yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-29 17:54:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fix some X509 macro names

Browse Source 
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
This commit is contained in:
Manuel Pégourié-Gonnard 2015-04-20 12:19:02 +01:00
parent e75fa70b36
commit e6028c93f5
13 changed files with 143 additions and 143 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
include/mbedtls/compat-1.3.h
View File

@ -702,15 +702,15 @@
#define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME #define ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
#define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING #define ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
#define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH #define BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
#define BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED #define BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
#define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE #define BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
#define BADCERT_MISSING MBEDTLS_BADCERT_MISSING #define BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
#define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED #define BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
#define BADCERT_OTHER MBEDTLS_BADCERT_OTHER #define BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
#define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED #define BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
#define BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY #define BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
#define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED #define BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
#define BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE #define BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
#define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED #define BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
#define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE #define BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
#define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT #define BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
@ -745,29 +745,29 @@
#define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM #define ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
#define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL #define ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
#define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER #define EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
#define EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS #define EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
#define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES #define EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
#define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS #define EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
#define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE #define EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
#define EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL #define EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
#define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY #define EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
#define EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME #define EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
#define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE #define EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
#define EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS #define EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
#define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE #define EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
#define EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS #define EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
#define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS #define EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
#define EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME #define EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
#define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS #define EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
#define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER #define EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
#define GCM_DECRYPT MBEDTLS_GCM_DECRYPT #define GCM_DECRYPT MBEDTLS_GCM_DECRYPT
#define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT #define GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
#define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN #define KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
#define KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT #define KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
#define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE #define KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
#define KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT #define KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
#define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN #define KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
#define KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT #define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION #define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100 #define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT #define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
@ -779,13 +779,13 @@
#define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP #define NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
#define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP #define NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
#define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL #define NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
#define NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA #define NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
#define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING #define NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
#define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA #define NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
#define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED #define NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
#define NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA #define NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
#define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT #define NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
#define NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER #define NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
#define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62 #define OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
#define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE #define OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
#define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD #define OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD

50
include/mbedtls/x509.h
View File

@ -83,20 +83,20 @@
* \{ * \{
*/ */
/* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */ /* Reminder: update x509_crt_verify_strings[] in library/x509_crt.c */
#define MBEDTLS_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */ #define MBEDTLS_X509_BADCERT_EXPIRED 0x01 /**< The certificate validity has expired. */
#define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */ #define MBEDTLS_X509_BADCERT_REVOKED 0x02 /**< The certificate has been revoked (is on a CRL). */
#define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */ #define MBEDTLS_X509_BADCERT_CN_MISMATCH 0x04 /**< The certificate Common Name (CN) does not match with the expected CN. */
#define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */ #define MBEDTLS_X509_BADCERT_NOT_TRUSTED 0x08 /**< The certificate is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */ #define MBEDTLS_X509_BADCRL_NOT_TRUSTED 0x10 /**< The CRL is not correctly signed by the trusted CA. */
#define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */ #define MBEDTLS_X509_BADCRL_EXPIRED 0x20 /**< The CRL is expired. */
#define MBEDTLS_BADCERT_MISSING 0x40 /**< Certificate was missing. */ #define MBEDTLS_X509_BADCERT_MISSING 0x40 /**< Certificate was missing. */
#define MBEDTLS_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */ #define MBEDTLS_X509_BADCERT_SKIP_VERIFY 0x80 /**< Certificate verification was skipped. */
#define MBEDTLS_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */ #define MBEDTLS_X509_BADCERT_OTHER 0x0100 /**< Other reason (can be used by verify callback) */
#define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */ #define MBEDTLS_X509_BADCERT_FUTURE 0x0200 /**< The certificate validity starts in the future. */
#define MBEDTLS_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */ #define MBEDTLS_X509_BADCRL_FUTURE 0x0400 /**< The CRL is from the future */
#define MBEDTLS_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */ #define MBEDTLS_X509_BADCERT_KEY_USAGE 0x0800 /**< Usage does not match the keyUsage extension. */
#define MBEDTLS_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */ #define MBEDTLS_X509_BADCERT_EXT_KEY_USAGE 0x1000 /**< Usage does not match the extendedKeyUsage extension. */
#define MBEDTLS_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */ #define MBEDTLS_X509_BADCERT_NS_CERT_TYPE 0x2000 /**< Usage does not match the nsCertType extension. */
/* \} name */ /* \} name */
/* \} addtogroup x509_module */ /* \} addtogroup x509_module */
@ -105,9 +105,9 @@
*/ */
#define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */ #define MBEDTLS_X509_KU_DIGITAL_SIGNATURE (0x80) /* bit 0 */
#define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */ #define MBEDTLS_X509_KU_NON_REPUDIATION (0x40) /* bit 1 */
#define MBEDTLS_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */ #define MBEDTLS_X509_KU_KEY_ENCIPHERMENT (0x20) /* bit 2 */
#define MBEDTLS_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */ #define MBEDTLS_X509_KU_DATA_ENCIPHERMENT (0x10) /* bit 3 */
#define MBEDTLS_KU_KEY_AGREEMENT (0x08) /* bit 4 */ #define MBEDTLS_X509_KU_KEY_AGREEMENT (0x08) /* bit 4 */
#define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */ #define MBEDTLS_X509_KU_KEY_CERT_SIGN (0x04) /* bit 5 */
#define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */ #define MBEDTLS_X509_KU_CRL_SIGN (0x02) /* bit 6 */
@ -117,13 +117,13 @@
*/ */
#define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */ #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT (0x80) /* bit 0 */
#define MBEDTLS_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */ #define MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER (0x40) /* bit 1 */
#define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */ #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL (0x20) /* bit 2 */
#define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */ #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING (0x10) /* bit 3 */
#define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */ #define MBEDTLS_X509_NS_CERT_TYPE_RESERVED (0x08) /* bit 4 */
#define MBEDTLS_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */ #define MBEDTLS_X509_NS_CERT_TYPE_SSL_CA (0x04) /* bit 5 */
#define MBEDTLS_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */ #define MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA (0x02) /* bit 6 */
#define MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */ #define MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA (0x01) /* bit 7 */
/* /*
* X.509 extension types * X.509 extension types
@ -132,20 +132,20 @@
* different for writing certificates or reading CRLs or CSRs. * different for writing certificates or reading CRLs or CSRs.
*/ */
#define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0) #define MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER (1 << 0)
#define MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1) #define MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER (1 << 1)
#define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2) /* Parsed but not used */ #define MBEDTLS_X509_EXT_KEY_USAGE (1 << 2)
#define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3) #define MBEDTLS_X509_EXT_CERTIFICATE_POLICIES (1 << 3)
#define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4) #define MBEDTLS_X509_EXT_POLICY_MAPPINGS (1 << 4)
#define MBEDTLS_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */ #define MBEDTLS_X509_EXT_SUBJECT_ALT_NAME (1 << 5) /* Supported (DNS) */
#define MBEDTLS_EXT_ISSUER_ALT_NAME (1 << 6) #define MBEDTLS_X509_EXT_ISSUER_ALT_NAME (1 << 6)
#define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7) #define MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS (1 << 7)
#define MBEDTLS_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */ #define MBEDTLS_X509_EXT_BASIC_CONSTRAINTS (1 << 8) /* Supported */
#define MBEDTLS_EXT_NAME_CONSTRAINTS (1 << 9) #define MBEDTLS_X509_EXT_NAME_CONSTRAINTS (1 << 9)
#define MBEDTLS_EXT_POLICY_CONSTRAINTS (1 << 10) #define MBEDTLS_X509_EXT_POLICY_CONSTRAINTS (1 << 10)
#define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11) /* Parsed but not used */ #define MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE (1 << 11)
#define MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS (1 << 12) #define MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS (1 << 12)
#define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13) #define MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY (1 << 13)
#define MBEDTLS_EXT_FRESHEST_CRL (1 << 14) #define MBEDTLS_X509_EXT_FRESHEST_CRL (1 << 14)
#define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */ #define MBEDTLS_X509_EXT_NS_CERT_TYPE (1 << 16) /* Parsed (and then ?) */

