
|
/* DTLS clients need to know renego is server-initiated */
|
||||||
( ssl->secure_renegotiation == MBEDTLS_SSL_LEGACY_RENEGOTIATION &&
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
ssl->conf->allow_legacy_renegotiation ==
|
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
||||||
MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION ) )
|
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
||||||
|
{
|
||||||
|
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
ret = ssl_start_renegotiation( ssl );
|
||||||
|
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
|
||||||
|
ret != 0 )
|
||||||
|
{
|
||||||
|
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
#endif /* MBEDTLS_SSL_RENEGOTIATION */
|
||||||
{
|
{
|
||||||
/*
|
/*
|
||||||
* Refuse renegotiation
|
* Refuse renegotiation
|
||||||
@ -6944,31 +6990,10 @@ int mbedtls_ssl_read( mbedtls_ssl_context *ssl, unsigned char *buf, size_t len )
|
|||||||
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else
|
|
||||||
{
|
|
||||||
/*
|
|
||||||
* Accept renegotiation request
|
|
||||||
*/
|
|
||||||
|
|
||||||
/* DTLS clients need to know renego is server-initiated */
|
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
|
||||||
if( ssl->conf->transport == MBEDTLS_SSL_TRANSPORT_DATAGRAM &&
|
|
||||||
ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
|
|
||||||
{
|
|
||||||
ssl->renego_status = MBEDTLS_SSL_RENEGOTIATION_PENDING;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
ret = ssl_start_renegotiation( ssl );
|
|
||||||
if( ret != MBEDTLS_ERR_SSL_WAITING_SERVER_HELLO_RENEGO &&
|
|
||||||
ret != 0 )
|
|
||||||
{
|
|
||||||
MBEDTLS_SSL_DEBUG_RET( 1, "ssl_start_renegotiation", ret );
|
|
||||||
return( ret );
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return( MBEDTLS_ERR_SSL_WANT_READ );
|
return( MBEDTLS_ERR_SSL_WANT_READ );
|
||||||
}
|
}
|
||||||
|
#if defined(MBEDTLS_SSL_RENEGOTIATION)
|
||||||
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
else if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_PENDING )
|
||||||
{
|
{
|
||||||
if( ssl->conf->renego_max_records >= 0 )
|
if( ssl->conf->renego_max_records >= 0 )
|
||||||
@ -7054,7 +7079,9 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
int ret;
|
int ret;
|
||||||
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
|
||||||
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
|
size_t max_len = mbedtls_ssl_get_max_frag_len( ssl );
|
||||||
|
#else
|
||||||
|
size_t max_len = MBEDTLS_SSL_MAX_CONTENT_LEN;
|
||||||
|
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
||||||
if( len > max_len )
|
if( len > max_len )
|
||||||
{
|
{
|
||||||
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
#if defined(MBEDTLS_SSL_PROTO_DTLS)
|
||||||
@ -7069,7 +7096,6 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
#endif
|
#endif
|
||||||
len = max_len;
|
len = max_len;
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
|
|
||||||
|
|
||||||
if( ssl->out_left != 0 )
|
if( ssl->out_left != 0 )
|
||||||
{
|
{
|
||||||
@ -7100,7 +7126,7 @@ static int ssl_write_real( mbedtls_ssl_context *ssl,
|
|||||||
*
|
*
|
||||||
* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
|
* With non-blocking I/O, ssl_write_real() may return WANT_WRITE,
|
||||||
* then the caller will call us again with the same arguments, so
|
* then the caller will call us again with the same arguments, so
|
||||||
* remember wether we already did the split or not.
|
* remember whether we already did the split or not.
|
||||||
*/
|
*/
|
||||||
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
#if defined(MBEDTLS_SSL_CBC_RECORD_SPLITTING)
|
||||||
static int ssl_write_split( mbedtls_ssl_context *ssl,
|
static int ssl_write_split( mbedtls_ssl_context *ssl,
|
||||||
|
@ -496,29 +496,35 @@ static int x509_parse_int( unsigned char **p, size_t n, int *res )
|
|||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
|
|
||||||
static int x509_date_is_valid(const mbedtls_x509_time *time)
|
static int x509_date_is_valid(const mbedtls_x509_time *t )
|
||||||
{
|
{
|
||||||
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
|
int ret = MBEDTLS_ERR_X509_INVALID_DATE;
|
||||||
|
int month_len;
|
||||||
|
|
||||||
CHECK_RANGE( 0, 9999, time->year );
|
CHECK_RANGE( 0, 9999, t->year );
|
||||||
CHECK_RANGE( 0, 23, time->hour );
|
CHECK_RANGE( 0, 23, t->hour );
|
||||||
CHECK_RANGE( 0, 59, time->min );
|
CHECK_RANGE( 0, 59, t->min );
|
||||||
CHECK_RANGE( 0, 59, time->sec );
|
CHECK_RANGE( 0, 59, t->sec );
|
||||||
|
|
||||||
switch( time->mon )
|
switch( t->mon )
|
||||||
{
|
{
|
||||||
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
|
case 1: case 3: case 5: case 7: case 8: case 10: case 12:
|
||||||
CHECK_RANGE( 1, 31, time->day );
|
month_len = 31;
|
||||||
break;
|
break;
|
||||||
case 4: case 6: case 9: case 11:
|
case 4: case 6: case 9: case 11:
|
||||||
CHECK_RANGE( 1, 30, time->day );
|
month_len = 30;
|
||||||
break;
|
break;
|
||||||
case 2:
|
case 2:
|
||||||
CHECK_RANGE( 1, 28 + (time->year % 4 == 0), time->day );
|
if( ( !( t->year % 4 ) && t->year % 100 ) ||
|
||||||
|
!( t->year % 400 ) )
|
||||||
|
month_len = 29;
|
||||||
|
else
|
||||||
|
month_len = 28;
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
CHECK_RANGE( 1, month_len, t->day );
|
||||||
|
|
||||||
return( 0 );
|
return( 0 );
|
||||||
}
|
}
|
||||||
@ -528,7 +534,7 @@ static int x509_date_is_valid(const mbedtls_x509_time *time)
|
|||||||
* field.
|
* field.
|
||||||
*/
|
*/
|
||||||
static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
|
static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
|
||||||
mbedtls_x509_time *time )
|
mbedtls_x509_time *tm )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
@ -542,26 +548,26 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
|
|||||||
/*
|
/*
|
||||||
* Parse year, month, day, hour, minute
|
* Parse year, month, day, hour, minute
|
||||||
*/
|
*/
|
||||||
CHECK( x509_parse_int( p, yearlen, &time->year ) );
|
CHECK( x509_parse_int( p, yearlen, &tm->year ) );
|
||||||
if ( 2 == yearlen )
|
if ( 2 == yearlen )
|
||||||
{
|
{
|
||||||
if ( time->year < 50 )
|
if ( tm->year < 50 )
|
||||||
time->year += 100;
|
tm->year += 100;
|
||||||
|
|
||||||
time->year += 1900;
|
tm->year += 1900;
|
||||||
}
|
}
|
||||||
|
|
||||||
CHECK( x509_parse_int( p, 2, &time->mon ) );
|
CHECK( x509_parse_int( p, 2, &tm->mon ) );
|
||||||
CHECK( x509_parse_int( p, 2, &time->day ) );
|
CHECK( x509_parse_int( p, 2, &tm->day ) );
|
||||||
CHECK( x509_parse_int( p, 2, &time->hour ) );
|
CHECK( x509_parse_int( p, 2, &tm->hour ) );
|
||||||
CHECK( x509_parse_int( p, 2, &time->min ) );
|
CHECK( x509_parse_int( p, 2, &tm->min ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Parse seconds if present
|
* Parse seconds if present
|
||||||
*/
|
*/
|
||||||
if ( len >= 2 )
|
if ( len >= 2 )
|
||||||
{
|
{
|
||||||
CHECK( x509_parse_int( p, 2, &time->sec ) );
|
CHECK( x509_parse_int( p, 2, &tm->sec ) );
|
||||||
len -= 2;
|
len -= 2;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -582,7 +588,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
|
|||||||
if ( 0 != len )
|
if ( 0 != len )
|
||||||
return ( MBEDTLS_ERR_X509_INVALID_DATE );
|
return ( MBEDTLS_ERR_X509_INVALID_DATE );
|
||||||
|
|
||||||
CHECK( x509_date_is_valid( time ) );
|
CHECK( x509_date_is_valid( tm ) );
|
||||||
|
|
||||||
return ( 0 );
|
return ( 0 );
|
||||||
}
|
}
|
||||||
@ -593,7 +599,7 @@ static int x509_parse_time( unsigned char **p, size_t len, size_t yearlen,
|
|||||||
* generalTime GeneralizedTime }
|
* generalTime GeneralizedTime }
|
||||||
*/
|
*/
|
||||||
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
||||||
mbedtls_x509_time *time )
|
mbedtls_x509_time *tm )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len, year_len;
|
size_t len, year_len;
|
||||||
@ -619,7 +625,7 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
|
return( MBEDTLS_ERR_X509_INVALID_DATE + ret );
|
||||||
|
|
||||||
return x509_parse_time( p, len, year_len, time );
|
return x509_parse_time( p, len, year_len, tm );
|
||||||
}
|
}
|
||||||
|
|
||||||
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
|
int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x509_buf *sig )
|
||||||
|
@ -2061,8 +2061,8 @@ static int x509_crt_verify_child(
|
|||||||
/* path_cnt is 0 for the first intermediate CA */
|
/* path_cnt is 0 for the first intermediate CA */
|
||||||
if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
|
if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
|
||||||
{
|
{
|
||||||
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
|
/* return immediately as the goal is to avoid unbounded recursion */
|
||||||
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
|
return( MBEDTLS_ERR_X509_FATAL_ERROR );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( mbedtls_x509_time_is_past( &child->valid_to ) )
|
if( mbedtls_x509_time_is_past( &child->valid_to ) )
|
||||||
@ -2206,11 +2206,14 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||||||
mbedtls_x509_sequence *cur = NULL;
|
mbedtls_x509_sequence *cur = NULL;
|
||||||
mbedtls_pk_type_t pk_type;
|
mbedtls_pk_type_t pk_type;
|
||||||
|
|
||||||
if( profile == NULL )
|
|
||||||
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
|
|
||||||
|
|
||||||
*flags = 0;
|
*flags = 0;
|
||||||
|
|
||||||
|
if( profile == NULL )
|
||||||
|
{
|
||||||
|
ret = MBEDTLS_ERR_X509_BAD_INPUT_DATA;
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
if( cn != NULL )
|
if( cn != NULL )
|
||||||
{
|
{
|
||||||
name = &crt->subject;
|
name = &crt->subject;
|
||||||
@ -2284,7 +2287,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||||||
ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
|
ret = x509_crt_verify_top( crt, parent, ca_crl, profile,
|
||||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
goto exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -2299,17 +2302,30 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
|
|||||||
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
|
ret = x509_crt_verify_child( crt, parent, trust_ca, ca_crl, profile,
|
||||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
goto exit;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
|
ret = x509_crt_verify_top( crt, trust_ca, ca_crl, profile,
|
||||||
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
pathlen, selfsigned, flags, f_vrfy, p_vrfy );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
return( ret );
|
goto exit;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
exit:
|
||||||
|
/* prevent misuse of the vrfy callback - VERIFY_FAILED would be ignored by
|
||||||
|
* the SSL module for authmode optional, but non-zero return from the
|
||||||
|
* callback means a fatal error so it shouldn't be ignored */
|
||||||
|
if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
|
||||||
|
ret = MBEDTLS_ERR_X509_FATAL_ERROR;
|
||||||
|
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
*flags = (uint32_t) -1;
|
||||||
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
if( *flags != 0 )
|
if( *flags != 0 )
|
||||||
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
|
return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
|
||||||
|
|
||||||
|
@ -51,7 +51,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||||||
|
|
||||||
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
|
void mbedtls_x509write_crt_init( mbedtls_x509write_cert *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof(mbedtls_x509write_cert) );
|
memset( ctx, 0, sizeof( mbedtls_x509write_cert ) );
|
||||||
|
|
||||||
mbedtls_mpi_init( &ctx->serial );
|
mbedtls_mpi_init( &ctx->serial );
|
||||||
ctx->version = MBEDTLS_X509_CRT_VERSION_3;
|
ctx->version = MBEDTLS_X509_CRT_VERSION_3;
|
||||||
@ -65,7 +65,7 @@ void mbedtls_x509write_crt_free( mbedtls_x509write_cert *ctx )
|
|||||||
mbedtls_asn1_free_named_data_list( &ctx->issuer );
|
mbedtls_asn1_free_named_data_list( &ctx->issuer );
|
||||||
mbedtls_asn1_free_named_data_list( &ctx->extensions );
|
mbedtls_asn1_free_named_data_list( &ctx->extensions );
|
||||||
|
|
||||||
mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_cert) );
|
mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_cert ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
|
void mbedtls_x509write_crt_set_version( mbedtls_x509write_cert *ctx, int version )
|
||||||
@ -193,14 +193,14 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
|
||||||
unsigned char *c = buf + sizeof(buf);
|
unsigned char *c = buf + sizeof( buf );
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
|
||||||
memset( buf, 0, sizeof(buf) );
|
memset( buf, 0, sizeof(buf) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_pk_write_pubkey( &c, buf, ctx->issuer_key ) );
|
||||||
|
|
||||||
mbedtls_sha1( buf + sizeof(buf) - len, len, buf + sizeof(buf) - 20 );
|
mbedtls_sha1( buf + sizeof( buf ) - len, len, buf + sizeof( buf ) - 20 );
|
||||||
c = buf + sizeof(buf) - 20;
|
c = buf + sizeof( buf ) - 20;
|
||||||
len = 20;
|
len = 20;
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, buf, len ) );
|
||||||
@ -212,7 +212,7 @@ int mbedtls_x509write_crt_set_authority_key_identifier( mbedtls_x509write_cert *
|
|||||||
|
|
||||||
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
|
return mbedtls_x509write_crt_set_extension( ctx, MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER,
|
||||||
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
|
MBEDTLS_OID_SIZE( MBEDTLS_OID_AUTHORITY_KEY_IDENTIFIER ),
|
||||||
0, buf + sizeof(buf) - len, len );
|
0, buf + sizeof( buf ) - len, len );
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
|
||||||
@ -264,7 +264,7 @@ int mbedtls_x509write_crt_set_ns_cert_type( mbedtls_x509write_cert *ctx,
|
|||||||
}
|
}
|
||||||
|
|
||||||
static int x509_write_time( unsigned char **p, unsigned char *start,
|
static int x509_write_time( unsigned char **p, unsigned char *start,
|
||||||
const char *time, size_t size )
|
const char *t, size_t size )
|
||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
@ -272,10 +272,10 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
|
|||||||
/*
|
/*
|
||||||
* write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
|
* write MBEDTLS_ASN1_UTC_TIME if year < 2050 (2 bytes shorter)
|
||||||
*/
|
*/
|
||||||
if( time[0] == '2' && time[1] == '0' && time [2] < '5' )
|
if( t[0] == '2' && t[1] == '0' && t[2] < '5' )
|
||||||
{
|
{
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
||||||
(const unsigned char *) time + 2,
|
(const unsigned char *) t + 2,
|
||||||
size - 2 ) );
|
size - 2 ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_UTC_TIME ) );
|
||||||
@ -283,7 +283,7 @@ static int x509_write_time( unsigned char **p, unsigned char *start,
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_raw_buffer( p, start,
|
||||||
(const unsigned char *) time,
|
(const unsigned char *) t,
|
||||||
size ) );
|
size ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( p, start, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( p, start, MBEDTLS_ASN1_GENERALIZED_TIME ) );
|
||||||
@ -313,12 +313,18 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
|
|||||||
c = tmp_buf + sizeof( tmp_buf );
|
c = tmp_buf + sizeof( tmp_buf );
|
||||||
|
|
||||||
/* Signature algorithm needed in TBS, and later for actual signature */
|
/* Signature algorithm needed in TBS, and later for actual signature */
|
||||||
pk_alg = mbedtls_pk_get_type( ctx->issuer_key );
|
|
||||||
if( pk_alg == MBEDTLS_PK_ECKEY )
|
/* There's no direct way of extracting a signature algorithm
|
||||||
|
* (represented as an element of mbedtls_pk_type_t) from a PK instance. */
|
||||||
|
if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_RSA ) )
|
||||||
|
pk_alg = MBEDTLS_PK_RSA;
|
||||||
|
else if( mbedtls_pk_can_do( ctx->issuer_key, MBEDTLS_PK_ECDSA ) )
|
||||||
pk_alg = MBEDTLS_PK_ECDSA;
|
pk_alg = MBEDTLS_PK_ECDSA;
|
||||||
|
else
|
||||||
|
return( MBEDTLS_ERR_X509_INVALID_ALG );
|
||||||
|
|
||||||
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
||||||
&sig_oid, &sig_oid_len ) ) != 0 )
|
&sig_oid, &sig_oid_len ) ) != 0 )
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
@ -326,13 +332,18 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
|
|||||||
/*
|
/*
|
||||||
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
* Extensions ::= SEQUENCE SIZE (1..MAX) OF Extension
|
||||||
*/
|
*/
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
/* Only for v3 */
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
if( ctx->version == MBEDTLS_X509_CRT_VERSION_3 )
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
{
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_x509_write_extensions( &c, tmp_buf, ctx->extensions ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
||||||
|
MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | 3 ) );
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* SubjectPublicKeyInfo
|
* SubjectPublicKeyInfo
|
||||||
@ -384,16 +395,21 @@ int mbedtls_x509write_crt_der( mbedtls_x509write_cert *ctx, unsigned char *buf,
|
|||||||
/*
|
/*
|
||||||
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||||
*/
|
*/
|
||||||
sub_len = 0;
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
|
/* Can be omitted for v1 */
|
||||||
len += sub_len;
|
if( ctx->version != MBEDTLS_X509_CRT_VERSION_1 )
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
|
{
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
sub_len = 0;
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
|
MBEDTLS_ASN1_CHK_ADD( sub_len, mbedtls_asn1_write_int( &c, tmp_buf, ctx->version ) );
|
||||||
|
len += sub_len;
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, sub_len ) );
|
||||||
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONTEXT_SPECIFIC |
|
||||||
|
MBEDTLS_ASN1_CONSTRUCTED | 0 ) );
|
||||||
|
}
|
||||||
|
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_len( &c, tmp_buf, len ) );
|
||||||
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
MBEDTLS_ASN1_CHK_ADD( len, mbedtls_asn1_write_tag( &c, tmp_buf, MBEDTLS_ASN1_CONSTRUCTED |
|
||||||
MBEDTLS_ASN1_SEQUENCE ) );
|
MBEDTLS_ASN1_SEQUENCE ) );
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Make signature
|
* Make signature
|
||||||
|
@ -50,7 +50,7 @@ static void mbedtls_zeroize( void *v, size_t n ) {
|
|||||||
|
|
||||||
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
|
void mbedtls_x509write_csr_init( mbedtls_x509write_csr *ctx )
|
||||||
{
|
{
|
||||||
memset( ctx, 0, sizeof(mbedtls_x509write_csr) );
|
memset( ctx, 0, sizeof( mbedtls_x509write_csr ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
|
void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
|
||||||
@ -58,7 +58,7 @@ void mbedtls_x509write_csr_free( mbedtls_x509write_csr *ctx )
|
|||||||
mbedtls_asn1_free_named_data_list( &ctx->subject );
|
mbedtls_asn1_free_named_data_list( &ctx->subject );
|
||||||
mbedtls_asn1_free_named_data_list( &ctx->extensions );
|
mbedtls_asn1_free_named_data_list( &ctx->extensions );
|
||||||
|
|
||||||
mbedtls_zeroize( ctx, sizeof(mbedtls_x509write_csr) );
|
mbedtls_zeroize( ctx, sizeof( mbedtls_x509write_csr ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
|
void mbedtls_x509write_csr_set_md_alg( mbedtls_x509write_csr *ctx, mbedtls_md_type_t md_alg )
|
||||||
@ -194,14 +194,21 @@ int mbedtls_x509write_csr_der( mbedtls_x509write_csr *ctx, unsigned char *buf, s
|
|||||||
*/
|
*/
|
||||||
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
mbedtls_md( mbedtls_md_info_from_type( ctx->md_alg ), c, len, hash );
|
||||||
|
|
||||||
pk_alg = mbedtls_pk_get_type( ctx->key );
|
|
||||||
if( pk_alg == MBEDTLS_PK_ECKEY )
|
|
||||||
pk_alg = MBEDTLS_PK_ECDSA;
|
|
||||||
|
|
||||||
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
if( ( ret = mbedtls_pk_sign( ctx->key, ctx->md_alg, hash, 0, sig, &sig_len,
|
||||||
f_rng, p_rng ) ) != 0 ||
|
f_rng, p_rng ) ) != 0 )
|
||||||
( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
{
|
||||||
&sig_oid, &sig_oid_len ) ) != 0 )
|
return( ret );
|
||||||
|
}
|
||||||
|
|
||||||
|
if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_RSA ) )
|
||||||
|
pk_alg = MBEDTLS_PK_RSA;
|
||||||
|
else if( mbedtls_pk_can_do( ctx->key, MBEDTLS_PK_ECDSA ) )
|
||||||
|
pk_alg = MBEDTLS_PK_ECDSA;
|
||||||
|
else
|
||||||
|
return( MBEDTLS_ERR_X509_INVALID_ALG );
|
||||||
|
|
||||||
|
if( ( ret = mbedtls_oid_get_oid_by_sig_alg( pk_alg, ctx->md_alg,
|
||||||
|
&sig_oid, &sig_oid_len ) ) != 0 )
|
||||||
{
|
{
|
||||||
return( ret );
|
return( ret );
|
||||||
}
|
}
|
||||||
|
@ -79,7 +79,9 @@ int main( int argc, char *argv[] )
|
|||||||
FILE *fkey, *fin = NULL, *fout = NULL;
|
FILE *fkey, *fin = NULL, *fout = NULL;
|
||||||
|
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
unsigned char IV[16];
|
unsigned char IV[16];
|
||||||
|
unsigned char tmp[16];
|
||||||
unsigned char key[512];
|
unsigned char key[512];
|
||||||
unsigned char digest[32];
|
unsigned char digest[32];
|
||||||
unsigned char buffer[1024];
|
unsigned char buffer[1024];
|
||||||
@ -123,10 +125,10 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
mode = atoi( argv[1] );
|
mode = atoi( argv[1] );
|
||||||
memset(IV, 0, sizeof(IV));
|
memset( IV, 0, sizeof( IV ) );
|
||||||
memset(key, 0, sizeof(key));
|
memset( key, 0, sizeof( key ) );
|
||||||
memset(digest, 0, sizeof(digest));
|
memset( digest, 0, sizeof( digest ) );
|
||||||
memset(buffer, 0, sizeof(buffer));
|
memset( buffer, 0, sizeof( buffer ) );
|
||||||
|
|
||||||
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
|
if( mode != MODE_ENCRYPT && mode != MODE_DECRYPT )
|
||||||
{
|
{
|
||||||
@ -153,7 +155,7 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read the secret key and clean the command line.
|
* Read the secret key from file or command line
|
||||||
*/
|
*/
|
||||||
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
|
if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
|
||||||
{
|
{
|
||||||
@ -185,8 +187,6 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( argv[4], 0, strlen( argv[4] ) );
|
|
||||||
|
|
||||||
#if defined(_WIN32_WCE)
|
#if defined(_WIN32_WCE)
|
||||||
filesize = fseek( fin, 0L, SEEK_END );
|
filesize = fseek( fin, 0L, SEEK_END );
|
||||||
#else
|
#else
|
||||||
@ -272,7 +272,6 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_md_finish( &sha_ctx, digest );
|
mbedtls_md_finish( &sha_ctx, digest );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( key, 0, sizeof( key ) );
|
|
||||||
mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
|
mbedtls_aes_setkey_enc( &aes_ctx, digest, 256 );
|
||||||
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
|
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
|
||||||
|
|
||||||
@ -319,8 +318,6 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
if( mode == MODE_DECRYPT )
|
if( mode == MODE_DECRYPT )
|
||||||
{
|
{
|
||||||
unsigned char tmp[16];
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* The encrypted file must be structured as follows:
|
* The encrypted file must be structured as follows:
|
||||||
*
|
*
|
||||||
@ -374,7 +371,6 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_md_finish( &sha_ctx, digest );
|
mbedtls_md_finish( &sha_ctx, digest );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( key, 0, sizeof( key ) );
|
|
||||||
mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
|
mbedtls_aes_setkey_dec( &aes_ctx, digest, 256 );
|
||||||
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
|
mbedtls_md_hmac_starts( &sha_ctx, digest, 32 );
|
||||||
|
|
||||||
@ -441,6 +437,15 @@ exit:
|
|||||||
if( fout )
|
if( fout )
|
||||||
fclose( fout );
|
fclose( fout );
|
||||||
|
|
||||||
|
/* Zeroize all command line arguments to also cover
|
||||||
|
the case when the user has missed or reordered some,
|
||||||
|
in which case the key might not be in argv[4]. */
|
||||||
|
for( i = 0; i < (unsigned int) argc; i++ )
|
||||||
|
memset( argv[i], 0, strlen( argv[i] ) );
|
||||||
|
|
||||||
|
memset( IV, 0, sizeof( IV ) );
|
||||||
|
memset( key, 0, sizeof( key ) );
|
||||||
|
memset( tmp, 0, sizeof( tmp ) );
|
||||||
memset( buffer, 0, sizeof( buffer ) );
|
memset( buffer, 0, sizeof( buffer ) );
|
||||||
memset( digest, 0, sizeof( digest ) );
|
memset( digest, 0, sizeof( digest ) );
|
||||||
|
|
||||||
|
@ -192,7 +192,7 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Read the secret key and clean the command line.
