Merge remote-tracking branch 'gilles/IOTSSL-1330/development' into development
* gilles/IOTSSL-1330/development:
Changelog entry for the bug fixes
SSLv3: when refusing renegotiation, stop processing
Ignore failures when sending fatal alerts
Cleaned up double variable declaration
Code portability fix
Added changelog entry
Send TLS alerts in many more cases
Skip all non-executables in run-test-suites.pl
SSL tests: server requires auth, client has no certificate
Balanced braces across preprocessor conditionals
Support setting the ports on the command line
diff --git a/ChangeLog b/ChangeLog
index f4898d0..474dcd0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,7 +2,16 @@
= mbed TLS 2.x.x branch released xxxx-xx-xx
+Security
+
+ * Removed SHA-1 and RIPEMD-160 from the default hash algorithms for
+ certificate verification. SHA-1 can be turned back on with a compile-time
+ option if needed.
+
Bugfix
+ * Remove invalid use of size zero arrays in ECJPAKE test suite.
+ * Fix insufficient support for signature-hash-algorithm extension,
+ resulting in compatibility problems with Chrome. Found by hfloyrd. #823
* If sending a fatal alert fails, make sure not to hide the error
that triggered the alert.
* In SSLv3, if refusing a renegotiation attempt, don't process any further
@@ -11,6 +20,39 @@
Changes
* Send fatal alerts in many more cases instead of dropping the connection.
+
+= mbed TLS 2.5.0 branch released 2017-05-17
+
+Security
+ * Wipe stack buffers in RSA private key operations
+ (rsa_rsaes_pkcs1_v15_decrypt(), rsa_rsaes_oaep_decrypt).
+ Found by Laurent Simon.
+ * Add exponent blinding to RSA private operations as a countermeasure
+ against side-channel attacks like the cache attack described in
+ https://arxiv.org/abs/1702.08719v2.
+ Found and fix proposed by Michael Schwarz, Samuel Weiser, Daniel Gruss,
+ Clémentine Maurice and Stefan Mangard.
+
+Features
+ * Exposed parts of the Elliptic Curve Point internal interface, to provide
+ interface for external hardware acceleration code.
+ * Add a new configuration option to 'mbedtls_ssl_config' to enable
+ suppressing the CA list in Certificate Request messages. The default
+ behaviour has not changed, namely every configured CAs name is included.
+
+API Changes
+ * The following functions in the AES module have been deprecated and replaced
+ by the functions shown below. The new functions change the return type from
+ void to int to allow returning error codes when using MBEDTLS_AES_ALT,
+ MBEDTLS_AES_DECRYPT_ALT or MBEDTLS_AES_ENCRYPT_ALT.
+ mbedtls_aes_decrypt() -> mbedtls_internal_aes_decrypt()
+ mbedtls_aes_encrypt() -> mbedtls_internal_aes_encrypt()
+
+Bugfix
+ * Remove macros from compat-1.3.h that correspond to deleted items from most
+ recent versions of the library. Found by Kyle Keen.
+ * Fixed issue in mutexes to failing to initialise. #667
+
= mbed TLS 2.4.2 branch released 2017-03-08
Security
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 0794167..b8a7a29 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -21,7 +21,7 @@
*/
/**
- * @mainpage mbed TLS v2.4.1 source code documentation
+ * @mainpage mbed TLS v2.5.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index e58794e..b52f05c 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.4.1"
+PROJECT_NAME = "mbed TLS v2.5.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index a36e825..b5560cc 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -39,6 +39,11 @@
#define MBEDTLS_ERR_AES_INVALID_KEY_LENGTH -0x0020 /**< Invalid key length. */
#define MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH -0x0022 /**< Invalid data input length. */
+#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
#if !defined(MBEDTLS_AES_ALT)
// Regular implementation
//
@@ -253,10 +258,12 @@
* \param ctx AES context
* \param input Plaintext block
* \param output Output (ciphertext) block
+ *
+ * \return 0 if successful
*/
-void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] );
/**
* \brief Internal AES block decryption function
@@ -266,10 +273,59 @@
* \param ctx AES context
* \param input Ciphertext block
* \param output Output (plaintext) block
+ *
+ * \return 0 if successful
*/
-void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] );
+int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] );
+
+#if !defined(MBEDTLS_DEPRECATED_REMOVED)
+#if defined(MBEDTLS_DEPRECATED_WARNING)
+#define MBEDTLS_DEPRECATED __attribute__((deprecated))
+#else
+#define MBEDTLS_DEPRECATED
+#endif
+/**
+ * \brief Internal AES block encryption function
+ * (Only exposed to allow overriding it,
+ * see MBEDTLS_AES_ENCRYPT_ALT)
+ *
+ * \deprecated Superseded by mbedtls_aes_encrypt_ext() in 2.5.0
+ *
+ * \param ctx AES context
+ * \param input Plaintext block
+ * \param output Output (ciphertext) block
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_aes_encrypt(
+ mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ mbedtls_internal_aes_encrypt( ctx, input, output );
+}
+
+/**
+ * \brief Internal AES block decryption function
+ * (Only exposed to allow overriding it,
+ * see MBEDTLS_AES_DECRYPT_ALT)
+ *
+ * \deprecated Superseded by mbedtls_aes_decrypt_ext() in 2.5.0
+ *
+ * \param ctx AES context
+ * \param input Ciphertext block
+ * \param output Output (plaintext) block
+ */
+MBEDTLS_DEPRECATED static inline void mbedtls_aes_decrypt(
+ mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] )
+{
+ mbedtls_internal_aes_decrypt( ctx, input, output );
+}
+
+#undef MBEDTLS_DEPRECATED
+#endif /* !MBEDTLS_DEPRECATED_REMOVED */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index fe86c1e..dab1113 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -150,6 +150,38 @@
#error "MBEDTLS_GCM_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_RANDOMIZE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_ADD_MIXED_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_DOUBLE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_JAC_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT defined, but not all prerequisites"
+#endif
+
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT) && !defined(MBEDTLS_ECP_INTERNAL_ALT)
+#error "MBEDTLS_ECP_NORMALIZE_MXZ_ALT defined, but not all prerequisites"
+#endif
+
#if defined(MBEDTLS_HAVEGE_C) && !defined(MBEDTLS_TIMING_C)
#error "MBEDTLS_HAVEGE_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index af51b5f..bba1d2c 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -207,9 +207,6 @@
#if defined MBEDTLS_ERROR_C
#define POLARSSL_ERROR_C MBEDTLS_ERROR_C
#endif
-#if defined MBEDTLS_ERROR_STRERROR_BC
-#define POLARSSL_ERROR_STRERROR_BC MBEDTLS_ERROR_STRERROR_BC
-#endif
#if defined MBEDTLS_ERROR_STRERROR_DUMMY
#define POLARSSL_ERROR_STRERROR_DUMMY MBEDTLS_ERROR_STRERROR_DUMMY
#endif
@@ -318,9 +315,6 @@
#if defined MBEDTLS_MEMORY_BUFFER_ALLOC_C
#define POLARSSL_MEMORY_BUFFER_ALLOC_C MBEDTLS_MEMORY_BUFFER_ALLOC_C
#endif
-#if defined MBEDTLS_MEMORY_C
-#define POLARSSL_MEMORY_C MBEDTLS_MEMORY_C
-#endif
#if defined MBEDTLS_MEMORY_DEBUG
#define POLARSSL_MEMORY_DEBUG MBEDTLS_MEMORY_DEBUG
#endif
@@ -345,9 +339,6 @@
#if defined MBEDTLS_PADLOCK_C
#define POLARSSL_PADLOCK_C MBEDTLS_PADLOCK_C
#endif
-#if defined MBEDTLS_PBKDF2_C
-#define POLARSSL_PBKDF2_C MBEDTLS_PBKDF2_C
-#endif
#if defined MBEDTLS_PEM_PARSE_C
#define POLARSSL_PEM_PARSE_C MBEDTLS_PEM_PARSE_C
#endif
@@ -429,9 +420,6 @@
#if defined MBEDTLS_PLATFORM_STD_FREE
#define POLARSSL_PLATFORM_STD_FREE MBEDTLS_PLATFORM_STD_FREE
#endif
-#if defined MBEDTLS_PLATFORM_STD_MALLOC
-#define POLARSSL_PLATFORM_STD_MALLOC MBEDTLS_PLATFORM_STD_MALLOC
-#endif
#if defined MBEDTLS_PLATFORM_STD_MEM_HDR
#define POLARSSL_PLATFORM_STD_MEM_HDR MBEDTLS_PLATFORM_STD_MEM_HDR
#endif
@@ -492,12 +480,6 @@
#if defined MBEDTLS_SHA512_PROCESS_ALT
#define POLARSSL_SHA512_PROCESS_ALT MBEDTLS_SHA512_PROCESS_ALT
#endif
-#if defined MBEDTLS_SSL_AEAD_RANDOM_IV
-#define POLARSSL_SSL_AEAD_RANDOM_IV MBEDTLS_SSL_AEAD_RANDOM_IV
-#endif
-#if defined MBEDTLS_SSL_ALERT_MESSAGES
-#define POLARSSL_SSL_ALERT_MESSAGES MBEDTLS_SSL_ALERT_MESSAGES
-#endif
#if defined MBEDTLS_SSL_ALL_ALERT_MESSAGES
#define POLARSSL_SSL_ALL_ALERT_MESSAGES MBEDTLS_SSL_ALL_ALERT_MESSAGES
#endif
@@ -522,9 +504,6 @@
#if defined MBEDTLS_SSL_DEBUG_ALL
#define POLARSSL_SSL_DEBUG_ALL MBEDTLS_SSL_DEBUG_ALL
#endif
-#if defined MBEDTLS_SSL_DISABLE_RENEGOTIATION
-#define POLARSSL_SSL_DISABLE_RENEGOTIATION MBEDTLS_SSL_DISABLE_RENEGOTIATION
-#endif
#if defined MBEDTLS_SSL_DTLS_ANTI_REPLAY
#define POLARSSL_SSL_DTLS_ANTI_REPLAY MBEDTLS_SSL_DTLS_ANTI_REPLAY
#endif
@@ -752,7 +731,6 @@
#define KU_KEY_ENCIPHERMENT MBEDTLS_X509_KU_KEY_ENCIPHERMENT
#define KU_NON_REPUDIATION MBEDTLS_X509_KU_NON_REPUDIATION
#define LN_2_DIV_LN_10_SCALE100 MBEDTLS_LN_2_DIV_LN_10_SCALE100
-#define MD_CONTEXT_T_INIT MBEDTLS_MD_CONTEXT_T_INIT
#define MEMORY_VERIFY_ALLOC MBEDTLS_MEMORY_VERIFY_ALLOC
#define MEMORY_VERIFY_ALWAYS MBEDTLS_MEMORY_VERIFY_ALWAYS
#define MEMORY_VERIFY_FREE MBEDTLS_MEMORY_VERIFY_FREE
@@ -1017,19 +995,13 @@
#define POLARSSL_CONFIG_H MBEDTLS_CONFIG_H
#define POLARSSL_CTR_DRBG_H MBEDTLS_CTR_DRBG_H
#define POLARSSL_DEBUG_H MBEDTLS_DEBUG_H
-#define POLARSSL_DEBUG_LOG_FULL MBEDTLS_DEBUG_LOG_FULL
-#define POLARSSL_DEBUG_LOG_RAW MBEDTLS_DEBUG_LOG_RAW
#define POLARSSL_DECRYPT MBEDTLS_DECRYPT
#define POLARSSL_DES_H MBEDTLS_DES_H
#define POLARSSL_DHM_H MBEDTLS_DHM_H
-#define POLARSSL_DHM_RFC2409_MODP_1024_G MBEDTLS_DHM_RFC2409_MODP_1024_G
-#define POLARSSL_DHM_RFC2409_MODP_1024_P MBEDTLS_DHM_RFC2409_MODP_1024_P
#define POLARSSL_DHM_RFC3526_MODP_2048_G MBEDTLS_DHM_RFC3526_MODP_2048_G
#define POLARSSL_DHM_RFC3526_MODP_2048_P MBEDTLS_DHM_RFC3526_MODP_2048_P
#define POLARSSL_DHM_RFC3526_MODP_3072_G MBEDTLS_DHM_RFC3526_MODP_3072_G
#define POLARSSL_DHM_RFC3526_MODP_3072_P MBEDTLS_DHM_RFC3526_MODP_3072_P
-#define POLARSSL_DHM_RFC5114_MODP_1024_G MBEDTLS_DHM_RFC5114_MODP_1024_G
-#define POLARSSL_DHM_RFC5114_MODP_1024_P MBEDTLS_DHM_RFC5114_MODP_1024_P
#define POLARSSL_DHM_RFC5114_MODP_2048_G MBEDTLS_DHM_RFC5114_MODP_2048_G
#define POLARSSL_DHM_RFC5114_MODP_2048_P MBEDTLS_DHM_RFC5114_MODP_2048_P
#define POLARSSL_ECDH_H MBEDTLS_ECDH_H
@@ -1117,9 +1089,6 @@
#define POLARSSL_ERR_HMAC_DRBG_FILE_IO_ERROR MBEDTLS_ERR_HMAC_DRBG_FILE_IO_ERROR
#define POLARSSL_ERR_HMAC_DRBG_INPUT_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_INPUT_TOO_BIG
#define POLARSSL_ERR_HMAC_DRBG_REQUEST_TOO_BIG MBEDTLS_ERR_HMAC_DRBG_REQUEST_TOO_BIG
-#define POLARSSL_ERR_MD2_FILE_IO_ERROR MBEDTLS_ERR_MD2_FILE_IO_ERROR
-#define POLARSSL_ERR_MD4_FILE_IO_ERROR MBEDTLS_ERR_MD4_FILE_IO_ERROR
-#define POLARSSL_ERR_MD5_FILE_IO_ERROR MBEDTLS_ERR_MD5_FILE_IO_ERROR
#define POLARSSL_ERR_MD_ALLOC_FAILED MBEDTLS_ERR_MD_ALLOC_FAILED
#define POLARSSL_ERR_MD_BAD_INPUT_DATA MBEDTLS_ERR_MD_BAD_INPUT_DATA
#define POLARSSL_ERR_MD_FEATURE_UNAVAILABLE MBEDTLS_ERR_MD_FEATURE_UNAVAILABLE
@@ -1147,7 +1116,6 @@
#define POLARSSL_ERR_OID_BUF_TOO_SMALL MBEDTLS_ERR_OID_BUF_TOO_SMALL
#define POLARSSL_ERR_OID_NOT_FOUND MBEDTLS_ERR_OID_NOT_FOUND
#define POLARSSL_ERR_PADLOCK_DATA_MISALIGNED MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED
-#define POLARSSL_ERR_PBKDF2_BAD_INPUT_DATA MBEDTLS_ERR_PBKDF2_BAD_INPUT_DATA
#define POLARSSL_ERR_PEM_BAD_INPUT_DATA MBEDTLS_ERR_PEM_BAD_INPUT_DATA
#define POLARSSL_ERR_PEM_FEATURE_UNAVAILABLE MBEDTLS_ERR_PEM_FEATURE_UNAVAILABLE
#define POLARSSL_ERR_PEM_INVALID_DATA MBEDTLS_ERR_PEM_INVALID_DATA
@@ -1179,7 +1147,6 @@
#define POLARSSL_ERR_PK_TYPE_MISMATCH MBEDTLS_ERR_PK_TYPE_MISMATCH
#define POLARSSL_ERR_PK_UNKNOWN_NAMED_CURVE MBEDTLS_ERR_PK_UNKNOWN_NAMED_CURVE
#define POLARSSL_ERR_PK_UNKNOWN_PK_ALG MBEDTLS_ERR_PK_UNKNOWN_PK_ALG
-#define POLARSSL_ERR_RIPEMD160_FILE_IO_ERROR MBEDTLS_ERR_RIPEMD160_FILE_IO_ERROR
#define POLARSSL_ERR_RSA_BAD_INPUT_DATA MBEDTLS_ERR_RSA_BAD_INPUT_DATA
#define POLARSSL_ERR_RSA_INVALID_PADDING MBEDTLS_ERR_RSA_INVALID_PADDING
#define POLARSSL_ERR_RSA_KEY_CHECK_FAILED MBEDTLS_ERR_RSA_KEY_CHECK_FAILED
@@ -1189,9 +1156,6 @@
#define POLARSSL_ERR_RSA_PUBLIC_FAILED MBEDTLS_ERR_RSA_PUBLIC_FAILED
#define POLARSSL_ERR_RSA_RNG_FAILED MBEDTLS_ERR_RSA_RNG_FAILED
#define POLARSSL_ERR_RSA_VERIFY_FAILED MBEDTLS_ERR_RSA_VERIFY_FAILED
-#define POLARSSL_ERR_SHA1_FILE_IO_ERROR MBEDTLS_ERR_SHA1_FILE_IO_ERROR
-#define POLARSSL_ERR_SHA256_FILE_IO_ERROR MBEDTLS_ERR_SHA256_FILE_IO_ERROR
-#define POLARSSL_ERR_SHA512_FILE_IO_ERROR MBEDTLS_ERR_SHA512_FILE_IO_ERROR
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
@@ -1305,7 +1269,6 @@
#define POLARSSL_MD_SHA512 MBEDTLS_MD_SHA512