2
include/mbedtls/x509_crt.h
View File

@ -279,7 +279,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
* \brief Check usage of certificate against keyUsage extension. * \brief Check usage of certificate against keyUsage extension.
* *
* \param crt Leaf certificate used. * \param crt Leaf certificate used.
* \param usage Intended usage(s) (eg MBEDTLS_KU_KEY_ENCIPHERMENT before using the * \param usage Intended usage(s) (eg MBEDTLS_X509_KU_KEY_ENCIPHERMENT before using the
* certificate to perform an RSA key exchange). * certificate to perform an RSA key exchange).
* *
* \return 0 is these uses of the certificate are allowed, * \return 0 is these uses of the certificate are allowed,

4
library/oid.c
View File

@ -261,7 +261,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
{ {
{ {
{ ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" }, { ADD_LEN( MBEDTLS_OID_BASIC_CONSTRAINTS ), "id-ce-basicConstraints", "Basic Constraints" },
MBEDTLS_EXT_BASIC_CONSTRAINTS, MBEDTLS_X509_EXT_BASIC_CONSTRAINTS,
}, },
{ {
{ ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" }, { ADD_LEN( MBEDTLS_OID_KEY_USAGE ), "id-ce-keyUsage", "Key Usage" },
@ -273,7 +273,7 @@ static const oid_x509_ext_t oid_x509_ext[] =
}, },
{ {
{ ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" }, { ADD_LEN( MBEDTLS_OID_SUBJECT_ALT_NAME ), "id-ce-subjectAltName", "Subject Alt Name" },
MBEDTLS_EXT_SUBJECT_ALT_NAME, MBEDTLS_X509_EXT_SUBJECT_ALT_NAME,
}, },
{ {
{ ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" }, { ADD_LEN( MBEDTLS_OID_NS_CERT_TYPE ), "id-netscape-certtype", "Netscape Certificate Type" },