|
* Read the secret key from file or command line
|
||||||
*/
|
*/
|
||||||
if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
|
if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
|
||||||
{
|
{
|
||||||
@ -224,8 +224,6 @@ int main( int argc, char *argv[] )
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( argv[6], 0, strlen( argv[6] ) );
|
|
||||||
|
|
||||||
#if defined(_WIN32_WCE)
|
#if defined(_WIN32_WCE)
|
||||||
filesize = fseek( fin, 0L, SEEK_END );
|
filesize = fseek( fin, 0L, SEEK_END );
|
||||||
#else
|
#else
|
||||||
@ -303,8 +301,6 @@ int main( int argc, char *argv[] )
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( key, 0, sizeof( key ) );
|
|
||||||
|
|
||||||
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
|
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
|
||||||
MBEDTLS_ENCRYPT ) != 0 )
|
MBEDTLS_ENCRYPT ) != 0 )
|
||||||
{
|
{
|
||||||
@ -444,8 +440,6 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_md_finish( &md_ctx, digest );
|
mbedtls_md_finish( &md_ctx, digest );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( key, 0, sizeof( key ) );
|
|
||||||
|
|
||||||
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
|
if( mbedtls_cipher_setkey( &cipher_ctx, digest, cipher_info->key_bitlen,
|
||||||
MBEDTLS_DECRYPT ) != 0 )
|
MBEDTLS_DECRYPT ) != 0 )
|
||||||
{
|
{
|
||||||
@ -540,7 +534,16 @@ exit:
|
|||||||
if( fout )
|
if( fout )
|
||||||
fclose( fout );
|
fclose( fout );
|
||||||
|
|
||||||
|
/* Zeroize all command line arguments to also cover
|
||||||
|
the case when the user has missed or reordered some,
|
||||||
|
in which case the key might not be in argv[6]. */
|
||||||
|
for( i = 0; i < argc; i++ )
|
||||||
|
memset( argv[i], 0, strlen( argv[i] ) );
|
||||||
|
|
||||||
|
memset( IV, 0, sizeof( IV ) );
|
||||||
|
memset( key, 0, sizeof( key ) );
|
||||||
memset( buffer, 0, sizeof( buffer ) );
|
memset( buffer, 0, sizeof( buffer ) );
|
||||||
|
memset( output, 0, sizeof( output ) );
|
||||||
memset( digest, 0, sizeof( digest ) );
|
memset( digest, 0, sizeof( digest ) );
|
||||||
|
|
||||||
mbedtls_cipher_free( &cipher_ctx );
|
mbedtls_cipher_free( &cipher_ctx );
|
||||||
|
@ -203,7 +203,7 @@ int main( int argc, char *argv[] )
|
|||||||
/*
|
/*
|
||||||
* 4. Handshake
|
* 4. Handshake
|
||||||
*/
|
*/
|
||||||
mbedtls_printf( " . Performing the SSL/TLS handshake..." );
|
mbedtls_printf( " . Performing the DTLS handshake..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
do ret = mbedtls_ssl_handshake( &ssl );
|
do ret = mbedtls_ssl_handshake( &ssl );
|
||||||
|
@ -63,6 +63,9 @@ int main( void )
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
|
|
||||||
|
#define MAX_REQUEST_SIZE 20000
|
||||||
|
#define MAX_REQUEST_SIZE_STR "20000"
|
||||||
|
|
||||||
#define DFL_SERVER_NAME "localhost"
|
#define DFL_SERVER_NAME "localhost"
|
||||||
#define DFL_SERVER_ADDR NULL
|
#define DFL_SERVER_ADDR NULL
|
||||||
#define DFL_SERVER_PORT "4433"
|
#define DFL_SERVER_PORT "4433"
|
||||||
@ -242,8 +245,8 @@ int main( void )
|
|||||||
" server_addr=%%s default: given by name\n" \
|
" server_addr=%%s default: given by name\n" \
|
||||||
" server_port=%%d default: 4433\n" \
|
" server_port=%%d default: 4433\n" \
|
||||||
" request_page=%%s default: \".\"\n" \
|
" request_page=%%s default: \".\"\n" \
|
||||||
" request_size=%%d default: about 34 (basic request)\n" \
|
" request_size=%%d default: about 34 (basic request)\n" \
|
||||||
" (minimum: 0, max: 16384)\n" \
|
" (minimum: 0, max: " MAX_REQUEST_SIZE_STR " )\n" \
|
||||||
" debug_level=%%d default: 0 (disabled)\n" \
|
" debug_level=%%d default: 0 (disabled)\n" \
|
||||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||||
" options: 1 (non-blocking), 2 (added delays)\n" \
|
" options: 1 (non-blocking), 2 (added delays)\n" \
|
||||||
@ -437,7 +440,9 @@ int main( int argc, char *argv[] )
|
|||||||
{
|
{
|
||||||
int ret = 0, len, tail_len, i, written, frags, retry_left;
|
int ret = 0, len, tail_len, i, written, frags, retry_left;
|
||||||
mbedtls_net_context server_fd;
|
mbedtls_net_context server_fd;
|
||||||
unsigned char buf[MBEDTLS_SSL_MAX_CONTENT_LEN + 1];
|
|
||||||
|
unsigned char buf[MAX_REQUEST_SIZE + 1];
|
||||||
|
|
||||||
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
|
||||||
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
unsigned char psk[MBEDTLS_PSK_MAX_LEN];
|
||||||
size_t psk_len = 0;
|
size_t psk_len = 0;
|
||||||
@ -602,7 +607,8 @@ int main( int argc, char *argv[] )
|
|||||||
else if( strcmp( p, "request_size" ) == 0 )
|
else if( strcmp( p, "request_size" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.request_size = atoi( q );
|
opt.request_size = atoi( q );
|
||||||
if( opt.request_size < 0 || opt.request_size > MBEDTLS_SSL_MAX_CONTENT_LEN )
|
if( opt.request_size < 0 ||
|
||||||
|
opt.request_size > MAX_REQUEST_SIZE )
|
||||||
goto usage;
|
goto usage;
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "ca_file" ) == 0 )
|
else if( strcmp( p, "ca_file" ) == 0 )
|
||||||
@ -1494,8 +1500,8 @@ send_request:
|
|||||||
mbedtls_printf( " > Write to server:" );
|
mbedtls_printf( " > Write to server:" );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
len = mbedtls_snprintf( (char *) buf, sizeof(buf) - 1, GET_REQUEST,
|
len = mbedtls_snprintf( (char *) buf, sizeof( buf ) - 1, GET_REQUEST,
|
||||||
opt.request_page );
|
opt.request_page );
|
||||||
tail_len = (int) strlen( GET_REQUEST_END );
|
tail_len = (int) strlen( GET_REQUEST_END );
|
||||||
|
|
||||||
/* Add padding to GET request to reach opt.request_size in length */
|
/* Add padding to GET request to reach opt.request_size in length */
|
||||||
@ -1506,7 +1512,7 @@ send_request:
|
|||||||
len += opt.request_size - len - tail_len;
|
len += opt.request_size - len - tail_len;
|
||||||
}
|
}
|
||||||
|
|
||||||
strncpy( (char *) buf + len, GET_REQUEST_END, sizeof(buf) - len - 1 );
|
strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
|
||||||
len += tail_len;
|
len += tail_len;
|
||||||
|
|
||||||
/* Truncate if request size is smaller than the "natural" size */
|
/* Truncate if request size is smaller than the "natural" size */
|
||||||
@ -1550,6 +1556,12 @@ send_request:
|
|||||||
|
|
||||||
frags = 1;
|
frags = 1;
|
||||||
written = ret;
|
written = ret;
|
||||||
|
|
||||||
|
if( written < len )
|
||||||
|
{
|
||||||
|
mbedtls_printf( " warning\n ! request didn't fit into single datagram and "
|
||||||
|
"was truncated to size %u", (unsigned) written );
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
buf[written] = '\0';
|
buf[written] = '\0';
|
||||||
|
@ -326,7 +326,7 @@ int main( void )
|
|||||||
#define USAGE \
|
#define USAGE \
|
||||||
"\n usage: ssl_server2 param=<>...\n" \
|
"\n usage: ssl_server2 param=<>...\n" \
|
||||||
"\n acceptable parameters:\n" \
|
"\n acceptable parameters:\n" \
|
||||||
" server_addr=%%d default: (all interfaces)\n" \
|
" server_addr=%%s default: (all interfaces)\n" \
|
||||||
" server_port=%%d default: 4433\n" \
|
" server_port=%%d default: 4433\n" \
|
||||||
" debug_level=%%d default: 0 (disabled)\n" \
|
" debug_level=%%d default: 0 (disabled)\n" \
|
||||||
" nbio=%%d default: 0 (blocking I/O)\n" \
|
" nbio=%%d default: 0 (blocking I/O)\n" \
|
||||||
|
@ -126,7 +126,7 @@ do { \
|
|||||||
CODE; \
|
CODE; \
|
||||||
} \
|
} \
|
||||||
\
|
\
|
||||||
mbedtls_printf( "%9lu Kb/s, %9lu cycles/byte\n", \
|
mbedtls_printf( "%9lu KiB/s, %9lu cycles/byte\n", \
|
||||||
ii * BUFSIZE / 1024, \
|
ii * BUFSIZE / 1024, \
|
||||||
( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
|
( mbedtls_timing_hardclock() - tsc ) / ( jj * BUFSIZE ) ); \
|
||||||
} while( 0 )
|
} while( 0 )
|
||||||
|
@ -51,6 +51,7 @@ int main( void )
|
|||||||
#include "mbedtls/x509_csr.h"
|
#include "mbedtls/x509_csr.h"
|
||||||
#include "mbedtls/entropy.h"
|
#include "mbedtls/entropy.h"
|
||||||
#include "mbedtls/ctr_drbg.h"
|
#include "mbedtls/ctr_drbg.h"
|
||||||
|
#include "mbedtls/md.h"
|
||||||
#include "mbedtls/error.h"
|
#include "mbedtls/error.h"
|
||||||
|
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@ -59,9 +60,9 @@ int main( void )
|
|||||||
|
|
||||||
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
#if defined(MBEDTLS_X509_CSR_PARSE_C)
|
||||||
#define USAGE_CSR \
|
#define USAGE_CSR \
|
||||||
" request_file=%%s default: (empty)\n" \
|
" request_file=%%s default: (empty)\n" \
|
||||||
" If request_file is specified, subject_key,\n" \
|
" If request_file is specified, subject_key,\n" \
|
||||||
" subject_pwd and subject_name are ignored!\n"
|
" subject_pwd and subject_name are ignored!\n"
|
||||||
#else
|
#else
|
||||||
#define USAGE_CSR ""
|
#define USAGE_CSR ""
|
||||||
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
#endif /* MBEDTLS_X509_CSR_PARSE_C */
|
||||||
@ -83,50 +84,70 @@ int main( void )
|
|||||||
#define DFL_MAX_PATHLEN -1
|
#define DFL_MAX_PATHLEN -1
|
||||||
#define DFL_KEY_USAGE 0
|
#define DFL_KEY_USAGE 0
|
||||||
#define DFL_NS_CERT_TYPE 0
|
#define DFL_NS_CERT_TYPE 0
|
||||||
|
#define DFL_VERSION 3
|
||||||
|
#define DFL_AUTH_IDENT 1
|
||||||
|
#define DFL_SUBJ_IDENT 1
|
||||||
|
#define DFL_CONSTRAINTS 1
|
||||||
|
#define DFL_DIGEST MBEDTLS_MD_SHA256
|
||||||
|
|
||||||
#define USAGE \
|
#define USAGE \
|
||||||
"\n usage: cert_write param=<>...\n" \
|
"\n usage: cert_write param=<>...\n" \
|
||||||
"\n acceptable parameters:\n" \
|
"\n acceptable parameters:\n" \
|
||||||
USAGE_CSR \
|
USAGE_CSR \
|
||||||
" subject_key=%%s default: subject.key\n" \
|
" subject_key=%%s default: subject.key\n" \
|
||||||
" subject_pwd=%%s default: (empty)\n" \
|
" subject_pwd=%%s default: (empty)\n" \
|
||||||
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
|
" subject_name=%%s default: CN=Cert,O=mbed TLS,C=UK\n" \
|
||||||
"\n" \
|
"\n" \
|
||||||
" issuer_crt=%%s default: (empty)\n" \
|
" issuer_crt=%%s default: (empty)\n" \
|
||||||
" If issuer_crt is specified, issuer_name is\n" \
|
" If issuer_crt is specified, issuer_name is\n" \
|
||||||
" ignored!\n" \
|
" ignored!\n" \
|
||||||
" issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
|
" issuer_name=%%s default: CN=CA,O=mbed TLS,C=UK\n" \
|
||||||
"\n" \
|
"\n" \
|
||||||
" selfsign=%%d default: 0 (false)\n" \
|
" selfsign=%%d default: 0 (false)\n" \
|
||||||
" If selfsign is enabled, issuer_name and\n" \
|
" If selfsign is enabled, issuer_name and\n" \
|
||||||
" issuer_key are required (issuer_crt and\n" \
|
" issuer_key are required (issuer_crt and\n" \
|
||||||
" subject_* are ignored\n" \
|
" subject_* are ignored\n" \
|
||||||
" issuer_key=%%s default: ca.key\n" \
|
" issuer_key=%%s default: ca.key\n" \
|
||||||
" issuer_pwd=%%s default: (empty)\n" \
|
" issuer_pwd=%%s default: (empty)\n" \
|
||||||
" output_file=%%s default: cert.crt\n" \
|
" output_file=%%s default: cert.crt\n" \
|
||||||
" serial=%%s default: 1\n" \
|
" serial=%%s default: 1\n" \
|
||||||
" not_before=%%s default: 20010101000000\n"\
|
" not_before=%%s default: 20010101000000\n"\
|
||||||
" not_after=%%s default: 20301231235959\n"\
|
" not_after=%%s default: 20301231235959\n"\
|
||||||
" is_ca=%%d default: 0 (disabled)\n" \
|
" is_ca=%%d default: 0 (disabled)\n" \
|
||||||
" max_pathlen=%%d default: -1 (none)\n" \
|
" max_pathlen=%%d default: -1 (none)\n" \
|
||||||
" key_usage=%%s default: (empty)\n" \
|
" md=%%s default: SHA256\n" \
|
||||||
" Comma-separated-list of values:\n" \
|
" Supported values:\n" \
|
||||||
" digital_signature\n" \
|
" MD5, SHA1, SHA256, SHA512\n"\
|
||||||
" non_repudiation\n" \
|
" version=%%d default: 3\n" \
|
||||||
" key_encipherment\n" \
|
" Possible values: 1, 2, 3\n"\
|
||||||
" data_encipherment\n" \
|
" subject_identifier=%%s default: 1\n" \
|
||||||
" key_agreement\n" \
|
" Possible values: 0, 1\n" \
|
||||||
" key_cert_sign\n" \
|
" (Considered for v3 only)\n"\
|
||||||
" crl_sign\n" \
|
" authority_identifier=%%s default: 1\n" \
|
||||||
" ns_cert_type=%%s default: (empty)\n" \
|
" Possible values: 0, 1\n" \
|
||||||
" Comma-separated-list of values:\n" \
|
" (Considered for v3 only)\n"\
|
||||||
" ssl_client\n" \
|
" basic_constraints=%%d default: 1\n" \
|
||||||
" ssl_server\n" \
|
" Possible values: 0, 1\n" \
|
||||||
" email\n" \
|
" (Considered for v3 only)\n"\
|
||||||
" object_signing\n" \
|
" key_usage=%%s default: (empty)\n" \
|
||||||
" ssl_ca\n" \
|
" Comma-separated-list of values:\n" \
|
||||||
" email_ca\n" \
|
" digital_signature\n" \
|
||||||
" object_signing_ca\n" \
|
" non_repudiation\n" \
|
||||||
|
" key_encipherment\n" \
|
||||||
|
" data_encipherment\n" \
|
||||||
|
" key_agreement\n" \
|
||||||
|
" key_cert_sign\n" \
|
||||||
|
" crl_sign\n" \
|
||||||
|
" (Considered for v3 only)\n"\
|
||||||
|
" ns_cert_type=%%s default: (empty)\n" \
|
||||||
|
" Comma-separated-list of values:\n" \
|
||||||
|
" ssl_client\n" \
|
||||||
|
" ssl_server\n" \
|
||||||
|
" email\n" \
|
||||||
|
" object_signing\n" \
|
||||||
|
" ssl_ca\n" \
|
||||||
|
" email_ca\n" \
|
||||||
|
" object_signing_ca\n" \
|
||||||
"\n"
|
"\n"
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -149,6 +170,11 @@ struct options
|
|||||||
int selfsign; /* selfsign the certificate */
|
int selfsign; /* selfsign the certificate */
|
||||||
int is_ca; /* is a CA certificate */
|
int is_ca; /* is a CA certificate */
|
||||||
int max_pathlen; /* maximum CA path length */
|
int max_pathlen; /* maximum CA path length */
|
||||||
|
int authority_identifier; /* add authority identifier to CRT */
|
||||||
|
int subject_identifier; /* add subject identifier to CRT */
|
||||||
|
int basic_constraints; /* add basic constraints ext to CRT */
|
||||||
|
int version; /* CRT version */
|
||||||
|
mbedtls_md_type_t md; /* Hash used for signing */
|
||||||
