Merged client ciphersuite order preference option
diff --git a/ChangeLog b/ChangeLog
index 4b05115..77d921c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,10 +1,17 @@
PolarSSL ChangeLog (Sorted per branch, date)
= PolarSSL 1.3 branch
+Features
+ * EC key generation support in gen_key app
+ * Support for adhering to client ciphersuite order preference
+ (POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+
Changes
* gen_prime() speedup
* Speedup of ECP multiplication operation
* Relaxed some SHA2 ciphersuite's version requirements
+ * Dropped use of readdir_r() instead of readdir() with threading support
+ * More constant-time checks in the RSA module
Bugfix
* Fixed X.509 hostname comparison (with non-regular characters)
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index d50b50c..bdd40af 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -94,17 +94,6 @@
//#define POLARSSL_HAVE_SSE2
/**
- * \def POLARSSL_HAVE_READDIR_R
- *
- * (Non Windows) System has readdir_r().
- *
- * Required for x509_crt_parse_path() in non-Windows systems.
- *
- * Comment if your system does not have support.
- */
-#define POLARSSL_HAVE_READDIR_R
-
-/**
* \def POLARSSL_HAVE_TIME
*
* System has time.h and time() / localtime() / gettimeofday().
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index 33c09fc..c0f5079 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -205,6 +205,15 @@
const ecp_curve_info *ecp_curve_info_from_tls_id( uint16_t tls_id );
/**
+ * \brief Get curve information from a human-readable name
+ *
+ * \param name The name
+ *
+ * \return The associated curve information or NULL
+ */
+const ecp_curve_info *ecp_curve_info_from_name( const char *name );
+
+/**
* \brief Initialize a point (as zero)
*/
void ecp_point_init( ecp_point *pt );
@@ -536,6 +545,20 @@
void *p_rng );
/**
+ * \brief Generate a keypair
+ *
+ * \param grp_id ECP group identifier
+ * \param key Destination keypair
+ * \param f_rng RNG function
+ * \param p_rng RNG parameter
+ *
+ * \return 0 if successful,
+ * or a POLARSSL_ERR_ECP_XXX or POLARSSL_MPI_XXX error code
+ */
+int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng );
+
+/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if the test failed
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index a5ab178..4e7bbb7 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -172,6 +172,11 @@
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
+ * \warning This function is NOT thread-safe unless
+ * POLARSSL_THREADING_PTHREADS is defined. If you're using an
+ * alternative threading implementation, you should either use
+ * this function only in the main thread, or mutex it.
+ *
* \param chain points to the start of the chain
* \param path directory / folder to read the certificate files from
*
diff --git a/library/ecp.c b/library/ecp.c
index 0c66d35..ef38d19 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -58,6 +58,11 @@
#include <limits.h>
#include <stdlib.h>
+#if defined(_MSC_VER) && !defined strcasecmp && !defined(EFIX64) && \
+ !defined(EFI32)
+#define strcasecmp _stricmp
+#endif
+
#if defined(_MSC_VER) && !defined(inline)
#define inline _inline
#else
@@ -84,13 +89,13 @@
const ecp_curve_info ecp_supported_curves[] =
{
#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
- { POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpool512r1" },
+ { POLARSSL_ECP_DP_BP512R1, 28, 512, "brainpoolP512r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
- { POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpool384r1" },
+ { POLARSSL_ECP_DP_BP384R1, 27, 384, "brainpoolP384r1" },
#endif
#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
- { POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpool256r1" },
+ { POLARSSL_ECP_DP_BP256R1, 26, 256, "brainpoolP256r1" },
#endif
#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
{ POLARSSL_ECP_DP_SECP521R1, 25, 521, "secp521r1" },
@@ -155,6 +160,24 @@
}
/*
+ * Get the curve info from the name
+ */
+const ecp_curve_info *ecp_curve_info_from_name( const char *name )
+{
+ const ecp_curve_info *curve_info;
+
+ for( curve_info = ecp_curve_list();
+ curve_info->grp_id != POLARSSL_ECP_DP_NONE;
+ curve_info++ )
+ {
+ if( strcasecmp( curve_info->name, name ) == 0 )
+ return( curve_info );
+ }
+
+ return( NULL );
+}
+
+/*
* Initialize (the components of) a point
*/
void ecp_point_init( ecp_point *pt )
@@ -1669,6 +1692,20 @@
return( ecp_mul( grp, Q, d, &grp->G, f_rng, p_rng ) );
}
+/*
+ * Generate a keypair, prettier wrapper
+ */
+int ecp_gen_key( ecp_group_id grp_id, ecp_keypair *key,
+ int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
+{
+ int ret;
+
+ if( ( ret = ecp_use_known_dp( &key->grp, grp_id ) ) != 0 )
+ return( ret );
+
+ return( ecp_gen_keypair( &key->grp, &key->d, &key->Q, f_rng, p_rng ) );
+}
+
#if defined(POLARSSL_ECP_NIST_OPTIM)
/*
* Fast reduction modulo the primes used by the NIST curves.