14
library/ssl_tls.c
View File

@ -3852,7 +3852,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE || ( ssl->authmode == MBEDTLS_SSL_VERIFY_NONE ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) ) ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ) )
{ {
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_SKIP_VERIFY; ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_SKIP_VERIFY;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate" ) );
ssl->state++; ssl->state++;
return( 0 ); return( 0 );
@ -3882,7 +3882,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "SSLv3 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING; ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL ) if( ssl->authmode == MBEDTLS_SSL_VERIFY_OPTIONAL )
return( 0 ); return( 0 );
else else
@ -3903,7 +3903,7 @@ int mbedtls_ssl_parse_certificate( mbedtls_ssl_context *ssl )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "TLSv1 client has no certificate" ) );
ssl->session_negotiate->verify_result = MBEDTLS_BADCERT_MISSING; ssl->session_negotiate->verify_result = MBEDTLS_X509_BADCERT_MISSING;
if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED ) if( ssl->authmode == MBEDTLS_SSL_VERIFY_REQUIRED )
return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE ); return( MBEDTLS_ERR_SSL_NO_CLIENT_CERTIFICATE );
else else
@ -6817,7 +6817,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
{ {
case MBEDTLS_KEY_EXCHANGE_RSA: case MBEDTLS_KEY_EXCHANGE_RSA:
case MBEDTLS_KEY_EXCHANGE_RSA_PSK: case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
usage = MBEDTLS_KU_KEY_ENCIPHERMENT; usage = MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
break; break;
case MBEDTLS_KEY_EXCHANGE_DHE_RSA: case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
@ -6828,7 +6828,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
case MBEDTLS_KEY_EXCHANGE_ECDH_RSA: case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA: case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
usage = MBEDTLS_KU_KEY_AGREEMENT; usage = MBEDTLS_X509_KU_KEY_AGREEMENT;
break; break;
/* Don't use default: we want warnings when adding new values */ /* Don't use default: we want warnings when adding new values */
@ -6847,7 +6847,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 ) if( mbedtls_x509_crt_check_key_usage( cert, usage ) != 0 )
{ {
*flags |= MBEDTLS_BADCERT_KEY_USAGE; *flags |= MBEDTLS_X509_BADCERT_KEY_USAGE;
ret = -1; ret = -1;
} }
#else #else
@ -6868,7 +6868,7 @@ int mbedtls_ssl_check_cert_usage( const mbedtls_x509_crt *cert,
if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 ) if( mbedtls_x509_crt_check_extended_key_usage( cert, ext_oid, ext_len ) != 0 )
{ {
*flags |= MBEDTLS_BADCERT_EXT_KEY_USAGE; *flags |= MBEDTLS_X509_BADCERT_EXT_KEY_USAGE;
ret = -1; ret = -1;
} }
#endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */ #endif /* MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE */

48
library/x509_crt.c
View File

@ -485,7 +485,7 @@ static int x509_get_crt_ext( unsigned char **p,
switch( ext_type ) switch( ext_type )
{ {
case MBEDTLS_EXT_BASIC_CONSTRAINTS: case MBEDTLS_X509_EXT_BASIC_CONSTRAINTS:
/* Parse basic constraints */ /* Parse basic constraints */
if( ( ret = x509_get_basic_constraints( p, end_ext_octet, if( ( ret = x509_get_basic_constraints( p, end_ext_octet,
&crt->ca_istrue, &crt->max_pathlen ) ) != 0 ) &crt->ca_istrue, &crt->max_pathlen ) ) != 0 )
@ -506,7 +506,7 @@ static int x509_get_crt_ext( unsigned char **p,
return( ret ); return( ret );
break; break;
case MBEDTLS_EXT_SUBJECT_ALT_NAME: case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
/* Parse subject alt name */ /* Parse subject alt name */
if( ( ret = x509_get_subject_alt_name( p, end_ext_octet, if( ( ret = x509_get_subject_alt_name( p, end_ext_octet,
&crt->subject_alt_names ) ) != 0 ) &crt->subject_alt_names ) ) != 0 )
@ -1182,13 +1182,13 @@ static int x509_info_cert_type( char **buf, size_t *size,
const char *sep = ""; const char *sep = "";
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT, "SSL Client" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_SERVER, "SSL Server" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER, "SSL Server" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL, "Email" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING, "Object Signing" );
CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_RESERVED, "Reserved" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_SSL_CA, "SSL CA" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_SSL_CA, "SSL CA" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_EMAIL_CA, "Email CA" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA, "Email CA" );
CERT_TYPE( MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" ); CERT_TYPE( MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA, "Object Signing CA" );
*size = n; *size = n;
*buf = p; *buf = p;
@ -1210,9 +1210,9 @@ static int x509_info_key_usage( char **buf, size_t *size,
KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" ); KEY_USAGE( MBEDTLS_X509_KU_DIGITAL_SIGNATURE, "Digital Signature" );
KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" ); KEY_USAGE( MBEDTLS_X509_KU_NON_REPUDIATION, "Non Repudiation" );
KEY_USAGE( MBEDTLS_KU_KEY_ENCIPHERMENT, "Key Encipherment" ); KEY_USAGE( MBEDTLS_X509_KU_KEY_ENCIPHERMENT, "Key Encipherment" );
KEY_USAGE( MBEDTLS_KU_DATA_ENCIPHERMENT, "Data Encipherment" ); KEY_USAGE( MBEDTLS_X509_KU_DATA_ENCIPHERMENT, "Data Encipherment" );
KEY_USAGE( MBEDTLS_KU_KEY_AGREEMENT, "Key Agreement" ); KEY_USAGE( MBEDTLS_X509_KU_KEY_AGREEMENT, "Key Agreement" );
KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" ); KEY_USAGE( MBEDTLS_X509_KU_KEY_CERT_SIGN, "Key Cert Sign" );
KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" ); KEY_USAGE( MBEDTLS_X509_KU_CRL_SIGN, "CRL Sign" );
@ -1323,7 +1323,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
* Optional extensions * Optional extensions
*/ */
if( crt->ext_types & MBEDTLS_EXT_BASIC_CONSTRAINTS ) if( crt->ext_types & MBEDTLS_X509_EXT_BASIC_CONSTRAINTS )
{ {
ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix, ret = mbedtls_snprintf( p, n, "\n%sbasic constraints : CA=%s", prefix,
crt->ca_istrue ? "true" : "false" ); crt->ca_istrue ? "true" : "false" );
@ -1336,7 +1336,7 @@ int mbedtls_x509_crt_info( char *buf, size_t size, const char *prefix,
} }
} }
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME ) if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{ {
ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix ); ret = mbedtls_snprintf( p, n, "\n%ssubject alt name : ", prefix );
SAFE_SNPRINTF(); SAFE_SNPRINTF();
@ -1386,20 +1386,20 @@ struct x509_crt_verify_string {
}; };
static const struct x509_crt_verify_string x509_crt_verify_strings[] = { static const struct x509_crt_verify_string x509_crt_verify_strings[] = {
{ MBEDTLS_BADCERT_EXPIRED, "The certificate validity has expired" }, { MBEDTLS_X509_BADCERT_EXPIRED, "The certificate validity has expired" },
{ MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" }, { MBEDTLS_X509_BADCERT_REVOKED, "The certificate has been revoked (is on a CRL)" },
{ MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" }, { MBEDTLS_X509_BADCERT_CN_MISMATCH, "The certificate Common Name (CN) does not match with the expected CN" },
{ MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCERT_NOT_TRUSTED, "The certificate is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" }, { MBEDTLS_X509_BADCRL_NOT_TRUSTED, "The CRL is not correctly signed by the trusted CA" },
{ MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" }, { MBEDTLS_X509_BADCRL_EXPIRED, "The CRL is expired" },
{ MBEDTLS_BADCERT_MISSING, "Certificate was missing" }, { MBEDTLS_X509_BADCERT_MISSING, "Certificate was missing" },
{ MBEDTLS_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" }, { MBEDTLS_X509_BADCERT_SKIP_VERIFY, "Certificate verification was skipped" },
{ MBEDTLS_BADCERT_OTHER, "Other reason (can be used by verify callback)" }, { MBEDTLS_X509_BADCERT_OTHER, "Other reason (can be used by verify callback)" },
{ MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" }, { MBEDTLS_X509_BADCERT_FUTURE, "The certificate validity starts in the future" },
{ MBEDTLS_BADCRL_FUTURE, "The CRL is from the future" }, { MBEDTLS_X509_BADCRL_FUTURE, "The CRL is from the future" },
{ MBEDTLS_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" }, { MBEDTLS_X509_BADCERT_KEY_USAGE, "Usage does not match the keyUsage extension" },
{ MBEDTLS_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" }, { MBEDTLS_X509_BADCERT_EXT_KEY_USAGE, "Usage does not match the extendedKeyUsage extension" },
{ MBEDTLS_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" }, { MBEDTLS_X509_BADCERT_NS_CERT_TYPE, "Usage does not match the nsCertType extension" },
{ 0, NULL } { 0, NULL }
}; };
@ -1568,7 +1568,7 @@ static int x509_crt_verifycrl( mbedtls_x509_crt *crt, mbedtls_x509_crt *ca,
flags |= MBEDTLS_X509_BADCRL_EXPIRED; flags |= MBEDTLS_X509_BADCRL_EXPIRED;
if( mbedtls_x509_time_future( &crl_list->this_update ) ) if( mbedtls_x509_time_future( &crl_list->this_update ) )
flags |= MBEDTLS_BADCRL_FUTURE; flags |= MBEDTLS_X509_BADCRL_FUTURE;
/* /*
* Check if certificate is revoked * Check if certificate is revoked
@ -1773,7 +1773,7 @@ static int x509_crt_verify_top(
const mbedtls_md_info_t *md_info; const mbedtls_md_info_t *md_info;
if( mbedtls_x509_time_expired( &child->valid_to ) ) if( mbedtls_x509_time_expired( &child->valid_to ) )
*flags |= MBEDTLS_BADCERT_EXPIRED; *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) ) if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE; *flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1848,7 +1848,7 @@ static int x509_crt_verify_top(
#endif #endif
if( mbedtls_x509_time_expired( &trust_ca->valid_to ) ) if( mbedtls_x509_time_expired( &trust_ca->valid_to ) )
ca_flags |= MBEDTLS_BADCERT_EXPIRED; ca_flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &trust_ca->valid_from ) ) if( mbedtls_x509_time_future( &trust_ca->valid_from ) )
ca_flags |= MBEDTLS_X509_BADCERT_FUTURE; ca_flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1895,7 +1895,7 @@ static int x509_crt_verify_child(
} }
if( mbedtls_x509_time_expired( &child->valid_to ) ) if( mbedtls_x509_time_expired( &child->valid_to ) )
*flags |= MBEDTLS_BADCERT_EXPIRED; *flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_future( &child->valid_from ) ) if( mbedtls_x509_time_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE; *flags |= MBEDTLS_X509_BADCERT_FUTURE;
@ -1985,7 +1985,7 @@ int mbedtls_x509_crt_verify( mbedtls_x509_crt *crt,
name = &crt->subject; name = &crt->subject;
cn_len = strlen( cn ); cn_len = strlen( cn );
if( crt->ext_types & MBEDTLS_EXT_SUBJECT_ALT_NAME ) if( crt->ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME )
{ {
cur = &crt->subject_alt_names; cur = &crt->subject_alt_names;