unsigned char key_usage; /* key usage flags */
|
unsigned char key_usage; /* key usage flags */
|
||||||
unsigned char ns_cert_type; /* NS cert type */
|
unsigned char ns_cert_type; /* NS cert type */
|
||||||
} opt;
|
} opt;
|
||||||
@ -163,7 +189,8 @@ int write_certificate( mbedtls_x509write_cert *crt, const char *output_file,
|
|||||||
size_t len = 0;
|
size_t len = 0;
|
||||||
|
|
||||||
memset( output_buf, 0, 4096 );
|
memset( output_buf, 0, 4096 );
|
||||||
if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096, f_rng, p_rng ) ) < 0 )
|
if( ( ret = mbedtls_x509write_crt_pem( crt, output_buf, 4096,
|
||||||
|
f_rng, p_rng ) ) < 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
len = strlen( (char *) output_buf );
|
len = strlen( (char *) output_buf );
|
||||||
@ -207,7 +234,6 @@ int main( int argc, char *argv[] )
|
|||||||
* Set to sane values
|
* Set to sane values
|
||||||
*/
|
*/
|
||||||
mbedtls_x509write_crt_init( &crt );
|
mbedtls_x509write_crt_init( &crt );
|
||||||
mbedtls_x509write_crt_set_md_alg( &crt, MBEDTLS_MD_SHA256 );
|
|
||||||
mbedtls_pk_init( &loaded_issuer_key );
|
mbedtls_pk_init( &loaded_issuer_key );
|
||||||
mbedtls_pk_init( &loaded_subject_key );
|
mbedtls_pk_init( &loaded_subject_key );
|
||||||
mbedtls_mpi_init( &serial );
|
mbedtls_mpi_init( &serial );
|
||||||
@ -243,6 +269,11 @@ int main( int argc, char *argv[] )
|
|||||||
opt.max_pathlen = DFL_MAX_PATHLEN;
|
opt.max_pathlen = DFL_MAX_PATHLEN;
|
||||||
opt.key_usage = DFL_KEY_USAGE;
|
opt.key_usage = DFL_KEY_USAGE;
|
||||||
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
opt.ns_cert_type = DFL_NS_CERT_TYPE;
|
||||||
|
opt.version = DFL_VERSION - 1;
|
||||||
|
opt.md = DFL_DIGEST;
|
||||||
|
opt.subject_identifier = DFL_SUBJ_IDENT;
|
||||||
|
opt.authority_identifier = DFL_AUTH_IDENT;
|
||||||
|
opt.basic_constraints = DFL_CONSTRAINTS;
|
||||||
|
|
||||||
for( i = 1; i < argc; i++ )
|
for( i = 1; i < argc; i++ )
|
||||||
{
|
{
|
||||||
@ -286,23 +317,88 @@ int main( int argc, char *argv[] )
|
|||||||
{
|
{
|
||||||
opt.serial = q;
|
opt.serial = q;
|
||||||
}
|
}
|
||||||
|
else if( strcmp( p, "authority_identifier" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.authority_identifier = atoi( q );
|
||||||
|
if( opt.authority_identifier != 0 &&
|
||||||
|
opt.authority_identifier != 1 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( strcmp( p, "subject_identifier" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.subject_identifier = atoi( q );
|
||||||
|
if( opt.subject_identifier != 0 &&
|
||||||
|
opt.subject_identifier != 1 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( strcmp( p, "basic_constraints" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.basic_constraints = atoi( q );
|
||||||
|
if( opt.basic_constraints != 0 &&
|
||||||
|
opt.basic_constraints != 1 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( strcmp( p, "md" ) == 0 )
|
||||||
|
{
|
||||||
|
if( strcmp( q, "SHA1" ) == 0 )
|
||||||
|
opt.md = MBEDTLS_MD_SHA1;
|
||||||
|
else if( strcmp( q, "SHA256" ) == 0 )
|
||||||
|
opt.md = MBEDTLS_MD_SHA256;
|
||||||
|
else if( strcmp( q, "SHA512" ) == 0 )
|
||||||
|
opt.md = MBEDTLS_MD_SHA512;
|
||||||
|
else if( strcmp( q, "MD5" ) == 0 )
|
||||||
|
opt.md = MBEDTLS_MD_MD5;
|
||||||
|
else
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else if( strcmp( p, "version" ) == 0 )
|
||||||
|
{
|
||||||
|
opt.version = atoi( q );
|
||||||
|
if( opt.version < 1 || opt.version > 3 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
|
goto usage;
|
||||||
|
}
|
||||||
|
opt.version--;
|
||||||
|
}
|
||||||
else if( strcmp( p, "selfsign" ) == 0 )
|
else if( strcmp( p, "selfsign" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.selfsign = atoi( q );
|
opt.selfsign = atoi( q );
|
||||||
if( opt.selfsign < 0 || opt.selfsign > 1 )
|
if( opt.selfsign < 0 || opt.selfsign > 1 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "is_ca" ) == 0 )
|
else if( strcmp( p, "is_ca" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.is_ca = atoi( q );
|
opt.is_ca = atoi( q );
|
||||||
if( opt.is_ca < 0 || opt.is_ca > 1 )
|
if( opt.is_ca < 0 || opt.is_ca > 1 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "max_pathlen" ) == 0 )
|
else if( strcmp( p, "max_pathlen" ) == 0 )
|
||||||
{
|
{
|
||||||
opt.max_pathlen = atoi( q );
|
opt.max_pathlen = atoi( q );
|
||||||
if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
|
if( opt.max_pathlen < -1 || opt.max_pathlen > 127 )
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else if( strcmp( p, "key_usage" ) == 0 )
|
else if( strcmp( p, "key_usage" ) == 0 )
|
||||||
{
|
{
|
||||||
@ -326,7 +422,10 @@ int main( int argc, char *argv[] )
|
|||||||
else if( strcmp( q, "crl_sign" ) == 0 )
|
else if( strcmp( q, "crl_sign" ) == 0 )
|
||||||
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
|
opt.key_usage |= MBEDTLS_X509_KU_CRL_SIGN;
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
|
|
||||||
q = r;
|
q = r;
|
||||||
}
|
}
|
||||||
@ -353,7 +452,10 @@ int main( int argc, char *argv[] )
|
|||||||
else if( strcmp( q, "object_signing_ca" ) == 0 )
|
else if( strcmp( q, "object_signing_ca" ) == 0 )
|
||||||
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
|
||||||
else
|
else
|
||||||
|
{
|
||||||
|
mbedtls_printf( "Invalid argument for option %s\n", p );
|
||||||
goto usage;
|
goto usage;
|
||||||
|
}
|
||||||
|
|
||||||
q = r;
|
q = r;
|
||||||
}
|
}
|
||||||
@ -376,7 +478,8 @@ int main( int argc, char *argv[] )
|
|||||||
strlen( pers ) ) ) != 0 )
|
strlen( pers ) ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n", ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned %d - %s\n",
|
||||||
|
ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -390,7 +493,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
|
if( ( ret = mbedtls_mpi_read_string( &serial, 10, opt.serial ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_mpi_read_string "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -409,7 +513,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
|
if( ( ret = mbedtls_x509_crt_parse_file( &issuer_crt, opt.issuer_crt ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509_crt_parse_file "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -418,7 +523,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -441,7 +547,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
|
if( ( ret = mbedtls_x509_csr_parse_file( &csr, opt.request_file ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509_csr_parse_file "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -450,7 +557,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret < 0 )
|
if( ret < 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509_dn_gets "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -474,7 +582,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -489,7 +598,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile returned -x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_pk_parse_keyfile "
|
||||||
|
"returned -x%02x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -503,7 +613,8 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
|
mbedtls_mpi_cmp_mpi( &mbedtls_pk_rsa( issuer_crt.pk )->E,
|
||||||
&mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
|
&mbedtls_pk_rsa( *issuer_key )->E ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " failed\n ! issuer_key does not match issuer certificate\n\n" );
|
mbedtls_printf( " failed\n ! issuer_key does not match "
|
||||||
|
"issuer certificate\n\n" );
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
@ -526,25 +637,31 @@ int main( int argc, char *argv[] )
|
|||||||
if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
|
if( ( ret = mbedtls_x509write_crt_set_subject_name( &crt, opt.subject_name ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_name "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
|
if( ( ret = mbedtls_x509write_crt_set_issuer_name( &crt, opt.issuer_name ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_issuer_name "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_printf( " . Setting certificate values ..." );
|
mbedtls_printf( " . Setting certificate values ..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
|
|
||||||
|
mbedtls_x509write_crt_set_version( &crt, opt.version );
|
||||||
|
mbedtls_x509write_crt_set_md_alg( &crt, opt.md );
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
|
ret = mbedtls_x509write_crt_set_serial( &crt, &serial );
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_serial "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -552,55 +669,74 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_validity "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
|
|
||||||
mbedtls_printf( " . Adding the Basic Constraints extension ..." );
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
fflush( stdout );
|
opt.basic_constraints != 0 )
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
|
|
||||||
opt.max_pathlen );
|
|
||||||
if( ret != 0 )
|
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_printf( " . Adding the Basic Constraints extension ..." );
|
||||||
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints returned -0x%02x - %s\n\n", -ret, buf );
|
fflush( stdout );
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
ret = mbedtls_x509write_crt_set_basic_constraints( &crt, opt.is_ca,
|
||||||
|
opt.max_pathlen );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
|
mbedtls_printf( " failed\n ! x509write_crt_set_basic_contraints "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
}
|
||||||
|
|
||||||
#if defined(MBEDTLS_SHA1_C)
|
#if defined(MBEDTLS_SHA1_C)
|
||||||
mbedtls_printf( " . Adding the Subject Key Identifier ..." );
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
fflush( stdout );
|
opt.subject_identifier != 0 )
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
|
|
||||||
if( ret != 0 )
|
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_printf( " . Adding the Subject Key Identifier ..." );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
|
fflush( stdout );
|
||||||
goto exit;
|
|
||||||
|
ret = mbedtls_x509write_crt_set_subject_key_identifier( &crt );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_subject"
|
||||||
|
"_key_identifier returned -0x%04x - %s\n\n",
|
||||||
|
-ret, buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
|
opt.authority_identifier != 0 )
|
||||||
mbedtls_printf( " . Adding the Authority Key Identifier ..." );
|
|
||||||
fflush( stdout );
|
|
||||||
|
|
||||||
ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
|
|
||||||
if( ret != 0 )
|
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_printf( " . Adding the Authority Key Identifier ..." );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_key_identifier returned -0x%02x - %s\n\n", -ret, buf );
|
fflush( stdout );
|
||||||
goto exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
ret = mbedtls_x509write_crt_set_authority_key_identifier( &crt );
|
||||||
|
if( ret != 0 )
|
||||||
|
{
|
||||||
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_authority_"
|
||||||
|
"key_identifier returned -0x%04x - %s\n\n",
|
||||||
|
-ret, buf );
|
||||||
|
goto exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
mbedtls_printf( " ok\n" );
|
||||||
|
}
|
||||||
#endif /* MBEDTLS_SHA1_C */
|
#endif /* MBEDTLS_SHA1_C */
|
||||||
|
|
||||||
if( opt.key_usage )
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
|
opt.key_usage != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " . Adding the Key Usage extension ..." );
|
mbedtls_printf( " . Adding the Key Usage extension ..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
@ -609,14 +745,16 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_key_usage "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
mbedtls_printf( " ok\n" );
|
mbedtls_printf( " ok\n" );
|
||||||
}
|
}
|
||||||
|
|
||||||
if( opt.ns_cert_type )
|
if( opt.version == MBEDTLS_X509_CRT_VERSION_3 &&
|
||||||
|
opt.ns_cert_type != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_printf( " . Adding the NS Cert Type extension ..." );
|
mbedtls_printf( " . Adding the NS Cert Type extension ..." );
|
||||||
fflush( stdout );
|
fflush( stdout );
|
||||||
@ -625,7 +763,8 @@ int main( int argc, char *argv[] )
|
|||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type returned -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! mbedtls_x509write_crt_set_ns_cert_type "
|
||||||
|
"returned -0x%04x - %s\n\n", -ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -642,7 +781,8 @@ int main( int argc, char *argv[] )
|
|||||||
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
|
||||||
{
|
{
|
||||||
mbedtls_strerror( ret, buf, 1024 );
|
mbedtls_strerror( ret, buf, 1024 );
|
||||||
mbedtls_printf( " failed\n ! write_certifcate -0x%02x - %s\n\n", -ret, buf );
|
mbedtls_printf( " failed\n ! write_certificate -0x%04x - %s\n\n",
|
||||||
|
-ret, buf );
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,7 +56,7 @@ Commands
|
|||||||
unset <symbol> - Comments out the #define for the given symbol if
|
unset <symbol> - Comments out the #define for the given symbol if
|
||||||
present in the configuration file.
|
present in the configuration file.
|
||||||
get <symbol> - Finds the #define for the given symbol, returning
|
get <symbol> - Finds the #define for the given symbol, returning
|
||||||
an exitcode of 0 if the symbol is found, and -1 if
|
an exitcode of 0 if the symbol is found, and 1 if
|
||||||
not. The value of the symbol is output if one is
|
not. The value of the symbol is output if one is
|
||||||
specified in the configuration file.
|
specified in the configuration file.