diff --git a/library/rsa.c b/library/rsa.c
index 210ea46..fdcfaef 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -646,14 +646,17 @@
size_t output_max_len )
{
int ret;
- size_t ilen;
- unsigned char *p;
+ size_t ilen, i, pad_len;
+ unsigned char *p, bad, pad_done;
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
unsigned char lhash[POLARSSL_MD_MAX_SIZE];
unsigned int hlen;
const md_info_t *md_info;
md_context_t md_ctx;
+ /*
+ * Parameters sanity checks
+ */
if( ctx->padding != RSA_PKCS_V21 )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
@@ -662,6 +665,13 @@
if( ilen < 16 || ilen > sizeof( buf ) )
return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+ md_info = md_info_from_type( ctx->hash_id );
+ if( md_info == NULL )
+ return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
+
+ /*
+ * RSA operation
+ */
ret = ( mode == RSA_PUBLIC )
? rsa_public( ctx, input, buf )
: rsa_private( ctx, f_rng, p_rng, input, buf );
@@ -669,50 +679,60 @@
if( ret != 0 )
return( ret );
- p = buf;
-
- if( *p++ != 0 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
-
- md_info = md_info_from_type( ctx->hash_id );
- if( md_info == NULL )
- return( POLARSSL_ERR_RSA_BAD_INPUT_DATA );
-
+ /*
+ * Unmask data and generate lHash
+ */
hlen = md_get_size( md_info );
md_init_ctx( &md_ctx, md_info );
- // Generate lHash
- //
+ /* Generate lHash */
md( md_info, label, label_len, lhash );
- // seed: Apply seedMask to maskedSeed
- //
+ /* seed: Apply seedMask to maskedSeed */
mgf_mask( buf + 1, hlen, buf + hlen + 1, ilen - hlen - 1,
&md_ctx );
- // DB: Apply dbMask to maskedDB
- //
+ /* DB: Apply dbMask to maskedDB */
mgf_mask( buf + hlen + 1, ilen - hlen - 1, buf + 1, hlen,
&md_ctx );
- p += hlen;
md_free_ctx( &md_ctx );
- // Check validity
- //
- if( memcmp( lhash, p, hlen ) != 0 )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ /*
+ * Check contents, in "constant-time"
+ */
+ p = buf;
+ bad = 0;
- p += hlen;
+ bad |= *p++; /* First byte must be 0 */
- while( *p == 0 && p < buf + ilen )
- p++;
+ p += hlen; /* Skip seed */
- if( p == buf + ilen )
- return( POLARSSL_ERR_RSA_INVALID_PADDING );
+ /* Check lHash */
+ for( i = 0; i < hlen; i++ )
+ bad |= lhash[i] ^ *p++;
- if( *p++ != 0x01 )
+ /* Get zero-padding len, but always read till end of buffer
+ * (minus one, for the 01 byte) */
+ pad_len = 0;
+ pad_done = 0;
+ for( i = 0; i < ilen - 2 * hlen - 2; i++ )
+ {
+ pad_done |= p[i];
+ pad_len += ( pad_done == 0 );
+ }
+
+ p += pad_len;
+ bad |= *p++ ^ 0x01;
+
+ /*
+ * The only information "leaked" is whether the padding was correct or not
+ * (eg, no data is copied if it was not correct). This meets the
+ * recommendations in PKCS#1 v2.2: an opponent cannot distinguish between
+ * the different error conditions.
