From 641de714b617d5161b6b32539766ea179cde9174 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= <mpg@elzevir.fr>
Date: Wed, 25 Sep 2013 13:23:33 +0200
Subject: [PATCH] Use both RSA and ECDSA CA if available

---
 include/polarssl/certs.h       |  3 ++
 library/certs.c                | 85 +++++++++++++++++++---------------
 programs/ssl/ssl_client1.c     |  4 +-
 programs/ssl/ssl_client2.c     |  4 +-
 programs/ssl/ssl_fork_server.c |  4 +-
 programs/ssl/ssl_mail_client.c |  4 +-
 programs/ssl/ssl_server.c      |  4 +-
 programs/ssl/ssl_server2.c     |  4 +-
 programs/test/ssl_test.c       |  4 +-
 9 files changed, 64 insertions(+), 52 deletions(-)

diff --git a/include/polarssl/certs.h b/include/polarssl/certs.h
index ded3ddf06..5fcd85da0 100644
--- a/include/polarssl/certs.h
+++ b/include/polarssl/certs.h
@@ -31,6 +31,9 @@
 extern "C" {
 #endif
 
+/* Concatenation of all available CA certificates */
+extern const char test_ca_list[];
+
 /* First set of certificates: RSA, or ECDSA if RSA is not available */
 extern const char *test_ca_crt;
 extern const char *test_ca_key;
diff --git a/library/certs.c b/library/certs.c
index 1a853515d..67172dde2 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -28,22 +28,23 @@
 #if defined(POLARSSL_CERTS_C)
 
 #if defined(POLARSSL_ECDSA_C)
-const char test_ca_crt_ec[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n"
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"
-"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n"
-"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"
-"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n"
-"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n"
-"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n"
-"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n"
-"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n"
-"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n"
-"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n"
-"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n"
-"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n"
-"-----END CERTIFICATE-----\r\n";
+#define TEST_CA_CRT_EC                                                  \
+"-----BEGIN CERTIFICATE-----\r\n"                                       \
+"MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT\r\n"  \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
+"QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT\r\n"  \
+"Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF\r\n"  \
+"QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu\r\n"  \
+"ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy\r\n"  \
+"aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g\r\n"  \
+"JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7\r\n"  \
+"NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE\r\n"  \
+"AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w\r\n"  \
+"CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56\r\n"  \
+"t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv\r\n"  \
+"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n"                                  \
+"-----END CERTIFICATE-----\r\n"
+const char test_ca_crt_ec[] = TEST_CA_CRT_EC;
 
 const char test_ca_key_ec[] =
 "-----BEGIN EC PRIVATE KEY-----\r\n"
@@ -103,31 +104,34 @@ const char test_cli_key_ec[] =
 "AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
 "wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
 "-----END EC PRIVATE KEY-----\r\n";
+#else
+#define TEST_CA_CRT_EC
 #endif /* POLARSSL_ECDSA_C */
 
 #if defined(POLARSSL_RSA_C)
-const char test_ca_crt_rsa[] =
-"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"
-"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"
-"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"
-"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"
-"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"
-"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"
-"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"
-"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n"
-"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n"
-"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n"
-"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n"
-"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n"
-"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n"
-"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n"
-"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n"
-"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"
-"-----END CERTIFICATE-----\r\n";
+#define TEST_CA_CRT_RSA                                                 \
+"-----BEGIN CERTIFICATE-----\r\n"                                       \
+"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"  \
+"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"  \
+"MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n"  \
+"A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n"  \
+"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n"  \
+"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n"  \
+"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n"  \
+"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n"  \
+"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n"  \
+"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n"  \
+"gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH\r\n"  \
+"/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV\r\n"  \
+"BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz\r\n"  \
+"dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ\r\n"  \
+"SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H\r\n"  \
+"DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF\r\n"  \
+"pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf\r\n"  \
+"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n"  \
+"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n"      \
+"-----END CERTIFICATE-----\r\n"
+const char test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
 
 const char test_ca_key_rsa[] =
 "-----BEGIN RSA PRIVATE KEY-----\r\n"
@@ -264,6 +268,8 @@ const char test_cli_key_rsa[] =
 "bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
 "8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
 "-----END RSA PRIVATE KEY-----\r\n";
+#else
+#define TEST_CA_CRT_RSA
 #endif /* POLARSSL_RSA_C */
 
 #if defined(POLARSSL_DHM_C)
@@ -275,6 +281,9 @@ const char test_dhm_params[] =
 "-----END DH PARAMETERS-----\r\n";
 #endif
 
+/* Concatenation of all available CA certificates */
+const char test_ca_list[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
+
 #if defined(POLARSSL_RSA_C)
 const char *test_ca_crt = test_ca_crt_rsa;
 const char *test_ca_key = test_ca_key_rsa;
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index 286075a4d..2c6e7c868 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -109,8 +109,8 @@ int main( int argc, char *argv[] )
     fflush( stdout );
 
 #if defined(POLARSSL_CERTS_C)
-    ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
-                          strlen( test_ca_crt ) );
+    ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
+                          strlen( test_ca_list ) );
 #else
     ret = 1;
     printf("POLARSSL_CERTS_C not defined.");
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index 9684aa89b..f518d39f7 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -576,8 +576,8 @@ int main( int argc, char *argv[] )
     else
 #endif
 #if defined(POLARSSL_CERTS_C)
-        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
-                strlen( test_ca_crt ) );
+        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
+                strlen( test_ca_list ) );
 #else
     {
         ret = 1;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 1d2791cc2..3d4c7d3b3 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -145,8 +145,8 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt,
-                          strlen( test_ca_crt ) );
+    ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
+                          strlen( test_ca_list ) );
     if( ret != 0 )
     {
         printf( " failed\n  !  x509_crt_parse returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index e8a49dbe6..edee85db7 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -484,8 +484,8 @@ int main( int argc, char *argv[] )
     else
 #endif
 #if defined(POLARSSL_CERTS_C)
-        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
-                              strlen( test_ca_crt ) );
+        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
+                              strlen( test_ca_list ) );
 #else
     {
         ret = 1;
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 258ca5b98..2a528cb07 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -125,8 +125,8 @@ int main( int argc, char *argv[] )
         goto exit;
     }
 
-    ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt,
-                          strlen( test_ca_crt ) );
+    ret = x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
+                          strlen( test_ca_list ) );
     if( ret != 0 )
     {
         printf( " failed\n  !  x509_crt_parse returned %d\n\n", ret );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 4b1cec2fa..ba651318f 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -549,8 +549,8 @@ int main( int argc, char *argv[] )
     else
 #endif
 #if defined(POLARSSL_CERTS_C)
-        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_crt,
-                              strlen( test_ca_crt ) );
+        ret = x509_crt_parse( &cacert, (const unsigned char *) test_ca_list,
+                              strlen( test_ca_list ) );
 #else
     {
         ret = 1;
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index 8cc2d0f7a..97e308f7f 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -218,8 +218,8 @@ static int ssl_test( struct options *opt )
             goto exit;
         }
 
-        ret =  x509_crt_parse( &srvcert, (const unsigned char *) test_ca_crt,
-                               strlen( test_ca_crt ) );
+        ret =  x509_crt_parse( &srvcert, (const unsigned char *) test_ca_list,
+                               strlen( test_ca_list ) );
         if( ret != 0 )
         {
             printf( "  !  x509_crt_parse returned %d\n\n", ret );