|
||||||
full - Uncomments all #define's in the configuration file
|
full - Uncomments all #define's in the configuration file
|
||||||
@ -175,7 +175,10 @@ if ($action eq "realfull") {
|
|||||||
$no_exclude_re = join '|', @non_excluded;
|
$no_exclude_re = join '|', @non_excluded;
|
||||||
}
|
}
|
||||||
|
|
||||||
open my $config_write, '>', $config_file or die "write $config_file: $!\n";
|
my $config_write = undef;
|
||||||
|
if ($action ne "get") {
|
||||||
|
open $config_write, '>', $config_file or die "write $config_file: $!\n";
|
||||||
|
}
|
||||||
|
|
||||||
my $done;
|
my $done;
|
||||||
for my $line (@config_lines) {
|
for my $line (@config_lines) {
|
||||||
@ -205,17 +208,19 @@ for my $line (@config_lines) {
|
|||||||
$done = 1;
|
$done = 1;
|
||||||
}
|
}
|
||||||
} elsif (!$done && $action eq "get") {
|
} elsif (!$done && $action eq "get") {
|
||||||
if ($line =~ /^\s*#define\s*$name\s*(.*)\s*\b/) {
|
if ($line =~ /^\s*#define\s*$name(?:\s+(.*?))\s*(?:$|\/\*|\/\/)/) {
|
||||||
$value = $1;
|
$value = $1;
|
||||||
$done = 1;
|
$done = 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
print $config_write $line;
|
if (defined $config_write) {
|
||||||
|
print $config_write $line or die "write $config_file: $!\n";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
# Did the set command work?
|
# Did the set command work?
|
||||||
if ($action eq "set"&& $force_option && !$done) {
|
if ($action eq "set" && $force_option && !$done) {
|
||||||
|
|
||||||
# If the force option was set, append the symbol to the end of the file
|
# If the force option was set, append the symbol to the end of the file
|
||||||
my $line = "#define $name";
|
my $line = "#define $name";
|
||||||
@ -223,20 +228,22 @@ if ($action eq "set"&& $force_option && !$done) {
|
|||||||
$line .= "\n";
|
$line .= "\n";
|
||||||
$done = 1;
|
$done = 1;
|
||||||
|
|
||||||
print $config_write $line;
|
print $config_write $line or die "write $config_file: $!\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
close $config_write;
|
if (defined $config_write) {
|
||||||
|
close $config_write or die "close $config_file: $!\n";
|
||||||
|
}
|
||||||
|
|
||||||
if ($action eq "get") {
|
if ($action eq "get") {
|
||||||
if($done) {
|
if ($done) {
|
||||||
if ($value ne '') {
|
if ($value ne '') {
|
||||||
print $value;
|
print "$value\n";
|
||||||
}
|
}
|
||||||
exit 0;
|
exit 0;
|
||||||
} else {
|
} else {
|
||||||
# If the symbol was not found, return an error
|
# If the symbol was not found, return an error
|
||||||
exit -1;
|
exit 1;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2,8 +2,8 @@
|
|||||||
expression x, y;
|
expression x, y;
|
||||||
statement S;
|
statement S;
|
||||||
@@
|
@@
|
||||||
x = mbedtls_malloc(...);
|
x = mbedtls_calloc(...);
|
||||||
y = mbedtls_malloc(...);
|
y = mbedtls_calloc(...);
|
||||||
...
|
...
|
||||||
* if (x == NULL || y == NULL)
|
* if (x == NULL || y == NULL)
|
||||||
S
|
S
|
||||||
@ -13,8 +13,8 @@ expression x, y;
|
|||||||
statement S;
|
statement S;
|
||||||
@@
|
@@
|
||||||
if (
|
if (
|
||||||
* (x = mbedtls_malloc(...)) == NULL
|
* (x = mbedtls_calloc(...)) == NULL
|
||||||
||
|
||
|
||||||
* (y = mbedtls_malloc(...)) == NULL
|
* (y = mbedtls_calloc(...)) == NULL
|
||||||
)
|
)
|
||||||
S
|
S
|
||||||
|
@ -1,70 +0,0 @@
|
|||||||
#!/usr/bin/perl
|
|
||||||
|
|
||||||
# Check for malloc calls not shortly followed by initialisation.
|
|
||||||
#
|
|
||||||
# Known limitations:
|
|
||||||
# - false negative: can't see allocations spanning more than one line
|
|
||||||
# - possible false negatives, see patterns
|
|
||||||
# - false positive: malloc-malloc-init-init is not accepted
|
|
||||||
# - false positives: "non-standard" init functions (eg, the things being
|
|
||||||
# initialised is not the first arg, or initialise struct members)
|
|
||||||
#
|
|
||||||
# Since false positives are expected, the results must be manually reviewed.
|
|
||||||
#
|
|
||||||
# Typical usage: scripts/malloc-init.pl library/*.c
|
|
||||||
|
|
||||||
use warnings;
|
|
||||||
use strict;
|
|
||||||
|
|
||||||
use utf8;
|
|
||||||
use open qw(:std utf8);
|
|
||||||
|
|
||||||
my $limit = 7;
|
|
||||||
my $inits = qr/memset|memcpy|_init|fread|base64_..code/;
|
|
||||||
|
|
||||||
# cases to bear in mind:
|
|
||||||
#
|
|
||||||
# 0. foo = malloc(...); memset( foo, ... );
|
|
||||||
# 1. *foo = malloc(...); memset( *foo, ... );
|
|
||||||
# 2. type *foo = malloc(...); memset( foo, ...);
|
|
||||||
# 3. foo = malloc(...); foo_init( (type *) foo );
|
|
||||||
# 4. foo = malloc(...); for(i=0..n) { init( &foo[i] ); }
|
|
||||||
#
|
|
||||||
# The chosen patterns are a bit relaxed, but unlikely to cause false positives
|
|
||||||
# in real code (initialising *foo or &foo instead of foo will likely be caught
|
|
||||||
# by functional tests).
|
|
||||||
#
|
|
||||||
my $id = qr/([a-zA-Z-0-9_\->\.]*)/;
|
|
||||||
my $prefix = qr/\s(?:\*?|\&?|\([a-z_]* \*\))\s*/;
|
|
||||||
|
|
||||||
my $name;
|
|
||||||
my $line;
|
|
||||||
my @bad;
|
|
||||||
|
|
||||||
die "Usage: $0 file.c [...]\n" unless @ARGV;
|
|
||||||
|
|
||||||
while (my $file = shift @ARGV)
|
|
||||||
{
|
|
||||||
open my $fh, "<", $file or die "read $file failed: $!\n";
|
|
||||||
while (<$fh>)
|
|
||||||
{
|
|
||||||
if( /mbedtls_malloc\(/ ) {
|
|
||||||
if( /$id\s*=.*mbedtls_malloc\(/ ) {
|
|
||||||
push @bad, "$file:$line:$name" if $name;
|
|
||||||
$name = $1;
|
|
||||||
$line = $.;
|
|
||||||
} else {
|
|
||||||
push @bad, "$file:$.:???" unless /return mbedtls_malloc/;
|
|
||||||
}
|
|
||||||
} elsif( $name && /(?:$inits)\($prefix\Q$name\E\b/ ) {
|
|
||||||
undef $name;
|
|
||||||
} elsif( $name && $. - $line > $limit ) {
|
|
||||||
push @bad, "$file:$line:$name";
|
|
||||||
undef $name;
|
|
||||||
undef $line;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
close $fh or die;
|
|
||||||
}
|
|
||||||
|
|
||||||
print "$_\n" for @bad;
|
|
7
scripts/rm-calloc-cast.cocci
Normal file
7
scripts/rm-calloc-cast.cocci
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
@rm_calloc_cast@
|
||||||
|
expression x, n, m;
|
||||||
|
type T;
|
||||||
|
@@
|
||||||
|
x =
|
||||||
|
- (T *)
|
||||||
|
mbedtls_calloc(n, m)
|
@ -1,7 +0,0 @@
|
|||||||
@rm_malloc_cast@
|
|
||||||
expression x, n;
|
|
||||||
type T;
|
|
||||||
@@
|
|
||||||
x =
|
|
||||||
- (T *)
|
|
||||||
mbedtls_malloc(n)
|
|
@ -866,6 +866,33 @@ has_mem_err() {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Wait for process $2 to be listening on port $1
|
||||||
|
if type lsof >/dev/null 2>/dev/null; then
|
||||||
|
wait_server_start() {
|
||||||
|
START_TIME=$(date +%s)
|
||||||
|
if is_dtls "$MODE"; then
|
||||||
|
proto=UDP
|
||||||
|
else
|
||||||
|
proto=TCP
|
||||||
|
fi
|
||||||
|
while ! lsof -a -n -b -i "$proto:$1" -p "$2" >/dev/null 2>/dev/null; do
|
||||||
|
if [ $(( $(date +%s) - $START_TIME )) -gt $DOG_DELAY ]; then
|
||||||
|
echo "SERVERSTART TIMEOUT"
|
||||||
|
echo "SERVERSTART TIMEOUT" >> $SRV_OUT
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
# Linux and *BSD support decimal arguments to sleep. On other
|
||||||
|
# OSes this may be a tight loop.
|
||||||
|
sleep 0.1 2>/dev/null || true
|
||||||
|
done
|
||||||
|
}
|
||||||
|
else
|
||||||
|
wait_server_start() {
|
||||||
|
sleep 1
|
||||||
|
}
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
# start_server <name>
|
# start_server <name>
|
||||||
# also saves name and command
|
# also saves name and command
|
||||||
start_server() {
|
start_server() {
|
||||||
@ -895,7 +922,7 @@ start_server() {
|
|||||||
while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
|
while :; do echo bla; sleep 1; done | $SERVER_CMD >> $SRV_OUT 2>&1 &
|
||||||
PROCESS_ID=$!
|
PROCESS_ID=$!
|
||||||
|
|
||||||
sleep 1
|
wait_server_start "$PORT" "$PROCESS_ID"