2
programs/ssl/dtls_client.c
View File

@ -213,7 +213,7 @@ int main( int argc, char *argv[] )
{ {
mbedtls_printf( " failed\n" ); mbedtls_printf( " failed\n" );
if( ( ret & MBEDTLS_BADCERT_EXPIRED ) != 0 ) if( ( ret & MBEDTLS_X509_BADCERT_EXPIRED ) != 0 )
mbedtls_printf( " ! server certificate has expired\n" ); mbedtls_printf( " ! server certificate has expired\n" );
if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 ) if( ( ret & MBEDTLS_X509_BADCERT_REVOKED ) != 0 )

14
programs/x509/cert_req.c
View File

@ -200,11 +200,11 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "non_repudiation" ) == 0 ) else if( strcmp( q, "non_repudiation" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 ) else if( strcmp( q, "key_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT; opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 ) else if( strcmp( q, "data_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT; opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 ) else if( strcmp( q, "key_agreement" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT; opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 ) else if( strcmp( q, "key_cert_sign" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 ) else if( strcmp( q, "crl_sign" ) == 0 )
@ -225,17 +225,17 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ssl_client" ) == 0 ) if( strcmp( q, "ssl_client" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 ) else if( strcmp( q, "ssl_server" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 ) else if( strcmp( q, "email" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 ) else if( strcmp( q, "object_signing" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 ) else if( strcmp( q, "ssl_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 ) else if( strcmp( q, "email_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 ) else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else else
goto usage; goto usage;

14
programs/x509/cert_write.c
View File

@ -316,11 +316,11 @@ int main( int argc, char *argv[] )
else if( strcmp( q, "non_repudiation" ) == 0 ) else if( strcmp( q, "non_repudiation" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION; opt.key_usage |= MBEDTLS_X509_KU_NON_REPUDIATION;
else if( strcmp( q, "key_encipherment" ) == 0 ) else if( strcmp( q, "key_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_ENCIPHERMENT; opt.key_usage |= MBEDTLS_X509_KU_KEY_ENCIPHERMENT;
else if( strcmp( q, "data_encipherment" ) == 0 ) else if( strcmp( q, "data_encipherment" ) == 0 )
opt.key_usage |= MBEDTLS_KU_DATA_ENCIPHERMENT; opt.key_usage |= MBEDTLS_X509_KU_DATA_ENCIPHERMENT;
else if( strcmp( q, "key_agreement" ) == 0 ) else if( strcmp( q, "key_agreement" ) == 0 )
opt.key_usage |= MBEDTLS_KU_KEY_AGREEMENT; opt.key_usage |= MBEDTLS_X509_KU_KEY_AGREEMENT;
else if( strcmp( q, "key_cert_sign" ) == 0 ) else if( strcmp( q, "key_cert_sign" ) == 0 )
opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN; opt.key_usage |= MBEDTLS_X509_KU_KEY_CERT_SIGN;
else if( strcmp( q, "crl_sign" ) == 0 ) else if( strcmp( q, "crl_sign" ) == 0 )
@ -341,17 +341,17 @@ int main( int argc, char *argv[] )
if( strcmp( q, "ssl_client" ) == 0 ) if( strcmp( q, "ssl_client" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT;
else if( strcmp( q, "ssl_server" ) == 0 ) else if( strcmp( q, "ssl_server" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_SERVER; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER;
else if( strcmp( q, "email" ) == 0 ) else if( strcmp( q, "email" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL;
else if( strcmp( q, "object_signing" ) == 0 ) else if( strcmp( q, "object_signing" ) == 0 )
opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING;
else if( strcmp( q, "ssl_ca" ) == 0 ) else if( strcmp( q, "ssl_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_SSL_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_SSL_CA;
else if( strcmp( q, "email_ca" ) == 0 ) else if( strcmp( q, "email_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_EMAIL_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA;
else if( strcmp( q, "object_signing_ca" ) == 0 ) else if( strcmp( q, "object_signing_ca" ) == 0 )
opt.ns_cert_type |= MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA; opt.ns_cert_type |= MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA;
else else
goto usage; goto usage;

