mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 17:15:38 +01:00
Merge remote-tracking branch 'origin/pr/2436' into mbedtls-2.16
* origin/pr/2436: Use certificates from data_files and refer them Specify server certificate to use in SHA-1 test refactor CA and SRV certificates into separate blocks refactor SHA-1 certificate defintions and assignment refactor server SHA-1 certificate definition into a new block define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME server SHA-256 certificate now follows the same logic as CA SHA-256 certificate add entry to ChangeLog
This commit is contained in:
commit
daed232dd7
@ -37,6 +37,13 @@ Bugfix
|
||||
extensions in CSRs and CRTs that caused these bitstrings to not be encoded
|
||||
correctly as trailing zeroes were not accounted for as unused bits in the
|
||||
leading content octet. Fixes #1610.
|
||||
* Server's RSA certificate in certs.c was SHA-1 signed. In the default
|
||||
mbedTLS configuration only SHA-2 signed certificates are accepted.
|
||||
This certificate is used in the demo server programs, which lead the
|
||||
client programs to fail at the peer's certificate verification
|
||||
due to an unacceptable hash signature. The certificate has been
|
||||
updated to one that is SHA-256 signed. Fix contributed by
|
||||
Illya Gerasymchuk.
|
||||
|
||||
Changes
|
||||
* Include configuration file in all header files that use configuration,
|
||||
|
@ -116,7 +116,6 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
|
||||
#endif /* MBEDTLS_ECDSA_C */
|
||||
|
||||
#if defined(MBEDTLS_RSA_C)
|
||||
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
#define TEST_CA_CRT_RSA_SHA256 \
|
||||
"-----BEGIN CERTIFICATE-----\r\n" \
|
||||
@ -141,13 +140,11 @@ const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
|
||||
"n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \
|
||||
"-----END CERTIFICATE-----\r\n"
|
||||
|
||||
static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
|
||||
const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA256;
|
||||
const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
|
||||
#define TEST_CA_CRT_RSA_SOME
|
||||
|
||||
static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
|
||||
|
||||
#endif
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if !defined(TEST_CA_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
|
||||
#define TEST_CA_CRT_RSA_SHA1 \
|
||||
@ -173,14 +170,72 @@ static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
|
||||
"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
|
||||
"-----END CERTIFICATE-----\r\n"
|
||||
|
||||
static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
|
||||
|
||||
#if !defined (TEST_CA_CRT_RSA_SOME)
|
||||
const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA_SHA1;
|
||||
const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
|
||||
#endif
|
||||
#endif /* !TEST_CA_CRT_RSA_SOME */
|
||||
#endif /* !TEST_CA_CRT_RSA_COME || MBEDTLS_SHA1_C */
|
||||
|
||||
static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
|
||||
#if defined(MBEDTLS_SHA256_C)
|
||||
/* tests/data_files/server2-sha256.crt */
|
||||
#define TEST_SRV_CRT_RSA_SHA256 \
|
||||
"-----BEGIN CERTIFICATE-----\r\n" \
|
||||
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
|
||||
"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
|
||||
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
|
||||
"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
|
||||
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
|
||||
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
|
||||
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
|
||||
"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
|
||||
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
|
||||
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
|
||||
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
|
||||
"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQELBQADggEBAGGEshT5\r\n" \
|
||||
"kvnRmLVScVeUEdwIrvW7ezbGbUvJ8VxeJ79/HSjlLiGbMc4uUathwtzEdi9R/4C5\r\n" \
|
||||
"DXBNeEPTkbB+fhG1W06iHYj/Dp8+aaG7fuDxKVKHVZSqBnmQLn73ymyclZNHii5A\r\n" \
|
||||
"3nTS8WUaHAzxN/rajOtoM7aH1P9tULpHrl+7HOeLMpxUnwI12ZqZaLIzxbcdJVcr\r\n" \
|
||||
"ra2F00aXCGkYVLvyvbZIq7LC+yVysej5gCeQYD7VFOEks0jhFjrS06gP0/XnWv6v\r\n" \
|
||||
"eBoPez9d+CCjkrhseiWzXOiriIMICX48EloO/DrsMRAtvlwq7EDz4QhILz6ffndm\r\n" \
|
||||
"e4K1cVANRPN2o9Y=\r\n" \
|
||||
"-----END CERTIFICATE-----\r\n"