+ */
+ if( bad != 0 )
return( POLARSSL_ERR_RSA_INVALID_PADDING );
if (ilen - (p - buf) > output_max_len)
@@ -737,10 +757,9 @@
unsigned char *output,
size_t output_max_len)
{
- int ret, correct = 1;
- size_t ilen, pad_count = 0;
- unsigned char *p, *q;
- unsigned char bt;
+ int ret;
+ size_t ilen, pad_count = 0, i;
+ unsigned char *p, bad, pad_done = 0;
unsigned char buf[POLARSSL_MPI_MAX_SIZE];
if( ctx->padding != RSA_PKCS_V15 )
@@ -759,57 +778,46 @@
return( ret );
p = buf;
+ bad = 0;
- if( *p++ != 0 )
- correct = 0;
+ /*
+ * Check and get padding len in "constant-time"
+ */
+ bad |= *p++; /* First byte must be 0 */
- bt = *p++;
- if( ( bt != RSA_CRYPT && mode == RSA_PRIVATE ) ||
- ( bt != RSA_SIGN && mode == RSA_PUBLIC ) )
+ /* This test does not depend on secret data */
+ if( mode == RSA_PRIVATE )
{
- correct = 0;
- }
+ bad |= *p++ ^ RSA_CRYPT;
- if( bt == RSA_CRYPT )
- {
- while( *p != 0 && p < buf + ilen - 1 )
- pad_count += ( *p++ != 0 );
+ /* Get padding len, but always read till end of buffer
+ * (minus one, for the 00 byte) */
+ for( i = 0; i < ilen - 3; i++ )
+ {
+ pad_done |= ( p[i] == 0 );
+ pad_count += ( pad_done == 0 );
+ }
- correct &= ( *p == 0 && p < buf + ilen - 1 );
-
- q = p;
-
- // Also pass over all other bytes to reduce timing differences
- //
- while ( q < buf + ilen - 1 )
- pad_count += ( *q++ != 0 );
-
- // Prevent compiler optimization of pad_count
- //
- correct |= pad_count & 0x100000; /* Always 0 unless 1M bit keys */
- p++;
+ p += pad_count;
+ bad |= *p++; /* Must be zero */
}
else
{
- while( *p == 0xFF && p < buf + ilen - 1 )
- pad_count += ( *p++ == 0xFF );
+ bad |= *p++ ^ RSA_SIGN;
- correct &= ( *p == 0 && p < buf + ilen - 1 );
+ /* Get padding len, but always read till end of buffer
+ * (minus one, for the 00 byte) */
+ for( i = 0; i < ilen - 3; i++ )
+ {
+ pad_done |= ( p[i] == 0xFF );
+ pad_count += ( pad_done == 0 );
+ }
- q = p;
-
- // Also pass over all other bytes to reduce timing differences
- //
- while ( q < buf + ilen - 1 )
- pad_count += ( *q++ != 0 );
-
- // Prevent compiler optimization of pad_count
- //
- correct |= pad_count & 0x100000; /* Always 0 unless 1M bit keys */
- p++;
+ p += pad_count;
+ bad |= *p++; /* Must be zero */
}
- if( correct == 0 )
+ if( bad )
return( POLARSSL_ERR_RSA_INVALID_PADDING );
if (ilen - (p - buf) > output_max_len)
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6382c53..63ab403 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -51,6 +51,10 @@
#define polarssl_free free
#endif
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
#include <string.h>
#include <stdlib.h>
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -936,6 +940,10 @@
return( ret );
}
+#if defined(POLARSSL_THREADING_PTHREAD)
+static threading_mutex_t readdir_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
int x509_crt_parse_path( x509_crt *chain, const char *path )
{
int ret = 0;
@@ -991,29 +999,29 @@
FindClose( hFind );
#else /* _WIN32 */
-#if defined(POLARSSL_HAVE_READDIR_R)
- int t_ret, i;
+ int t_ret;
struct stat sb;
- struct dirent entry, *result = NULL;
+ struct dirent *entry;
char entry_name[255];
DIR *dir = opendir( path );
if( dir == NULL)
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
- while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
+#if defined(POLARSSL_THREADING_PTHREAD)
+ if( ( ret = polarssl_mutex_lock( &readdir_mutex ) ) != 0 )
+ return( ret );
+#endif
+
+ while( ( entry = readdir( dir ) ) != NULL )
{
- if( result == NULL )