#define POLARSSL_MD_WRAP_H MBEDTLS_MD_WRAP_H
#define POLARSSL_MEMORY_BUFFER_ALLOC_H MBEDTLS_MEMORY_BUFFER_ALLOC_H
-#define POLARSSL_MEMORY_H MBEDTLS_MEMORY_H
#define POLARSSL_MODE_CBC MBEDTLS_MODE_CBC
#define POLARSSL_MODE_CCM MBEDTLS_MODE_CCM
#define POLARSSL_MODE_CFB MBEDTLS_MODE_CFB
@@ -1319,7 +1282,7 @@
#define POLARSSL_MPI_MAX_BITS_SCALE100 MBEDTLS_MPI_MAX_BITS_SCALE100
#define POLARSSL_MPI_MAX_LIMBS MBEDTLS_MPI_MAX_LIMBS
#define POLARSSL_MPI_RW_BUFFER_SIZE MBEDTLS_MPI_RW_BUFFER_SIZE
-#define POLARSSL_NET_H MBEDTLS_NET_H
+#define POLARSSL_NET_H MBEDTLS_NET_SOCKETS_H
#define POLARSSL_NET_LISTEN_BACKLOG MBEDTLS_NET_LISTEN_BACKLOG
#define POLARSSL_OID_H MBEDTLS_OID_H
#define POLARSSL_OPERATION_NONE MBEDTLS_OPERATION_NONE
@@ -1329,7 +1292,6 @@
#define POLARSSL_PADDING_ZEROS MBEDTLS_PADDING_ZEROS
#define POLARSSL_PADDING_ZEROS_AND_LEN MBEDTLS_PADDING_ZEROS_AND_LEN
#define POLARSSL_PADLOCK_H MBEDTLS_PADLOCK_H
-#define POLARSSL_PBKDF2_H MBEDTLS_PBKDF2_H
#define POLARSSL_PEM_H MBEDTLS_PEM_H
#define POLARSSL_PKCS11_H MBEDTLS_PKCS11_H
#define POLARSSL_PKCS12_H MBEDTLS_PKCS12_H
@@ -1712,7 +1674,6 @@
#define TLS_RSA_WITH_NULL_SHA256 MBEDTLS_TLS_RSA_WITH_NULL_SHA256
#define TLS_RSA_WITH_RC4_128_MD5 MBEDTLS_TLS_RSA_WITH_RC4_128_MD5
#define TLS_RSA_WITH_RC4_128_SHA MBEDTLS_TLS_RSA_WITH_RC4_128_SHA
-#define UL64 MBEDTLS_UL64
#define X509_CRT_VERSION_1 MBEDTLS_X509_CRT_VERSION_1
#define X509_CRT_VERSION_2 MBEDTLS_X509_CRT_VERSION_2
#define X509_CRT_VERSION_3 MBEDTLS_X509_CRT_VERSION_3
@@ -1736,7 +1697,6 @@
#define _ssl_key_cert mbedtls_ssl_key_cert
#define _ssl_premaster_secret mbedtls_ssl_premaster_secret
#define _ssl_session mbedtls_ssl_session
-#define _ssl_ticket_keys mbedtls_ssl_ticket_keys
#define _ssl_transform mbedtls_ssl_transform
#define _x509_crl mbedtls_x509_crl
#define _x509_crl_entry mbedtls_x509_crl_entry
@@ -1836,7 +1796,6 @@
#define cipher_definitions mbedtls_cipher_definitions
#define cipher_finish mbedtls_cipher_finish
#define cipher_free mbedtls_cipher_free
-#define cipher_free_ctx mbedtls_cipher_free_ctx
#define cipher_get_block_size mbedtls_cipher_get_block_size
#define cipher_get_cipher_mode mbedtls_cipher_get_cipher_mode
#define cipher_get_iv_size mbedtls_cipher_get_iv_size
@@ -1855,7 +1814,6 @@
#define cipher_mode_t mbedtls_cipher_mode_t
#define cipher_padding_t mbedtls_cipher_padding_t
#define cipher_reset mbedtls_cipher_reset
-#define cipher_self_test mbedtls_cipher_self_test
#define cipher_set_iv mbedtls_cipher_set_iv
#define cipher_set_padding_mode mbedtls_cipher_set_padding_mode
#define cipher_setkey mbedtls_cipher_setkey
@@ -1866,7 +1824,6 @@
#define ctr_drbg_context mbedtls_ctr_drbg_context
#define ctr_drbg_free mbedtls_ctr_drbg_free
#define ctr_drbg_init mbedtls_ctr_drbg_init
-#define ctr_drbg_init_entropy_len mbedtls_ctr_drbg_init_entropy_len
#define ctr_drbg_random mbedtls_ctr_drbg_random
#define ctr_drbg_random_with_add mbedtls_ctr_drbg_random_with_add
#define ctr_drbg_reseed mbedtls_ctr_drbg_reseed
@@ -1877,14 +1834,12 @@
#define ctr_drbg_update mbedtls_ctr_drbg_update
#define ctr_drbg_update_seed_file mbedtls_ctr_drbg_update_seed_file
#define ctr_drbg_write_seed_file mbedtls_ctr_drbg_write_seed_file
-#define debug_fmt mbedtls_debug_fmt
#define debug_print_buf mbedtls_debug_print_buf
#define debug_print_crt mbedtls_debug_print_crt
#define debug_print_ecp mbedtls_debug_print_ecp
#define debug_print_mpi mbedtls_debug_print_mpi
#define debug_print_msg mbedtls_debug_print_msg
#define debug_print_ret mbedtls_debug_print_ret
-#define debug_set_log_mode mbedtls_debug_set_log_mode
#define debug_set_threshold mbedtls_debug_set_threshold
#define des3_context mbedtls_des3_context
#define des3_crypt_cbc mbedtls_des3_crypt_cbc
@@ -1928,7 +1883,6 @@
#define ecdh_make_public mbedtls_ecdh_make_public
#define ecdh_read_params mbedtls_ecdh_read_params
#define ecdh_read_public mbedtls_ecdh_read_public
-#define ecdh_self_test mbedtls_ecdh_self_test
#define ecdh_side mbedtls_ecdh_side
#define ecdsa_context mbedtls_ecdsa_context
#define ecdsa_free mbedtls_ecdsa_free
@@ -1937,7 +1891,6 @@
#define ecdsa_info mbedtls_ecdsa_info
#define ecdsa_init mbedtls_ecdsa_init
#define ecdsa_read_signature mbedtls_ecdsa_read_signature
-#define ecdsa_self_test mbedtls_ecdsa_self_test
#define ecdsa_sign mbedtls_ecdsa_sign
#define ecdsa_sign_det mbedtls_ecdsa_sign_det
#define ecdsa_verify mbedtls_ecdsa_verify
@@ -1945,7 +1898,6 @@
#define ecdsa_write_signature_det mbedtls_ecdsa_write_signature_det
#define eckey_info mbedtls_eckey_info
#define eckeydh_info mbedtls_eckeydh_info
-#define ecp_add mbedtls_ecp_add
#define ecp_check_privkey mbedtls_ecp_check_privkey
#define ecp_check_pub_priv mbedtls_ecp_check_pub_priv
#define ecp_check_pubkey mbedtls_ecp_check_pubkey
@@ -1962,7 +1914,6 @@
#define ecp_group_free mbedtls_ecp_group_free
#define ecp_group_id mbedtls_ecp_group_id
#define ecp_group_init mbedtls_ecp_group_init
-#define ecp_group_read_string mbedtls_ecp_group_read_string
#define ecp_grp_id_list mbedtls_ecp_grp_id_list
#define ecp_is_zero mbedtls_ecp_is_zero
#define ecp_keypair mbedtls_ecp_keypair
@@ -1977,7 +1928,6 @@
#define ecp_point_write_binary mbedtls_ecp_point_write_binary
#define ecp_self_test mbedtls_ecp_self_test
#define ecp_set_zero mbedtls_ecp_set_zero
-#define ecp_sub mbedtls_ecp_sub
#define ecp_tls_read_group mbedtls_ecp_tls_read_group
#define ecp_tls_read_point mbedtls_ecp_tls_read_point
#define ecp_tls_write_group mbedtls_ecp_tls_write_group
@@ -2015,7 +1965,6 @@
#define hmac_drbg_context mbedtls_hmac_drbg_context
#define hmac_drbg_free mbedtls_hmac_drbg_free
#define hmac_drbg_init mbedtls_hmac_drbg_init
-#define hmac_drbg_init_buf mbedtls_hmac_drbg_init_buf
#define hmac_drbg_random mbedtls_hmac_drbg_random
#define hmac_drbg_random_with_add mbedtls_hmac_drbg_random_with_add
#define hmac_drbg_reseed mbedtls_hmac_drbg_reseed
@@ -2031,14 +1980,8 @@
#define md mbedtls_md
#define md2 mbedtls_md2
#define md2_context mbedtls_md2_context
-#define md2_file mbedtls_md2_file
#define md2_finish mbedtls_md2_finish
#define md2_free mbedtls_md2_free
-#define md2_hmac mbedtls_md2_hmac
-#define md2_hmac_finish mbedtls_md2_hmac_finish
-#define md2_hmac_reset mbedtls_md2_hmac_reset
-#define md2_hmac_starts mbedtls_md2_hmac_starts
-#define md2_hmac_update mbedtls_md2_hmac_update
#define md2_info mbedtls_md2_info
#define md2_init mbedtls_md2_init
#define md2_process mbedtls_md2_process
@@ -2047,14 +1990,8 @@
#define md2_update mbedtls_md2_update
#define md4 mbedtls_md4
#define md4_context mbedtls_md4_context
-#define md4_file mbedtls_md4_file
#define md4_finish mbedtls_md4_finish
#define md4_free mbedtls_md4_free
-#define md4_hmac mbedtls_md4_hmac
-#define md4_hmac_finish mbedtls_md4_hmac_finish
-#define md4_hmac_reset mbedtls_md4_hmac_reset
-#define md4_hmac_starts mbedtls_md4_hmac_starts
-#define md4_hmac_update mbedtls_md4_hmac_update
#define md4_info mbedtls_md4_info
#define md4_init mbedtls_md4_init
#define md4_process mbedtls_md4_process
@@ -2063,14 +2000,8 @@
#define md4_update mbedtls_md4_update
#define md5 mbedtls_md5
#define md5_context mbedtls_md5_context
-#define md5_file mbedtls_md5_file
#define md5_finish mbedtls_md5_finish
#define md5_free mbedtls_md5_free
-#define md5_hmac mbedtls_md5_hmac
-#define md5_hmac_finish mbedtls_md5_hmac_finish
-#define md5_hmac_reset mbedtls_md5_hmac_reset
-#define md5_hmac_starts mbedtls_md5_hmac_starts
-#define md5_hmac_update mbedtls_md5_hmac_update
#define md5_info mbedtls_md5_info
#define md5_init mbedtls_md5_init
#define md5_process mbedtls_md5_process
@@ -2081,7 +2012,6 @@
#define md_file mbedtls_md_file
#define md_finish mbedtls_md_finish
#define md_free mbedtls_md_free
-#define md_free_ctx mbedtls_md_free_ctx
#define md_get_name mbedtls_md_get_name
#define md_get_size mbedtls_md_get_size
#define md_get_type mbedtls_md_get_type
@@ -2109,7 +2039,6 @@
#define memory_buffer_alloc_status mbedtls_memory_buffer_alloc_status
#define memory_buffer_alloc_verify mbedtls_memory_buffer_alloc_verify
#define memory_buffer_set_verify mbedtls_memory_buffer_set_verify
-#define memory_set_own mbedtls_memory_set_own
#define mpi mbedtls_mpi
#define mpi_add_abs mbedtls_mpi_add_abs
#define mpi_add_int mbedtls_mpi_add_int
@@ -2185,8 +2114,6 @@
#define padlock_supports mbedtls_padlock_has_support
#define padlock_xcryptcbc mbedtls_padlock_xcryptcbc
#define padlock_xcryptecb mbedtls_padlock_xcryptecb
-#define pbkdf2_hmac mbedtls_pbkdf2_hmac
-#define pbkdf2_self_test mbedtls_pbkdf2_self_test
#define pem_context mbedtls_pem_context
#define pem_free mbedtls_pem_free
#define pem_init mbedtls_pem_init
@@ -2246,13 +2173,11 @@
#define platform_entropy_poll mbedtls_platform_entropy_poll
#define platform_set_exit mbedtls_platform_set_exit
#define platform_set_fprintf mbedtls_platform_set_fprintf
-#define platform_set_malloc_free mbedtls_platform_set_malloc_free
#define platform_set_printf mbedtls_platform_set_printf
#define platform_set_snprintf mbedtls_platform_set_snprintf
#define polarssl_exit mbedtls_exit
#define polarssl_fprintf mbedtls_fprintf
#define polarssl_free mbedtls_free
-#define polarssl_malloc mbedtls_malloc
#define polarssl_mutex_free mbedtls_mutex_free
#define polarssl_mutex_init mbedtls_mutex_init
#define polarssl_mutex_lock mbedtls_mutex_lock
@@ -2262,14 +2187,8 @@
#define polarssl_strerror mbedtls_strerror
#define ripemd160 mbedtls_ripemd160
#define ripemd160_context mbedtls_ripemd160_context
-#define ripemd160_file mbedtls_ripemd160_file
#define ripemd160_finish mbedtls_ripemd160_finish
#define ripemd160_free mbedtls_ripemd160_free
-#define ripemd160_hmac mbedtls_ripemd160_hmac
-#define ripemd160_hmac_finish mbedtls_ripemd160_hmac_finish
-#define ripemd160_hmac_reset mbedtls_ripemd160_hmac_reset
-#define ripemd160_hmac_starts mbedtls_ripemd160_hmac_starts
-#define ripemd160_hmac_update mbedtls_ripemd160_hmac_update
#define ripemd160_info mbedtls_ripemd160_info
#define ripemd160_init mbedtls_ripemd160_init
#define ripemd160_process mbedtls_ripemd160_process
@@ -2283,12 +2202,10 @@
#define rsa_check_pubkey mbedtls_rsa_check_pubkey
#define rsa_context mbedtls_rsa_context
#define rsa_copy mbedtls_rsa_copy
-#define rsa_decrypt_func mbedtls_rsa_decrypt_func
#define rsa_free mbedtls_rsa_free
#define rsa_gen_key mbedtls_rsa_gen_key
#define rsa_info mbedtls_rsa_info
#define rsa_init mbedtls_rsa_init
-#define rsa_key_len_func mbedtls_rsa_key_len_func
#define rsa_pkcs1_decrypt mbedtls_rsa_pkcs1_decrypt
#define rsa_pkcs1_encrypt mbedtls_rsa_pkcs1_encrypt
#define rsa_pkcs1_sign mbedtls_rsa_pkcs1_sign
@@ -2306,19 +2223,12 @@
#define rsa_rsassa_pss_verify_ext mbedtls_rsa_rsassa_pss_verify_ext
#define rsa_self_test mbedtls_rsa_self_test
#define rsa_set_padding mbedtls_rsa_set_padding
-#define rsa_sign_func mbedtls_rsa_sign_func
#define safer_memcmp mbedtls_ssl_safer_memcmp
#define set_alarm mbedtls_set_alarm
#define sha1 mbedtls_sha1
#define sha1_context mbedtls_sha1_context
-#define sha1_file mbedtls_sha1_file
#define sha1_finish mbedtls_sha1_finish
#define sha1_free mbedtls_sha1_free
-#define sha1_hmac mbedtls_sha1_hmac
-#define sha1_hmac_finish mbedtls_sha1_hmac_finish
-#define sha1_hmac_reset mbedtls_sha1_hmac_reset
-#define sha1_hmac_starts mbedtls_sha1_hmac_starts
-#define sha1_hmac_update mbedtls_sha1_hmac_update
#define sha1_info mbedtls_sha1_info
#define sha1_init mbedtls_sha1_init
#define sha1_process mbedtls_sha1_process
@@ -2328,14 +2238,8 @@
#define sha224_info mbedtls_sha224_info
#define sha256 mbedtls_sha256
#define sha256_context mbedtls_sha256_context
-#define sha256_file mbedtls_sha256_file
#define sha256_finish mbedtls_sha256_finish
#define sha256_free mbedtls_sha256_free
-#define sha256_hmac mbedtls_sha256_hmac
-#define sha256_hmac_finish mbedtls_sha256_hmac_finish
-#define sha256_hmac_reset mbedtls_sha256_hmac_reset
-#define sha256_hmac_starts mbedtls_sha256_hmac_starts
-#define sha256_hmac_update mbedtls_sha256_hmac_update
#define sha256_info mbedtls_sha256_info
#define sha256_init mbedtls_sha256_init
#define sha256_process mbedtls_sha256_process
@@ -2345,14 +2249,8 @@
#define sha384_info mbedtls_sha384_info
#define sha512 mbedtls_sha512
#define sha512_context mbedtls_sha512_context
-#define sha512_file mbedtls_sha512_file
#define sha512_finish mbedtls_sha512_finish
#define sha512_free mbedtls_sha512_free
-#define sha512_hmac mbedtls_sha512_hmac
-#define sha512_hmac_finish mbedtls_sha512_hmac_finish
-#define sha512_hmac_reset mbedtls_sha512_hmac_reset
-#define sha512_hmac_starts mbedtls_sha512_hmac_starts
-#define sha512_hmac_update mbedtls_sha512_hmac_update