|
||||
|
||||
#endif
|
||||
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA_SHA256;
|
||||
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
|
||||
#define TEST_SRV_CRT_RSA_SOME
|
||||
#endif /* MBEDTLS_SHA256_C */
|
||||
|
||||
#if !defined(TEST_SRV_CRT_RSA_SOME) || defined(MBEDTLS_SHA1_C)
|
||||
/* tests/data_files/server2.crt */
|
||||
#define TEST_SRV_CRT_RSA_SHA1 \
|
||||
"-----BEGIN CERTIFICATE-----\r\n" \
|
||||
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
|
||||
"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
|
||||
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
|
||||
"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n" \
|
||||
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n" \
|
||||
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n" \
|
||||
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n" \
|
||||
"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n" \
|
||||
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n" \
|
||||
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n" \
|
||||
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n" \
|
||||
"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF\r\n" \
|
||||
"y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF\r\n" \
|
||||
"kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd\r\n" \
|
||||
"dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu\r\n" \
|
||||
"UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1\r\n" \
|
||||
"fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r\r\n" \
|
||||
"4mN4lW7gLdenN6g=\r\n" \
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
|
||||
#if !defined(TEST_SRV_CRT_RSA_SOME)
|
||||
const char mbedtls_test_srv_crt_rsa[] = TEST_SRV_CRT_RSA_SHA1;
|
||||
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
|
||||
#endif /* TEST_SRV_CRT_RSA_SOME */
|
||||
#endif /* !TEST_CA_CRT_RSA_SOME || MBEDTLS_SHA1_C */
|
||||
|
||||
const char mbedtls_test_ca_key_rsa[] =
|
||||
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
||||
@ -218,31 +273,6 @@ const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
|
||||
const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
|
||||
const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
|
||||
|
||||
/* tests/data_files/server2.crt */
|
||||
const char mbedtls_test_srv_crt_rsa[] =
|
||||
"-----BEGIN CERTIFICATE-----\r\n"
|
||||
"MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
|
||||
"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
|
||||
"MTEwMjEyMTQ0NDA2WhcNMjEwMjEyMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n"
|
||||
"A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN\r\n"
|
||||
"AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN\r\n"
|
||||
"owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz\r\n"
|
||||
"NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM\r\n"
|
||||
"tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P\r\n"
|
||||
"hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya\r\n"
|
||||
"HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD\r\n"
|
||||
"VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw\r\n"
|
||||
"FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAAFzC0rF\r\n"
|
||||
"y6De8WMcdgQrEw3AhBHFjzqnxZw1ene4IBSC7lTw8rBSy3jOWQdPUWn+0y/pCeeF\r\n"
|
||||
"kti6sevFdl1hLemGtd4q+T9TKEKGg3ND4ARfB5AUZZ9uEHq8WBkiwus5clGS17Qd\r\n"
|
||||
"dS/TOisB59tQruLx1E1bPLtBKyqk4koC5WAULJwfpswGSyWJTpYwIpxcWE3D2tBu\r\n"
|
||||
"UB6MZfXZFzWmWEOyKbeoXjXe8GBCGgHLywvYDsGQ36HSGtEsAvR2QaTLSxWYcfk1\r\n"
|
||||
"fbDn4jSWkb4yZy1r01UEigFQtONieGwRFaUqEcFJHJvEEGVgh9keaVlOj2vrwf5r\r\n"
|
||||
"4mN4lW7gLdenN6g=\r\n"
|
||||
"-----END CERTIFICATE-----\r\n";
|
||||
const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
|
||||
|
||||
/* tests/data_files/server2.key */
|
||||
const char mbedtls_test_srv_key_rsa[] =
|
||||
"-----BEGIN RSA PRIVATE KEY-----\r\n"
|
||||
"MIIEpAIBAAKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r\r\n"
|
||||
|
@ -4032,7 +4032,7 @@ run_test "Per-version suites: TLS 1.2" \
|
||||
|
||||
requires_gnutls
|
||||
run_test "ClientHello without extensions, SHA-1 allowed" \
|
||||
"$P_SRV debug_level=3" \
|
||||
"$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt" \
|
||||
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION localhost" \
|
||||
0 \
|
||||
-s "dumping 'client hello extensions' (0 bytes)"
|
||||
|
Loading…
Reference in New Issue
Block a user