- break;
+ snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
- snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
-
- i = stat( entry_name, &sb );
-
- if( i == -1 )
+ if( stat( entry_name, &sb ) == -1 )
{
closedir( dir );
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+ ret = POLARSSL_ERR_X509_FILE_IO_ERROR;
+ goto cleanup;
}
if( !S_ISREG( sb.st_mode ) )
@@ -1028,11 +1036,13 @@
ret += t_ret;
}
closedir( dir );
-#else /* POLARSSL_HAVE_READDIR_R */
- ((void) chain);
- ((void) path);
- ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
-#endif /* POLARSSL_HAVE_READDIR_R */
+
+cleanup:
+#if defined(POLARSSL_THREADING_PTHREAD)
+ if( polarssl_mutex_unlock( &readdir_mutex ) != 0 )
+ ret = POLARSSL_ERR_THREADING_MUTEX_ERROR;
+#endif
+
#endif /* _WIN32 */
return( ret );
diff --git a/programs/.gitignore b/programs/.gitignore
index 003369b..50f1521 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -47,3 +47,6 @@
x509/crl_app
x509/cert_write
x509/req_app
+
+# generated files
+pkey/keyfile.key
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 18027fa..2d729df 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -215,7 +215,7 @@
fflush( stdout );
n = dhm.len;
- if( ( ret = dhm_make_public( &dhm, dhm.len, buf, n,
+ if( ( ret = dhm_make_public( &dhm, (int) dhm.len, buf, n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index d2b6cc4..245f6f0 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -178,7 +178,7 @@
memset( buf, 0, sizeof( buf ) );
- if( ( ret = dhm_make_params( &dhm, mpi_size( &dhm.P ), buf, &n,
+ if( ( ret = dhm_make_params( &dhm, (int) mpi_size( &dhm.P ), buf, &n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 19f46a4..e7dab24 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -51,13 +51,12 @@
}
#else
-#define TYPE_RSA 0
-
#define FORMAT_PEM 0
#define FORMAT_DER 1
-#define DFL_TYPE TYPE_RSA
+#define DFL_TYPE POLARSSL_PK_RSA
#define DFL_RSA_KEYSIZE 4096
+#define DFL_EC_CURVE ecp_curve_list()->grp_id
#define DFL_FILENAME "keyfile.key"
#define DFL_FORMAT FORMAT_PEM
@@ -68,6 +67,7 @@
{
int type; /* the type of key to generate */
int rsa_keysize; /* length of key in bits */
+ int ec_curve; /* curve identifier for EC keys */
const char *filename; /* filename of the key file */
int format; /* the output format to use */
} opt;
@@ -109,11 +109,12 @@
}
#define USAGE \
- "\n usage: gen_key param=<>...\n" \
+ "\n usage: gen_key param=<>...\n" \
"\n acceptable parameters:\n" \
- " type=rsa default: rsa\n" \
- " rsa_keysize=%%d default: 4096\n" \
- " filename=%%s default: keyfile.key\n" \
+ " type=rsa|ec default: rsa\n" \
+ " rsa_keysize=%%d default: 4096\n" \
+ " ec_curve=%%s see below\n" \
+ " filename=%%s default: keyfile.key\n" \
" format=pem|der default: pem\n" \
"\n"
@@ -127,6 +128,9 @@
entropy_context entropy;
ctr_drbg_context ctr_drbg;
const char *pers = "gen_key";
+#if defined(POLARSSL_ECP_C)
+ const ecp_curve_info *curve_info;
+#endif
/*
* Set to sane values
@@ -139,11 +143,19 @@
usage:
ret = 1;
printf( USAGE );
+#if defined(POLARSSL_ECP_C)
+ printf( " availabled ec_curve values:\n" );
+ curve_info = ecp_curve_list();
+ printf( " %s (default)\n", curve_info->name );
+ while( ( ++curve_info )->name != NULL )
+ printf( " %s\n", curve_info->name );
+#endif
goto exit;
}
opt.type = DFL_TYPE;
opt.rsa_keysize = DFL_RSA_KEYSIZE;
+ opt.ec_curve = DFL_EC_CURVE;
opt.filename = DFL_FILENAME;
opt.format = DFL_FORMAT;
@@ -157,7 +169,9 @@
if( strcmp( p, "type" ) == 0 )
{
if( strcmp( q, "rsa" ) == 0 )