#define sha512_info mbedtls_sha512_info
#define sha512_init mbedtls_sha512_init
#define sha512_process mbedtls_sha512_process
@@ -2385,7 +2283,6 @@
#define ssl_cookie_setup mbedtls_ssl_cookie_setup
#define ssl_cookie_write mbedtls_ssl_cookie_write
#define ssl_cookie_write_t mbedtls_ssl_cookie_write_t
-#define ssl_curve_is_acceptable mbedtls_ssl_curve_is_acceptable
#define ssl_derive_keys mbedtls_ssl_derive_keys
#define ssl_dtls_replay_check mbedtls_ssl_dtls_replay_check
#define ssl_dtls_replay_update mbedtls_ssl_dtls_replay_update
@@ -2475,8 +2372,6 @@
#define ssl_set_max_version mbedtls_ssl_conf_max_version
#define ssl_set_min_version mbedtls_ssl_conf_min_version
#define ssl_set_own_cert mbedtls_ssl_conf_own_cert
-#define ssl_set_own_cert_alt mbedtls_ssl_set_own_cert_alt
-#define ssl_set_own_cert_rsa mbedtls_ssl_set_own_cert_rsa
#define ssl_set_psk mbedtls_ssl_conf_psk
#define ssl_set_psk_cb mbedtls_ssl_conf_psk_cb
#define ssl_set_renegotiation mbedtls_ssl_conf_renegotiation
@@ -2485,7 +2380,6 @@
#define ssl_set_rng mbedtls_ssl_conf_rng
#define ssl_set_session mbedtls_ssl_set_session
#define ssl_set_session_cache mbedtls_ssl_conf_session_cache
-#define ssl_set_session_ticket_lifetime mbedtls_ssl_conf_session_ticket_lifetime
#define ssl_set_session_tickets mbedtls_ssl_conf_session_tickets
#define ssl_set_sni mbedtls_ssl_conf_sni
#define ssl_set_transport mbedtls_ssl_conf_transport
@@ -2493,7 +2387,6 @@
#define ssl_set_verify mbedtls_ssl_conf_verify
#define ssl_sig_from_pk mbedtls_ssl_sig_from_pk
#define ssl_states mbedtls_ssl_states
-#define ssl_ticket_keys mbedtls_ssl_ticket_keys
#define ssl_transform mbedtls_ssl_transform
#define ssl_transform_free mbedtls_ssl_transform_free
#define ssl_write mbedtls_ssl_write
@@ -2522,7 +2415,6 @@
#define test_cli_key mbedtls_test_cli_key
#define test_cli_key_ec mbedtls_test_cli_key_ec
#define test_cli_key_rsa mbedtls_test_cli_key_rsa
-#define test_dhm_params mbedtls_test_dhm_params
#define test_srv_crt mbedtls_test_srv_crt
#define test_srv_crt_ec mbedtls_test_srv_crt_ec
#define test_srv_crt_rsa mbedtls_test_srv_crt_rsa
@@ -2577,8 +2469,6 @@
#define x509_get_time mbedtls_x509_get_time
#define x509_key_size_helper mbedtls_x509_key_size_helper
#define x509_name mbedtls_x509_name
-#define x509_oid_get_description mbedtls_x509_oid_get_description
-#define x509_oid_get_numeric_string mbedtls_x509_oid_get_numeric_string
#define x509_self_test mbedtls_x509_self_test
#define x509_sequence mbedtls_x509_sequence
#define x509_serial_gets mbedtls_x509_serial_gets
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 0f7e29b..c4b8995 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -218,16 +218,16 @@
* \def MBEDTLS_AES_ALT
*
* MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
- * alternate core implementation of a symmetric crypto or hash module (e.g.
- * platform specific assembly optimized implementations). Keep in mind that
- * the function prototypes should remain the same.
+ * alternate core implementation of a symmetric crypto, an arithmetic or hash
+ * module (e.g. platform specific assembly optimized implementations). Keep
+ * in mind that the function prototypes should remain the same.
*
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
* Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
- * provide the "struct mbedtls_aes_context" definition and omit the base function
- * declarations and implementations. "aes_alt.h" will be included from
+ * provide the "struct mbedtls_aes_context" definition and omit the base
+ * function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
*
* Uncomment a macro to enable alternate implementation of the corresponding
@@ -246,6 +246,16 @@
//#define MBEDTLS_SHA1_ALT
//#define MBEDTLS_SHA256_ALT
//#define MBEDTLS_SHA512_ALT
+/*
+ * When replacing the elliptic curve module, pleace consider, that it is
+ * implemented with two .c files:
+ * - ecp.c
+ * - ecp_curves.c
+ * You can replace them very much like all the other MBEDTLS__MODULE_NAME__ALT
+ * macros as described above. The only difference is that you have to make sure
+ * that you provide functionality for both .c files.
+ */
+//#define MBEDTLS_ECP_ALT
/**
* \def MBEDTLS_MD2_PROCESS_ALT
@@ -286,6 +296,59 @@
//#define MBEDTLS_AES_DECRYPT_ALT
/**
+ * \def MBEDTLS_ECP_INTERNAL_ALT
+ *
+ * Expose a part of the internal interface of the Elliptic Curve Point module.
+ *
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * alternative core implementation of elliptic curve arithmetic. Keep in mind
+ * that function prototypes should remain the same.
+ *
+ * This partially replaces one function. The header file from mbed TLS is still
+ * used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
+ * is still present and it is used for group structures not supported by the
+ * alternative.
+ *
+ * Any of these options become available by defining MBEDTLS_ECP_INTERNAL_ALT
+ * and implementing the following functions:
+ * unsigned char mbedtls_internal_ecp_grp_capable(
+ * const mbedtls_ecp_group *grp )
+ * int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp )
+ * void mbedtls_internal_ecp_deinit( const mbedtls_ecp_group *grp )
+ * The mbedtls_internal_ecp_grp_capable function should return 1 if the
+ * replacement functions implement arithmetic for the given group and 0
+ * otherwise.
+ * The functions mbedtls_internal_ecp_init and mbedtls_internal_ecp_deinit are
+ * called before and after each point operation and provide an opportunity to
+ * implement optimized set up and tear down instructions.
+ *
+ * Example: In case you uncomment MBEDTLS_ECP_INTERNAL_ALT and
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac
+ * function, but will use your mbedtls_internal_ecp_double_jac if the group is
+ * supported (your mbedtls_internal_ecp_grp_capable function returns 1 when
+ * receives it as an argument). If the group is not supported then the original
+ * implementation is used. The other functions and the definition of
+ * mbedtls_ecp_group and mbedtls_ecp_point will not change, so your
+ * implementation of mbedtls_internal_ecp_double_jac and
+ * mbedtls_internal_ecp_grp_capable must be compatible with this definition.
+ *
+ * Uncomment a macro to enable alternate implementation of the corresponding
+ * function.
+ */
+/* Required for all the functions in this section */
+//#define MBEDTLS_ECP_INTERNAL_ALT
+/* Support for Weierstrass curves with Jacobi representation */
+//#define MBEDTLS_ECP_RANDOMIZE_JAC_ALT
+//#define MBEDTLS_ECP_ADD_MIXED_ALT
+//#define MBEDTLS_ECP_DOUBLE_JAC_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT
+//#define MBEDTLS_ECP_NORMALIZE_JAC_ALT
+/* Support for curves with Montgomery arithmetic */
+//#define MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT
+//#define MBEDTLS_ECP_RANDOMIZE_MXZ_ALT
+//#define MBEDTLS_ECP_NORMALIZE_MXZ_ALT
+
+/**
* \def MBEDTLS_TEST_NULL_ENTROPY
*
* Enables testing and use of mbed TLS without any configured entropy sources.
@@ -2188,7 +2251,8 @@
* library/ssl_tls.c
* library/x509write_crt.c
*
- * This module is required for SSL/TLS and SHA1-signed certificates.
+ * This module is required for SSL/TLS up to version 1.1, for TLS 1.2
+ * depending on the handshake parameters, and for SHA1-signed certificates.
*/
#define MBEDTLS_SHA1_C
@@ -2573,6 +2637,26 @@
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
+/**
+ * Allow SHA-1 in the default TLS configuration for certificate signing.
+ * Without this build-time option, SHA-1 support must be activated explicitly
+ * through mbedtls_ssl_conf_cert_profile. Turning on this option is not
+ * recommended because of it is possible to generte SHA-1 collisions, however
+ * this may be safe for legacy infrastructure where additional controls apply.
+ */
+// #define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+
+/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * for compatibility with existing peers.
+ */
+#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
/* \} name SECTION: Customisation configuration options */
/* Target and application specific configurations */
diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h
index b7b6160..161a5b2 100644
--- a/include/mbedtls/ecjpake.h
+++ b/include/mbedtls/ecjpake.h
@@ -116,7 +116,7 @@
const unsigned char *secret,
size_t len );
-/*
+/**
* \brief Check if a context is ready for use
*
* \param ctx Context to check
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 5246c78..bf9abef 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -37,6 +37,15 @@
#define MBEDTLS_ERR_ECP_INVALID_KEY -0x4C80 /**< Invalid private or public key. */
#define MBEDTLS_ERR_ECP_SIG_LEN_MISMATCH -0x4C00 /**< Signature is valid but shorter than the user-supplied length. */
+#if !defined(MBEDTLS_ECP_ALT)
+/*
+ * default mbed TLS elliptic curve arithmetic implementation
+ *
+ * (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
+ * alternative implementation for the whole module and it will replace this
+ * one.)
+ */
+
#ifdef __cplusplus
extern "C" {
#endif
@@ -654,16 +663,22 @@
int mbedtls_ecp_check_pub_priv( const mbedtls_ecp_keypair *pub, const mbedtls_ecp_keypair *prv );
#if defined(MBEDTLS_SELF_TEST)
+
/**
* \brief Checkup routine
*
* \return 0 if successful, or 1 if a test failed
*/
int mbedtls_ecp_self_test( int verbose );
-#endif
+
+#endif /* MBEDTLS_SELF_TEST */
#ifdef __cplusplus
}
#endif
+#else /* MBEDTLS_ECP_ALT */
+#include "ecp_alt.h"
+#endif /* MBEDTLS_ECP_ALT */
+
#endif /* ecp.h */
diff --git a/include/mbedtls/ecp_internal.h b/include/mbedtls/ecp_internal.h
new file mode 100644
index 0000000..2991e26
--- /dev/null
+++ b/include/mbedtls/ecp_internal.h
@@ -0,0 +1,292 @@
+/**
+ * \file ecp_internal.h
+ *
+ * \brief Function declarations for alternative implementation of elliptic curve
+ * point arithmetic.
+ *
+ * Copyright (C) 2016, ARM Limited, All Rights Reserved
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This file is part of mbed TLS (https://tls.mbed.org)
+ */
+
+/*
+ * References:
+ *
+ * [1] BERNSTEIN, Daniel J. Curve25519: new Diffie-Hellman speed records.
+ * <http://cr.yp.to/ecdh/curve25519-20060209.pdf>
+ *
+ * [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
+ * for elliptic curve cryptosystems. In : Cryptographic Hardware and
+ * Embedded Systems. Springer Berlin Heidelberg, 1999. p. 292-302.
+ * <http://link.springer.com/chapter/10.1007/3-540-48059-5_25>
+ *
+ * [3] HEDABOU, Mustapha, PINEL, Pierre, et B'EN'ETEAU, Lucien. A comb method to
+ * render ECC resistant against Side Channel Attacks. IACR Cryptology
+ * ePrint Archive, 2004, vol. 2004, p. 342.
+ * <http://eprint.iacr.org/2004/342.pdf>
+ *
+ * [4] Certicom Research. SEC 2: Recommended Elliptic Curve Domain Parameters.
+ * <http://www.secg.org/sec2-v2.pdf>
+ *
+ * [5] HANKERSON, Darrel, MENEZES, Alfred J., VANSTONE, Scott. Guide to Elliptic
+ * Curve Cryptography.
+ *
+ * [6] Digital Signature Standard (DSS), FIPS 186-4.
+ * <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf>
+ *
+ * [7] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer
+ * Security (TLS), RFC 4492.
+ * <https://tools.ietf.org/search/rfc4492>
+ *
+ * [8] <http://www.hyperelliptic.org/EFD/g1p/auto-shortw-jacobian.html>
+ *
+ * [9] COHEN, Henri. A Course in Computational Algebraic Number Theory.
+ * Springer Science & Business Media, 1 Aug 2000
+ */
+
+#ifndef MBEDTLS_ECP_INTERNAL_H
+#define MBEDTLS_ECP_INTERNAL_H
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+
+/**
+ * \brief Indicate if the Elliptic Curve Point module extension can
+ * handle the group.
+ *
+ * \param grp The pointer to the elliptic curve group that will be the
+ * basis of the cryptographic computations.
+ *
+ * \return Non-zero if successful.
+ */
+unsigned char mbedtls_internal_ecp_grp_capable( const mbedtls_ecp_group *grp );
+
+/**
+ * \brief Initialise the Elliptic Curve Point module extension.
+ *
+ * If mbedtls_internal_ecp_grp_capable returns true for a
+ * group, this function has to be able to initialise the
+ * module for it.
+ *
+ * This module can be a driver to a crypto hardware
+ * accelerator, for which this could be an initialise function.
+ *
+ * \param grp The pointer to the group the module needs to be
+ * initialised for.
+ *
+ * \return 0 if successful.
+ */
+int mbedtls_internal_ecp_init( const mbedtls_ecp_group *grp );
+
+/**
+ * \brief Frees and deallocates the Elliptic Curve Point module
+ * extension.
+ *
+ * \param grp The pointer to the group the module was initialised for.
