- Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding

- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
This commit is contained in:
Paul Bakker 2011-02-12 14:30:57 +00:00
parent f17ed288ad
commit 96743fc5f5
15 changed files with 812 additions and 352 deletions

View File

@ -1,5 +1,15 @@
PolarSSL ChangeLog PolarSSL ChangeLog
= Version 0.99-pre2 released on XXXXXX
Features
* Parsing PEM private keys encrypted with DES and AES
are now supported as well (Fixes ticket #5)
Changes
* Parsing of PEM files moved to separate module (Fixes
ticket #13). Also possible to remove PEM support for
systems only using DER encoding
= Version 0.99-pre1 released on 2011-01-30 = Version 0.99-pre1 released on 2011-01-30
Features Features
Note: Most of these features have been donated by Fox-IT Note: Most of these features have been donated by Fox-IT

View File

@ -151,6 +151,7 @@
* *
* Module: library/aes.c * Module: library/aes.c
* Caller: library/ssl_tls.c * Caller: library/ssl_tls.c
* library/pem.c
* *
* This module enables the following ciphersuites: * This module enables the following ciphersuites:
* SSL_RSA_AES_128_SHA * SSL_RSA_AES_128_SHA
@ -370,6 +371,18 @@
*/ */
#define POLARSSL_PADLOCK_C #define POLARSSL_PADLOCK_C
/**
* \def POLARSSL_PEM_C
*
* Enable PEM decoding
*
* Module: library/pem.c
* Caller: library/x509parse.c
*
* This modules adds support for decoding PEM files.
*/
#define POLARSSL_PEM_C
/** /**
* \def POLARSSL_RSA_C * \def POLARSSL_RSA_C
* *

98
include/polarssl/pem.h Normal file
View File

@ -0,0 +1,98 @@
/**
* \file pem.h
*
* \brief Privacy Enhanced Mail (PEM) decoding
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#ifndef POLARSSL_PEM_H
#define POLARSSL_PEM_H
/**
* \name PEM Error codes
* These error codes are returned in case of errors reading the
* PEM data.
* \{
*/
#define POLARSSL_ERR_PEM_NO_HEADER_PRESENT -0x0500 /**< No PEM header found. */
#define POLARSSL_ERR_PEM_INVALID_DATA -0x0520 /**< PEM string is not as expected. */
#define POLARSSL_ERR_PEM_MALLOC_FAILED -0x0540 /**< Failed to allocate memory. */
#define POLARSSL_ERR_PEM_INVALID_ENC_IV -0x0560 /**< RSA IV is not in hex-format. */
#define POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG -0x0580 /**< Unsupported key encryption algorithm. */
#define POLARSSL_ERR_PEM_PASSWORD_REQUIRED -0x05A0 /**< Private key password can't be empty. */
#define POLARSSL_ERR_PEM_PASSWORD_MISMATCH -0x05C0 /**< Given private key password does not allow for correct decryption. */
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE -0x05E0 /**< Unavailable feature, e.g. hashing/encryption combination. */
/* \} name */
/**
* \brief PEM context structure
*/
typedef struct
{
unsigned char *buf; /*!< buffer for decoded data */
int buflen; /*!< length of the buffer */
unsigned char *info; /*!< buffer for extra header information */
}
pem_context;
#ifdef __cplusplus
extern "C" {
#endif
/**
* \brief PEM context setup
*
* \param ctx context to be initialized
*/
void pem_init( pem_context *ctx );
/**
* \brief Read a buffer for PEM information and store the resulting
* data into the specified context buffers.
*
* \param ctx context to use
* \param header header string to seek and expect
* \param footer footer string to seek and expect
* \param data source data to look in
* \param pwd password for decryption (can be NULL)
* \param pwdlen length of password
* \param use_len destination for total length used
*
* \return 0 on success, ior a specific PEM error code
*/
int pem_read_buffer( pem_context *ctx, char *header, char *footer,
const unsigned char *data,
const unsigned char *pwd,
int pwdlen, int *use_len );
/**
* \brief PEM context memory freeing
*
* \param ctx context to be freed
*/
void pem_free( pem_context *ctx );
#ifdef __cplusplus
}
#endif
#endif /* pem.h */

View File

@ -69,13 +69,8 @@
#define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */ #define POLARSSL_ERR_X509_CERT_UNKNOWN_PK_ALG -0x01C0 /**< Public key algorithm is unsupported (only RSA is supported). */
#define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */ #define POLARSSL_ERR_X509_CERT_SIG_MISMATCH -0x01E0 /**< Certificate signature algorithms do not match. (see \c ::x509_cert sig_oid) */
#define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */ #define POLARSSL_ERR_X509_CERT_VERIFY_FAILED -0x0200 /**< Certificate verification failed, e.g. CRL, CA or signature check failed. */
#define POLARSSL_ERR_X509_KEY_INVALID_PEM -0x0220 /**< PEM key string is not as expected. */
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */ #define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x0240 /**< Unsupported RSA key version */
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */ #define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x0260 /**< Invalid RSA key tag or value. */
#define POLARSSL_ERR_X509_KEY_INVALID_ENC_IV -0x0280 /**< RSA IV is not in hex-format. */
#define POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG -0x02A0 /**< Unsupported key encryption algorithm. */
#define POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED -0x02C0 /**< Private key password can't be empty. */
#define POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH -0x02E0 /**< Given private key password does not allow for correct decryption. */
#define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */ #define POLARSSL_ERR_X509_POINT_ERROR -0x0300 /**< Not used. */
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */ #define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x0320 /**< Not used. */
/* \} name */ /* \} name */
@ -485,7 +480,7 @@ extern "C" {
* \param buf buffer holding the certificate data * \param buf buffer holding the certificate data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ); int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
@ -497,7 +492,7 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen );
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param path filename to read the certificates from * \param path filename to read the certificates from
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crtfile( x509_cert *chain, const char *path ); int x509parse_crtfile( x509_cert *chain, const char *path );
@ -510,7 +505,7 @@ int x509parse_crtfile( x509_cert *chain, const char *path );
* \param buf buffer holding the CRL data * \param buf buffer holding the CRL data
* \param buflen size of the buffer * \param buflen size of the buffer
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ); int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
@ -522,7 +517,7 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen );
* \param chain points to the start of the chain * \param chain points to the start of the chain
* \param path filename to read the CRLs from * \param path filename to read the CRLs from
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_crlfile( x509_crl *chain, const char *path ); int x509parse_crlfile( x509_crl *chain, const char *path );
@ -536,7 +531,7 @@ int x509parse_crlfile( x509_crl *chain, const char *path );
* \param pwd password for decryption (optional) * \param pwd password for decryption (optional)
* \param pwdlen size of the password * \param pwdlen size of the password
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_key( rsa_context *rsa, int x509parse_key( rsa_context *rsa,
const unsigned char *key, int keylen, const unsigned char *key, int keylen,
@ -550,7 +545,7 @@ int x509parse_key( rsa_context *rsa,
* \param path filename to read the private key from * \param path filename to read the private key from
* \param password password to decrypt the file (can be NULL) * \param password password to decrypt the file (can be NULL)
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_keyfile( rsa_context *rsa, const char *path, int x509parse_keyfile( rsa_context *rsa, const char *path,
const char *password ); const char *password );
@ -563,7 +558,7 @@ int x509parse_keyfile( rsa_context *rsa, const char *path,
* \param dhmin input buffer * \param dhmin input buffer
* \param dhminlen size of the buffer * \param dhminlen size of the buffer
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ); int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
@ -574,7 +569,7 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen );
* \param dhm DHM context to be initialized * \param dhm DHM context to be initialized
* \param path filename to read the DHM Parameters from * \param path filename to read the DHM Parameters from
* *
* \return 0 if successful, or a specific X509 error code * \return 0 if successful, or a specific X509 or PEM error code
*/ */
int x509parse_dhmfile( dhm_context *dhm, const char *path ); int x509parse_dhmfile( dhm_context *dhm, const char *path );