46
scripts/data_files/rename-1.3-2.0.txt
View File

@ -21,18 +21,18 @@ ASN1_UNIVERSAL_STRING MBEDTLS_ASN1_UNIVERSAL_STRING
ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME ASN1_UTC_TIME MBEDTLS_ASN1_UTC_TIME
ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING ASN1_UTF8_STRING MBEDTLS_ASN1_UTF8_STRING
BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH BADCERT_CN_MISMATCH MBEDTLS_X509_BADCERT_CN_MISMATCH
BADCERT_EXPIRED MBEDTLS_BADCERT_EXPIRED BADCERT_EXPIRED MBEDTLS_X509_BADCERT_EXPIRED
BADCERT_EXT_KEY_USAGE MBEDTLS_BADCERT_EXT_KEY_USAGE BADCERT_EXT_KEY_USAGE MBEDTLS_X509_BADCERT_EXT_KEY_USAGE
BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE BADCERT_FUTURE MBEDTLS_X509_BADCERT_FUTURE
BADCERT_KEY_USAGE MBEDTLS_BADCERT_KEY_USAGE BADCERT_KEY_USAGE MBEDTLS_X509_BADCERT_KEY_USAGE
BADCERT_MISSING MBEDTLS_BADCERT_MISSING BADCERT_MISSING MBEDTLS_X509_BADCERT_MISSING
BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED BADCERT_NOT_TRUSTED MBEDTLS_X509_BADCERT_NOT_TRUSTED
BADCERT_NS_CERT_TYPE MBEDTLS_BADCERT_NS_CERT_TYPE BADCERT_NS_CERT_TYPE MBEDTLS_X509_BADCERT_NS_CERT_TYPE
BADCERT_OTHER MBEDTLS_BADCERT_OTHER BADCERT_OTHER MBEDTLS_X509_BADCERT_OTHER
BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED BADCERT_REVOKED MBEDTLS_X509_BADCERT_REVOKED
BADCERT_SKIP_VERIFY MBEDTLS_BADCERT_SKIP_VERIFY BADCERT_SKIP_VERIFY MBEDTLS_X509_BADCERT_SKIP_VERIFY
BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED BADCRL_EXPIRED MBEDTLS_X509_BADCRL_EXPIRED
BADCRL_FUTURE MBEDTLS_BADCRL_FUTURE BADCRL_FUTURE MBEDTLS_X509_BADCRL_FUTURE
BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED BADCRL_NOT_TRUSTED MBEDTLS_X509_BADCRL_NOT_TRUSTED
BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE BLOWFISH_BLOCKSIZE MBEDTLS_BLOWFISH_BLOCKSIZE
BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT BLOWFISH_DECRYPT MBEDTLS_BLOWFISH_DECRYPT
@ -67,29 +67,29 @@ ENTROPY_MIN_HAVEGE MBEDTLS_ENTROPY_MIN_HAVEGE
ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM ENTROPY_MIN_PLATFORM MBEDTLS_ENTROPY_MIN_PLATFORM
ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL ENTROPY_SOURCE_MANUAL MBEDTLS_ENTROPY_SOURCE_MANUAL
EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER EXT_AUTHORITY_KEY_IDENTIFIER MBEDTLS_X509_EXT_AUTHORITY_KEY_IDENTIFIER
EXT_BASIC_CONSTRAINTS MBEDTLS_EXT_BASIC_CONSTRAINTS EXT_BASIC_CONSTRAINTS MBEDTLS_X509_EXT_BASIC_CONSTRAINTS
EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES EXT_CERTIFICATE_POLICIES MBEDTLS_X509_EXT_CERTIFICATE_POLICIES
EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_EXT_CRL_DISTRIBUTION_POINTS EXT_CRL_DISTRIBUTION_POINTS MBEDTLS_X509_EXT_CRL_DISTRIBUTION_POINTS
EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE EXT_EXTENDED_KEY_USAGE MBEDTLS_X509_EXT_EXTENDED_KEY_USAGE
EXT_FRESHEST_CRL MBEDTLS_EXT_FRESHEST_CRL EXT_FRESHEST_CRL MBEDTLS_X509_EXT_FRESHEST_CRL
EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY EXT_INIHIBIT_ANYPOLICY MBEDTLS_X509_EXT_INIHIBIT_ANYPOLICY
EXT_ISSUER_ALT_NAME MBEDTLS_EXT_ISSUER_ALT_NAME EXT_ISSUER_ALT_NAME MBEDTLS_X509_EXT_ISSUER_ALT_NAME
EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE EXT_KEY_USAGE MBEDTLS_X509_EXT_KEY_USAGE