+ */
+void mbedtls_internal_ecp_free( const mbedtls_ecp_group *grp );
+
+#if defined(ECP_SHORTWEIERSTRASS)
+
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+/**
+ * \brief Randomize jacobian coordinates:
+ * (X, Y, Z) -> (l^2 X, l^3 Y, l Z) for random l.
+ *
+ * \param grp Pointer to the group representing the curve.
+ *
+ * \param pt The point on the curve to be randomised, given with Jacobian
+ * coordinates.
+ *
+ * \param f_rng A function pointer to the random number generator.
+ *
+ * \param p_rng A pointer to the random number generator state.
+ *
+ * \return 0 if successful.
+ */
+int mbedtls_internal_ecp_randomize_jac( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt, int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif
+
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+/**
+ * \brief Addition: R = P + Q, mixed affine-Jacobian coordinates.
+ *
+ * The coordinates of Q must be normalized (= affine),
+ * but those of P don't need to. R is not normalized.
+ *
+ * This function is used only as a subrutine of
+ * ecp_mul_comb().
+ *
+ * Special cases: (1) P or Q is zero, (2) R is zero,
+ * (3) P == Q.
+ * None of these cases can happen as intermediate step in
+ * ecp_mul_comb():
+ * - at each step, P, Q and R are multiples of the base
+ * point, the factor being less than its order, so none of
+ * them is zero;
+ * - Q is an odd multiple of the base point, P an even
+ * multiple, due to the choice of precomputed points in the
+ * modified comb method.
+ * So branches for these cases do not leak secret information.
+ *
+ * We accept Q->Z being unset (saving memory in tables) as
+ * meaning 1.
+ *
+ * Cost in field operations if done by [5] 3.22:
+ * 1A := 8M + 3S
+ *
+ * \param grp Pointer to the group representing the curve.
+ *
+ * \param R Pointer to a point structure to hold the result.
+ *
+ * \param P Pointer to the first summand, given with Jacobian
+ * coordinates
+ *
+ * \param Q Pointer to the second summand, given with affine
+ * coordinates.
+ *
+ * \return 0 if successful.
+ */
+int mbedtls_internal_ecp_add_mixed( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q );
+#endif
+
+/**
+ * \brief Point doubling R = 2 P, Jacobian coordinates.
+ *
+ * Cost: 1D := 3M + 4S (A == 0)
+ * 4M + 4S (A == -3)
+ * 3M + 6S + 1a otherwise
+ * when the implementation is based on the "dbl-1998-cmo-2"
+ * doubling formulas in [8] and standard optimizations are
+ * applied when curve parameter A is one of { 0, -3 }.
+ *
+ * \param grp Pointer to the group representing the curve.
+ *
+ * \param R Pointer to a point structure to hold the result.
+ *
+ * \param P Pointer to the point that has to be doubled, given with
+ * Jacobian coordinates.
+ *
+ * \return 0 if successful.
+ */
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+int mbedtls_internal_ecp_double_jac( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, const mbedtls_ecp_point *P );
+#endif
+
+/**
+ * \brief Normalize jacobian coordinates of an array of (pointers to)
+ * points.
+ *
+ * Using Montgomery's trick to perform only one inversion mod P
+ * the cost is:
+ * 1N(t) := 1I + (6t - 3)M + 1S
+ * (See for example Algorithm 10.3.4. in [9])
+ *
+ * This function is used only as a subrutine of
+ * ecp_mul_comb().
+ *
+ * Warning: fails (returning an error) if one of the points is
+ * zero!
+ * This should never happen, see choice of w in ecp_mul_comb().
+ *
+ * \param grp Pointer to the group representing the curve.
+ *
+ * \param T Array of pointers to the points to normalise.
+ *
+ * \param t_len Number of elements in the array.
+ *
+ * \return 0 if successful,
+ * an error if one of the points is zero.
+ */
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+int mbedtls_internal_ecp_normalize_jac_many( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *T[], size_t t_len );
+#endif
+
+/**
+ * \brief Normalize jacobian coordinates so that Z == 0 || Z == 1.
+ *
+ * Cost in field operations if done by [5] 3.2.1:
+ * 1N := 1I + 3M + 1S
+ *
+ * \param grp Pointer to the group representing the curve.
+ *
+ * \param pt pointer to the point to be normalised. This is an
+ * input/output parameter.
+ *
+ * \return 0 if successful.
+ */
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+int mbedtls_internal_ecp_normalize_jac( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *pt );
+#endif
+
+#endif /* ECP_SHORTWEIERSTRASS */
+
+#if defined(ECP_MONTGOMERY)
+
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+int mbedtls_internal_ecp_double_add_mxz( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *R, mbedtls_ecp_point *S, const mbedtls_ecp_point *P,
+ const mbedtls_ecp_point *Q, const mbedtls_mpi *d );
+#endif
+
+/**
+ * \brief Randomize projective x/z coordinates:
+ * (X, Z) -> (l X, l Z) for random l
+ *
+ * \param grp pointer to the group representing the curve
+ *
+ * \param P the point on the curve to be randomised given with
+ * projective coordinates. This is an input/output parameter.
+ *
+ * \param f_rng a function pointer to the random number generator
+ *
+ * \param p_rng a pointer to the random number generator state
+ *
+ * \return 0 if successful
+ */
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+int mbedtls_internal_ecp_randomize_mxz( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P, int (*f_rng)(void *, unsigned char *, size_t),
+ void *p_rng );
+#endif
+
+/**
+ * \brief Normalize Montgomery x/z coordinates: X = X/Z, Z = 1.
+ *
+ * \param grp pointer to the group representing the curve
+ *
+ * \param P pointer to the point to be normalised. This is an
+ * input/output parameter.
+ *
+ * \return 0 if successful
+ */
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+int mbedtls_internal_ecp_normalize_mxz( const mbedtls_ecp_group *grp,
+ mbedtls_ecp_point *P );
+#endif
+
+#endif /* ECP_MONTGOMERY */
+
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+
+#endif /* ecp_internal.h */
+
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 495e02c..49b1aca 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -185,6 +185,9 @@
#define MBEDTLS_SSL_PRESET_DEFAULT 0
#define MBEDTLS_SSL_PRESET_SUITEB 2
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED 1
+#define MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED 0
+
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
@@ -531,6 +534,7 @@
/* Defined in ssl_internal.h */
typedef struct mbedtls_ssl_transform mbedtls_ssl_transform;
typedef struct mbedtls_ssl_handshake_params mbedtls_ssl_handshake_params;
+typedef struct mbedtls_ssl_sig_hash_set_t mbedtls_ssl_sig_hash_set_t;
#if defined(MBEDTLS_X509_CRT_PARSE_C)
typedef struct mbedtls_ssl_key_cert mbedtls_ssl_key_cert;
#endif
@@ -749,6 +753,10 @@
#if defined(MBEDTLS_SSL_FALLBACK_SCSV) && defined(MBEDTLS_SSL_CLI_C)
unsigned int fallback : 1; /*!< is this a fallback? */
#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ unsigned int cert_req_ca_list : 1; /*!< enable sending CA list in
+ Certificate Request messages? */
+#endif
};
@@ -2031,6 +2039,20 @@
void mbedtls_ssl_conf_arc4_support( mbedtls_ssl_config *conf, char arc4 );
#endif /* MBEDTLS_ARC4_C */
+#if defined(MBEDTLS_SSL_SRV_C)
+/**
+ * \brief Whether to send a list of acceptable CAs in
+ * CertificateRequest messages.
+ * (Default: do send)
+ *
+ * \param conf SSL configuration
+ * \param cert_req_ca_list MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED or
+ * MBEDTLS_SSL_CERT_REQ_CA_LIST_DISABLED
+ */
+void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
+ char cert_req_ca_list );
+#endif /* MBEDTLS_SSL_SRV_C */
+
#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
/**
* \brief Set the maximum fragment length to emit and/or negotiate
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index deaaa37..931c1b3 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -260,6 +260,47 @@
#define MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED
#endif
+/* Key exchanges allowing client certificate requests */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED
+#endif
+
+/* Key exchanges involving server signature in ServerKeyExchange */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED
+#endif
+
+/* Key exchanges using ECDH */
+#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED
+#endif
+
+/* Key exchanges that don't involve ephemeral keys */
+#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED
+#endif
+
+/* Key exchanges that involve ephemeral keys */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED
+#endif
+
/* Key exchanges using a PSK */
#if defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED) || \
@@ -268,7 +309,13 @@
#define MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED
#endif
-/* Key exchanges using a ECDHE */
+/* Key exchanges using DHE */
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
+#define MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED
+#endif
+
+/* Key exchanges using ECDHE */
#if defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
@@ -309,10 +356,159 @@
#if defined(MBEDTLS_PK_C)
mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_pk_alg( const mbedtls_ssl_ciphersuite_t *info );
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info );
#endif
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info );
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info );
+#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
+static inline int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
+static inline int mbedtls_ssl_ciphersuite_has_pfs( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECJPAKE:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
+static inline int mbedtls_ssl_ciphersuite_no_pfs( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdh( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+
+static inline int mbedtls_ssl_ciphersuite_cert_req_allowed( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_dhe( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_ecdhe( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+static inline int mbedtls_ssl_ciphersuite_uses_server_signature( const mbedtls_ssl_ciphersuite_t *info )
+{
+ switch( info->key_exchange )
+ {
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
+ return( 1 );
+
+ default:
+ return( 0 );
+ }
+}
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
#ifdef __cplusplus
}
diff --git a/include/mbedtls/ssl_internal.h b/include/mbedtls/ssl_internal.h
index 668c0f5..766b4ab 100644
--- a/include/mbedtls/ssl_internal.h
+++ b/include/mbedtls/ssl_internal.h
@@ -157,6 +157,24 @@
extern "C" {
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+/*
+ * Abstraction for a grid of allowed signature-hash-algorithm pairs.
+ */
+struct mbedtls_ssl_sig_hash_set_t
+{
+ /* At the moment, we only need to remember a single suitable
+ * hash algorithm per signature algorithm. As long as that's
+ * the case - and we don't need a general lookup function -
+ * we can implement the sig-hash-set as a map from signatures
+ * to hash algorithms. */
+ mbedtls_md_type_t rsa;
+ mbedtls_md_type_t ecdsa;
+};
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
/*
* This structure contains the parameters only needed during handshake.
*/
@@ -165,8 +183,11 @@
/*
* Handshake specific crypto variables
*/
- int sig_alg; /*!< Hash algorithm for signature */
- int verify_sig_alg; /*!< Signature algorithm for verify */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ mbedtls_ssl_sig_hash_set_t hash_algs; /*!< Set of suitable sig-hash pairs */
+#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_context dhm_ctx; /*!< DHM key exchange */
#endif
@@ -179,7 +200,7 @@
unsigned char *ecjpake_cache; /*!< Cache for ClientHello ext */
size_t ecjpake_cache_len; /*!< Length of cached data */
#endif
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
const mbedtls_ecp_curve_info **curves; /*!< Supported elliptic curves */
@@ -195,7 +216,7 @@
mbedtls_ssl_key_cert *sni_key_cert; /*!< key/cert list from SNI */
mbedtls_x509_crt *sni_ca_chain; /*!< trusted CAs from SNI callback */
mbedtls_x509_crl *sni_ca_crl; /*!< trusted CAs CRLs from SNI */
-#endif
+#endif /* MBEDTLS_SSL_SERVER_NAME_INDICATION */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if defined(MBEDTLS_SSL_PROTO_DTLS)
unsigned int out_msg_seq; /*!< Outgoing handshake sequence number */
@@ -218,7 +239,7 @@
resending messages */
unsigned char alt_out_ctr[8]; /*!< Alternative record epoch/counter
for resending messages */
-#endif
+#endif /* MBEDTLS_SSL_PROTO_DTLS */
/*
* Checksum contexts
@@ -329,6 +350,28 @@
};
#endif /* MBEDTLS_SSL_PROTO_DTLS */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+
+/* Find an entry in a signature-hash set matching a given hash algorithm. */
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg );
+/* Add a signature-hash-pair to a signature-hash set */
+void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg );
+/* Allow exactly one hash algorithm for each signature. */
+void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg );
+
+/* Setup an empty signature-hash set */
+static inline void mbedtls_ssl_sig_hash_set_init( mbedtls_ssl_sig_hash_set_t *set )
+{
+ mbedtls_ssl_sig_hash_set_const_hash( set, MBEDTLS_MD_NONE );
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
/**
* \brief Free referenced items in an SSL transform context and clear
@@ -384,6 +427,7 @@
#if defined(MBEDTLS_PK_C)
unsigned char mbedtls_ssl_sig_from_pk( mbedtls_pk_context *pk );
+unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type );
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig );
#endif
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index b0c34ec..a89fd64 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -97,6 +97,9 @@
*/
extern mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex;
extern mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+extern mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex;
+#endif
#endif /* MBEDTLS_THREADING_C */
#ifdef __cplusplus
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 3270346..1660961 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -38,17 +38,17 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 4
-#define MBEDTLS_VERSION_PATCH 1