- opt.type = TYPE_RSA;
+ opt.type = POLARSSL_PK_RSA;
+ if( strcmp( q, "ec" ) == 0 )
+ opt.type = POLARSSL_PK_ECKEY;
else
goto usage;
}
@@ -176,6 +190,12 @@
if( opt.rsa_keysize < 1024 || opt.rsa_keysize > 8192 )
goto usage;
}
+ else if( strcmp( p, "ec_curve" ) == 0 )
+ {
+ if( ( curve_info = ecp_curve_info_from_name( q ) ) == NULL )
+ goto usage;
+ opt.ec_curve = curve_info->grp_id;
+ }
else if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else
@@ -200,10 +220,15 @@
printf( "\n . Generating the private key ..." );
fflush( stdout );
-#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
- if( opt.type == TYPE_RSA )
+ if( ( ret = pk_init_ctx( &key, pk_info_from_type( opt.type ) ) ) != 0 )
{
- pk_init_ctx( &key, pk_info_from_type( POLARSSL_PK_RSA ) );
+ printf( " failed\n ! pk_init_ctx returned -0x%04x", -ret );
+ goto exit;
+ }
+
+#if defined(POLARSSL_RSA_C) && defined(POLARSSL_GENPRIME)
+ if( opt.type == POLARSSL_PK_RSA )
+ {
ret = rsa_gen_key( pk_rsa( key ), ctr_drbg_random, &ctr_drbg,
opt.rsa_keysize, 65537 );
if( ret != 0 )
@@ -211,20 +236,31 @@
printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
goto exit;
}
-
- printf( " ok\n" );
}
else
#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_ECP_C)
+ if( opt.type == POLARSSL_PK_ECKEY )
{
- printf( " failed\n ! key type not supported in library" );
+ ret = ecp_gen_key( opt.ec_curve, pk_ec( key ),
+ ctr_drbg_random, &ctr_drbg );
+ if( ret != 0 )
+ {
+ printf( " failed\n ! rsa_gen_key returned -0x%04x", -ret );
+ goto exit;
+ }
+ }
+ else
+#endif /* POLARSSL_ECP_C */
+ {
+ printf( " failed\n ! key type not supported\n" );
goto exit;
}
/*
* 1.2 Print the key
*/
- printf( " . Key information ...\n" );
+ printf( " ok\n . Key information:\n" );
#if defined(POLARSSL_RSA_C)
if( pk_get_type( &key ) == POLARSSL_PK_RSA )
@@ -245,14 +281,15 @@
if( pk_get_type( &key ) == POLARSSL_PK_ECKEY )
{
ecp_keypair *ecp = pk_ec( key );
- mpi_write_file( "Q(X): ", &ecp->Q.X, 16, NULL );
- mpi_write_file( "Q(Y): ", &ecp->Q.Y, 16, NULL );
- mpi_write_file( "Q(Z): ", &ecp->Q.Z, 16, NULL );
- mpi_write_file( "D : ", &ecp->d , 16, NULL );
+ printf( "curve: %s\n",
+ ecp_curve_info_from_grp_id( ecp->grp.id )->name );
+ mpi_write_file( "X_Q: ", &ecp->Q.X, 16, NULL );
+ mpi_write_file( "Y_Q: ", &ecp->Q.Y, 16, NULL );
+ mpi_write_file( "D: ", &ecp->d , 16, NULL );
}
else
#endif
- printf("key type not supported yet\n");
+ printf(" ! key type not supported\n");
write_private_key( &key, opt.filename );
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 796f237..e6e9765 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -149,7 +149,7 @@
fgets( buf, sizeof(buf), f );
fclose( f );
- i = strlen( buf );
+ i = (int) strlen( buf );
if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
opt.password = buf;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 02de364..3d2c02c 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -32,9 +32,12 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
-#include <unistd.h>
#include <signal.h>
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 70ba622..a3e9f2b 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -28,7 +28,14 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
#include <unistd.h>
+#else
+#include <io.h>
+#define read _read
+#define write _write
+#endif
#if defined(_WIN32) || defined(_WIN32_WCE)
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 4d5a06b..34219c5 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -419,13 +419,13 @@