|
||||||
}
|
}
|
||||||
|
|
||||||
# terminate the running server
|
# terminate the running server
|
||||||
|
@ -12,6 +12,7 @@
|
|||||||
|
|
||||||
## Tools
|
## Tools
|
||||||
OPENSSL ?= openssl
|
OPENSSL ?= openssl
|
||||||
|
MBEDTLS_CERT_WRITE ?= $(PWD)/../../programs/x509/cert_write
|
||||||
|
|
||||||
## Build the generated test data. Note that since the final outputs
|
## Build the generated test data. Note that since the final outputs
|
||||||
## are committed to the repository, this target should do nothing on a
|
## are committed to the repository, this target should do nothing on a
|
||||||
@ -30,6 +31,7 @@ all_final := # files used by tests
|
|||||||
#### Generate certificates from existing keys
|
#### Generate certificates from existing keys
|
||||||
################################################################
|
################################################################
|
||||||
|
|
||||||
|
test_ca_crt = test-ca.crt
|
||||||
test_ca_key_file_rsa = test-ca.key
|
test_ca_key_file_rsa = test-ca.key
|
||||||
test_ca_pwd_rsa = PolarSSLTest
|
test_ca_pwd_rsa = PolarSSLTest
|
||||||
test_ca_config_file = test-ca.opensslconf
|
test_ca_config_file = test-ca.opensslconf
|
||||||
@ -66,6 +68,330 @@ all_final += server2-sha256.crt
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
#### Generate various RSA keys
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
### Password used for PKCS1-encoded encrypted RSA keys
|
||||||
|
keys_rsa_basic_pwd = testkey
|
||||||
|
|
||||||
|
### Password used for PKCS8-encoded encrypted RSA keys
|
||||||
|
keys_rsa_pkcs8_pwd = PolarSSLTest
|
||||||
|
|
||||||
|
### Basic 1024-, 2048- and 4096-bit unencrypted RSA keys from which
|
||||||
|
### all other encrypted RSA keys are derived.
|
||||||
|
rsa_pkcs1_1024_clear.pem:
|
||||||
|
$(OPENSSL) genrsa -out $@ 1024
|
||||||
|
all_final += rsa_pkcs1_1024_clear.pem
|
||||||
|
rsa_pkcs1_2048_clear.pem:
|
||||||
|
$(OPENSSL) genrsa -out $@ 2048
|
||||||
|
all_final += rsa_pkcs1_2048_clear.pem
|
||||||
|
rsa_pkcs1_4096_clear.pem:
|
||||||
|
$(OPENSSL) genrsa -out $@ 4096
|
||||||
|
all_final += rsa_pkcs1_4096_clear.pem
|
||||||
|
|
||||||
|
###
|
||||||
|
### PKCS1-encoded, encrypted RSA keys
|
||||||
|
###
|
||||||
|
|
||||||
|
### 1024-bit
|
||||||
|
rsa_pkcs1_1024_des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_1024_des.pem
|
||||||
|
rsa_pkcs1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_1024_3des.pem
|
||||||
|
rsa_pkcs1_1024_aes128.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_1024_aes128.pem
|
||||||
|
rsa_pkcs1_1024_aes192.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_1024_aes192.pem
|
||||||
|
rsa_pkcs1_1024_aes256.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_1024_aes256.pem
|
||||||
|
keys_rsa_enc_basic_1024: rsa_pkcs1_1024_des.pem rsa_pkcs1_1024_3des.pem rsa_pkcs1_1024_aes128.pem rsa_pkcs1_1024_aes192.pem rsa_pkcs1_1024_aes256.pem
|
||||||
|
|
||||||
|
# 2048-bit
|
||||||
|
rsa_pkcs1_2048_des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_2048_des.pem
|
||||||
|
rsa_pkcs1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_2048_3des.pem
|
||||||
|
rsa_pkcs1_2048_aes128.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_2048_aes128.pem
|
||||||
|
rsa_pkcs1_2048_aes192.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_2048_aes192.pem
|
||||||
|
rsa_pkcs1_2048_aes256.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_2048_aes256.pem
|
||||||
|
keys_rsa_enc_basic_2048: rsa_pkcs1_2048_des.pem rsa_pkcs1_2048_3des.pem rsa_pkcs1_2048_aes128.pem rsa_pkcs1_2048_aes192.pem rsa_pkcs1_2048_aes256.pem
|
||||||
|
|
||||||
|
# 4096-bit
|
||||||
|
rsa_pkcs1_4096_des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) rsa -des -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_4096_des.pem
|
||||||
|
rsa_pkcs1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) rsa -des3 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_4096_3des.pem
|
||||||
|
rsa_pkcs1_4096_aes128.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes128 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_4096_aes128.pem
|
||||||
|
rsa_pkcs1_4096_aes192.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes192 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_4096_aes192.pem
|
||||||
|
rsa_pkcs1_4096_aes256.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) rsa -aes256 -in $< -out $@ -passout "pass:$(keys_rsa_basic_pwd)"
|
||||||
|
all_final += rsa_pkcs1_4096_aes256.pem
|
||||||
|
keys_rsa_enc_basic_4096: rsa_pkcs1_4096_des.pem rsa_pkcs1_4096_3des.pem rsa_pkcs1_4096_aes128.pem rsa_pkcs1_4096_aes192.pem rsa_pkcs1_4096_aes256.pem
|
||||||
|
|
||||||
|
###
|
||||||
|
### PKCS8-v1 encoded, encrypted RSA keys
|
||||||
|
###
|
||||||
|
|
||||||
|
### 1024-bit
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_3des.der: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_3des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_3des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_1024_3des: rsa_pkcs8_pbe_sha1_1024_3des.pem rsa_pkcs8_pbe_sha1_1024_3des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_2des.der: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_2des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_2des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_2des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_1024_2des: rsa_pkcs8_pbe_sha1_1024_2des.pem rsa_pkcs8_pbe_sha1_1024_2des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_rc4_128.der: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.der
|
||||||
|
rsa_pkcs8_pbe_sha1_1024_rc4_128.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_1024_rc4_128.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_1024_rc4_128: rsa_pkcs8_pbe_sha1_1024_rc4_128.pem rsa_pkcs8_pbe_sha1_1024_rc4_128.der
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v1_1024: keys_rsa_enc_pkcs8_v1_1024_3des keys_rsa_enc_pkcs8_v1_1024_2des keys_rsa_enc_pkcs8_v1_1024_rc4_128
|
||||||
|
|
||||||
|
### 2048-bit
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_3des.der: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_3des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_3des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_2048_3des: rsa_pkcs8_pbe_sha1_2048_3des.pem rsa_pkcs8_pbe_sha1_2048_3des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_2des.der: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_2des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_2des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_2des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_2048_2des: rsa_pkcs8_pbe_sha1_2048_2des.pem rsa_pkcs8_pbe_sha1_2048_2des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_rc4_128.der: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.der
|
||||||
|
rsa_pkcs8_pbe_sha1_2048_rc4_128.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_2048_rc4_128.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_2048_rc4_128: rsa_pkcs8_pbe_sha1_2048_rc4_128.pem rsa_pkcs8_pbe_sha1_2048_rc4_128.der
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v1_2048: keys_rsa_enc_pkcs8_v1_2048_3des keys_rsa_enc_pkcs8_v1_2048_2des keys_rsa_enc_pkcs8_v1_2048_rc4_128
|
||||||
|
|
||||||
|
### 4096-bit
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_3des.der: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_3des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_3des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-3DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_4096_3des: rsa_pkcs8_pbe_sha1_4096_3des.pem rsa_pkcs8_pbe_sha1_4096_3des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_2des.der: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_2des.der
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_2des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-2DES
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_2des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_4096_2des: rsa_pkcs8_pbe_sha1_4096_2des.pem rsa_pkcs8_pbe_sha1_4096_2des.der
|
||||||
|
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_rc4_128.der: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.der
|
||||||
|
rsa_pkcs8_pbe_sha1_4096_rc4_128.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)" -topk8 -v1 PBE-SHA1-RC4-128
|
||||||
|
all_final += rsa_pkcs8_pbe_sha1_4096_rc4_128.pem
|
||||||
|
keys_rsa_enc_pkcs8_v1_4096_rc4_128: rsa_pkcs8_pbe_sha1_4096_rc4_128.pem rsa_pkcs8_pbe_sha1_4096_rc4_128.der
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v1_4096: keys_rsa_enc_pkcs8_v1_4096_3des keys_rsa_enc_pkcs8_v1_4096_2des keys_rsa_enc_pkcs8_v1_4096_rc4_128
|
||||||
|
|
||||||
|
###
|
||||||
|
### PKCS8-v2 encoded, encrypted RSA keys
|
||||||
|
###
|
||||||
|
|
||||||
|
### 1024-bit
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_1024_3des.der: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_1024_3des: rsa_pkcs8_pbes2_pbkdf2_1024_3des.der rsa_pkcs8_pbes2_pbkdf2_1024_3des.pem
|
||||||
|
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_1024_des.der: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_1024_des.pem: rsa_pkcs1_1024_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_1024_des: rsa_pkcs8_pbes2_pbkdf2_1024_des.der rsa_pkcs8_pbes2_pbkdf2_1024_des.pem
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v2_1024: keys_rsa_enc_pkcs8_v2_1024_3des keys_rsa_enc_pkcs8_v2_1024_des
|
||||||
|
|
||||||
|
### 2048-bit
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_2048_3des.der: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_2048_3des: rsa_pkcs8_pbes2_pbkdf2_2048_3des.der rsa_pkcs8_pbes2_pbkdf2_2048_3des.pem
|
||||||
|
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_2048_des.der: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_2048_des.pem: rsa_pkcs1_2048_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_2048_des: rsa_pkcs8_pbes2_pbkdf2_2048_des.der rsa_pkcs8_pbes2_pbkdf2_2048_des.pem
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v2_2048: keys_rsa_enc_pkcs8_v2_2048_3des keys_rsa_enc_pkcs8_v2_2048_des
|
||||||
|
|
||||||
|
### 4096-bit
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_4096_3des.der: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des3 -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_4096_3des: rsa_pkcs8_pbes2_pbkdf2_4096_3des.der rsa_pkcs8_pbes2_pbkdf2_4096_3des.pem
|
||||||
|
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_4096_des.der: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform DER -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.der
|
||||||
|
rsa_pkcs8_pbes2_pbkdf2_4096_des.pem: rsa_pkcs1_4096_clear.pem
|
||||||
|
$(OPENSSL) pkcs8 -topk8 -v2 des -inform PEM -in $< -outform PEM -out $@ -passout "pass:$(keys_rsa_pkcs8_pwd)"
|
||||||
|
all_final += rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
|
||||||
|
keys_rsa_enc_pkcs8_v2_4096_des: rsa_pkcs8_pbes2_pbkdf2_4096_des.der rsa_pkcs8_pbes2_pbkdf2_4096_des.pem
|
||||||
|
|
||||||
|
keys_rsa_enc_pkcs8_v2_4096: keys_rsa_enc_pkcs8_v2_4096_3des keys_rsa_enc_pkcs8_v2_4096_des
|
||||||
|
|
||||||
|
###
|
||||||
|
### Rules to generate all RSA keys from a particular class
|
||||||
|
###
|
||||||
|
|
||||||
|
### Generate basic unencrypted RSA keys
|
||||||
|
keys_rsa_unenc: rsa_pkcs1_1024_clear.pem rsa_pkcs1_2048_clear.pem rsa_pkcs1_4096_clear.pem
|
||||||
|
|
||||||
|
### Generate PKCS1-encoded encrypted RSA keys
|
||||||
|
keys_rsa_enc_basic: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
|
||||||
|
|
||||||
|
### Generate PKCS8-v1 encrypted RSA keys
|
||||||
|
keys_rsa_enc_pkcs8_v1: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v1_4096
|
||||||
|
|
||||||
|
### Generate PKCS8-v2 encrypted RSA keys
|
||||||
|
keys_rsa_enc_pkcs8_v2: keys_rsa_enc_pkcs8_v2_1024 keys_rsa_enc_pkcs8_v2_2048 keys_rsa_enc_pkcs8_v2_4096
|
||||||
|
|
||||||
|
### Generate all RSA keys
|
||||||
|
keys_rsa_all: keys_rsa_unenc keys_rsa_enc_basic keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
################################################################
|
||||||
|
### Generate certificates for CRT write check tests
|
||||||
|
################################################################
|
||||||
|
|
||||||
|
### The test files use the Mbed TLS generated certificates server1*.crt,
|
||||||
|
### but for comparison with OpenSSL also rules for OpenSSL-generated
|
||||||
|
### certificates server1*.crt.openssl are offered.
|
||||||
|
###
|
||||||
|
### Known differences:
|
||||||
|
### * OpenSSL encodes trailing zero-bits in bit-strings occurring in X.509 extension
|
||||||
|
### as unused bits, while Mbed TLS doesn't.
|
||||||
|
|
||||||
|
test_ca_server1_db = test-ca.server1.db
|
||||||
|
test_ca_server1_serial = test-ca.server1.serial
|
||||||
|
test_ca_server1_config_file = test-ca.server1.opensslconf
|
||||||
|
|
||||||
|
server1.csr: server1.key server1_csr.opensslconf
|
||||||
|
$(OPENSSL) req -keyform PEM -key server1.key -config server1_csr.opensslconf -out $@ -new
|
||||||
|
all_final += server1.csr
|
||||||
|
|
||||||
|
server1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=3 output_file=$@
|
||||||
|
server1.noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20110212144406 not_after=20210212144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.der: server1.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.crt server1.noauthid.crt server1.der
|
||||||
|
|
||||||
|
server1.key_usage.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment version=3 output_file=$@
|
||||||
|
server1.key_usage_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 key_usage=digital_signature,non_repudiation,key_encipherment authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.key_usage.der: server1.key_usage.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.der
|
||||||
|
|
||||||
|
server1.cert_type.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server version=3 output_file=$@
|
||||||
|
server1.cert_type_noauthid.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 ns_cert_type=ssl_server authority_identifier=0 version=3 output_file=$@
|
||||||
|
server1.cert_type.der: server1.cert_type.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.der
|
||||||
|
|
||||||
|
server1.v1.crt: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa)
|
||||||
|
$(MBEDTLS_CERT_WRITE) request_file=server1.csr issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20110212144406 not_after=20210212144406 md=SHA1 version=1 output_file=$@
|
||||||
|
server1.v1.der: server1.v1.crt
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
all_final += server1.v1.crt server1.v1.der
|
||||||
|
|
||||||
|
# OpenSSL-generated certificates for comparison
|
||||||
|
# Also provide certificates in DER format to allow
|
||||||
|
# direct binary comparison using e.g. dumpasn1
|
||||||
|
server1.crt.openssl server1.key_usage.crt.openssl server1.cert_type.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
|
echo "01" > $(test_ca_server1_serial)
|
||||||
|
rm -f $(test_ca_server1_db)
|
||||||
|
touch $(test_ca_server1_db)
|
||||||
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -extensions v3_ext -extfile $@.v3_ext -out $@
|
||||||
|
server1.der.openssl: server1.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
server1.key_usage.der.openssl: server1.key_usage.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
server1.cert_type.der.openssl: server1.cert_type.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
|
server1.v1.crt.openssl: server1.key server1.csr $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_server1_config_file)
|
||||||
|
echo "01" > $(test_ca_server1_serial)
|
||||||
|
rm -f $(test_ca_server1_db)
|
||||||
|
touch $(test_ca_server1_db)
|
||||||
|
$(OPENSSL) ca -batch -passin "pass:$(test_ca_pwd_rsa)" -config $(test_ca_server1_config_file) -in server1.csr -out $@
|
||||||
|
server1.v1.der.openssl: server1.v1.crt.openssl
|
||||||
|
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
|
||||||
|
|
||||||
|
server1_all: server1.csr server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
################################################################
|
################################################################
|
||||||
#### Meta targets
|
#### Meta targets
|
||||||
################################################################
|
################################################################
|
||||||
@ -74,6 +400,14 @@ all_final: $(all_final)
|
|||||||
all: $(all_intermediate) $(all_final)
|
all: $(all_intermediate) $(all_final)