+#define MBEDTLS_VERSION_MINOR 5
+#define MBEDTLS_VERSION_PATCH 0
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02040100
-#define MBEDTLS_VERSION_STRING "2.4.1"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.4.1"
+#define MBEDTLS_VERSION_NUMBER 0x02050000
+#define MBEDTLS_VERSION_STRING "2.5.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.5.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 8882ddf..77e9b21 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -140,15 +140,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
- set_target_properties(mbedcrypto PROPERTIES VERSION 2.4.1 SOVERSION 0)
+ set_target_properties(mbedcrypto PROPERTIES VERSION 2.5.0 SOVERSION 0)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.4.1 SOVERSION 0)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.5.0 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.4.1 SOVERSION 10)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.5.0 SOVERSION 10)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto
diff --git a/library/aes.c b/library/aes.c
index a186dee..5e01c4f 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -710,9 +710,9 @@
* AES-ECB block encryption
*/
#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
-void mbedtls_aes_encrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_internal_aes_encrypt( mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] )
{
int i;
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
@@ -760,6 +760,8 @@
PUT_UINT32_LE( X1, output, 4 );
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
+
+ return( 0 );
}
#endif /* !MBEDTLS_AES_ENCRYPT_ALT */
@@ -767,9 +769,9 @@
* AES-ECB block decryption
*/
#if !defined(MBEDTLS_AES_DECRYPT_ALT)
-void mbedtls_aes_decrypt( mbedtls_aes_context *ctx,
- const unsigned char input[16],
- unsigned char output[16] )
+int mbedtls_internal_aes_decrypt( mbedtls_aes_context *ctx,
+ const unsigned char input[16],
+ unsigned char output[16] )
{
int i;
uint32_t *RK, X0, X1, X2, X3, Y0, Y1, Y2, Y3;
@@ -817,6 +819,8 @@
PUT_UINT32_LE( X1, output, 4 );
PUT_UINT32_LE( X2, output, 8 );
PUT_UINT32_LE( X3, output, 12 );
+
+ return( 0 );
}
#endif /* !MBEDTLS_AES_DECRYPT_ALT */
@@ -846,11 +850,9 @@
#endif
if( mode == MBEDTLS_AES_ENCRYPT )
- mbedtls_aes_encrypt( ctx, input, output );
+ return( mbedtls_internal_aes_encrypt( ctx, input, output ) );
else
- mbedtls_aes_decrypt( ctx, input, output );
-
- return( 0 );
+ return( mbedtls_internal_aes_decrypt( ctx, input, output ) );
}
#if defined(MBEDTLS_CIPHER_MODE_CBC)
diff --git a/library/certs.c b/library/certs.c
index ffe6bc9..5c01998 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -47,6 +47,7 @@
"uCjn8pwUOkABXK8Mss90fzCfCEOtIA==\r\n" \
"-----END CERTIFICATE-----\r\n"
const char mbedtls_test_ca_crt_ec[] = TEST_CA_CRT_EC;
+const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
const char mbedtls_test_ca_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n"
@@ -58,8 +59,10 @@
"UsuWTITwJImcnlAs1gaRZ3sAWm7cOUidL0fo2G0fYUFNcYoCSLffCFTEHBuPnagb\r\n"
"a77x/sY1Bvii8S9/XhDTb6pTMx06wzrm\r\n"
"-----END EC PRIVATE KEY-----\r\n";
+const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
const char mbedtls_test_ca_pwd_ec[] = "PolarSSLTest";
+const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
const char mbedtls_test_srv_crt_ec[] =
"-----BEGIN CERTIFICATE-----\r\n"
@@ -76,6 +79,7 @@
"C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n"
"fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n"
"-----END CERTIFICATE-----\r\n";
+const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
const char mbedtls_test_srv_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n"
@@ -83,6 +87,7 @@
"AwEHoUQDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/\r\n"
"6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/w==\r\n"
"-----END EC PRIVATE KEY-----\r\n";
+const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
const char mbedtls_test_cli_crt_ec[] =
"-----BEGIN CERTIFICATE-----\r\n"
@@ -99,6 +104,7 @@
"lgOsjnhw3fIOoLIWy2WOGsk/LGF++DzvrRzuNiACMQCd8iem1XS4JK7haj8xocpU\r\n"
"LwjQje5PDGHfd3h9tP38Qknu5bJqws0md2KOKHyeV0U=\r\n"
"-----END CERTIFICATE-----\r\n";
+const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
const char mbedtls_test_cli_key_ec[] =
"-----BEGIN EC PRIVATE KEY-----\r\n"
@@ -106,20 +112,12 @@
"AwEHoUQDQgAEV+WusXPf06y7k7iB/xKu7uZTrM5VU/Y0Dswu42MlC9+Y4vNcYDaW\r\n"
"wNUYFHDlf5/VS0UY5bBs1Vz4lo+HcKPkxw==\r\n"
"-----END EC PRIVATE KEY-----\r\n";
-
-const size_t mbedtls_test_ca_crt_ec_len = sizeof( mbedtls_test_ca_crt_ec );
-const size_t mbedtls_test_ca_key_ec_len = sizeof( mbedtls_test_ca_key_ec );
-const size_t mbedtls_test_ca_pwd_ec_len = sizeof( mbedtls_test_ca_pwd_ec ) - 1;
-const size_t mbedtls_test_srv_crt_ec_len = sizeof( mbedtls_test_srv_crt_ec );
-const size_t mbedtls_test_srv_key_ec_len = sizeof( mbedtls_test_srv_key_ec );
-const size_t mbedtls_test_cli_crt_ec_len = sizeof( mbedtls_test_cli_crt_ec );
const size_t mbedtls_test_cli_key_ec_len = sizeof( mbedtls_test_cli_key_ec );
-#else
-#define TEST_CA_CRT_EC
#endif /* MBEDTLS_ECDSA_C */
#if defined(MBEDTLS_RSA_C)
-#define TEST_CA_CRT_RSA \
+#if defined(MBEDTLS_SHA1_C)
+#define TEST_CA_CRT_RSA_SHA1 \
"-----BEGIN CERTIFICATE-----\r\n" \
"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n" \
"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
@@ -141,7 +139,34 @@
"m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ\r\n" \
"7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==\r\n" \
"-----END CERTIFICATE-----\r\n"
-const char mbedtls_test_ca_crt_rsa[] = TEST_CA_CRT_RSA;
+static const char mbedtls_test_ca_crt_rsa_sha1[] = TEST_CA_CRT_RSA_SHA1;
+#endif
+
+#if defined(MBEDTLS_SHA256_C)
+#define TEST_CA_CRT_RSA_SHA256 \
+"-----BEGIN CERTIFICATE-----\r\n" \
+"MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n" \
+"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n" \
+"MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+"A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G\r\n" \
+"CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx\r\n" \
+"mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny\r\n" \
+"50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n\r\n" \
+"YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL\r\n" \
+"R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu\r\n" \
+"KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj\r\n" \
+"gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA\r\n" \
+"FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE\r\n" \
+"CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T\r\n" \
+"BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j\r\n" \
+"4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w\r\n" \
+"XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB\r\n" \
+"G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57\r\n" \
+"ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY\r\n" \
+"n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==\r\n" \
+"-----END CERTIFICATE-----\r\n"
+static const char mbedtls_test_ca_crt_rsa_sha256[] = TEST_CA_CRT_RSA_SHA256;
+#endif
const char mbedtls_test_ca_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
@@ -174,8 +199,10 @@
"wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n"
"P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
+const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
const char mbedtls_test_ca_pwd_rsa[] = "PolarSSLTest";
+const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
const char mbedtls_test_srv_crt_rsa[] =
"-----BEGIN CERTIFICATE-----\r\n"
@@ -198,6 +225,7 @@
"RRQfaD8neM9c1S/iJ/amTVqJxA1KOdOS5780WhPfSArA+g4qAmSjelc3p4wWpha8\r\n"
"zhuYwjVuX6JHG0c=\r\n"
"-----END CERTIFICATE-----\r\n";
+const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
const char mbedtls_test_srv_key_rsa[] =
"-----BEGIN RSA PRIVATE KEY-----\r\n"
@@ -227,27 +255,29 @@
"4AgahOxIxXx2gxJnq3yfkJfIjwf0s2DyP0kY2y6Ua1OeomPeY9mrIS4tCuDQ6LrE\r\n"
"TB6l9VGoxJL4fyHnZb8L5gGvnB1bbD8cL6YPaDiOhcRseC9vBiEuVg==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
+const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
-const char mbedtls_test_cli_crt_rsa[] =
+static const char mbedtls_test_cli_crt_rsa_sha256[] =
"-----BEGIN CERTIFICATE-----\r\n"
-"MIIDPzCCAiegAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER\r\n"
-"MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
-"MTEwMjEyMTQ0NDA3WhcNMjEwMjEyMTQ0NDA3WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
-"A1UEChMIUG9sYXJTU0wxGjAYBgNVBAMTEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
+"MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER\r\n"
+"MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN\r\n"
+"MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G\r\n"
+"A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN\r\n"
"BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f\r\n"
"M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu\r\n"
"1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw\r\n"
"MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v\r\n"
"4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/\r\n"
"/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB\r\n"
-"o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf\r\n"
-"BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC\r\n"
-"AQEAAn86isAM8X+mVwJqeItt6E9slhEQbAofyk+diH1Lh8Y9iLlWQSKbw/UXYjx5\r\n"
-"LLPZcniovxIcARC/BjyZR9g3UwTHNGNm+rwrqa15viuNOFBchykX/Orsk02EH7NR\r\n"
-"Alw5WLPorYjED6cdVQgBl9ot93HdJogRiXCxErM7NC8/eP511mjq+uLDjLKH8ZPQ\r\n"
-"8I4ekHJnroLsDkIwXKGIsvIBHQy2ac/NwHLCQOK6mfum1pRx52V4Utu5dLLjD5bM\r\n"
-"xOBC7KU4xZKuMXXZM6/93Yb51K/J4ahf1TxJlTWXtnzDr9saEYdNy2SKY/6ZiDNH\r\n"
-"D+stpAKiQLAWaAusIWKYEyw9MQ==\r\n"
+"o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa\r\n"
+"gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV\r\n"
+"BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud\r\n"
+"EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom\r\n"
+"LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W\r\n"
+"iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK\r\n"
+"D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE\r\n"
+"ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj\r\n"
+"c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=\r\n"
"-----END CERTIFICATE-----\r\n";
const char mbedtls_test_cli_key_rsa[] =
@@ -278,28 +308,32 @@
"bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv\r\n"
"8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==\r\n"
"-----END RSA PRIVATE KEY-----\r\n";
-
-const size_t mbedtls_test_ca_crt_rsa_len = sizeof( mbedtls_test_ca_crt_rsa );
-const size_t mbedtls_test_ca_key_rsa_len = sizeof( mbedtls_test_ca_key_rsa );
-const size_t mbedtls_test_ca_pwd_rsa_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
-const size_t mbedtls_test_srv_crt_rsa_len = sizeof( mbedtls_test_srv_crt_rsa );
-const size_t mbedtls_test_srv_key_rsa_len = sizeof( mbedtls_test_srv_key_rsa );
-const size_t mbedtls_test_cli_crt_rsa_len = sizeof( mbedtls_test_cli_crt_rsa );
const size_t mbedtls_test_cli_key_rsa_len = sizeof( mbedtls_test_cli_key_rsa );
-#else
-#define TEST_CA_CRT_RSA
#endif /* MBEDTLS_RSA_C */
#if defined(MBEDTLS_PEM_PARSE_C)
/* Concatenation of all available CA certificates */
-const char mbedtls_test_cas_pem[] = TEST_CA_CRT_RSA TEST_CA_CRT_EC;
+const char mbedtls_test_cas_pem[] =
+#ifdef TEST_CA_CRT_RSA_SHA1
+ TEST_CA_CRT_RSA_SHA1
+#endif
+#ifdef TEST_CA_CRT_RSA_SHA256
+ TEST_CA_CRT_RSA_SHA256
+#endif
+#ifdef TEST_CA_CRT_EC
+ TEST_CA_CRT_EC
+#endif
+ "";
const size_t mbedtls_test_cas_pem_len = sizeof( mbedtls_test_cas_pem );
#endif
/* List of all available CA certificates */
const char * mbedtls_test_cas[] = {
-#if defined(MBEDTLS_RSA_C)
- mbedtls_test_ca_crt_rsa,
+#if defined(TEST_CA_CRT_RSA_SHA1)
+ mbedtls_test_ca_crt_rsa_sha1,
+#endif
+#if defined(TEST_CA_CRT_RSA_SHA256)
+ mbedtls_test_ca_crt_rsa_sha256,
#endif
#if defined(MBEDTLS_ECDSA_C)
mbedtls_test_ca_crt_ec,
@@ -307,8 +341,11 @@
NULL
};
const size_t mbedtls_test_cas_len[] = {
-#if defined(MBEDTLS_RSA_C)
- sizeof( mbedtls_test_ca_crt_rsa ),
+#if defined(TEST_CA_CRT_RSA_SHA1)
+ sizeof( mbedtls_test_ca_crt_rsa_sha1 ),
+#endif
+#if defined(TEST_CA_CRT_RSA_SHA256)
+ sizeof( mbedtls_test_ca_crt_rsa_sha256 ),
#endif
#if defined(MBEDTLS_ECDSA_C)
sizeof( mbedtls_test_ca_crt_ec ),
@@ -317,19 +354,19 @@
};
#if defined(MBEDTLS_RSA_C)
-const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa;
+const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_rsa_sha256;
const char *mbedtls_test_ca_key = mbedtls_test_ca_key_rsa;
const char *mbedtls_test_ca_pwd = mbedtls_test_ca_pwd_rsa;
const char *mbedtls_test_srv_crt = mbedtls_test_srv_crt_rsa;
const char *mbedtls_test_srv_key = mbedtls_test_srv_key_rsa;
-const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa;
+const char *mbedtls_test_cli_crt = mbedtls_test_cli_crt_rsa_sha256;
const char *mbedtls_test_cli_key = mbedtls_test_cli_key_rsa;
-const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa );
+const size_t mbedtls_test_ca_crt_len = sizeof( mbedtls_test_ca_crt_rsa_sha256 );
const size_t mbedtls_test_ca_key_len = sizeof( mbedtls_test_ca_key_rsa );
const size_t mbedtls_test_ca_pwd_len = sizeof( mbedtls_test_ca_pwd_rsa ) - 1;
const size_t mbedtls_test_srv_crt_len = sizeof( mbedtls_test_srv_crt_rsa );
const size_t mbedtls_test_srv_key_len = sizeof( mbedtls_test_srv_key_rsa );
-const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa );
+const size_t mbedtls_test_cli_crt_len = sizeof( mbedtls_test_cli_crt_rsa_sha256 );
const size_t mbedtls_test_cli_key_len = sizeof( mbedtls_test_cli_key_rsa );
#else /* ! MBEDTLS_RSA_C, so MBEDTLS_ECDSA_C */
const char *mbedtls_test_ca_crt = mbedtls_test_ca_crt_ec;
diff --git a/library/cmac.c b/library/cmac.c
index b2fe713..035ad07 100644
--- a/library/cmac.c
+++ b/library/cmac.c
@@ -1,4 +1,4 @@
-/*
+/**
* \file cmac.c
*
* \brief NIST SP800-38B compliant CMAC implementation for AES and 3DES
diff --git a/library/ecp.c b/library/ecp.c
index f51f225..56f22c2 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -49,9 +49,12 @@
#if defined(MBEDTLS_ECP_C)
#include "mbedtls/ecp.h"
+#include "mbedtls/threading.h"