EXT_NAME_CONSTRAINTS MBEDTLS_EXT_NAME_CONSTRAINTS EXT_NAME_CONSTRAINTS MBEDTLS_X509_EXT_NAME_CONSTRAINTS
EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE EXT_NS_CERT_TYPE MBEDTLS_X509_EXT_NS_CERT_TYPE
EXT_POLICY_CONSTRAINTS MBEDTLS_EXT_POLICY_CONSTRAINTS EXT_POLICY_CONSTRAINTS MBEDTLS_X509_EXT_POLICY_CONSTRAINTS
EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS EXT_POLICY_MAPPINGS MBEDTLS_X509_EXT_POLICY_MAPPINGS
EXT_SUBJECT_ALT_NAME MBEDTLS_EXT_SUBJECT_ALT_NAME EXT_SUBJECT_ALT_NAME MBEDTLS_X509_EXT_SUBJECT_ALT_NAME
EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS EXT_SUBJECT_DIRECTORY_ATTRS MBEDTLS_X509_EXT_SUBJECT_DIRECTORY_ATTRS
EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_EXT_SUBJECT_KEY_IDENTIFIER EXT_SUBJECT_KEY_IDENTIFIER MBEDTLS_X509_EXT_SUBJECT_KEY_IDENTIFIER
GCM_DECRYPT MBEDTLS_GCM_DECRYPT GCM_DECRYPT MBEDTLS_GCM_DECRYPT
GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT GCM_ENCRYPT MBEDTLS_GCM_ENCRYPT
KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN KU_CRL_SIGN MBEDTLS_X509_KU_CRL_SIGN
KU_DATA_ENCIPHERMENT MBEDTLS_KU_DATA_ENCIPHERMENT KU_DATA_ENCIPHERMENT MBEDTLS_X509_KU_DATA_ENCIPHERMENT
KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE KU_DIGITAL_SIGNATURE MBEDTLS_X509_KU_DIGITAL_SIGNATURE
KU_KEY_AGREEMENT MBEDTLS_KU_KEY_AGREEMENT KU_KEY_AGREEMENT MBEDTLS_X509_KU_KEY_AGREEMENT
KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN KU_KEY_CERT_SIGN MBEDTLS_X509_KU_KEY_CERT_SIGN
KU_KEY_ENCIPHERMENT MBEDTLS_KU_KEY_ENCIPHERMENT KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100 LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
@ -101,13 +101,13 @@ MPI_CHK MBEDTLS_MPI_CHK
NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP NET_PROTO_TCP MBEDTLS_NET_PROTO_TCP
NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP NET_PROTO_UDP MBEDTLS_NET_PROTO_UDP
NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL NS_CERT_TYPE_EMAIL MBEDTLS_X509_NS_CERT_TYPE_EMAIL
NS_CERT_TYPE_EMAIL_CA MBEDTLS_NS_CERT_TYPE_EMAIL_CA NS_CERT_TYPE_EMAIL_CA MBEDTLS_X509_NS_CERT_TYPE_EMAIL_CA
NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING NS_CERT_TYPE_OBJECT_SIGNING MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING
NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_NS_CERT_TYPE_OBJECT_SIGNING_CA NS_CERT_TYPE_OBJECT_SIGNING_CA MBEDTLS_X509_NS_CERT_TYPE_OBJECT_SIGNING_CA
NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED NS_CERT_TYPE_RESERVED MBEDTLS_X509_NS_CERT_TYPE_RESERVED
NS_CERT_TYPE_SSL_CA MBEDTLS_NS_CERT_TYPE_SSL_CA NS_CERT_TYPE_SSL_CA MBEDTLS_X509_NS_CERT_TYPE_SSL_CA
NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT NS_CERT_TYPE_SSL_CLIENT MBEDTLS_X509_NS_CERT_TYPE_SSL_CLIENT
NS_CERT_TYPE_SSL_SERVER MBEDTLS_NS_CERT_TYPE_SSL_SERVER NS_CERT_TYPE_SSL_SERVER MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62 OID_ANSI_X9_62 MBEDTLS_OID_ANSI_X9_62
OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE OID_ANSI_X9_62_FIELD_TYPE MBEDTLS_OID_ANSI_X9_62_FIELD_TYPE
OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD OID_ANSI_X9_62_PRIME_FIELD MBEDTLS_OID_ANSI_X9_62_PRIME_FIELD