350
library/pem.c Normal file
View File

@ -0,0 +1,350 @@
/*
* Privacy Enhanced Mail (PEM) decoding
*
* Copyright (C) 2006-2010, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
*
* All rights reserved.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "polarssl/config.h"
#if defined(POLARSSL_PEM_C)
#include "polarssl/pem.h"
#include "polarssl/base64.h"
#include "polarssl/des.h"
#include "polarssl/aes.h"
#include "polarssl/md5.h"
#include "polarssl/cipher.h"
#include <stdlib.h>
#include <string.h>
void pem_init( pem_context *ctx )
{
memset( ctx, 0, sizeof( pem_context ) );
}
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
/*
* Read a 16-byte hex string and convert it to binary
*/
static int pem_get_iv( const unsigned char *s, unsigned char *iv, int iv_len )
{
int i, j, k;
memset( iv, 0, iv_len );
for( i = 0; i < iv_len * 2; i++, s++ )
{
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
}
return( 0 );
}
static void pem_pbkdf1( unsigned char *key, int keylen,
unsigned char *iv,
const unsigned char *pwd, int pwdlen )
{
md5_context md5_ctx;
unsigned char md5sum[16];
int use_len;
/*
* key[ 0..15] = MD5(pwd || IV)
*/
md5_starts( &md5_ctx );
md5_update( &md5_ctx, pwd, pwdlen );
md5_update( &md5_ctx, iv, 8 );
md5_finish( &md5_ctx, md5sum );
if( keylen <= 16 )
{
memcpy( key, md5sum, keylen );
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
memset( md5sum, 0, 16 );
return;
}
memcpy( key, md5sum, 16 );
/*
* key[16..23] = MD5(key[ 0..15] || pwd || IV])
*/
md5_starts( &md5_ctx );
md5_update( &md5_ctx, md5sum, 16 );
md5_update( &md5_ctx, pwd, pwdlen );
md5_update( &md5_ctx, iv, 8 );
md5_finish( &md5_ctx, md5sum );
use_len = 16;
if( keylen < 32 )
use_len = keylen - 16;
memcpy( key + 16, md5sum, use_len );
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
memset( md5sum, 0, 16 );
}
#if defined(POLARSSL_DES_C)
/*
* Decrypt with DES-CBC, using PBKDF1 for key derivation
*/
static void pem_des_decrypt( unsigned char des_iv[8],
unsigned char *buf, int buflen,
const unsigned char *pwd, int pwdlen )
{
des_context des_ctx;
unsigned char des_key[8];
pem_pbkdf1( des_key, 8, des_iv, pwd, pwdlen );
des_setkey_dec( &des_ctx, des_key );
des_crypt_cbc( &des_ctx, DES_DECRYPT, buflen,
des_iv, buf, buf );
memset( &des_ctx, 0, sizeof( des_ctx ) );
memset( des_key, 0, 8 );
}
/*
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
static void pem_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, int buflen,
const unsigned char *pwd, int pwdlen )
{
des3_context des3_ctx;
unsigned char des3_key[24];
pem_pbkdf1( des3_key, 24, des3_iv, pwd, pwdlen );
des3_set3key_dec( &des3_ctx, des3_key );
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
memset( des3_key, 0, 24 );
}
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_AES_C)
/*
* Decrypt with AES-XXX-CBC, using PBKDF1 for key derivation
*/
static void pem_aes_decrypt( unsigned char aes_iv[16], int keylen,
unsigned char *buf, int buflen,
const unsigned char *pwd, int pwdlen )
{
aes_context aes_ctx;
unsigned char aes_key[32];
pem_pbkdf1( aes_key, keylen, aes_iv, pwd, pwdlen );
aes_setkey_dec( &aes_ctx, aes_key, keylen * 8 );
aes_crypt_cbc( &aes_ctx, AES_DECRYPT, buflen,
aes_iv, buf, buf );
memset( &aes_ctx, 0, sizeof( aes_ctx ) );
memset( aes_key, 0, keylen );
}
#endif /* POLARSSL_AES_C */
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
int pem_read_buffer( pem_context *ctx, char *header, char *footer, const unsigned char *data, const unsigned char *pwd, int pwdlen, int *use_len )
{
int ret, len, enc;
unsigned char *buf;
unsigned char *s1, *s2;
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
unsigned char pem_iv[16];
cipher_type_t enc_alg = POLARSSL_CIPHER_NONE;
#else
((void) pwd);
((void) pwdlen);
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
if( ctx == NULL )
return( POLARSSL_ERR_PEM_INVALID_DATA );
s1 = (unsigned char *) strstr( (char *) data, header );
if( s1 == NULL )
return( POLARSSL_ERR_PEM_NO_HEADER_PRESENT );
s2 = (unsigned char *) strstr( (char *) data, footer );
if( s2 == NULL || s2 <= s1 )
return( POLARSSL_ERR_PEM_INVALID_DATA );
s1 += strlen( header );
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_PEM_INVALID_DATA );
enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
enc++;
s1 += 22;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_PEM_INVALID_DATA );
#if defined(POLARSSL_DES_C)
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) == 0 )
{
enc_alg = POLARSSL_CIPHER_DES_EDE3_CBC;
s1 += 23;
if( pem_get_iv( s1, pem_iv, 8 ) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
}
else if( memcmp( s1, "DEK-Info: DES-CBC,", 18 ) == 0 )
{
enc_alg = POLARSSL_CIPHER_DES_CBC;
s1 += 18;
if( pem_get_iv( s1, pem_iv, 8) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 16;
}
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_AES_C)
if( memcmp( s1, "DEK-Info: AES-", 14 ) == 0 )
{
if( memcmp( s1, "DEK-Info: AES-128-CBC,", 22 ) == 0 )
enc_alg = POLARSSL_CIPHER_AES_128_CBC;
else if( memcmp( s1, "DEK-Info: AES-192-CBC,", 22 ) == 0 )
enc_alg = POLARSSL_CIPHER_AES_192_CBC;
else if( memcmp( s1, "DEK-Info: AES-256-CBC,", 22 ) == 0 )
enc_alg = POLARSSL_CIPHER_AES_256_CBC;
else
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
s1 += 22;
if( pem_get_iv( s1, pem_iv, 16 ) != 0 )
return( POLARSSL_ERR_PEM_INVALID_ENC_IV );
s1 += 32;
}
#endif /* POLARSSL_AES_C */
if( enc_alg == POLARSSL_CIPHER_NONE )
return( POLARSSL_ERR_PEM_UNKNOWN_ENC_ALG );
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_PEM_INVALID_DATA );
#else
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
#endif /* POLARSSL_MD5_C && (POLARSSL_AES_C || POLARSSL_DES_C) */
}
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
return( POLARSSL_ERR_PEM_MALLOC_FAILED );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
free( buf );
return( ret | POLARSSL_ERR_PEM_INVALID_DATA );
}
if( enc != 0 )
{
#if defined(POLARSSL_MD5_C) && (defined(POLARSSL_DES_C) || defined(POLARSSL_AES_C))
if( pwd == NULL )
{
free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_REQUIRED );
}
#if defined(POLARSSL_DES_C)
if( enc_alg == POLARSSL_CIPHER_DES_EDE3_CBC )
pem_des3_decrypt( pem_iv, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_DES_CBC )
pem_des_decrypt( pem_iv, buf, len, pwd, pwdlen );
#endif /* POLARSSL_DES_C */
#if defined(POLARSSL_AES_C)
if( enc_alg == POLARSSL_CIPHER_AES_128_CBC )
pem_aes_decrypt( pem_iv, 16, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_AES_192_CBC )
pem_aes_decrypt( pem_iv, 24, buf, len, pwd, pwdlen );
else if( enc_alg == POLARSSL_CIPHER_AES_256_CBC )
pem_aes_decrypt( pem_iv, 32, buf, len, pwd, pwdlen );
#endif /* POLARSSL_AES_C */
if( buf[0] != 0x30 || buf[1] != 0x82 ||
buf[4] != 0x02 || buf[5] != 0x01 )
{
free( buf );
return( POLARSSL_ERR_PEM_PASSWORD_MISMATCH );
}
#else
return( POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE );
#endif
}
ctx->buf = buf;
ctx->buflen = len;
s2 += strlen( footer );
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
*use_len = s2 - data;
return( 0 );
}
void pem_free( pem_context *ctx )
{
if( ctx->buf )
free( ctx->buf );
if( ctx->info )
free( ctx->info );
}
#endif