#include <string.h>
+#if !defined(MBEDTLS_ECP_ALT)
+
#if defined(MBEDTLS_PLATFORM_C)
#include "mbedtls/platform.h"
#else
@@ -62,6 +65,8 @@
#define mbedtls_free free
#endif
+#include "mbedtls/ecp_internal.h"
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -748,6 +753,12 @@
if( mbedtls_mpi_cmp_int( &pt->Z, 0 ) == 0 )
return( 0 );
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_normalize_jac( grp, pt );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
mbedtls_mpi_init( &Zi ); mbedtls_mpi_init( &ZZi );
/*
@@ -796,6 +807,13 @@
if( t_len < 2 )
return( ecp_normalize_jac( grp, *T ) );
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_normalize_jac_many(grp, T, t_len);
+ }
+#endif
+
if( ( c = mbedtls_calloc( t_len, sizeof( mbedtls_mpi ) ) ) == NULL )
return( MBEDTLS_ERR_ECP_ALLOC_FAILED );
@@ -912,6 +930,13 @@
dbl_count++;
#endif
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_double_jac( grp, R, P );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+
mbedtls_mpi_init( &M ); mbedtls_mpi_init( &S ); mbedtls_mpi_init( &T ); mbedtls_mpi_init( &U );
/* Special case for A = -3 */
@@ -1003,6 +1028,13 @@
add_count++;
#endif
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_add_mixed( grp, R, P, Q );
+ }
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+
/*
* Trivial cases: P == 0 or Q == 0 (case 1)
*/
@@ -1080,9 +1112,17 @@
{
int ret;
mbedtls_mpi l, ll;
- size_t p_size = ( grp->pbits + 7 ) / 8;
+ size_t p_size;
int count = 0;
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_randomize_jac( grp, pt, f_rng, p_rng );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+
+ p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l ); mbedtls_mpi_init( &ll );
/* Generate l such that 1 < l < p */
@@ -1234,6 +1274,7 @@
MBEDTLS_MPI_CHK( ecp_normalize_jac_many( grp, TT, k ) );
cleanup:
+
return( ret );
}
@@ -1297,6 +1338,7 @@
}
cleanup:
+
mbedtls_ecp_point_free( &Txi );
return( ret );
@@ -1441,6 +1483,13 @@
{
int ret;
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_normalize_mxz( grp, P );
+ }
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
+
MBEDTLS_MPI_CHK( mbedtls_mpi_inv_mod( &P->Z, &P->Z, &grp->P ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &P->X, &P->X, &P->Z ) ); MOD_MUL( P->X );
MBEDTLS_MPI_CHK( mbedtls_mpi_lset( &P->Z, 1 ) );
@@ -1462,9 +1511,17 @@
{
int ret;
mbedtls_mpi l;
- size_t p_size = ( grp->pbits + 7 ) / 8;
+ size_t p_size;
int count = 0;
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
+ }
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+
+ p_size = ( grp->pbits + 7 ) / 8;
mbedtls_mpi_init( &l );
/* Generate l such that 1 < l < p */
@@ -1512,6 +1569,13 @@
int ret;
mbedtls_mpi A, AA, B, BB, E, C, D, DA, CB;
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+ if ( mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ return mbedtls_internal_ecp_double_add_mxz( grp, R, S, P, Q, d );
+ }
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+
mbedtls_mpi_init( &A ); mbedtls_mpi_init( &AA ); mbedtls_mpi_init( &B );
mbedtls_mpi_init( &BB ); mbedtls_mpi_init( &E ); mbedtls_mpi_init( &C );
mbedtls_mpi_init( &D ); mbedtls_mpi_init( &DA ); mbedtls_mpi_init( &CB );
@@ -1612,7 +1676,10 @@
const mbedtls_mpi *m, const mbedtls_ecp_point *P,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
- int ret;
+ int ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ char is_grp_capable = 0;
+#endif
/* Common sanity checks */
if( mbedtls_mpi_cmp_int( &P->Z, 1 ) != 0 )
@@ -1622,15 +1689,43 @@
( ret = mbedtls_ecp_check_pubkey( grp, P ) ) != 0 )
return( ret );
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 )
+ return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
+ if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+ }
+
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
#if defined(ECP_MONTGOMERY)
if( ecp_get_type( grp ) == ECP_TYPE_MONTGOMERY )
- return( ecp_mul_mxz( grp, R, m, P, f_rng, p_rng ) );
+ ret = ecp_mul_mxz( grp, R, m, P, f_rng, p_rng );
+
#endif
#if defined(ECP_SHORTWEIERSTRASS)
if( ecp_get_type( grp ) == ECP_TYPE_SHORT_WEIERSTRASS )
- return( ecp_mul_comb( grp, R, m, P, f_rng, p_rng ) );
+ ret = ecp_mul_comb( grp, R, m, P, f_rng, p_rng );
+
#endif
- return( MBEDTLS_ERR_ECP_BAD_INPUT_DATA );
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+cleanup:
+
+ if ( is_grp_capable )
+ {
+ mbedtls_internal_ecp_free( grp );
+ }
+
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 )
+ return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+ return( ret );
}
#if defined(ECP_SHORTWEIERSTRASS)
@@ -1723,6 +1818,9 @@
{
int ret;
mbedtls_ecp_point mP;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ char is_grp_capable = 0;
+#endif
if( ecp_get_type( grp ) != ECP_TYPE_SHORT_WEIERSTRASS )
return( MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE );
@@ -1732,10 +1830,35 @@
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, &mP, m, P ) );
MBEDTLS_MPI_CHK( mbedtls_ecp_mul_shortcuts( grp, R, n, Q ) );
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_lock( &mbedtls_threading_ecp_mutex ) != 0 )
+ return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
+ if ( is_grp_capable = mbedtls_internal_ecp_grp_capable( grp ) )
+ {
+ MBEDTLS_MPI_CHK( mbedtls_internal_ecp_init( grp ) );
+ }
+
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
MBEDTLS_MPI_CHK( ecp_add_mixed( grp, R, &mP, R ) );
MBEDTLS_MPI_CHK( ecp_normalize_jac( grp, R ) );
cleanup:
+
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ if ( is_grp_capable )
+ {
+ mbedtls_internal_ecp_free( grp );
+ }
+
+#if defined(MBEDTLS_THREADING_C)
+ if( mbedtls_mutex_unlock( &mbedtls_threading_ecp_mutex ) != 0 )
+ return ( MBEDTLS_ERR_THREADING_MUTEX_ERROR );
+
+#endif
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
mbedtls_ecp_point_free( &mP );
return( ret );
@@ -2089,4 +2212,6 @@
#endif /* MBEDTLS_SELF_TEST */
+#endif /* !MBEDTLS_ECP_ALT */
+
#endif /* MBEDTLS_ECP_C */
diff --git a/library/ecp_curves.c b/library/ecp_curves.c
index a2a5495..df5ac3e 100644
--- a/library/ecp_curves.c
+++ b/library/ecp_curves.c
@@ -31,6 +31,8 @@
#include <string.h>
+#if !defined(MBEDTLS_ECP_ALT)
+
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
@@ -1322,4 +1324,6 @@
}
#endif /* MBEDTLS_ECP_DP_SECP256K1_ENABLED */
+#endif /* !MBEDTLS_ECP_ALT */
+
#endif /* MBEDTLS_ECP_C */
diff --git a/library/pk.c b/library/pk.c
index 10bd0a5..8d13bc5 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -29,6 +29,8 @@
#include "mbedtls/pk.h"
#include "mbedtls/pk_internal.h"
+#include "mbedtls/bignum.h"
+
#if defined(MBEDTLS_RSA_C)
#include "mbedtls/rsa.h"
#endif
@@ -39,6 +41,8 @@
#include "mbedtls/ecdsa.h"
#endif
+#include <limits.h>
+
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
volatile unsigned char *p = v; while( n-- ) *p++ = 0;
@@ -209,6 +213,11 @@
int ret;
const mbedtls_pk_rsassa_pss_options *pss_opts;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
if( options == NULL )
return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
@@ -232,7 +241,7 @@
return( 0 );
#else
return( MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE );
-#endif
+#endif /* MBEDTLS_RSA_C && MBEDTLS_PKCS1_V21 */
}
/* General case: no options */
diff --git a/library/pk_wrap.c b/library/pk_wrap.c
index 712ad48..db6274c 100644
--- a/library/pk_wrap.c
+++ b/library/pk_wrap.c
@@ -30,6 +30,7 @@
/* Even if RSA not activated, for the sake of RSA-alt */
#include "mbedtls/rsa.h"
+#include "mbedtls/bignum.h"
#include <string.h>
@@ -49,6 +50,8 @@
#define mbedtls_free free
#endif
+#include <limits.h>
+
#if defined(MBEDTLS_PK_RSA_ALT_SUPPORT)
/* Implementation that should never be optimized out by the compiler */
static void mbedtls_zeroize( void *v, size_t n ) {
@@ -74,6 +77,11 @@
{
int ret;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
if( sig_len < ((mbedtls_rsa_context *) ctx)->len )
return( MBEDTLS_ERR_RSA_VERIFY_FAILED );
@@ -93,6 +101,11 @@
unsigned char *sig, size_t *sig_len,
int (*f_rng)(void *, unsigned char *, size_t), void *p_rng )
{
+#if defined(MBEDTLS_HAVE_INT64)
+ if( md_alg == MBEDTLS_MD_NONE && UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
*sig_len = ((mbedtls_rsa_context *) ctx)->len;
return( mbedtls_rsa_pkcs1_sign( (mbedtls_rsa_context *) ctx, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
@@ -402,6 +415,11 @@
{
mbedtls_rsa_alt_context *rsa_alt = (mbedtls_rsa_alt_context *) ctx;
+#if defined(MBEDTLS_HAVE_INT64)
+ if( UINT_MAX < hash_len )
+ return( MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
+
*sig_len = rsa_alt->key_len_func( rsa_alt->key );
return( rsa_alt->sign_func( rsa_alt->key, f_rng, p_rng, MBEDTLS_RSA_PRIVATE,
diff --git a/library/rsa.c b/library/rsa.c
index 40ef2a9..122bc13 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -29,6 +29,11 @@
* [2] Handbook of Applied Cryptography - 1997, Chapter 8
* Menezes, van Oorschot and Vanstone
*
+ * [3] Malware Guard Extension: Using SGX to Conceal Cache Attacks
+ * Michael Schwarz, Samuel Weiser, Daniel Gruss, Clémentine Maurice and
+ * Stefan Mangard
+ * https://arxiv.org/abs/1702.08719v2
+ *
*/
#if !defined(MBEDTLS_CONFIG_FILE)
@@ -61,6 +66,11 @@
#define mbedtls_free free
#endif
+/* Implementation that should never be optimized out by the compiler */
+static void mbedtls_zeroize( void *v, size_t n ) {
+ volatile unsigned char *p = (unsigned char*)v; while( n-- ) *p++ = 0;
+}
+
/*
* Initialize an RSA context
*/
@@ -357,6 +367,27 @@
}
/*
+ * Exponent blinding supposed to prevent side-channel attacks using multiple
+ * traces of measurements to recover the RSA key. The more collisions are there,
+ * the more bits of the key can be recovered. See [3].
+ *
+ * Collecting n collisions with m bit long blinding value requires 2^(m-m/n)
+ * observations on avarage.
+ *
+ * For example with 28 byte blinding to achieve 2 collisions the adversary has
+ * to make 2^112 observations on avarage.
+ *
+ * (With the currently (as of 2017 April) known best algorithms breaking 2048
+ * bit RSA requires approximately as much time as trying out 2^112 random keys.
+ * Thus in this sense with 28 byte blinding the security is not reduced by
+ * side-channel attacks like the one in [3])
+ *
+ * This countermeasure does not help if the key recovery is possible with a
+ * single trace.
+ */
+#define RSA_EXPONENT_BLINDING 28
+
+/*
* Do an RSA private key operation
*/
int mbedtls_rsa_private( mbedtls_rsa_context *ctx,
@@ -368,12 +399,34 @@
int ret;
size_t olen;
mbedtls_mpi T, T1, T2;
+ mbedtls_mpi P1, Q1, R;
+#if defined(MBEDTLS_RSA_NO_CRT)
+ mbedtls_mpi D_blind;
+ mbedtls_mpi *D = &ctx->D;
+#else
+ mbedtls_mpi DP_blind, DQ_blind;
+ mbedtls_mpi *DP = &ctx->DP;
+ mbedtls_mpi *DQ = &ctx->DQ;
+#endif
/* Make sure we have private key info, prevent possible misuse */
if( ctx->P.p == NULL || ctx->Q.p == NULL || ctx->D.p == NULL )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA );
mbedtls_mpi_init( &T ); mbedtls_mpi_init( &T1 ); mbedtls_mpi_init( &T2 );
+ mbedtls_mpi_init( &P1 ); mbedtls_mpi_init( &Q1 ); mbedtls_mpi_init( &R );
+
+
+ if( f_rng != NULL )
+ {
+#if defined(MBEDTLS_RSA_NO_CRT)
+ mbedtls_mpi_init( &D_blind );
+#else
+ mbedtls_mpi_init( &DP_blind );
+ mbedtls_mpi_init( &DQ_blind );
+#endif
+ }
+
#if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
@@ -396,19 +449,60 @@
MBEDTLS_MPI_CHK( rsa_prepare_blinding( ctx, f_rng, p_rng ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &T, &T, &ctx->Vi ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mod_mpi( &T, &T, &ctx->N ) );
+
+ /*
+ * Exponent blinding
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &P1, &ctx->P, 1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( &Q1, &ctx->Q, 1 ) );
+
+#if defined(MBEDTLS_RSA_NO_CRT)
+ /*
+ * D_blind = ( P - 1 ) * ( Q - 1 ) * R + D
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &P1, &Q1 ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &D_blind, &D_blind, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &D_blind, &D_blind, &ctx->D ) );
+
+ D = &D_blind;
+#else
+ /*
+ * DP_blind = ( P - 1 ) * R + DP
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DP_blind, &P1, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DP_blind, &DP_blind,
+ &ctx->DP ) );
+
+ DP = &DP_blind;
+
+ /*
+ * DQ_blind = ( Q - 1 ) * R + DQ
+ */
+ MBEDTLS_MPI_CHK( mbedtls_mpi_fill_random( &R, RSA_EXPONENT_BLINDING,
+ f_rng, p_rng ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_mul_mpi( &DQ_blind, &Q1, &R ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_add_mpi( &DQ_blind, &DQ_blind,
+ &ctx->DQ ) );
+
+ DQ = &DQ_blind;
+#endif /* MBEDTLS_RSA_NO_CRT */
}
#if defined(MBEDTLS_RSA_NO_CRT)
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, &ctx->D, &ctx->N, &ctx->RN ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T, &T, D, &ctx->N, &ctx->RN ) );
#else
/*
- * faster decryption using the CRT
+ * Faster decryption using the CRT
*
* T1 = input ^ dP mod P
* T2 = input ^ dQ mod Q
*/
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, &ctx->DP, &ctx->P, &ctx->RP ) );
- MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, &ctx->DQ, &ctx->Q, &ctx->RQ ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T1, &T, DP, &ctx->P, &ctx->RP ) );
+ MBEDTLS_MPI_CHK( mbedtls_mpi_exp_mod( &T2, &T, DQ, &ctx->Q, &ctx->RQ ) );
/*
* T = (T1 - T2) * (Q^-1 mod P) mod P
@@ -444,6 +538,17 @@
#endif
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T1 ); mbedtls_mpi_free( &T2 );
+ mbedtls_mpi_free( &P1 ); mbedtls_mpi_free( &Q1 ); mbedtls_mpi_free( &R );
+
+ if( f_rng != NULL )
+ {
+#if defined(MBEDTLS_RSA_NO_CRT)
+ mbedtls_mpi_free( &D_blind );
+#else
+ mbedtls_mpi_free( &DP_blind );
+ mbedtls_mpi_free( &DQ_blind );
+#endif
+ }
if( ret != 0 )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret );
@@ -496,6 +601,8 @@
dlen -= use_len;
}
+
+ mbedtls_zeroize( mask, sizeof( mask ) );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -724,7 +831,7 @@
: mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
- return( ret );
+ goto cleanup;
/*
* Unmask data and generate lHash
@@ -733,7 +840,7 @@
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{
mbedtls_md_free( &md_ctx );
- return( ret );
+ goto cleanup;
}
@@ -784,15 +891,26 @@
* the different error conditions.