mpi_read_string( &dhm.P, 16, dhm_P[i] );
mpi_read_string( &dhm.G, 16, dhm_G[i] );
dhm.len = mpi_size( &dhm.P );
- dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
+ dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
mpi_copy( &dhm.GY, &dhm.GX );
snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
olen = sizeof( buf );
- ret |= dhm_make_public( &dhm, dhm.len, buf, dhm.len,
+ ret |= dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
myrand, NULL );
ret |= dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index debdb07..2162132 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -434,7 +434,7 @@
int main( int argc, char *argv[] )
{
- int i, j, n;
+ int i;
const int *list;
int ret = 1;
int nb_conn;
@@ -474,14 +474,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
continue;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index f372684..f1da438 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -174,7 +174,7 @@
unsigned char der_buffer[4096];
char buf[1024];
size_t pem_size, der_size = sizeof(der_buffer);
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -201,13 +201,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 2388dc9..c738b4a 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -128,7 +128,7 @@
int ret = 0;
pk_context key;
char buf[1024];
- int i, j, n;
+ int i;
char *p, *q, *r;
x509write_csr req;
entropy_context entropy;
@@ -166,13 +166,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index beac089..a2f2656 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -183,7 +183,7 @@
*subject_key = &loaded_subject_key;
char buf[1024];
char issuer_name[128];
- int i, j, n;
+ int i;
char *p, *q, *r;
#if defined(POLARSSL_X509_CSR_PARSE_C)
char subject_name[128];
@@ -244,13 +244,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "request_file" ) == 0 )
opt.request_file = q;
else if( strcmp( p, "subject_key" ) == 0 )
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4bc3703..0e4cd88 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -66,7 +66,7 @@
int ret = 0;
unsigned char buf[100000];
x509_crl crl;
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -85,14 +85,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 9f478f2..1f9d628 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -66,7 +66,7 @@
int ret = 0;
unsigned char buf[100000];
x509_csr csr;
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -85,14 +85,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
diff --git a/tests/data_files/dir1/test-ca.crt b/tests/data_files/dir1/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir1/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir2/test-ca.crt b/tests/data_files/dir2/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir2/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir2/test-ca2.crt b/tests/data_files/dir2/test-ca2.crt
new file mode 100644
index 0000000..d41a420
--- /dev/null
+++ b/tests/data_files/dir2/test-ca2.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
+ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
+aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
+JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
+t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
+uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir3/Readme b/tests/data_files/dir3/Readme
new file mode 100644
index 0000000..189dadc
--- /dev/null
+++ b/tests/data_files/dir3/Readme
@@ -0,0 +1 @@
+This is just to make sure files that don't parse as certs are ignored.