View File

@ -39,7 +39,7 @@
#if defined(POLARSSL_X509_PARSE_C) #if defined(POLARSSL_X509_PARSE_C)
#include "polarssl/x509.h" #include "polarssl/x509.h"
#include "polarssl/base64.h" #include "polarssl/pem.h"
#include "polarssl/des.h" #include "polarssl/des.h"
#include "polarssl/md2.h" #include "polarssl/md2.h"
#include "polarssl/md4.h" #include "polarssl/md4.h"
@ -1045,10 +1045,12 @@ static int x509_get_sig_alg( const x509_buf *sig_oid, int *sig_alg )
*/ */
int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen ) int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
{ {
int ret, len; int ret, len, use_len;
const unsigned char *s1, *s2;
unsigned char *p, *end; unsigned char *p, *end;
x509_cert *crt; x509_cert *crt;
#if defined(POLARSSL_PEM_C)
pem_context pem;
#endif
crt = chain; crt = chain;
@ -1078,57 +1080,33 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
memset( crt, 0, sizeof( x509_cert ) ); memset( crt, 0, sizeof( x509_cert ) );
} }
/* #if defined(POLARSSL_PEM_C)
* check if the certificate is encoded in base64 pem_init( &pem );
*/ ret = pem_read_buffer( &pem,
s1 = (unsigned char *) strstr( (char *) buf, "-----BEGIN CERTIFICATE-----",
"-----BEGIN CERTIFICATE-----" ); "-----END CERTIFICATE-----",
buf, NULL, 0, &use_len );
if( s1 != NULL ) if( ret == 0 )
{ {
s2 = (unsigned char *) strstr( (char *) buf, /*
"-----END CERTIFICATE-----" ); * Was PEM encoded
*/
if( s2 == NULL || s2 <= s1 ) buflen -= use_len;
return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); buf += use_len;
s1 += 27;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
/* /*
* get the DER data length and decode the buffer * Steal PEM buffer
*/ */
len = 0; p = pem.buf;
ret = base64_decode( NULL, &len, s1, s2 - s1 ); pem.buf = NULL;
len = pem.buflen;
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) pem_free( &pem );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
if( ( p = (unsigned char *) malloc( len ) ) == NULL ) {
return( 1 ); pem_free( &pem );
return( ret );
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
{
free( p );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
}
/*
* update the buffer size and offset
*/
s2 += 25;
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
else
{
free( p );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
}
buflen -= s2 - buf;
buf = s2;
} }
else else
{ {
@ -1144,6 +1122,16 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
buflen = 0; buflen = 0;
} }
#else
p = (unsigned char *) malloc( len = buflen );
if( p == NULL )
return( 1 );
memcpy( p, buf, buflen );
buflen = 0;
#endif
crt->raw.p = p; crt->raw.p = p;
crt->raw.len = len; crt->raw.len = len;
@ -1393,10 +1381,12 @@ int x509parse_crt( x509_cert *chain, const unsigned char *buf, int buflen )
*/ */
int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen ) int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
{ {
int ret, len; int ret, len, use_len;
unsigned char *s1, *s2;
unsigned char *p, *end; unsigned char *p, *end;
x509_crl *crl; x509_crl *crl;
#if defined(POLARSSL_PEM_C)
pem_context pem;
#endif
crl = chain; crl = chain;
@ -1426,57 +1416,33 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
memset( crl, 0, sizeof( x509_crl ) ); memset( crl, 0, sizeof( x509_crl ) );
} }
/* #if defined(POLARSSL_PEM_C)
* check if the CRL is encoded in base64 pem_init( &pem );
*/ ret = pem_read_buffer( &pem,
s1 = (unsigned char *) strstr( (char *) buf, "-----BEGIN X509 CRL-----",
"-----BEGIN X509 CRL-----" ); "-----END X509 CRL-----",
buf, NULL, 0, &use_len );
if( s1 != NULL ) if( ret == 0 )
{ {
s2 = (unsigned char *) strstr( (char *) buf, /*
"-----END X509 CRL-----" ); * Was PEM encoded
*/
if( s2 == NULL || s2 <= s1 ) buflen -= use_len;
return( POLARSSL_ERR_X509_CERT_INVALID_PEM ); buf += use_len;
s1 += 24;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
/* /*
* get the DER data length and decode the buffer * Steal PEM buffer
*/ */
len = 0; p = pem.buf;
ret = base64_decode( NULL, &len, s1, s2 - s1 ); pem.buf = NULL;
len = pem.buflen;
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER ) pem_free( &pem );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret ); }
else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
if( ( p = (unsigned char *) malloc( len ) ) == NULL ) {
return( 1 ); pem_free( &pem );
return( ret );
if( ( ret = base64_decode( p, &len, s1, s2 - s1 ) ) != 0 )
{
free( p );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM | ret );
}
/*
* update the buffer size and offset
*/
s2 += 22;
if( *s2 == '\r' ) s2++;
if( *s2 == '\n' ) s2++;
else
{
free( p );
return( POLARSSL_ERR_X509_CERT_INVALID_PEM );
}
buflen -= s2 - buf;
buf = s2;
} }
else else
{ {
@ -1492,6 +1458,16 @@ int x509parse_crl( x509_crl *chain, const unsigned char *buf, int buflen )
buflen = 0; buflen = 0;
} }
#else
p = (unsigned char *) malloc( len = buflen );
if( p == NULL )
return( 1 );
memcpy( p, buf, buflen );
buflen = 0;
#endif
crl->raw.p = p; crl->raw.p = p;
crl->raw.len = len; crl->raw.len = len;
@ -1758,180 +1734,44 @@ int x509parse_crlfile( x509_crl *chain, const char *path )
return( ret ); return( ret );
} }
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
/*
* Read a 16-byte hex string and convert it to binary
*/
static int x509_get_iv( const unsigned char *s, unsigned char iv[8] )
{
int i, j, k;
memset( iv, 0, 8 );
for( i = 0; i < 16; i++, s++ )
{
if( *s >= '0' && *s <= '9' ) j = *s - '0'; else
if( *s >= 'A' && *s <= 'F' ) j = *s - '7'; else
if( *s >= 'a' && *s <= 'f' ) j = *s - 'W'; else
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
k = ( ( i & 1 ) != 0 ) ? j : j << 4;
iv[i >> 1] = (unsigned char)( iv[i >> 1] | k );
}
return( 0 );
}
/*
* Decrypt with 3DES-CBC, using PBKDF1 for key derivation
*/
static void x509_des3_decrypt( unsigned char des3_iv[8],
unsigned char *buf, int buflen,
const unsigned char *pwd, int pwdlen )
{
md5_context md5_ctx;
des3_context des3_ctx;
unsigned char md5sum[16];
unsigned char des3_key[24];
/*
* 3DES key[ 0..15] = MD5(pwd || IV)
* key[16..23] = MD5(pwd || IV || 3DES key[ 0..15])
*/
md5_starts( &md5_ctx );
md5_update( &md5_ctx, pwd, pwdlen );
md5_update( &md5_ctx, des3_iv, 8 );
md5_finish( &md5_ctx, md5sum );
memcpy( des3_key, md5sum, 16 );
md5_starts( &md5_ctx );
md5_update( &md5_ctx, md5sum, 16 );
md5_update( &md5_ctx, pwd, pwdlen );
md5_update( &md5_ctx, des3_iv, 8 );
md5_finish( &md5_ctx, md5sum );
memcpy( des3_key + 16, md5sum, 8 );
des3_set3key_dec( &des3_ctx, des3_key );
des3_crypt_cbc( &des3_ctx, DES_DECRYPT, buflen,
des3_iv, buf, buf );
memset( &md5_ctx, 0, sizeof( md5_ctx ) );
memset( &des3_ctx, 0, sizeof( des3_ctx ) );
memset( md5sum, 0, 16 );
memset( des3_key, 0, 24 );
}
#endif
/* /*
* Parse a private RSA key * Parse a private RSA key
*/ */
int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen, int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
const unsigned char *pwd, int pwdlen ) const unsigned char *pwd, int pwdlen )