*/
if( bad != 0 )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ {
+ ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
+ goto cleanup;
+ }
if( ilen - ( p - buf ) > output_max_len )
- return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+ {
+ ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+ goto cleanup;
+ }
*olen = ilen - (p - buf);
memcpy( output, p, *olen );
+ ret = 0;
- return( 0 );
+cleanup:
+ mbedtls_zeroize( buf, sizeof( buf ) );
+ mbedtls_zeroize( lhash, sizeof( lhash ) );
+
+ return( ret );
}
#endif /* MBEDTLS_PKCS1_V21 */
@@ -826,7 +944,7 @@
: mbedtls_rsa_private( ctx, f_rng, p_rng, input, buf );
if( ret != 0 )
- return( ret );
+ goto cleanup;
p = buf;
bad = 0;
@@ -871,15 +989,25 @@
bad |= ( pad_count < 8 );
if( bad )
- return( MBEDTLS_ERR_RSA_INVALID_PADDING );
+ {
+ ret = MBEDTLS_ERR_RSA_INVALID_PADDING;
+ goto cleanup;
+ }
if( ilen - ( p - buf ) > output_max_len )
- return( MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE );
+ {
+ ret = MBEDTLS_ERR_RSA_OUTPUT_TOO_LARGE;
+ goto cleanup;
+ }
*olen = ilen - (p - buf);
memcpy( output, p, *olen );
+ ret = 0;
- return( 0 );
+cleanup:
+ mbedtls_zeroize( buf, sizeof( buf ) );
+
+ return( ret );
}
#endif /* MBEDTLS_PKCS1_V15 */
@@ -981,6 +1109,7 @@
if( ( ret = mbedtls_md_setup( &md_ctx, md_info, 0 ) ) != 0 )
{
mbedtls_md_free( &md_ctx );
+ /* No need to zeroize salt: we didn't use it. */
return( ret );
}
@@ -990,6 +1119,7 @@
mbedtls_md_update( &md_ctx, hash, hashlen );
mbedtls_md_update( &md_ctx, salt, slen );
mbedtls_md_finish( &md_ctx, p );
+ mbedtls_zeroize( salt, sizeof( salt ) );
/* Compensate for boundary condition when applying mask */
if( msb % 8 == 0 )
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index a762bf7..c1a92d6 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1817,41 +1817,23 @@
return( MBEDTLS_PK_NONE );
}
}
-#endif /* MBEDTLS_PK_C */
-#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C)
-int mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *info )
+mbedtls_pk_type_t mbedtls_ssl_get_ciphersuite_sig_alg( const mbedtls_ssl_ciphersuite_t *info )
{
switch( info->key_exchange )
{
+ case MBEDTLS_KEY_EXCHANGE_RSA:
+ case MBEDTLS_KEY_EXCHANGE_DHE_RSA:
case MBEDTLS_KEY_EXCHANGE_ECDHE_RSA:
+ return( MBEDTLS_PK_RSA );
+
case MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDH_RSA:
- case MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA:
- return( 1 );
+ return( MBEDTLS_PK_ECDSA );
default:
- return( 0 );
+ return( MBEDTLS_PK_NONE );
}
}
-#endif /* MBEDTLS_ECDH_C || MBEDTLS_ECDSA_C */
-
-#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
-int mbedtls_ssl_ciphersuite_uses_psk( const mbedtls_ssl_ciphersuite_t *info )
-{
- switch( info->key_exchange )
- {
- case MBEDTLS_KEY_EXCHANGE_PSK:
- case MBEDTLS_KEY_EXCHANGE_RSA_PSK:
- case MBEDTLS_KEY_EXCHANGE_DHE_PSK:
- case MBEDTLS_KEY_EXCHANGE_ECDHE_PSK:
- return( 1 );
-
- default:
- return( 0 );
- }
-}
-#endif /* MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED */
+#endif /* MBEDTLS_PK_C */
#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index d3169d2..616cadc 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2052,7 +2052,8 @@
if( (*p) + len > end )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message (psk_identity_hint length)" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "bad server key exchange message "
+ "(psk_identity_hint length)" ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2194,8 +2195,8 @@
*/
if( mbedtls_ssl_check_sig_hash( ssl, *md_alg ) != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm "
- "that was not offered" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "server used HashAlgorithm %d that was not offered",
+ *(p)[0] ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}
@@ -2253,7 +2254,8 @@
static int ssl_parse_server_key_exchange( mbedtls_ssl_context *ssl )
{
int ret;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
unsigned char *p, *end;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse server key exchange" ) );
@@ -2407,12 +2409,8 @@
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
size_t sig_len, hashlen;
unsigned char hash[64];
@@ -2595,9 +2593,7 @@
return( ret );
}
}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
exit:
ssl->state++;
@@ -2607,23 +2603,15 @@
return( 0 );
}
-#if !defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) && \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)&& \
- !defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+#if ! defined(MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED)
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
ssl->state++;
@@ -2633,22 +2621,19 @@
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
-#else
+#else /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_certificate_request( mbedtls_ssl_context *ssl )
{
int ret;
unsigned char *buf;
size_t n = 0;
size_t cert_type_len = 0, dn_len = 0;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate request" ) );
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
+ if( ! mbedtls_ssl_ciphersuite_cert_req_allowed( ciphersuite_info ) )
{
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip parse certificate request" ) );
ssl->state++;
@@ -2738,7 +2723,8 @@
for( i = 0; i < sig_alg_len; i += 2 )
{
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d,%d", sig_alg[i], sig_alg[i + 1] ) );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Supported Signature Algorithm found: %d"
+ ",%d", sig_alg[i], sig_alg[i + 1] ) );
}
#endif
@@ -2772,12 +2758,7 @@
return( 0 );
}
-#endif /* !MBEDTLS_KEY_EXCHANGE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED &&
- !MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__CERT_REQ_ALLOWED__ENABLED */
static int ssl_parse_server_hello_done( mbedtls_ssl_context *ssl )
{
@@ -2826,7 +2807,8 @@
{
int ret;
size_t i, n;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write client key exchange" ) );
@@ -2913,10 +2895,7 @@
MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ if( mbedtls_ssl_ciphersuite_uses_psk( ciphersuite_info ) )
{
/*
* opaque psk_identity<0..2^16-1>;
@@ -3086,7 +3065,8 @@
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
int ret;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate verify" ) );
@@ -3115,7 +3095,8 @@
static int ssl_write_certificate_verify( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
size_t n = 0, offset = 0;
unsigned char hash[48];
unsigned char *hash_start = hash;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 89afbce..a61ff5f 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -186,15 +186,30 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+
+/*
+ * Status of the implementation of signature-algorithms extension:
+ *
+ * Currently, we are only considering the signature-algorithm extension
+ * to pick a ciphersuite which allows us to send the ServerKeyExchange
+ * message with a signature-hash combination that the user allows.
+ *
+ * We do *not* check whether all certificates in our certificate
+ * chain are signed with an allowed signature-hash pair.
+ * This needs to be done at a later stage.
+ *
+ */
static int ssl_parse_signature_algorithms_ext( mbedtls_ssl_context *ssl,
const unsigned char *buf,
size_t len )
{
size_t sig_alg_list_size;
+
const unsigned char *p;
const unsigned char *end = buf + len;
- const int *md_cur;
+ mbedtls_md_type_t md_cur;
+ mbedtls_pk_type_t sig_cur;
sig_alg_list_size = ( ( buf[0] << 8 ) | ( buf[1] ) );
if( sig_alg_list_size + 2 != len ||
@@ -206,29 +221,49 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- /*
- * For now, ignore the SignatureAlgorithm part and rely on offered
- * ciphersuites only for that part. To be fixed later.
+ /* Currently we only guarantee signing the ServerKeyExchange message according
+ * to the constraints specified in this extension (see above), so it suffices
+ * to remember only one suitable hash for each possible signature algorithm.
*
- * So, just look at the HashAlgorithm part.
+ * This will change when we also consider certificate signatures,
+ * in which case we will need to remember the whole signature-hash
+ * pair list from the extension.
*/
- for( md_cur = ssl->conf->sig_hashes; *md_cur != MBEDTLS_MD_NONE; md_cur++ ) {
- for( p = buf + 2; p < end; p += 2 ) {
- if( *md_cur == (int) mbedtls_ssl_md_alg_from_hash( p[0] ) ) {
- ssl->handshake->sig_alg = p[0];
- goto have_sig_alg;
- }
+
+ for( p = buf + 2; p < end; p += 2 )
+ {
+ /* Silently ignore unknown signature or hash algorithms. */
+
+ if( ( sig_cur = mbedtls_ssl_pk_alg_from_sig( p[1] ) ) == MBEDTLS_PK_NONE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext"
+ " unknown sig alg encoding %d", p[1] ) );
+ continue;
+ }
+
+ /* Check if we support the hash the user proposes */
+ md_cur = mbedtls_ssl_md_alg_from_hash( p[0] );
+ if( md_cur == MBEDTLS_MD_NONE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
+ " unknown hash alg encoding %d", p[0] ) );
+ continue;
+ }
+
+ if( mbedtls_ssl_check_sig_hash( ssl, md_cur ) == 0 )
+ {
+ mbedtls_ssl_sig_hash_set_add( &ssl->handshake->hash_algs, sig_cur, md_cur );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext:"
+ " match sig %d and hash %d",
+ sig_cur, md_cur ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: "
+ "hash alg %d not supported", md_cur ) );
}
}
- /* Some key echanges do not need signatures at all */
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "no signature_algorithm in common" ) );
- return( 0 );
-
-have_sig_alg:
- MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
- ssl->handshake->sig_alg ) );
-
return( 0 );
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
@@ -645,7 +680,8 @@
const mbedtls_ssl_ciphersuite_t * ciphersuite_info )
{
mbedtls_ssl_key_cert *cur, *list, *fallback = NULL;
- mbedtls_pk_type_t pk_alg = mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
+ mbedtls_pk_type_t pk_alg =
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
uint32_t flags;
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
@@ -748,6 +784,11 @@
{
const mbedtls_ssl_ciphersuite_t *suite_info;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ mbedtls_pk_type_t sig_type;
+#endif
+
suite_info = mbedtls_ssl_ciphersuite_from_id( suite_id );
if( suite_info == NULL )
{
@@ -814,6 +855,25 @@
}
#endif
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ /* If the ciphersuite requires signing, check whether
+ * a suitable hash algorithm is present. */
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ sig_type = mbedtls_ssl_get_ciphersuite_sig_alg( suite_info );
+ if( sig_type != MBEDTLS_PK_NONE &&
+ mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs, sig_type ) == MBEDTLS_MD_NONE )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "ciphersuite mismatch: no suitable hash algorithm "
+ "for signature algorithm %d", sig_type ) );
+ return( 0 );
+ }
+ }
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
#if defined(MBEDTLS_X509_CRT_PARSE_C)
/*
* Final check: if ciphersuite requires us to have a
@@ -1118,6 +1178,15 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
int major, minor;
+ /* If there is no signature-algorithm extension present,
+ * we need to fall back to the default values for allowed
+ * signature-hash pairs. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ int sig_hash_alg_ext_present = 0;
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse client hello" ) );
#if defined(MBEDTLS_SSL_DTLS_ANTI_REPLAY)
@@ -1238,7 +1307,8 @@
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
}
- if( ( ret = mbedtls_ssl_fetch_input( ssl, mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
+ if( ( ret = mbedtls_ssl_fetch_input( ssl,
+ mbedtls_ssl_hdr_len( ssl ) + msg_len ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ssl_fetch_input", ret );
return( ret );
@@ -1629,10 +1699,11 @@
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
break;
#endif
-
ret = ssl_parse_signature_algorithms_ext( ssl, ext + 4, ext_size );
if( ret != 0 )
return( ret );
+
+ sig_hash_alg_ext_present = 1;
break;
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
@@ -1771,6 +1842,26 @@
}
#endif /* MBEDTLS_SSL_FALLBACK_SCSV */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+
+ /*
+ * Try to fall back to default hash SHA1 if the client
+ * hasn't provided any preferred signature-hash combinations.
+ */
+ if( sig_hash_alg_ext_present == 0 )
+ {
+ mbedtls_md_type_t md_default = MBEDTLS_MD_SHA1;
+
+ if( mbedtls_ssl_check_sig_hash( ssl, md_default ) != 0 )
+ md_default = MBEDTLS_MD_NONE;
+
+ mbedtls_ssl_sig_hash_set_const_hash( &ssl->handshake->hash_algs, md_default );
+ }
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
/*
* Check for TLS_EMPTY_RENEGOTIATION_INFO_SCSV
*/
@@ -1782,7 +1873,8 @@
#if defined(MBEDTLS_SSL_RENEGOTIATION)
if( ssl->renego_status == MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV during renegotiation" ) );
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "received RENEGOTIATION SCSV "
+ "during renegotiation" ) );
mbedtls_ssl_send_alert_message( ssl, MBEDTLS_SSL_ALERT_LEVEL_FATAL,
MBEDTLS_SSL_ALERT_MSG_HANDSHAKE_FAILURE );
return( MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO );
@@ -1892,6 +1984,28 @@
mbedtls_ssl_recv_flight_completed( ssl );
#endif
+ /* Debugging-only output for testsuite */
+#if defined(MBEDTLS_DEBUG_C) && \
+ defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
+ {
+ mbedtls_pk_type_t sig_alg = mbedtls_ssl_get_ciphersuite_sig_alg( ciphersuite_info );
+ if( sig_alg != MBEDTLS_PK_NONE )
+ {
+ mbedtls_md_type_t md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg );
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "client hello v3, signature_algorithm ext: %d",
+ mbedtls_ssl_hash_from_md_alg( md_alg ) ) );
+ }
+ else
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "no hash algorithm for signature algorithm "
+ "%d - should not happen", sig_alg ) );
+ }
+ }
+#endif
+
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse client hello" ) );
return( 0 );
@@ -2497,7 +2611,8 @@
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write certificate request" ) );
@@ -2519,7 +2634,8 @@
static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
size_t dn_size, total_dn_size; /* excluding length bytes */
size_t ct_len, sa_len; /* including length bytes */
unsigned char *buf, *p;
@@ -2633,35 +2749,40 @@
* opaque DistinguishedName<1..2^16-1>;
*/
p += 2;
-#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
- if( ssl->handshake->sni_ca_chain != NULL )
- crt = ssl->handshake->sni_ca_chain;
- else
-#endif
- crt = ssl->conf->ca_chain;
total_dn_size = 0;
- while( crt != NULL && crt->version != 0 )
+
+ if( ssl->conf->cert_req_ca_list == MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED )
{
- dn_size = crt->subject_raw.len;
+#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION)
+ if( ssl->handshake->sni_ca_chain != NULL )
+ crt = ssl->handshake->sni_ca_chain;
+ else
+#endif
+ crt = ssl->conf->ca_chain;
- if( end < p ||
- (size_t)( end - p ) < dn_size ||
- (size_t)( end - p ) < 2 + dn_size )
+ while( crt != NULL && crt->version != 0 )
{
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
- break;
+ dn_size = crt->subject_raw.len;
+
+ if( end < p ||
+ (size_t)( end - p ) < dn_size ||
+ (size_t)( end - p ) < 2 + dn_size )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "skipping CAs: buffer too short" ) );
+ break;
+ }
+
+ *p++ = (unsigned char)( dn_size >> 8 );
+ *p++ = (unsigned char)( dn_size );
+ memcpy( p, crt->subject_raw.p, dn_size );
+ p += dn_size;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
+
+ total_dn_size += 2 + dn_size;
+ crt = crt->next;
}
-
- *p++ = (unsigned char)( dn_size >> 8 );
- *p++ = (unsigned char)( dn_size );
- memcpy( p, crt->subject_raw.p, dn_size );
- p += dn_size;
-
- MBEDTLS_SSL_DEBUG_BUF( 3, "requested DN", p - dn_size, dn_size );
-
- total_dn_size += 2 + dn_size;
- crt = crt->next;
}
ssl->out_msglen = p - buf;
@@ -2715,74 +2836,81 @@
const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
ssl->transform_negotiate->ciphersuite_info;
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED)
unsigned char *p = ssl->out_msg + 4;
+ size_t len;
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
unsigned char *dig_signed = p;
- size_t dig_signed_len = 0, len;
- ((void) dig_signed);
- ((void) dig_signed_len);
- ((void) len);
-#endif
+ size_t dig_signed_len = 0;
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME_PFS__ENABLED */
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> write server key exchange" ) );
-#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_PSK_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_PSK ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_RSA_PSK )
- {
- MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
- ssl->state++;
- return( 0 );
- }
-#endif
+ /*
+ *
+ * Part 1: Extract static ECDH parameters and abort
+ * if ServerKeyExchange not needed.
+ *
+ */
-#if defined(MBEDTLS_KEY_EXCHANGE_ECDH_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDH_ECDSA )
+ /* For suites involving ECDH, extract DH parameters
+ * from certificate at this point. */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_ecdh( ciphersuite_info ) )
{
ssl_get_ecdh_params_from_cert( ssl );
+ }
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDH_ENABLED */
+ /* Key exchanges not involving ephemeral keys don't use
+ * ServerKeyExchange, so end here. */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME_NON_PFS__ENABLED)
+ if( mbedtls_ssl_ciphersuite_no_pfs( ciphersuite_info ) )
+ {
MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= skip write server key exchange" ) );
ssl->state++;
return( 0 );
}
-#endif
+#endif /* MBEDTLS_KEY_EXCHANGE__NON_PFS__ENABLED */
+ /*
+ *
+ * Part 2: Provide key exchange parameters for chosen ciphersuite.
+ *
+ */
+
+ /*
+ * - ECJPAKE key exchanges
+ */
#if defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECJPAKE )
{
- size_t jlen;
const unsigned char *end = ssl->out_msg + MBEDTLS_SSL_MAX_CONTENT_LEN;
ret = mbedtls_ecjpake_write_round_two( &ssl->handshake->ecjpake_ctx,
- p, end - p, &jlen, ssl->conf->f_rng, ssl->conf->p_rng );
+ p, end - p, &len, ssl->conf->f_rng, ssl->conf->p_rng );
if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_ecjpake_write_round_two", ret );
return( ret );
}
- p += jlen;
- n += jlen;
+ p += len;
+ n += len;
}
#endif /* MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
+ /*
+ * For (EC)DHE key exchanges with PSK, parameters are prefixed by support
+ * identity hint (RFC 4279, Sec. 3). Until someone needs this feature,
+ * we use empty support identity hints here.