40
tests/suites/test_suite_x509parse.data
View File

@ -266,43 +266,43 @@ X509 Verify Information: empty
x509_verify_info:0:"":"" x509_verify_info:0:"":""
X509 Verify Information: one issue X509 Verify Information: one issue
x509_verify_info:MBEDTLS_BADCERT_MISSING:"":"Certificate was missing\n" x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
X509 Verify Information: two issues X509 Verify Information: two issues
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
X509 Verify Information: two issues, one unknown X509 Verify Information: two issues, one unknown
x509_verify_info:MBEDTLS_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
X509 Verify Information: empty, with prefix X509 Verify Information: empty, with prefix
x509_verify_info:0:" ! ":"" x509_verify_info:0:" ! ":""
X509 Verify Information: one issue, with prefix X509 Verify Information: one issue, with prefix
x509_verify_info:MBEDTLS_BADCERT_MISSING:" ! ":" ! Certificate was missing\n" x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
X509 Verify Information: two issues, with prefix X509 Verify Information: two issues, with prefix
x509_verify_info:MBEDTLS_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
X509 Verify Information: empty X509 Verify Information: empty
x509_verify_info:0:"":"" x509_verify_info:0:"":""
X509 Verify Information: one issue X509 Verify Information: one issue
x509_verify_info:BADCERT_MISSING:"":"Certificate was missing\n" x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:"":"Certificate was missing\n"
X509 Verify Information: two issues X509 Verify Information: two issues
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n" x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:"":"The certificate validity has expired\nThe CRL is expired\n"
X509 Verify Information: two issues, one unknown X509 Verify Information: two issues, one unknown
x509_verify_info:BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n" x509_verify_info:MBEDTLS_X509_BADCERT_OTHER | 0x8000:"":"Other reason (can be used by verify callback)\nUnknown reason (this should not happen)\n"
X509 Verify Information: empty, with prefix X509 Verify Information: empty, with prefix
x509_verify_info:0:" ! ":"" x509_verify_info:0:" ! ":""
X509 Verify Information: one issue, with prefix X509 Verify Information: one issue, with prefix
x509_verify_info:BADCERT_MISSING:" ! ":" ! Certificate was missing\n" x509_verify_info:MBEDTLS_X509_BADCERT_MISSING:" ! ":" ! Certificate was missing\n"
X509 Verify Information: two issues, with prefix X509 Verify Information: two issues, with prefix
x509_verify_info:BADCERT_EXPIRED | BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n" x509_verify_info:MBEDTLS_X509_BADCERT_EXPIRED | MBEDTLS_X509_BADCRL_EXPIRED:" ! ":" ! The certificate validity has expired\n ! The CRL is expired\n"
X509 Get Distinguished Name #1 X509 Get Distinguished Name #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C
@ -374,7 +374,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN) X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL" x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #2 (Revoked Cert, Expired CRL) X509 Certificate verification #2 (Revoked Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -382,7 +382,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #2a (Revoked Cert, Future CRL) X509 Certificate verification #2a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE:"NULL" x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch) X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -390,7 +390,7 @@ x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch) X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL" x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
X509 Certificate verification #4 (Valid Cert, Expired CRL) X509 Certificate verification #4 (Valid Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -398,7 +398,7 @@ x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_ex
X509 Certificate verification #4a (Revoked Cert, Future CRL) X509 Certificate verification #4a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCRL_FUTURE:"NULL" x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #5 (Revoked Cert) X509 Certificate verification #5 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -418,7 +418,7 @@ x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-e
X509 Certificate verification #8a (Expired Cert) X509 Certificate verification #8a (Expired Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_EXPIRED:"NULL" x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
X509 Certificate verification #8b (Future Cert) X509 Certificate verification #8b (Future Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
@ -462,7 +462,7 @@ x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/cr
X509 Certificate verification #19 (Valid Cert, denying callback) X509 Certificate verification #19 (Valid Cert, denying callback)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_BADCERT_OTHER:"verify_none" x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none"
X509 Certificate verification #19 (Not trusted Cert, allowing callback) X509 Certificate verification #19 (Not trusted Cert, allowing callback)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
@ -706,7 +706,7 @@ x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/
X509 Certificate verification #79 (multiple CRLs, revoked by future) X509 Certificate verification #79 (multiple CRLs, revoked by future)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_BADCRL_FUTURE:"NULL" x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL"
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second) X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
@ -1122,7 +1122,7 @@ X509 OID numstring #5 (arithmetic overflow)
x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL x509_oid_numstr:"2A8648F9F8F7F6F5F4F3F2F1F001":"":100:MBEDTLS_ERR_OID_BUF_TOO_SMALL
X509 crt keyUsage #1 (no extension, expected KU) X509 crt keyUsage #1 (no extension, expected KU)
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0 x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
X509 crt keyUsage #2 (no extension, surprising KU) X509 crt keyUsage #2 (no extension, surprising KU)
x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0 x509_check_key_usage:"data_files/server1.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:0
@ -1137,13 +1137,13 @@ X509 crt keyUsage #5 (extension present, single KU absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt keyUsage #6 (extension present, combined KU present) X509 crt keyUsage #6 (extension present, combined KU present)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_KU_KEY_ENCIPHERMENT:0 x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_DIGITAL_SIGNATURE|MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
X509 crt keyUsage #7 (extension present, combined KU both absent) X509 crt keyUsage #7 (extension present, combined KU both absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_CERT_SIGN|MBEDTLS_X509_KU_CRL_SIGN:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt keyUsage #8 (extension present, combined KU one absent) X509 crt keyUsage #8 (extension present, combined KU one absent)
x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_KU_KEY_ENCIPHERMENT|MBEDTLS_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA x509_check_key_usage:"data_files/server1.key_usage.crt":MBEDTLS_X509_KU_KEY_ENCIPHERMENT|MBEDTLS_X509_KU_KEY_AGREEMENT:MBEDTLS_ERR_X509_BAD_INPUT_DATA
X509 crt extendedKeyUsage #1 (no extension, serverAuth) X509 crt extendedKeyUsage #1 (no extension, serverAuth)
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED

2
tests/suites/test_suite_x509parse.function
View File

@ -11,7 +11,7 @@ int verify_none( void *data, mbedtls_x509_crt *crt, int certificate_depth, int *
((void) data); ((void) data);
((void) crt); ((void) crt);
((void) certificate_depth); ((void) certificate_depth);
*flags |= MBEDTLS_BADCERT_OTHER; *flags |= MBEDTLS_X509_BADCERT_OTHER;
return 0; return 0;
} }

10
tests/suites/test_suite_x509write.data
View File

@ -28,15 +28,15 @@ x509_csr_check:"data_files/server1.key":"data_files/server1.req.md5":MBEDTLS_MD_
Certificate Request check Server1 key_usage Certificate Request check Server1 key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0 x509_csr_check:"data_files/server1.key":"data_files/server1.req.key_usage":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0
Certificate Request check Server1 ns_cert_type Certificate Request check Server1 ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER x509_csr_check:"data_files/server1.key":"data_files/server1.req.cert_type":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
Certificate Request check Server1 key_usage + ns_cert_type Certificate Request check Server1 key_usage + ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15 depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:MBEDTLS_NS_CERT_TYPE_SSL_SERVER x509_csr_check:"data_files/server1.key":"data_files/server1.req.ku-ct":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER
Certificate Request check Server5 ECDSA, key_usage Certificate Request check Server5 ECDSA, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED depends_on:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C:MBEDTLS_ECDSA_DETERMINISTIC:MBEDTLS_ECP_DP_SECP256R1_ENABLED
@ -48,11 +48,11 @@ x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1
Certificate write check Server1 SHA1, key_usage Certificate write check Server1 SHA1, key_usage
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt" x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:0:-1:"data_files/server1.key_usage.crt"
Certificate write check Server1 SHA1, ns_cert_type Certificate write check Server1 SHA1, ns_cert_type
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt" x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20110212144406":"20210212144406":MBEDTLS_MD_SHA1:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:-1:"data_files/server1.cert_type.crt"
Certificate write check Server1 SHA1, version 1 Certificate write check Server1 SHA1, version 1
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C