{ {
int ret, len, enc; int ret, len;
unsigned char *buf, *s1, *s2;
unsigned char *p, *end; unsigned char *p, *end;
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C) #if defined(POLARSSL_PEM_C)
unsigned char des3_iv[8]; pem_context pem;
#else
((void) pwd);
((void) pwdlen);
#endif
s1 = (unsigned char *) strstr( (char *) key, pem_init( &pem );
"-----BEGIN RSA PRIVATE KEY-----" ); ret = pem_read_buffer( &pem,
"-----BEGIN RSA PRIVATE KEY-----",
"-----END RSA PRIVATE KEY-----",
key, pwd, pwdlen, &len );
if( s1 != NULL ) if( ret == 0 )
{ {
s2 = (unsigned char *) strstr( (char *) key, /*
"-----END RSA PRIVATE KEY-----" ); * Was PEM encoded
*/
if( s2 == NULL || s2 <= s1 ) keylen = pem.buflen;
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
s1 += 31;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
enc = 0;
if( memcmp( s1, "Proc-Type: 4,ENCRYPTED", 22 ) == 0 )
{
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
enc++;
s1 += 22;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
if( memcmp( s1, "DEK-Info: DES-EDE3-CBC,", 23 ) != 0 )
return( POLARSSL_ERR_X509_KEY_UNKNOWN_ENC_ALG );
s1 += 23;
if( x509_get_iv( s1, des3_iv ) != 0 )
return( POLARSSL_ERR_X509_KEY_INVALID_ENC_IV );
s1 += 16;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
#else
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
#endif
}
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
return( 1 );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
free( buf );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
}
keylen = len;
if( enc != 0 )
{
#if defined(POLARSSL_DES_C) && defined(POLARSSL_MD5_C)
if( pwd == NULL )
{
free( buf );
return( POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED );
}
x509_des3_decrypt( des3_iv, buf, keylen, pwd, pwdlen );
if( buf[0] != 0x30 || buf[1] != 0x82 ||
buf[4] != 0x02 || buf[5] != 0x01 )
{
free( buf );
return( POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH );
}
#else
return( POLARSSL_ERR_X509_FEATURE_UNAVAILABLE );
#endif
}
} }
else else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
{ {
buf = NULL; pem_free( &pem );
return( ret );
} }
p = ( ret == 0 ) ? pem.buf : (unsigned char *) key;
#else
p = (unsigned char *) key;
#endif
end = p + keylen;
memset( rsa, 0, sizeof( rsa_context ) ); memset( rsa, 0, sizeof( rsa_context ) );
p = ( s1 != NULL ) ? buf : (unsigned char *) key;
end = p + keylen;
/* /*
* RSAPrivateKey ::= SEQUENCE { * RSAPrivateKey ::= SEQUENCE {
* version Version, * version Version,
@ -1949,9 +1789,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
if( ( ret = asn1_get_tag( &p, end, &len, if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
} }
@ -1960,18 +1800,18 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 ) if( ( ret = asn1_get_int( &p, end, &rsa->ver ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
} }
if( rsa->ver != 0 ) if( rsa->ver != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_VERSION );
} }
@ -1985,9 +1825,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 || ( ret = asn1_get_mpi( &p, end, &rsa->DQ ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 ) ( ret = asn1_get_mpi( &p, end, &rsa->QP ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
} }
@ -1996,9 +1836,9 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
if( p != end ) if( p != end )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
@ -2006,15 +1846,16 @@ int x509parse_key( rsa_context *rsa, const unsigned char *key, int keylen,
if( ( ret = rsa_check_privkey( rsa ) ) != 0 ) if( ( ret = rsa_check_privkey( rsa ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
rsa_free( rsa ); rsa_free( rsa );
return( ret ); return( ret );
} }
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
return( 0 ); return( 0 );
} }
@ -2049,52 +1890,38 @@ int x509parse_keyfile( rsa_context *rsa, const char *path, const char *pwd )
int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen ) int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
{ {
int ret, len; int ret, len;
unsigned char *buf, *s1, *s2;
unsigned char *p, *end; unsigned char *p, *end;
#if defined(POLARSSL_PEM_C)
pem_context pem;
s1 = (unsigned char *) strstr( (char *) dhmin, pem_init( &pem );
"-----BEGIN DH PARAMETERS-----" );
if( s1 != NULL ) ret = pem_read_buffer( &pem,
"-----BEGIN DH PARAMETERS-----",
"-----END DH PARAMETERS-----",
dhmin, NULL, 0, &dhminlen );
if( ret == 0 )
{ {
s2 = (unsigned char *) strstr( (char *) dhmin, /*
"-----END DH PARAMETERS-----" ); * Was PEM encoded
*/
if( s2 == NULL || s2 <= s1 ) dhminlen = pem.buflen;
return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
s1 += 29;
if( *s1 == '\r' ) s1++;
if( *s1 == '\n' ) s1++;
else return( POLARSSL_ERR_X509_KEY_INVALID_PEM );
len = 0;
ret = base64_decode( NULL, &len, s1, s2 - s1 );
if( ret == POLARSSL_ERR_BASE64_INVALID_CHARACTER )
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
if( ( buf = (unsigned char *) malloc( len ) ) == NULL )
return( 1 );
if( ( ret = base64_decode( buf, &len, s1, s2 - s1 ) ) != 0 )
{
free( buf );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_PEM );
}
dhminlen = len;
} }
else else if( ret != POLARSSL_ERR_PEM_NO_HEADER_PRESENT )
{ {
buf = NULL; pem_free( &pem );
return( ret );
} }
p = ( ret == 0 ) ? pem.buf : (unsigned char *) dhmin;
#else
p = (unsigned char *) dhmin;
#endif
end = p + dhminlen;
memset( dhm, 0, sizeof( dhm_context ) ); memset( dhm, 0, sizeof( dhm_context ) );
p = ( s1 != NULL ) ? buf : (unsigned char *) dhmin;
end = p + dhminlen;
/* /*
* DHParams ::= SEQUENCE { * DHParams ::= SEQUENCE {
* prime INTEGER, -- P * prime INTEGER, -- P
@ -2104,10 +1931,9 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
if( ( ret = asn1_get_tag( &p, end, &len, if( ( ret = asn1_get_tag( &p, end, &len,
ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 ) ASN1_CONSTRUCTED | ASN1_SEQUENCE ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
dhm_free( dhm );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret ); return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | ret );
} }
@ -2116,25 +1942,26 @@ int x509parse_dhm( dhm_context *dhm, const unsigned char *dhmin, int dhminlen )
if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || if( ( ret = asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) ( ret = asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
dhm_free( dhm ); dhm_free( dhm );
return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT ); return( ret | POLARSSL_ERR_X509_KEY_INVALID_FORMAT );
} }
if( p != end ) if( p != end )
{ {
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
dhm_free( dhm ); dhm_free( dhm );
return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT | return( POLARSSL_ERR_X509_KEY_INVALID_FORMAT |
POLARSSL_ERR_ASN1_LENGTH_MISMATCH ); POLARSSL_ERR_ASN1_LENGTH_MISMATCH );
} }
if( s1 != NULL ) #if defined(POLARSSL_PEM_C)
free( buf ); pem_free( &pem );
#endif
return( 0 ); return( 0 );
} }