diff --git a/tests/data_files/dir3/test-ca.crt b/tests/data_files/dir3/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir3/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir3/test-ca2.crt b/tests/data_files/dir3/test-ca2.crt
new file mode 100644
index 0000000..d41a420
--- /dev/null
+++ b/tests/data_files/dir3/test-ca2.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
+ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
+aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
+JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
+t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
+uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_ecp.data b/tests/suites/test_suite_ecp.data
index 8dafc39..17ad8aa 100644
--- a/tests/suites/test_suite_ecp.data
+++ b/tests/suites/test_suite_ecp.data
@@ -1,3 +1,35 @@
+ECP curve info #1
+depends_on:POLARSSL_ECP_DP_BP512R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_BP512R1:28:512:"brainpoolP512r1"
+
+ECP curve info #2
+depends_on:POLARSSL_ECP_DP_BP384R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_BP384R1:27:384:"brainpoolP384r1"
+
+ECP curve info #3
+depends_on:POLARSSL_ECP_DP_BP256R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_BP256R1:26:256:"brainpoolP256r1"
+
+ECP curve info #4
+depends_on:POLARSSL_ECP_DP_SECP521R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_SECP521R1:25:521:"secp521r1"
+
+ECP curve info #5
+depends_on:POLARSSL_ECP_DP_SECP384R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_SECP384R1:24:384:"secp384r1"
+
+ECP curve info #6
+depends_on:POLARSSL_ECP_DP_SECP256R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_SECP256R1:23:256:"secp256r1"
+
+ECP curve info #7
+depends_on:POLARSSL_ECP_DP_SECP224R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_SECP224R1:21:224:"secp224r1"
+
+ECP curve info #8
+depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
+ecp_curve_info:POLARSSL_ECP_DP_SECP192R1:19:192:"secp192r1"
+
ECP small addition #1
ecp_small_add:1:"":"":1:"":"":1:0:0
@@ -247,6 +279,10 @@
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_gen_keypair:POLARSSL_ECP_DP_SECP192R1
+ECP gen keypair wrapper
+depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
+ecp_gen_key:POLARSSL_ECP_DP_SECP192R1
+
ECP mod p192 small (more than 192 bits, less limbs than 2 * 192 bits)
depends_on:POLARSSL_ECP_DP_SECP192R1_ENABLED
ecp_fast_mod:POLARSSL_ECP_DP_SECP192R1:"0100000000000103010000000000010201000000000001010100000000000100"
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 8cc5aba..cb93e85 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -10,6 +10,22 @@
*/
/* BEGIN_CASE */
+void ecp_curve_info( int id, int tls_id, int size, char *name )
+{
+ const ecp_curve_info *by_id, *by_tls, *by_name;
+
+ TEST_ASSERT( ( by_id = ecp_curve_info_from_grp_id( id ) ) != NULL );
+ TEST_ASSERT( ( by_tls = ecp_curve_info_from_tls_id( tls_id ) ) != NULL );
+ TEST_ASSERT( ( by_name = ecp_curve_info_from_name( name ) ) != NULL );
+
+ TEST_ASSERT( by_id == by_tls );
+ TEST_ASSERT( by_id == by_name );
+
+ TEST_ASSERT( by_id->size == size );
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
void ecp_small_add( int a_zero, char *x_a, char *y_a, int b_zero, char *x_b,
char *y_b, int c_zero, int x_c, int y_c )
{
@@ -522,6 +538,24 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void ecp_gen_key( int id )
+{
+ ecp_keypair key;
+ rnd_pseudo_info rnd_info;
+
+ ecp_keypair_init( &key );
+ memset( &rnd_info, 0x00, sizeof( rnd_pseudo_info ) );
+
+ TEST_ASSERT( ecp_gen_key( id, &key, &rnd_pseudo_rand, &rnd_info ) == 0 );
+
+ TEST_ASSERT( ecp_check_pubkey( &key.grp, &key.Q ) == 0 );
+ TEST_ASSERT( ecp_check_privkey( &key.grp, &key.d ) == 0 );
+
+ ecp_keypair_free( &key );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_SELF_TEST */
void ecp_selftest()
{
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 567dcd2..85e7728 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -722,3 +722,15 @@
X509 CRL ASN1 (TBSCertList, no entries)
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
+
+X509 CRT parse path #1 (empty dir)
+x509_crt_parse_path:"data_files/dir0":0:0
+
+X509 CRT parse path #2 (one cert)
+x509_crt_parse_path:"data_files/dir1":0:1
+
+X509 CRT parse path #3 (two certs)
+x509_crt_parse_path:"data_files/dir2":0:2
+
+X509 CRT parse path #4 (two certs, one non-cert)
+x509_crt_parse_path:"data_files/dir3":1:2
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index ff57058..4cc0803 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -224,6 +224,27 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
+void x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
+{
+ x509_crt chain, *cur;
+ int i;
+
+ x509_crt_init( &chain );
+
+ TEST_ASSERT( x509_crt_parse_path( &chain, crt_path ) == ret );
+
+ /* Check how many certs we got */
+ for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
+ if( cur->raw.p != NULL )
+ i++;
+
+ TEST_ASSERT( i == nb_crt );
+
+ x509_crt_init( &chain );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_SELF_TEST */
void x509_selftest()
{