|
||||||
|
|
||||||
.PHONY: default all_final all
|
.PHONY: default all_final all
|
||||||
|
.PHONY: keys_rsa_all
|
||||||
|
.PHONY: keys_rsa_unenc keys_rsa_enc_basic
|
||||||
|
.PHONY: keys_rsa_enc_pkcs8_v1 keys_rsa_enc_pkcs8_v2
|
||||||
|
.PHONY: keys_rsa_enc_basic_1024 keys_rsa_enc_basic_2048 keys_rsa_enc_basic_4096
|
||||||
|
.PHONY: keys_rsa_enc_pkcs8_v1_1024 keys_rsa_enc_pkcs8_v2_1024
|
||||||
|
.PHONY: keys_rsa_enc_pkcs8_v1_2048 keys_rsa_enc_pkcs8_v2_2048
|
||||||
|
.PHONY: keys_rsa_enc_pkcs8_v1_4096 keys_rsa_enc_pkcs8_v2_4096
|
||||||
|
.PHONY: server1_all
|
||||||
|
|
||||||
# These files should not be committed to the repository.
|
# These files should not be committed to the repository.
|
||||||
list_intermediate:
|
list_intermediate:
|
||||||
|
11
tests/data_files/dir-maxpath/00.crt
Normal file
11
tests/data_files/dir-maxpath/00.crt
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/00.key
Normal file
8
tests/data_files/dir-maxpath/00.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIARPaEIfROHkE9Y0ZgHh7Mc3ZU6LR9lCOIw1ksYTHp5EoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEVbjX+oDAA+nL5PF1zs8qbNmyr0I+K6MpTi+kXV6RecbHYc/jbRCh
|
||||||
|
vAFVVaGTNGYvB1ugfaPrl1wIqNDua/93Eg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
13
tests/data_files/dir-maxpath/01.crt
Normal file
13
tests/data_files/dir-maxpath/01.crt
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/01.key
Normal file
8
tests/data_files/dir-maxpath/01.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEINSnxPqUNMba8F2KWNxU88heSs7vgas5BOzjRwQsQe6IoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEM55/cxx8CxjvFUeFvVe7zJcQnaKI8xDol+WOibT7RTs/Ournh2Os
|
||||||
|
6DdP5ieg56p0l4pSSFFHlunhn6ppGu58ZA==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/02.crt
Normal file
12
tests/data_files/dir-maxpath/02.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/02.key
Normal file
8
tests/data_files/dir-maxpath/02.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIPW9zE8cjiZ8w17jTAebb4xAmEg6heEEnEaG4lGCd38joAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEFh6b9YupX8LzTzj+ZGuktJ+eRL86GmCuqW01z+sjDlv+F2UjyseW
|
||||||
|
aKuBTHtHCsxiCBS9a849VdnM2Afqry4cog==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/03.crt
Normal file
12
tests/data_files/dir-maxpath/03.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/03.key
Normal file
8
tests/data_files/dir-maxpath/03.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIBx2xwapGbHTy79IbpJkc/w9LJXPKNG7gGRLPOGPQFI6oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEEQ1wzSItaXq3rnYasGti7JV4LMZwetx7ucuZYPtVj67iGD8w/x6N
|
||||||
|
AD73lXcxS1Y4tffmxOPrRT2C9UqbDdVn1g==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/04.crt
Normal file
12
tests/data_files/dir-maxpath/04.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/04.key
Normal file
8
tests/data_files/dir-maxpath/04.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIDQvTm0wfEAKoymv8ePBv7cRxrnM4g6LREnSll5ghQsXoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEFFw4HFFTU/YaL22RORy+q4zm+wuecBLlik4VfwnGeK1q18e1Vx2H
|
||||||
|
Q/0d2gwOyUr2KZtrE6JOIrG5Q84WTPxgzQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/05.crt
Normal file
12
tests/data_files/dir-maxpath/05.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G
|
||||||
|
UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq
|
||||||
|
LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX
|
||||||
|
BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9
|
||||||
|
XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/05.key
Normal file
8
tests/data_files/dir-maxpath/05.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIP3MTs0m9ssAAXQ94O6GYC3pckfpMUxQiPTG8hQYgA0WoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEBHU9DhX+RlHK4F9l5ZQsicz/eDWeOuBrIAeqbDS7A3i/o+wFPqCc
|
||||||
|
u1S71v5R4dzg4JdPGfW4aixQZjY5x25vEA==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/06.crt
Normal file
12
tests/data_files/dir-maxpath/06.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr
|
||||||
|
nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG
|
||||||
|
r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX
|
||||||
|
BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6
|
||||||
|
g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/06.key
Normal file
8
tests/data_files/dir-maxpath/06.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIESUhQgXWd8cVQnitNEpOD2JNMqH9ug/wYaY1xW3SaSGoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEgPalqAFB655/t5Mcja4zyZPNlgy4plttUTedbsaaG2nb/GIBhA0X
|
||||||
|
T/jpPrkakElLAOmV3xd4hq9ho30N8DAx/A==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/07.crt
Normal file
12
tests/data_files/dir-maxpath/07.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA
|
||||||
|
7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s
|
||||||
|
LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX
|
||||||
|
BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM
|
||||||
|
oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/07.key
Normal file
8
tests/data_files/dir-maxpath/07.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIEi1oKInPLbiINj8OxdActVTgI+YQVSefdQfCu1ihbLRoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEjTo+HeDBAO6f95ooo6huE6BOKKSjwJvtwUyBqyU2E9ePvk0olCAp
|
||||||
|
dAEl4/sXlHCzCGl0zdONrC7B8aUoc0Gi9A==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/08.crt
Normal file
12
tests/data_files/dir-maxpath/08.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj
|
||||||
|
nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG
|
||||||
|
pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX
|
||||||
|
BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw
|
||||||
|
/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/08.key
Normal file
8
tests/data_files/dir-maxpath/08.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIC8M2G7XcqeagYgt8SZJbuTh4tYchGvX3yDZJKTuBgFUoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEaUHkP2BkI55e0s6OlkrSdbu8bp0y+YwZFx/GgFUptKol+AA/+2D8
|
||||||
|
WuRJxs2XS059ub0FZ30ABqTMfD9ZWIhmAg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/09.crt
Normal file
12
tests/data_files/dir-maxpath/09.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDgwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR7ZB16+t6E
|
||||||
|
sfahGyKUGJW5mezkzjdaYvc4lbJaKNRwFRfc3F/fmNOSsUFSg/F0N+vUE+doKiPC
|
||||||
|
8wRwLzvm4s+5o4GJMIGGMB0GA1UdDgQWBBT6gyXHzPIPYc1Vr1aGiLLeMh4HpjBX
|
||||||
|
BgNVHSMEUDBOgBS40mLt93U8Sh8ZGiDVAhRSiBPcXqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA3ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgO4el1ZPhlIli/qNR2SIEiuvs5Mmy868i
|
||||||
|
N2Rv5X/VxIECIA/8rUALQxW38XSdBVX3e/jzu7ju47n1YwEqD9K9WdVv
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/09.key
Normal file
8
tests/data_files/dir-maxpath/09.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIKkdxegP5yN840sBDxIPpiMftZss14uLaH7zoxOqrePDoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEe2QdevrehLH2oRsilBiVuZns5M43WmL3OJWyWijUcBUX3Nxf35jT
|
||||||
|
krFBUoPxdDfr1BPnaCojwvMEcC875uLPuQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/10.crt
Normal file
12
tests/data_files/dir-maxpath/10.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDkwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAR6jlGKbJd5
|
||||||
|
hiDxN789gkOcwpyHI9wRwCrADAOwOkMePBPRlwGdm7mw7Z/EAmu26zRm/hcyrs4M
|
||||||
|
qk2LabDjPI9Xo4GJMIGGMB0GA1UdDgQWBBQtxZSLJAkEz+2RKMQexM6EtsfgcjBX
|
||||||
|
BgNVHSMEUDBOgBT6gyXHzPIPYc1Vr1aGiLLeMh4HpqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA4ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgP7S8vFstfUBdNe6ym5GYG5Q+aBVEKqRs
|
||||||
|
fVW7HNUktSYCIQDo6Jua6o/DJbrpq4qYWq5gv4yGyzPTN+3IaKrEICdaaw==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/10.key
Normal file
8
tests/data_files/dir-maxpath/10.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIPuPPMxo5e2doI7YfDp60qmEn4YwYs2sb5QlOpFQ3BIJoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEeo5RimyXeYYg8Te/PYJDnMKchyPcEcAqwAwDsDpDHjwT0ZcBnZu5
|
||||||
|
sO2fxAJrtus0Zv4XMq7ODKpNi2mw4zyPVw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/11.crt
Normal file
12
tests/data_files/dir-maxpath/11.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTAwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATZwR+WK6NB
|
||||||
|
F/7riFdN63c8hjYddZRR4lrzVNPwiBQxnnxwpPyrD9A6aPPmLc6SqGOJW4ZGVCco
|
||||||
|
IBze9RJVeiB9o4GJMIGGMB0GA1UdDgQWBBSOSt6ePyMRT6PGMaIi7FqNX9MKtDBX
|
||||||
|
BgNVHSMEUDBOgBQtxZSLJAkEz+2RKMQexM6EtsfgcqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA5ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgN//NqM0FrkrMjmxoeCY9DgxkH2R6sQ4d
|
||||||
|
NgtwCZAIqEICIBs4vupaVcuvni9tltbP26wi7c0FR+blZuo5DPIA3SVe
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/11.key
Normal file
8
tests/data_files/dir-maxpath/11.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIHaMieH2/wn6lnsFUGzww43ymhN16Z0nhG5TyvNeY8U2oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAE2cEfliujQRf+64hXTet3PIY2HXWUUeJa81TT8IgUMZ58cKT8qw/Q
|
||||||
|
Omjz5i3OkqhjiVuGRlQnKCAc3vUSVXogfQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/12.crt
Normal file
12
tests/data_files/dir-maxpath/12.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTEwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATDE9LPlLPc
|
||||||
|
gZ3b0BchR/AkhNEP9HAavwYadJIyzoPo5edCVnboQH786jsZwZNZoC0gHDAhCmGc
|
||||||
|
IfRenISAoVuPo4GJMIGGMB0GA1UdDgQWBBTZTtbi+j0Sm/Zs/+gTkWdASpQzfjBX
|
||||||
|
BgNVHSMEUDBOgBSOSt6ePyMRT6PGMaIi7FqNX9MKtKEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgYYF5AnRV7eh2hLD5Dz//pceMTKz9Ls46
|
||||||
|
E6DxvbfDHikCIFttlGrOCZVyS4ocsjuKIELVUX5qfygI0sn4kU3qCTs2
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/12.key
Normal file
8
tests/data_files/dir-maxpath/12.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIAzhAcc1Yb2u4bsQDaYeRaRW8kJ/HzFTTfINV1k+TxZ/oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEwxPSz5Sz3IGd29AXIUfwJITRD/RwGr8GGnSSMs6D6OXnQlZ26EB+
|
||||||
|
/Oo7GcGTWaAtIBwwIQphnCH0XpyEgKFbjw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/13.crt
Normal file
12
tests/data_files/dir-maxpath/13.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTIwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATrkzCJLznh
|
||||||
|
lhnsv1RXB9kfeaD+cIruPQ0cItBDGpdvD8xbBVvQci4+RG2RVUCSWRhkFYjSsUSM
|
||||||
|
0QHMQnBFlhw2o4GJMIGGMB0GA1UdDgQWBBTmVnUSF2MYwws/nCMv7b1wJVkDmjBX
|
||||||
|
BgNVHSMEUDBOgBTZTtbi+j0Sm/Zs/+gTkWdASpQzfqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTExggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgWsm+rHJgwUEyNm8EKbEds5yurpp5/3y5
|
||||||
|
PsvXJVDqxogCIQDUP0Jcl3A907CE2tPVXSgD6LQ6CPu19mixemPw60yijA==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/13.key
Normal file
8
tests/data_files/dir-maxpath/13.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIKb966FXMh8cFQt3sVpmcrh2/3yaGiLMwz+/XGKGMJ+2oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAE65MwiS854ZYZ7L9UVwfZH3mg/nCK7j0NHCLQQxqXbw/MWwVb0HIu
|
||||||
|
PkRtkVVAklkYZBWI0rFEjNEBzEJwRZYcNg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/14.crt
Normal file
12
tests/data_files/dir-maxpath/14.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTMwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATRMZN0RHzP
|
||||||
|
donNmZuq9XPhzvQ52TaokxT39qpQtlFyvUuEGKrLoNvdcpARaA0rGput6RLAQOVU
|
||||||
|
iNVlJ3Ipj789o4GJMIGGMB0GA1UdDgQWBBRNsJB++ccSBmbCCKBxi4CjXROBkzBX
|
||||||
|
BgNVHSMEUDBOgBTmVnUSF2MYwws/nCMv7b1wJVkDmqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgVfuLpjp08AaxKWf6cuZUUCRd7CojSS1I
|
||||||
|
71hzeUyFS+sCIQDNJI6P/pBbiHgTaGlBAgfcEfmxmbY0n4xZndtxIkmyVA==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/14.key
Normal file
8
tests/data_files/dir-maxpath/14.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIKEycJNLyYJ5JgECpCuZiFeXZIMC+XsMEKoMhRTx6xD+oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAE0TGTdER8z3aJzZmbqvVz4c70Odk2qJMU9/aqULZRcr1LhBiqy6Db
|
||||||
|
3XKQEWgNKxqbrekSwEDlVIjVZSdyKY+/PQ==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/15.crt
Normal file
12
tests/data_files/dir-maxpath/15.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTQwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQlKUiMoSss
|
||||||
|
/hsTasedqdB2BCOGJhTt0hgUGeUnWNZ1svO4yn0GkFHZ08++fl2MKqjpj+VXq0JS
|
||||||
|
FFyGUOgmgi3Ho4GJMIGGMB0GA1UdDgQWBBR1mXlrdW5rx1VnqMMnUBXo0WWGWjBX
|
||||||
|
BgNVHSMEUDBOgBRNsJB++ccSBmbCCKBxi4CjXROBk6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTEzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAKYOIo+fdCQRqpH4LN8qUK1aKzKmWGxS
|
||||||
|
fGzEEkg/29bMAiAl95cmucoCDMq2Ab8Coc0dEqyJ6+rAPMLBCbGawyiW6A==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/15.key
Normal file
8
tests/data_files/dir-maxpath/15.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIL1c0zvh4Fx8aylrlHsOsK5Pcam7BWVHM2lDxGO26QIUoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEJSlIjKErLP4bE2rHnanQdgQjhiYU7dIYFBnlJ1jWdbLzuMp9BpBR
|
||||||
|
2dPPvn5djCqo6Y/lV6tCUhRchlDoJoItxw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/16.crt
Normal file
12
tests/data_files/dir-maxpath/16.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTUwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ7Vsp7JmDN
|
||||||
|
kgPh/+zmIPkd7o0xot/WPMFn3uAsGtsU385MF0fmhfFLhRbbH9h4JjYHj8y0spU3
|
||||||
|
buUXhftvAZVbo4GJMIGGMB0GA1UdDgQWBBRTw3K0Psy3u/6+3KKSoaQqJnPvPjBX
|
||||||
|
BgNVHSMEUDBOgBR1mXlrdW5rx1VnqMMnUBXo0WWGWqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE0ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAMJnGjE9v3SjuGfi0jNByrwyNfhlTHMh
|
||||||
|
FhPQidNrDpXwAiEAqYtNiV8t9RrAa9GC6FWDuJpvIiU6FsE+lFq6uIq/J2E=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/16.key
Normal file
8
tests/data_files/dir-maxpath/16.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIM0YCnGkEG/TjBxrytP9Ztslm1yoQaWptBxegRzzBRDVoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEO1bKeyZgzZID4f/s5iD5He6NMaLf1jzBZ97gLBrbFN/OTBdH5oXx
|
||||||
|
S4UW2x/YeCY2B4/MtLKVN27lF4X7bwGVWw==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/17.crt
Normal file
12
tests/data_files/dir-maxpath/17.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTYwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARrISq2zO9m
|
||||||
|
D29YCLHB56FdU/RINtRhfeLtM+u5o3HaAnopy0S98RzuEGELjpzr8ZI6kkMMZsj8
|
||||||
|
nFZQF8HfuE0go4GJMIGGMB0GA1UdDgQWBBSnjWvpWxZcFnfQ2KGtCg/u6fT/DzBX
|
||||||
|
BgNVHSMEUDBOgBRTw3K0Psy3u/6+3KKSoaQqJnPvPqEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE1ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIgDgXjoc6FfMF5W0NziV6vx2BOPNWav01Z
|
||||||
|
ynEP4h9ULnUCIQC1rU4sEId3UdjzTKhpSGTKtaOuPG+b0YdEMPimI4jmVw==
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/17.key
Normal file
8
tests/data_files/dir-maxpath/17.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIAiUS1dM3qrcOun8PjKe+rw40L2HG/Y8Dfxl0AfzyIVeoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAEayEqtszvZg9vWAixweehXVP0SDbUYX3i7TPruaNx2gJ6KctEvfEc
|
||||||
|
7hBhC46c6/GSOpJDDGbI/JxWUBfB37hNIA==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/18.crt
Normal file
12
tests/data_files/dir-maxpath/18.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTcwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASsc/JkNcYf
|
||||||
|
bMgpOfrL5kKOGxOJaGS6SQIeNO33UeBpToe1bU2acN652xjvcGo0fJEtxg2fcPHR
|
||||||
|
hTnGMBD1u1N2o4GJMIGGMB0GA1UdDgQWBBSDbIpYntlhJ0GgIsyd75XRhlC18jBX
|
||||||
|
BgNVHSMEUDBOgBSnjWvpWxZcFnfQ2KGtCg/u6fT/D6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE2ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAJo2NXfJU1sK6SVTu4OV21FKITlXntMi
|
||||||
|
oenYMsBjzO8oAiEAidSELcLjjAHi3mfBARvCgKlRhmbNEMCHQT7Ha7ZQoRw=
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/18.key
Normal file
8
tests/data_files/dir-maxpath/18.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIJETLWqIZtnejCGzESDgMnknxqEx5evMGZfzBVPKMwKKoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAErHPyZDXGH2zIKTn6y+ZCjhsTiWhkukkCHjTt91HgaU6HtW1NmnDe
|
||||||
|
udsY73BqNHyRLcYNn3Dx0YU5xjAQ9btTdg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/19.crt
Normal file
12
tests/data_files/dir-maxpath/19.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTgwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMTkwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQJyRCHND78
|
||||||
|
KxZHoHHdOTjPuD6HjHPnEKX8apblUpETDJuLW7YR3V8Q0dTac+JHiR6e2l4DlDbf
|
||||||
|
5bTiyFoAzw9yo4GJMIGGMB0GA1UdDgQWBBRQMc94kTqW+zQO3lo2WMI/81k3czBX
|
||||||
|
BgNVHSMEUDBOgBSDbIpYntlhJ0GgIsyd75XRhlC18qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE3ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgIzGOZqJRmvygzvLm8zxZFyoNpcT7e26H
|
||||||
|
nZd5xFIzEakCIHGYcUXzt+owSVlLmrlW8gQcB81ErQbxuBTAsvpaaKSS
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/19.key
Normal file
8
tests/data_files/dir-maxpath/19.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIDJyHSKbXEZVfkNftQF4eHeJVuXhGdaboa7w4RejL5uYoAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAECckQhzQ+/CsWR6Bx3Tk4z7g+h4xz5xCl/GqW5VKREwybi1u2Ed1f
|
||||||
|
ENHU2nPiR4kentpeA5Q23+W04shaAM8Pcg==
|
||||||
|
-----END EC PRIVATE KEY-----
|
12
tests/data_files/dir-maxpath/20.crt
Normal file
12
tests/data_files/dir-maxpath/20.crt
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMTkwHhcNMTcwNjIyMTE1MDMzWhcN
|
||||||
|
MjcwNjIzMTE1MDMzWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMjAwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAATGebrN8JxE
|
||||||
|
heOdCxD+mhnQ4zMUxF1WUkmAAHIUw089BYiH9SAwYS/M5tnl+R8fbjvoGqSpR6Tk
|
||||||
|
V9EU3CQyIoxwo4GJMIGGMB0GA1UdDgQWBBTZs6oChL1c2CSZXY2YFQkkqg+lzDBX
|
||||||
|
BgNVHSMEUDBOgBRQMc94kTqW+zQO3lo2WMI/81k3c6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTE4ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgRVGZReXKvdMHhwLbPvbrTVLeAGDqmqMH
|
||||||
|
/WqD4u23QBgCID/QtFaiawjviNFEdtU7JK6v4ZY0PQ0a0+HLZIHLi9ah
|
||||||
|
-----END CERTIFICATE-----
|
8
tests/data_files/dir-maxpath/20.key
Normal file
8
tests/data_files/dir-maxpath/20.key
Normal file
@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN EC PARAMETERS-----
|
||||||
|
BggqhkjOPQMBBw==
|
||||||
|
-----END EC PARAMETERS-----
|
||||||
|
-----BEGIN EC PRIVATE KEY-----
|
||||||
|
MHcCAQEEIJHLciDhJcnlE5MhTrOfFlnRbpJQLOf4h72E6VDXxMM0oAoGCCqGSM49
|
||||||
|
AwEHoUQDQgAExnm6zfCcRIXjnQsQ/poZ0OMzFMRdVlJJgAByFMNPPQWIh/UgMGEv
|
||||||
|
zObZ5fkfH2476BqkqUek5FfRFNwkMiKMcA==
|
||||||
|
-----END EC PRIVATE KEY-----
|
10
tests/data_files/dir-maxpath/Readme.txt
Normal file
10
tests/data_files/dir-maxpath/Readme.txt
Normal file
@ -0,0 +1,10 @@
|
|||||||
|
These certificates form a very long chain, used to test the
|
||||||
|
MBEDTLS_X509_MAX_INT_CA limit.