15
tests/data_files/keyfile Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN RSA PRIVATE KEY-----
MIICXgIBAAKBgQDMYfnvWtC8Id5bPKae5yXSxQTt+Zpul6AnnZWfI2TtIarvjHBF
UtXRo96y7hoL4VWOPKGCsRqMFDkrbeUjRrx8iL914/srnyf6sh9c8Zk04xEOpK1y
pvBz+Ks4uZObtjnnitf0NBGdjMKxveTq+VE7BWUIyQjtQ8mbDOsiLLvh7wIDAQAB
AoGAefPIT8MPpAJNjIE/JrfkAMTgsSLrvCurO5gzDBbxhPE+7tsMrsDDpuix3HBo
iEg3ZbzV3obQwV7b0gcr34W4t0CMuJf5b5irHRG8JcZuncmofDy6z7S5Vs75O85z
fVzTIuVUyuHy1rM6rSBYKfsMLVyImUb4wtIXEMHPzdCL9LECQQD3ZfgGqudMWq8v
3BlKhsQ4fsR0vxzNlMZfoRrZzcvBT339Bp1UQ8aUo8xBtHiRwuW1NaPNgYKX6XQ6
ppuWuTiJAkEA030i493KnFPLRwWypqF/s6ZNlVye+euFN5NF/IeJcvb/GUDRYv9O
pRozRS1jNx4ZB1K2xT7N9MwsPHD6j6K4twJBALdfHTfT9RzjGnae7SAQQ+CcFYFz
JiY6386B2yUVJLFj+j5RaMvMcKQ7xGnvGm7vxtNJrt/j3qg6oavXUfulzgECQQDP
CEVLhCd/+ZeZoz5MWPTGTRrOCKmoRqNW0FlG6PfpD1qSwh04KG44uflO0yu5HUGr
JZG+bcj4x5bWZFMkoUrpAkEAyEgQzesKFqcbt1cqv3pLXJYQBBw6leFXgHk11a7k
+AkexhrPYyq/4tXFO2TLk2hs7tpYgNDOqZCvEu7jtN3RuA==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,BE8274D6692AF2A7
9ZXjoF55A9XgJpdaWmF/ZL1sJfbnE1M42N7HHRDwpq1/K+afC9poM0/AdCUbRL7w
uvQERievbAYpNeLdah1EftM6033e1oTxUMivdL4orDKcbb3qDpSQ0o0UbjavbT+d
aruilW8zVP4dz3mYMvGbkgoujgzdT+4wM0T1mTTuYcRKQsHlg7QDy2QrBILNuXA4
Hmye4GlSXVUSON8vPXT12V4oeubEIZVlnkLTRFGRVA4qz5tby9GBymkeNCBu+LCw
JwJLTbQwMFqozHvioq/2YBaHDcySpTD4X5AwrCjifUNO9BnLWLAmt8dOWr0z+48E
P/yWr5xZl3DrKh9r9EGb9xbTxhum3yHV7bvXLoUH+t9gowmd4Lq3Qjjf8jQXle0P
zoCOVxwN1E1IMhleEUPV7L8mbt26b0JyvrSS5ByrXahGu9vGQyy7qqx9ZANkzgXF
3hPMDuzQXMJiUeG92VsMEdGdA1/8V5ro+ceB5c7Zca5MjMzvx2tihda7BUjj6dSE
cA8Vvksy/NX/nqHSt0aSgphvBmZP8dN6GMcZ+hT7p0fhCq4mSFEykQqueKXiFUfz
0xCUVZC6WzOoEkc8k7xiLWQDlsZZ13Z4yxU1IxJp7llZXpZ8GkwS+678/Nx8h54A
mv5ZlSFWWQrvN5JPQJka7aU2ITu1LUK6mXBu+DoSDOfQuqR4vQytkjOqHK185iHs
JQtBGkFFdElkWgubPX/S8/xxoT8MoQY/c+dr6iwcswyUnSJXh32KLPGNBoqWCCbY
jp/VYmeb117gNpEJKJhcNbrP7DoQrC3/D7JFXnOvTA/z6FOtUmz0rQ==
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,B5FA3F70C2AF79EB9D3DD2C40E7AE61A
iyfOvvyTPPR7on4XPFxu6CoCgTqh88ROlslM+RLJhwM/qGexbgDOzeI2CPf4XfzI
tyevKD/pqCaCMesYJh/HDQCILdW2tGbwzPajg72xkfCD6+1NHOGoDbdQN8ahGVmg
flAYU0iXDMvqs/jnucM7nlTGp8Istn7+zd9ARyrkQy+I8nvMh3chGKWzx/XtJR+z
Iv8p+n/o+fCHzGvtj+LWYeUc4d0OTIjnF6QPTtPOexX28z0gXRODT/indgifNXv3
j45KO2NYOaVTaCuiWIHj7wWBokoL4bCMFcFTJbdJx5BgfLmDkTEmB/6DEXu6UOsQ
3lPzyJhIRxn7hNq2I47TzSAFvmcXwm84txpxtSwHTcl9LgsyIiEMmHv3lPPE1G94
F5VrCzzFHyU7nFRdUC0mqLrCHcjDn5O4SQWfH7J/7G4OArU6lA4Z2NC03IPxEmsQ
66Fu8GdMbmtFORdlZQtOjLi3zZwN9+NwhiUrNNdVvGNJIjIcZ4FZRZysbt7++hfQ
/JOAKhVNC8dNROJUleEYIiqx23e5lze6wqcIosziq3tb6/SQ6fH533D8+PpcZKsC
IlWKAQzsNV+nJvt7CI1ppWc6CtV7TKn0scZm2oOC4339gdR5xzxXe9EJDsMBpcg9
drIdBr+3UxeC6Lc/rWM7IjSQ2YULBra3toEF6UYevngXdUD2YafrpoY5rK9IH90G
Hjbf65IaHLTS0jA7lAvJsQEBuULQQoWENOjhp8v+UfkNM2ccyOuUk3xZJNeX19YP
1Z09UMEKbf6ucoRCc01SBl206OAsq1NZEaodszT+mDg990I/9ACVi3LEU6XB5ZVs
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-192-CBC,72F869F41B989D71730B2983448251B8
R6ST6H9oUyFWBavUO++azbn9ga87lgeuqNMVVScOcXjguqQZdnuZq9AzwQQETEv+
ZbVPL9w2isuXKoavaPxYyCXbZ+l6JRfWiXi6CmnfNhx4MgYpbH9BEqGbIVxA3fvu
zFutqi+Ru6QeERshDNke6HfFjJ91WkBjNjrXcfDmt0uRGqFSWd5DSEniyaPmxCYs
mpRwr9XESFiBkCHL+/iSkW0EZBjwHW0//RNsZKtuqVJGW/dZhDxerOGRl0a1oWkb
IvfED7afrXMlpHokMwtUduk2TBE1AoczZ6Dv7RZGipaBR4yb9kYgIkiqFk53lg5h
7b3WQt6TYECI7X3Q2rDgPQtUChVud0uUQYmQ5328HRE8zhlWxHGmTQMWVBW6X+FM
ikFLRUeYBeq0UJu20DmvklZV6iDxsULLu+Rb0b8NkT+V2feSXbrP976oCSUznvT6
3e2EOH+KAqMy5JZhTsjM7HtkleMwYQ9v+Wnbnn1OsB9drYWUJuhQeXt6v8dkm/eD
9m6dZzivc/h1UThIuuZPo+6S7FoluIlt5uv2UcnYYdYOgKSd1Vm0wztGaJn3CSGw
JEbebucr+5ptOHxflV5Txgnfj63sJyVd/wy0T8sMRO2znk5uVLWxf855fNXev9M3
gA3+MXC2eGaR9DYOxfakFRwL+Z30RlIktaqDK76BZRD4sWB6dIVw5JdCXpNMCuDH
dxlTKcP59uPAEB2VyhDvm5CN3T+bM2K6WDZFO95hKKfEk5ea/UB7DA2ucfovdayE
Hd46EUKC4/cdUFiSycgD01ztdda7hU7hFvOkHTK7O3G1yvEwH0+jxKNsudNfbbxc
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CBC,53572EEEE794948AC48CB0E077CE075A
p0YobpQmzHb3NgGlojpYoH+G5f1XX9snYv2GQe2tGTBQpoHh+ivHcOt85EZu9pC1
1KRdALEwp7Cb4RYeQncV9Bfp5rItupS1TwfgKAlp7Plmb4vDcDVw+KL3PaYn52Bd
qq5USLxCvKcl91hZXzitttH072lEj2MzW2QpX2/1hCRPgMDu9PJlBX2S+GOaYP+9
sTWTCc1yvHMW4XGEM4P4yfRg9EOTxU5gIYWUE2JqmEGd+9I0hK2YevAPLNKHxzpy
klCCBYqDplcVT5zEyCmdiBHIjzodlFuocZC8ncinVnsuJvpTeMQ+zOZ5rao8xm2j
uCnnVRh7yZktfsf5B/ZKBMGyPYRyKN4CCYhF0GzbehTvBirgDELq4LHyDdnnOTwU
YJiqo17x6S4FVNq6AubADVAbCOMFyfr+TFshI8spOwqfGFFDs8/WWL5OnBS85Pd1
dgoqwzJAt55GyDUbGnp6hUFl9g96nvV3sE6Xe4xVE2Cpf1BtUl9Dt3UrrDrbS0dk
pKxl2FA2H0BVKtfNBHXvWkORi+v+XZl34rZZ37B8snYIN2aOqLuvyM4fd1EabkyG
ymMEUHJcrc5zl/7IECaHrCahqZIsLpLhGTd0MMGrkGSvRLiY5nQ4MN5tKI0fUw0S
5KIjOA6ZX5nvh4rYgQcgN7K6dXNA2hOj5256Vv0HVwXsVhQFmCGnuo+h8XxudRVH
RuIUaTUtl29a/2nPTzXB6MNZe7Wol8EkzuYEgyaizKr7nO0J1umg+lj7ipX/80Ji
3ADi0yL4F831LsdAiTY60Lu2e3WABleZsvuLMWSodb9WzJXknsnFEDLGOM+HGj8Q
-----END RSA PRIVATE KEY-----