|
||||||
|
|
||||||
|
NN.key is the private key of certificate NN.crt.
|
||||||
|
|
||||||
|
The root is 00.crt and N+1.crt is a child of N.crt.
|
||||||
|
|
||||||
|
File cNN.pem contains the chain NN.crt to 00.crt.
|
||||||
|
|
||||||
|
Those certificates were generated by tests/data_files/dir-maxpath/long.sh.
|
11
tests/data_files/dir-maxpath/c00.pem
Normal file
11
tests/data_files/dir-maxpath/c00.pem
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
24
tests/data_files/dir-maxpath/c01.pem
Normal file
24
tests/data_files/dir-maxpath/c01.pem
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
36
tests/data_files/dir-maxpath/c02.pem
Normal file
36
tests/data_files/dir-maxpath/c02.pem
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
48
tests/data_files/dir-maxpath/c03.pem
Normal file
48
tests/data_files/dir-maxpath/c03.pem
Normal file
@ -0,0 +1,48 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
60
tests/data_files/dir-maxpath/c04.pem
Normal file
60
tests/data_files/dir-maxpath/c04.pem
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
72
tests/data_files/dir-maxpath/c05.pem
Normal file
72
tests/data_files/dir-maxpath/c05.pem
Normal file
@ -0,0 +1,72 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G
|
||||||
|
UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq
|
||||||
|
LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX
|
||||||
|
BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9
|
||||||
|
XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
84
tests/data_files/dir-maxpath/c06.pem
Normal file
84
tests/data_files/dir-maxpath/c06.pem
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr
|
||||||
|
nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG
|
||||||
|
r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX
|
||||||
|
BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6
|
||||||
|
g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G
|
||||||
|
UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq
|
||||||
|
LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX
|
||||||
|
BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9
|
||||||
|
XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
96
tests/data_files/dir-maxpath/c07.pem
Normal file
96
tests/data_files/dir-maxpath/c07.pem
Normal file
@ -0,0 +1,96 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA
|
||||||
|
7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s
|
||||||
|
LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX
|
||||||
|
BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM
|
||||||
|
oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr
|
||||||
|
nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG
|
||||||
|
r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX
|
||||||
|
BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6
|
||||||
|
g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G
|
||||||
|
UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq
|
||||||
|
LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX
|
||||||
|
BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9
|
||||||
|
XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
108
tests/data_files/dir-maxpath/c08.pem
Normal file
108
tests/data_files/dir-maxpath/c08.pem
Normal file
@ -0,0 +1,108 @@
|
|||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDcwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDgwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARpQeQ/YGQj
|
||||||
|
nl7Szo6WStJ1u7xunTL5jBkXH8aAVSm0qiX4AD/7YPxa5EnGzZdLTn25vQVnfQAG
|
||||||
|
pMx8P1lYiGYCo4GJMIGGMB0GA1UdDgQWBBS40mLt93U8Sh8ZGiDVAhRSiBPcXjBX
|
||||||
|
BgNVHSMEUDBOgBREq5J3toJPxZ3O+ssJ5vkkU0RJE6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA2ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhANwGf+F4a+kmXWz8UjSpRkaToTV6EFWw
|
||||||
|
/Tjzj0tQhDoAAiEA19RxeWOVBBpM6LOHg6v5Lf54YN1snkLf+sEXyZCuWQQ=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDYwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASNOj4d4MEA
|
||||||
|
7p/3miijqG4ToE4opKPAm+3BTIGrJTYT14++TSiUICl0ASXj+xeUcLMIaXTN042s
|
||||||
|
LsHxpShzQaL0o4GJMIGGMB0GA1UdDgQWBBREq5J3toJPxZ3O+ssJ5vkkU0RJEzBX
|
||||||
|
BgNVHSMEUDBOgBSjovYaC/m6Li9Tp0V9iZRs9267Q6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA1ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAKGcf+c442c/XiwubbaiQvsoZ7EoVxuM
|
||||||
|
oKmia0gPyBNkAiEA83asjJ5FDXQuLyZpczviXrbmqgCPOfYadtvkc0cxMis=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDUwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAASA9qWoAUHr
|
||||||
|
nn+3kxyNrjPJk82WDLimW21RN51uxpobadv8YgGEDRdP+Ok+uRqQSUsA6ZXfF3iG
|
||||||
|
r2GjfQ3wMDH8o4GJMIGGMB0GA1UdDgQWBBSjovYaC/m6Li9Tp0V9iZRs9267QzBX
|
||||||
|
BgNVHSMEUDBOgBTXh06MAV9S4l4lG1TKOrKRBh4qn6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTA0ggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgcjZNFWJtlDmoPZbAxqsGczRYK0lfPgu6
|
||||||
|
g1H7pp0ce+wCIDj9BRZM2OB9EF0e+MDKGjyZGfvfrL6Ir47x/KrM6H8T
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDQwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDUwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQEdT0OFf5G
|
||||||
|
UcrgX2XllCyJzP94NZ464GsgB6psNLsDeL+j7AU+oJy7VLvW/lHh3ODgl08Z9bhq
|
||||||
|
LFBmNjnHbm8Qo4GJMIGGMB0GA1UdDgQWBBTXh06MAV9S4l4lG1TKOrKRBh4qnzBX
|
||||||
|
BgNVHSMEUDBOgBQox4F1NsZunlsduoGvzIgRSYfB36EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAzggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAIW++zqDZlLLUk/emePohdNOp5JO3wS9
|
||||||
|
XvkBJ6Wua7GBAiAdx+EKmdjVrwnzrQltTgnmSfGMXhKNYifK3uD83W3pcQ==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1jCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDMwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQUXDgcUVNT
|
||||||
|
9hovbZE5HL6rjOb7C55wEuWKThV/CcZ4rWrXx7VXHYdD/R3aDA7JSvYpm2sTok4i
|
||||||
|
sblDzhZM/GDNo4GJMIGGMB0GA1UdDgQWBBQox4F1NsZunlsduoGvzIgRSYfB3zBX
|
||||||
|
BgNVHSMEUDBOgBQApzZdtBdD3dLxouQpr/aDiVttd6EzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAyggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDRwAwRAIgAkiNhqFAZXSUWEDK91OZvQGdeZOtd6mC
|
||||||
|
+Wv3fGk3t28CIEKOwidkUTUaiPdZ4efmAr+CEeGzdq27ob2S+nqqHqgV
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB2DCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDIwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQRDXDNIi1p
|
||||||
|
ereudhqwa2LslXgsxnB63Hu5y5lg+1WPruIYPzD/Ho0APveVdzFLVji19+bE4+tF
|
||||||
|
PYL1SpsN1WfWo4GJMIGGMB0GA1UdDgQWBBQApzZdtBdD3dLxouQpr/aDiVttdzBX
|
||||||
|
BgNVHSMEUDBOgBT5RCgQ0AlZTQbfFB2+6+w0XRvydaEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAxggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSQAwRgIhAOnd+7bAofkHVa4KFNjv3TCegw1lrhuM
|
||||||
|
8Of8wgvrTEGoAiEAsS8iKMpSfXH4D0egg4gLamE6akde965rDtySU+ve9lg=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB1zCCAX2gAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDEwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDIwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQWHpv1i6lf
|
||||||
|
wvNPOP5ka6S0n55EvzoaYK6pbTXP6yMOW/4XZSPKx5Zoq4FMe0cKzGIIFL1rzj1V
|
||||||
|
2czYB+qvLhyio4GJMIGGMB0GA1UdDgQWBBT5RCgQ0AlZTQbfFB2+6+w0XRvydTBX
|
||||||
|
BgNVHSMEUDBOgBSh3uHkX5nj86yFEFwjscSWM40P+qEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggEBMAwGA1UdEwQF
|
||||||
|
MAMBAf8wCgYIKoZIzj0EAwIDSAAwRQIhAI7unGW/gr9tOc3i+dF5N815srgh+FrX
|
||||||
|
oj9Et74EcSpTAiBubv+vOH0DE0gmYI11HeAIgutWqqMIC72dZlwTF/Vi3g==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIB3jCCAYWgAwIBAgIBATAKBggqhkjOPQQDAjAvMQswCQYDVQQGEwJVSzERMA8G
|
||||||
|
A1UECgwIbWJlZCBUTFMxDTALBgNVBAMMBENBMDAwHhcNMTcwNjIyMTE1MDMyWhcN
|
||||||
|
MjcwNjIzMTE1MDMyWjAvMQswCQYDVQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMx
|
||||||
|
DTALBgNVBAMMBENBMDEwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQznn9zHHwL
|
||||||
|
GO8VR4W9V7vMlxCdoojzEOiX5Y6JtPtFOz866ueHY6zoN0/mJ6DnqnSXilJIUUeW
|
||||||
|
6eGfqmka7nxko4GRMIGOMB0GA1UdDgQWBBSh3uHkX5nj86yFEFwjscSWM40P+jBf
|
||||||
|
BgNVHSMEWDBWgBQlFYvU5WboI4fcdPoiQs8/fPHZraEzpDEwLzELMAkGA1UEBhMC
|
||||||
|
VUsxETAPBgNVBAoMCG1iZWQgVExTMQ0wCwYDVQQDDARDQTAwggkA/KCWhcqToHAw
|
||||||
|
DAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNHADBEAiBasbuinP+pJTU4oDCVD8zQ
|
||||||
|
1rJBDSOKIEyWu84/D6Hj6wIgVMPUoO01bPhzllAa/gW8Xk/daey09SBgN3AT9pWU
|
||||||
|
TDA=
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIBpTCCAUugAwIBAgIJAPygloXKk6BwMAoGCCqGSM49BAMCMC8xCzAJBgNVBAYT
|
||||||
|
AlVLMREwDwYDVQQKDAhtYmVkIFRMUzENMAsGA1UEAwwEQ0EwMDAeFw0xNzA2MjIx
|
||||||
|
MTUwMzJaFw0yNzA2MjMxMTUwMzJaMC8xCzAJBgNVBAYTAlVLMREwDwYDVQQKDAht
|
||||||
|
YmVkIFRMUzENMAsGA1UEAwwEQ0EwMDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IA
|
||||||
|
BFW41/qAwAPpy+Txdc7PKmzZsq9CPiujKU4vpF1ekXnGx2HP420QobwBVVWhkzRm
|
||||||
|
LwdboH2j65dcCKjQ7mv/dxKjUDBOMB0GA1UdDgQWBBQlFYvU5WboI4fcdPoiQs8/
|
||||||
|
fPHZrTAfBgNVHSMEGDAWgBQlFYvU5WboI4fcdPoiQs8/fPHZrTAMBgNVHRMEBTAD
|
||||||
|
AQH/MAoGCCqGSM49BAMCA0gAMEUCIQC7iRcVzwMyfVK5imirJ7MqJQ04euH4CLOt
|
||||||
|
IZ+SNfaERAIgSU0MWFDosVEIpg8YMqIHeF7Mg4ZyH6+fGazJgVLttUY=
|
||||||
|
-----END CERTIFICATE-----
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user