View File

@ -0,0 +1,18 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-CBC,F87FE1C0FB9B3E77
1NbOyRx5kBWeXy93eCXyidDpR3pbfgGWIIgXVCVE4/ZXgEt14A23YndZeI5OSxvG
JWhqZ+VuiRsxeKAjo+xf4bnKLArvbshhzUKCEVsCP1d2d1xfgjsnyr8tqNiJE0F6
7Nimjcrpw/udCk2RBVyshN9kiPBbnA+XUdOHfEnbdkqDsS5DGjq7H1kBZuHhTQa8
Xv6ta3kbI1BGiqKDhH2H9iJlZMwpVQuJs+HqcqNEhsPm0V4kp0S3PZMbYVKpEtDO
vh9CHprQy/nlHfq7ZAs9/2HN4/OT/5kw4JM9qQy7eo/6FX2yh39Lyz8u7PXLaVgM
pwOiFb+zvegYts5aCXyM1nBUu9NFPDQNDytjXOhbWL0hEr1RzgK67f5QYIxWgGCK
St4moIn7J5BifViNdp7j/RXCoCmda3Zv5PiRw83yScSlzgDdTNpm/70jp8pGSxEn
Ib768zYEcYeeKyPar210Nh9abySPpkFFaujN4do5wujboC0VPz73M6eTeZ6iOUgR
cX9WwkfRj6G6VQfM6xAZdOkQ2cj6M4YRze1RKLhqo0+gre76FLn8Kzf/Hjrp/0iy
0flr/6BwLxGV49vMUCesJ9oqE/frru9Y89cOwbgcHxKJ24Oz+64OUPyeSxDMElZ8
lXiNk3aBEuLdBOKJ8B9kyKuxNqwDoqhCsrc77Gjio+q24w+G2+KAzBEup4S9cYgp
FiSvK8sizKINfE14f9HA60MJJzyEjTUuL7+ioL7xHGtIkdWbs/Qp7KxliH6qoIUv
VUsT6VS1nWLDyTyMbcjMx1odRsWrLwLqIsvNIcGGwe+P4sm4LivNnQ==
-----END RSA PRIVATE KEY-----

View File

@ -1,4 +1,4 @@
Debug print certificate #1 Debug print certificate #1
depends_on:POLARSSL_DEBUG_C depends_on:POLARSSL_DEBUG_C:POLARSSL_PEM_C
debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n" debug_print_crt:"data_files/server1.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: 01\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nMyFile(0999)\: issued on \: 2009-02-09 21\:12\:35\nMyFile(0999)\: expires on \: 2011-02-09 21\:12\:35\nMyFile(0999)\: signed using \: RSA+SHA1\nMyFile(0999)\: RSA key size \: 2048 bits\nMyFile(0999)\: value of 'crt->rsa.N' (2048 bits) is\:\nMyFile(0999)\: ae 92 63 59 74 68 a4 aa 89 50 42 f2 e7 27 09 2c\nMyFile(0999)\: a5 86 99 09 28 52 5d 6e 32 f5 93 18 35 0e 2b 28\nMyFile(0999)\: 6d 11 20 49 f2 21 0d d6 fc e6 dc de 40 93 7b 29\nMyFile(0999)\: ee 4b 4c 28 4f e4 8c 38 12 de 10 69 f7 ba 40 e8\nMyFile(0999)\: 74 80 a6 19 36 63 e0 37 93 39 f6 00 8e 3c 5a fd\nMyFile(0999)\: dc 8e 50 c1 41 7c bf ff c9 bb e2 ad 7c 8d b1 a4\nMyFile(0999)\: 1a 8b 3e 1f 1a 28 9b e6 93 4b 74 c3 e9 ab 2c c8\nMyFile(0999)\: 93 cf f6 02 a1 c9 4b 9e f9 f6 fa a6 95 98 6c 32\nMyFile(0999)\: 85 c0 f4 e7 b0 ec 50 af 17 52 49 21 80 9f 0d c8\nMyFile(0999)\: 37 73 74 42 3e 06 7f 29 29 1d 6a 9a 71 0f 70 ea\nMyFile(0999)\: c8 49 0d d7 3b 7e c2 ed 9b 33 dd 64 e9 8f df 85\nMyFile(0999)\: 81 c3 b1 c5 50 b6 55 2c c8 88 ed fd c4 cf 14 4f\nMyFile(0999)\: 49 d8 76 5c 1d 95 ef 34 e8 d7 74 aa 1e d2 ff 1d\nMyFile(0999)\: 19 27 19 de af b5 7a 71 c3 fb 38 11 ca da 78 2c\nMyFile(0999)\: 9b 32 3e 5f 31 eb c9 6e 43 eb 3d a5 c1 36 e2 86\nMyFile(0999)\: 49 1c 68 d7 5b f1 01 d0 29 16 d0 3a 44 36 5c 77\nMyFile(0999)\: value of 'crt->rsa.E' (32 bits) is\:\nMyFile(0999)\: 00 01 00 01\n"

View File

@ -1,176 +1,237 @@
X509 Certificate information #1 X509 Certificate information #1
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2009-02-09 21\:12\:35\nexpires on \: 2011-02-09 21\:12\:35\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information #2 X509 Certificate information #2
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2009-02-10 22\:15\:12\nexpires on \: 2011-02-10 22\:15\:12\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information #3 X509 Certificate information #3
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2009-02-09 21\:12\:25\nexpires on \: 2019-02-10 21\:12\:25\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information MD2 Digest X509 Certificate information MD2 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD2\nRSA key size \: 2048 bits\n"
X509 Certificate information MD4 Digest X509 Certificate information MD4 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD4\nRSA key size \: 2048 bits\n"
X509 Certificate information MD5 Digest X509 Certificate information MD5 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+MD5\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA1 Digest X509 Certificate information SHA1 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 0C\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA1\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA224 Digest X509 Certificate information SHA224 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA224\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA256 Digest X509 Certificate information SHA256 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 0E\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA256\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA384 Digest X509 Certificate information SHA384 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0F\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2009-07-12 10\:56\:59\nexpires on \: 2011-07-12 10\:56\:59\nsigned using \: RSA+SHA384\nRSA key size \: 2048 bits\n"
X509 Certificate information SHA512 Digest X509 Certificate information SHA512 Digest
depends_on:POLARSSL_PEM_C
x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n" x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 10\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2009-07-12 10\:57\:00\nexpires on \: 2011-07-12 10\:57\:00\nsigned using \: RSA+SHA512\nRSA key size \: 2048 bits\n"
X509 CRL information #1 X509 CRL information #1
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n" x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-02-09 21\:12\:36\nnext update \: 2009-04-10 21\:12\:36\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
X509 CRL Information MD2 Digest X509 CRL Information MD2 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n" x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD2\n"
X509 CRL Information MD4 Digest X509 CRL Information MD4 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n" x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD4\n"
X509 CRL Information MD5 Digest X509 CRL Information MD5 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n" x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+MD5\n"
X509 CRL Information SHA1 Digest X509 CRL Information SHA1 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n" x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA1\n"
X509 CRL Information SHA224 Digest X509 CRL Information SHA224 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n" x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA224\n"
X509 CRL Information SHA256 Digest X509 CRL Information SHA256 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n" x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA256\n"
X509 CRL Information SHA384 Digest X509 CRL Information SHA384 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n" x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA384\n"
X509 CRL Information SHA512 Digest X509 CRL Information SHA512 Digest
depends_on:POLARSSL_PEM_C
x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n" x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA+SHA512\n"
X509 Parse Key #1 (No password when required) X509 Parse Key #1 (No password when required)
depends_on:POLARSSL_MD5_C depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_X509_KEY_PASSWORD_REQUIRED x509parse_keyfile:"data_files/test-ca.key":NULL:POLARSSL_ERR_PEM_PASSWORD_REQUIRED
X509 Parse Key #2 (Correct password) X509 Parse Key #2 (Correct password)
depends_on:POLARSSL_MD5_C depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0 x509parse_keyfile:"data_files/test-ca.key":"PolarSSLTest":0
X509 Parse Key #3 (Wrong password) X509 Parse Key #3 (Wrong password)
depends_on:POLARSSL_MD5_C depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_X509_KEY_PASSWORD_MISMATCH x509parse_keyfile:"data_files/test-ca.key":"PolarSSLWRONG":POLARSSL_ERR_PEM_PASSWORD_MISMATCH
X509 Parse Key #4 (DES Encrypted)
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/keyfile.des":"testkey":0
X509 Parse Key #5 (3DES Encrypted)
depends_on:POLARSSL_MD5_C:POLARSSL_DES_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/keyfile.3des":"testkey":0
X509 Parse Key #6 (AES-128 Encrypted)
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/keyfile.aes128":"testkey":0
X509 Parse Key #7 (AES-192 Encrypted)
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/keyfile.aes192":"testkey":0
X509 Parse Key #8 (AES-256 Encrypted)
depends_on:POLARSSL_MD5_C:POLARSSL_AES_C:POLARSSL_PEM_C
x509parse_keyfile:"data_files/keyfile.aes256":"testkey":0
X509 Get Distinguished Name #1 X509 Get Distinguished Name #1
depends_on:POLARSSL_PEM_C
x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1" x509_dn_gets:"data_files/server1.crt":subject:"C=NL, O=PolarSSL, CN=PolarSSL Server 1"
X509 Get Distinguished Name #2 X509 Get Distinguished Name #2
depends_on:POLARSSL_PEM_C
x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA" x509_dn_gets:"data_files/server1.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
X509 Get Distinguished Name #3 X509 Get Distinguished Name #3
depends_on:POLARSSL_PEM_C
x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost" x509_dn_gets:"data_files/server2.crt":subject:"C=NL, O=PolarSSL, CN=localhost"
X509 Get Distinguished Name #4 X509 Get Distinguished Name #4
depends_on:POLARSSL_PEM_C
x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA" x509_dn_gets:"data_files/server2.crt":issuer:"C=NL, O=PolarSSL, CN=PolarSSL Test CA"
X509 Time Expired #1 X509 Time Expired #1
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/server1.crt":valid_from:1 x509_time_expired:"data_files/server1.crt":valid_from:1
X509 Time Expired #2 X509 Time Expired #2
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/server1.crt":valid_to:0 x509_time_expired:"data_files/server1.crt":valid_to:0
X509 Time Expired #3 X509 Time Expired #3
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/server2.crt":valid_from:1 x509_time_expired:"data_files/server2.crt":valid_from:1
X509 Time Expired #4 X509 Time Expired #4
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/server2.crt":valid_to:0 x509_time_expired:"data_files/server2.crt":valid_to:0
X509 Time Expired #5 X509 Time Expired #5
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/test-ca.crt":valid_from:1 x509_time_expired:"data_files/test-ca.crt":valid_from:1
X509 Time Expired #6 X509 Time Expired #6
depends_on:POLARSSL_PEM_C
x509_time_expired:"data_files/test-ca.crt":valid_to:0 x509_time_expired:"data_files/test-ca.crt":valid_to:0
X509 Certificate verification #1 (Revoked Cert, Expired CRL) X509 Certificate verification #1 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
X509 Certificate verification #2 (Revoked Cert, Expired CRL) X509 Certificate verification #2 (Revoked Cert, Expired CRL)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED:NULL
X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch) X509 Certificate verification #3 (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCRL_EXPIRED | BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #4 (Valid Cert, Expired CRL) X509 Certificate verification #4 (Valid Cert, Expired CRL)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCRL_EXPIRED:NULL
X509 Certificate verification #5 (Revoked Cert) X509 Certificate verification #5 (Revoked Cert)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
X509 Certificate verification #6 (Revoked Cert) X509 Certificate verification #6 (Revoked Cert)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED:NULL
X509 Certificate verification #7 (Revoked Cert, CN Mismatch) X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_REVOKED | BADCERT_CN_MISMATCH:NULL
X509 Certificate verification #8 (Valid Cert) X509 Certificate verification #8 (Valid Cert)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #9 (Not trusted Cert) X509 Certificate verification #9 (Not trusted Cert)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
X509 Certificate verification #10 (Not trusted Cert, Expired CRL) X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:BADCERT_NOT_TRUSTED:NULL
X509 Certificate verification #11 (Valid Cert MD2 Digest) X509 Certificate verification #11 (Valid Cert MD2 Digest)
depends_on:POLARSSL_MD2_C depends_on:POLARSSL_MD2_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_md2.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #12 (Valid Cert MD4 Digest) X509 Certificate verification #12 (Valid Cert MD4 Digest)
depends_on:POLARSSL_MD4_C depends_on:POLARSSL_MD4_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #13 (Valid Cert MD5 Digest) X509 Certificate verification #13 (Valid Cert MD5 Digest)
depends_on:POLARSSL_MD5_C depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #14 (Valid Cert SHA1 Digest) X509 Certificate verification #14 (Valid Cert SHA1 Digest)
depends_on:POLARSSL_SHA1_C depends_on:POLARSSL_SHA1_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #15 (Valid Cert SHA224 Digest) X509 Certificate verification #15 (Valid Cert SHA224 Digest)
depends_on:POLARSSL_SHA2_C depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #16 (Valid Cert SHA256 Digest) X509 Certificate verification #16 (Valid Cert SHA256 Digest)
depends_on:POLARSSL_SHA2_C depends_on:POLARSSL_SHA2_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #17 (Valid Cert SHA384 Digest) X509 Certificate verification #17 (Valid Cert SHA384 Digest)
depends_on:POLARSSL_SHA4_C depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #18 (Valid Cert SHA512 Digest) X509 Certificate verification #18 (Valid Cert SHA512 Digest)
depends_on:POLARSSL_SHA4_C depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:0:0:NULL
X509 Certificate verification #19 (Valid Cert, denying callback) X509 Certificate verification #19 (Valid Cert, denying callback)
depends_on:POLARSSL_SHA4_C depends_on:POLARSSL_SHA4_C:POLARSSL_PEM_C
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":NULL:POLARSSL_ERR_X509_CERT_VERIFY_FAILED:0:&verify_none
X509 Certificate verification #20 (Not trusted Cert, allowing callback) X509 Certificate verification #20 (Not trusted Cert, allowing callback)
depends_on:POLARSSL_PEM_C
x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":NULL:0:0:&verify_all
X509 Parse Selftest X509 Parse Selftest
depends_on:POLARSSL_MD5_C depends_on:POLARSSL_MD5_C:POLARSSL_PEM_C
x509_selftest: x509_selftest:
X509 Certificate ASN1 (Incorrect first tag) X509 Certificate ASN1 (Incorrect first tag)

View File

@ -1,6 +1,7 @@
BEGIN_HEADER BEGIN_HEADER
#include <polarssl/config.h> #include <polarssl/config.h>
#include <polarssl/x509.h> #include <polarssl/x509.h>
#include <polarssl/pem.h>
int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok ) int verify_none( void *data, x509_cert *crt, int certificate_depth, int preverify_ok )
{ {