+ **/
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED) || \
defined(MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK ||
ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
{
- /* Note: we don't support identity hints, until someone asks
- * for them. */
*(p++) = 0x00;
*(p++) = 0x00;
@@ -2791,10 +2919,11 @@
#endif /* MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED ||
MBEDTLS_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_PSK )
+ /*
+ * - DHE key exchanges
+ */
+#if defined(MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_dhe( ciphersuite_info ) )
{
if( ssl->conf->dhm_P.p == NULL || ssl->conf->dhm_G.p == NULL )
{
@@ -2826,8 +2955,10 @@
return( ret );
}
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
dig_signed = p;
dig_signed_len = len;
+#endif
p += len;
n += len;
@@ -2837,13 +2968,13 @@
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: G ", &ssl->handshake->dhm_ctx.G );
MBEDTLS_SSL_DEBUG_MPI( 3, "DHM: GX", &ssl->handshake->dhm_ctx.GX );
}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__SOME__DHE_ENABLED */
+ /*
+ * - ECDHE key exchanges
+ */
#if defined(MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_PSK )
+ if( mbedtls_ssl_ciphersuite_uses_ecdhe( ciphersuite_info ) )
{
/*
* Ephemeral ECDH parameters:
@@ -2886,8 +3017,10 @@
return( ret );
}
- dig_signed = p;
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+ dig_signed = p;
dig_signed_len = len;
+#endif
p += len;
n += len;
@@ -2896,29 +3029,44 @@
}
#endif /* MBEDTLS_KEY_EXCHANGE__SOME__ECDHE_ENABLED */
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
- if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_DHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_RSA ||
- ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ /*
+ *
+ * Part 3: For key exchanges involving the server signing the
+ * exchange parameters, compute and add the signature here.
+ *
+ */
+#if defined(MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED)
+ if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{
size_t signature_len = 0;
unsigned int hashlen = 0;
unsigned char hash[64];
- mbedtls_md_type_t md_alg = MBEDTLS_MD_NONE;
/*
- * Choose hash algorithm. NONE means MD5 + SHA1 here.
+ * 3.1: Choose hash algorithm:
+ * A: For TLS 1.2, obey signature-hash-algorithm extension
+ * to choose appropriate hash.
+ * B: For SSL3, TLS1.0, TLS1.1 and ECDHE_ECDSA, use SHA1
+ * (RFC 4492, Sec. 5.4)
+ * C: Otherwise, use MD5 + SHA1 (RFC 4346, Sec. 7.4.3)
*/
+
+ mbedtls_md_type_t md_alg;
+
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ mbedtls_pk_type_t sig_alg =
+ mbedtls_ssl_get_ciphersuite_sig_pk_alg( ciphersuite_info );
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- md_alg = mbedtls_ssl_md_alg_from_hash( ssl->handshake->sig_alg );
-
- if( md_alg == MBEDTLS_MD_NONE )
+ /* A: For TLS 1.2, obey signature-hash-algorithm extension
+ * (RFC 5246, Sec. 7.4.1.4.1). */
+ if( sig_alg == MBEDTLS_PK_NONE ||
+ ( md_alg = mbedtls_ssl_sig_hash_set_find( &ssl->handshake->hash_algs,
+ sig_alg ) ) == MBEDTLS_MD_NONE )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ /* (... because we choose a cipher suite
+ * only if there is a matching hash.) */
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
}
@@ -2926,19 +3074,23 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
- if( ciphersuite_info->key_exchange ==
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
+ if( ciphersuite_info->key_exchange == MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA )
{
+ /* B: Default hash SHA1 */
md_alg = MBEDTLS_MD_SHA1;
}
else
-#endif
+#endif /* MBEDTLS_SSL_PROTO_SSL3 || MBEDTLS_SSL_PROTO_TLS1 || \
+ MBEDTLS_SSL_PROTO_TLS1_1 */
{
+ /* C: MD5 + SHA1 */
md_alg = MBEDTLS_MD_NONE;
}
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "pick hash algorithm %d for signing", md_alg ) );
+
/*
- * Compute the hash to be signed
+ * 3.2: Compute the hash to be signed
*/
#if defined(MBEDTLS_SSL_PROTO_SSL3) || defined(MBEDTLS_SSL_PROTO_TLS1) || \
defined(MBEDTLS_SSL_PROTO_TLS1_1)
@@ -2963,6 +3115,7 @@
* SHA(ClientHello.random + ServerHello.random
* + ServerParams);
*/
+
mbedtls_md5_starts( &mbedtls_md5 );
mbedtls_md5_update( &mbedtls_md5, ssl->handshake->randbytes, 64 );
mbedtls_md5_update( &mbedtls_md5, dig_signed, dig_signed_len );
@@ -3024,7 +3177,7 @@
(unsigned int) ( mbedtls_md_get_size( mbedtls_md_info_from_type( md_alg ) ) ) );
/*
- * Make the signature
+ * 3.3: Compute and add the signature
*/
if( mbedtls_ssl_own_key( ssl ) == NULL )
{
@@ -3035,16 +3188,31 @@
#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ssl->minor_ver == MBEDTLS_SSL_MINOR_VERSION_3 )
{
- *(p++) = ssl->handshake->sig_alg;
- *(p++) = mbedtls_ssl_sig_from_pk( mbedtls_ssl_own_key( ssl ) );
+ /*
+ * For TLS 1.2, we need to specify signature and hash algorithm
+ * explicitly through a prefix to the signature.
+ *
+ * struct {
+ * HashAlgorithm hash;
+ * SignatureAlgorithm signature;
+ * } SignatureAndHashAlgorithm;
+ *
+ * struct {
+ * SignatureAndHashAlgorithm algorithm;
+ * opaque signature<0..2^16-1>;
+ * } DigitallySigned;
+ *
+ */
+
+ *(p++) = mbedtls_ssl_hash_from_md_alg( md_alg );
+ *(p++) = mbedtls_ssl_sig_from_pk_alg( sig_alg );
n += 2;
}
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
if( ( ret = mbedtls_pk_sign( mbedtls_ssl_own_key( ssl ), md_alg, hash, hashlen,
- p + 2 , &signature_len,
- ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
+ p + 2 , &signature_len, ssl->conf->f_rng, ssl->conf->p_rng ) ) != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_pk_sign", ret );
return( ret );
@@ -3058,9 +3226,9 @@
n += signature_len;
}
-#endif /* MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED ||
- MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#endif /* MBEDTLS_KEY_EXCHANGE__WITH_SERVER_SIGNATURE__ENABLED */
+
+ /* Done with actual work; add header and send. */
ssl->out_msglen = 4 + n;
ssl->out_msgtype = MBEDTLS_SSL_MSG_HANDSHAKE;
@@ -3571,7 +3739,8 @@
!defined(MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
@@ -3601,7 +3770,8 @@
mbedtls_pk_type_t pk_alg;
#endif
mbedtls_md_type_t md_alg;
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info = ssl->transform_negotiate->ciphersuite_info;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info =
+ ssl->transform_negotiate->ciphersuite_info;
MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse certificate verify" ) );
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index fc89b6d..1e5f8e4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -5331,7 +5331,11 @@
#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
handshake->update_checksum = ssl_update_checksum_start;
- handshake->sig_alg = MBEDTLS_SSL_HASH_SHA1;
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+ mbedtls_ssl_sig_hash_set_init( &handshake->hash_algs );
+#endif
#if defined(MBEDTLS_DHM_C)
mbedtls_dhm_init( &handshake->dhm_ctx );
@@ -6137,6 +6141,14 @@
}
#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+void mbedtls_ssl_conf_cert_req_ca_list( mbedtls_ssl_config *conf,
+ char cert_req_ca_list )
+{
+ conf->cert_req_ca_list = cert_req_ca_list;
+}
+#endif
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
void mbedtls_ssl_conf_encrypt_then_mac( mbedtls_ssl_config *conf, char etm )
{
@@ -7237,7 +7249,7 @@
MBEDTLS_MD_SHA256,
MBEDTLS_MD_SHA224,
#endif
-#if defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_SHA1_C) && defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
MBEDTLS_MD_SHA1,
#endif
MBEDTLS_MD_NONE
@@ -7319,6 +7331,10 @@
conf->anti_replay = MBEDTLS_SSL_ANTI_REPLAY_ENABLED;
#endif
+#if defined(MBEDTLS_SSL_SRV_C)
+ conf->cert_req_ca_list = MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED;
+#endif
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
conf->hs_timeout_min = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MIN;
conf->hs_timeout_max = MBEDTLS_SSL_DTLS_TIMEOUT_DFL_MAX;
@@ -7462,6 +7478,19 @@
return( MBEDTLS_SSL_SIG_ANON );
}
+unsigned char mbedtls_ssl_sig_from_pk_alg( mbedtls_pk_type_t type )
+{
+ switch( type ) {
+ case MBEDTLS_PK_RSA:
+ return( MBEDTLS_SSL_SIG_RSA );
+ case MBEDTLS_PK_ECDSA:
+ case MBEDTLS_PK_ECKEY:
+ return( MBEDTLS_SSL_SIG_ECDSA );
+ default:
+ return( MBEDTLS_SSL_SIG_ANON );
+ }
+}
+
mbedtls_pk_type_t mbedtls_ssl_pk_alg_from_sig( unsigned char sig )
{
switch( sig )
@@ -7480,6 +7509,57 @@
}
#endif /* MBEDTLS_PK_C && ( MBEDTLS_RSA_C || MBEDTLS_ECDSA_C ) */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2) && \
+ defined(MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED)
+
+/* Find an entry in a signature-hash set matching a given hash algorithm. */
+mbedtls_md_type_t mbedtls_ssl_sig_hash_set_find( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg )
+{
+ switch( sig_alg )
+ {
+ case MBEDTLS_PK_RSA:
+ return( set->rsa );
+ case MBEDTLS_PK_ECDSA:
+ return( set->ecdsa );
+ default:
+ return( MBEDTLS_MD_NONE );
+ }
+}
+
+/* Add a signature-hash-pair to a signature-hash set */
+void mbedtls_ssl_sig_hash_set_add( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_pk_type_t sig_alg,
+ mbedtls_md_type_t md_alg )
+{
+ switch( sig_alg )
+ {
+ case MBEDTLS_PK_RSA:
+ if( set->rsa == MBEDTLS_MD_NONE )
+ set->rsa = md_alg;
+ break;
+
+ case MBEDTLS_PK_ECDSA:
+ if( set->ecdsa == MBEDTLS_MD_NONE )
+ set->ecdsa = md_alg;
+ break;
+
+ default:
+ break;
+ }
+}
+
+/* Allow exactly one hash algorithm for each signature. */
+void mbedtls_ssl_sig_hash_set_const_hash( mbedtls_ssl_sig_hash_set_t *set,
+ mbedtls_md_type_t md_alg )
+{
+ set->rsa = md_alg;
+ set->ecdsa = md_alg;
+}
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2) &&
+ MBEDTLS_KEY_EXCHANGE__WITH_CERT__ENABLED */
+
/*
* Convert from MBEDTLS_SSL_HASH_XXX to MBEDTLS_MD_XXX
*/
diff --git a/library/threading.c b/library/threading.c
index 83ec01a..55091e8 100644
--- a/library/threading.c
+++ b/library/threading.c
@@ -32,7 +32,7 @@
#if defined(MBEDTLS_THREADING_PTHREAD)
static void threading_mutex_init_pthread( mbedtls_threading_mutex_t *mutex )
{
- if( mutex == NULL || mutex->is_valid )
+ if( mutex == NULL )
return;
mutex->is_valid = pthread_mutex_init( &mutex->mutex, NULL ) == 0;
@@ -113,6 +113,9 @@
mbedtls_mutex_init( &mbedtls_threading_readdir_mutex );
mbedtls_mutex_init( &mbedtls_threading_gmtime_mutex );
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ mbedtls_mutex_init( &mbedtls_threading_ecp_mutex );
+#endif
}
/*
@@ -122,6 +125,9 @@
{
mbedtls_mutex_free( &mbedtls_threading_readdir_mutex );
mbedtls_mutex_free( &mbedtls_threading_gmtime_mutex );
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ mbedtls_mutex_free( &mbedtls_threading_ecp_mutex );
+#endif
}
#endif /* MBEDTLS_THREADING_ALT */
@@ -133,5 +139,8 @@
#endif
mbedtls_threading_mutex_t mbedtls_threading_readdir_mutex MUTEX_INIT;
mbedtls_threading_mutex_t mbedtls_threading_gmtime_mutex MUTEX_INIT;
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+mbedtls_threading_mutex_t mbedtls_threading_ecp_mutex MUTEX_INIT;
+#endif
#endif /* MBEDTLS_THREADING_C */
diff --git a/library/version_features.c b/library/version_features.c
index e866e67..9f97c7b 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -117,6 +117,9 @@
#if defined(MBEDTLS_SHA512_ALT)
"MBEDTLS_SHA512_ALT",
#endif /* MBEDTLS_SHA512_ALT */
+#if defined(MBEDTLS_ECP_ALT)
+ "MBEDTLS_ECP_ALT",
+#endif /* MBEDTLS_ECP_ALT */
#if defined(MBEDTLS_MD2_PROCESS_ALT)
"MBEDTLS_MD2_PROCESS_ALT",
#endif /* MBEDTLS_MD2_PROCESS_ALT */
@@ -159,6 +162,33 @@
#if defined(MBEDTLS_AES_DECRYPT_ALT)
"MBEDTLS_AES_DECRYPT_ALT",
#endif /* MBEDTLS_AES_DECRYPT_ALT */
+#if defined(MBEDTLS_ECP_INTERNAL_ALT)
+ "MBEDTLS_ECP_INTERNAL_ALT",
+#endif /* MBEDTLS_ECP_INTERNAL_ALT */
+#if defined(MBEDTLS_ECP_RANDOMIZE_JAC_ALT)
+ "MBEDTLS_ECP_RANDOMIZE_JAC_ALT",
+#endif /* MBEDTLS_ECP_RANDOMIZE_JAC_ALT */
+#if defined(MBEDTLS_ECP_ADD_MIXED_ALT)
+ "MBEDTLS_ECP_ADD_MIXED_ALT",
+#endif /* MBEDTLS_ECP_ADD_MIXED_ALT */
+#if defined(MBEDTLS_ECP_DOUBLE_JAC_ALT)
+ "MBEDTLS_ECP_DOUBLE_JAC_ALT",
+#endif /* MBEDTLS_ECP_DOUBLE_JAC_ALT */
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT)
+ "MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT",
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_MANY_ALT */
+#if defined(MBEDTLS_ECP_NORMALIZE_JAC_ALT)
+ "MBEDTLS_ECP_NORMALIZE_JAC_ALT",
+#endif /* MBEDTLS_ECP_NORMALIZE_JAC_ALT */
+#if defined(MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT)
+ "MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT",
+#endif /* MBEDTLS_ECP_DOUBLE_ADD_MXZ_ALT */
+#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
+ "MBEDTLS_ECP_RANDOMIZE_MXZ_ALT",
+#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
+#if defined(MBEDTLS_ECP_NORMALIZE_MXZ_ALT)
+ "MBEDTLS_ECP_NORMALIZE_MXZ_ALT",
+#endif /* MBEDTLS_ECP_NORMALIZE_MXZ_ALT */
#if defined(MBEDTLS_TEST_NULL_ENTROPY)
"MBEDTLS_TEST_NULL_ENTROPY",
#endif /* MBEDTLS_TEST_NULL_ENTROPY */
diff --git a/library/x509.c b/library/x509.c
index e438770..88e32b0 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -1035,7 +1035,7 @@
*/
int mbedtls_x509_self_test( int verbose )
{
-#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA1_C)
+#if defined(MBEDTLS_CERTS_C) && defined(MBEDTLS_SHA256_C)
int ret;
uint32_t flags;
mbedtls_x509_crt cacert;
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 234f145..d86857d 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -85,9 +85,11 @@
*/
const mbedtls_x509_crt_profile mbedtls_x509_crt_profile_default =
{
- /* Hashes from SHA-1 and above */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES)
+ /* Allow SHA-1 (weak, but still safe in controlled environments) */
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
- MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_RIPEMD160 ) |
+#endif
+ /* Only SHA-2 hashes */
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA224 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA256 ) |
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA384 ) |
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index a1d71e1..212f47a 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -87,6 +87,7 @@
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
+#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
@@ -263,6 +264,7 @@
USAGE_DHMLEN \
"\n" \
" arc4=%%d default: (library default: 0)\n" \
+ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
@@ -301,6 +303,7 @@
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
+ int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* negotiate truncated hmac or not */
@@ -395,6 +398,22 @@
return( 0 );
}
+
+static int ssl_sig_hashes_for_test[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ /* Allow SHA-1 as we use it extensively in tests. */
+ MBEDTLS_MD_SHA1,
+#endif
+ MBEDTLS_MD_NONE
+};
#endif /* MBEDTLS_X509_CRT_PARSE_C */
int main( int argc, char *argv[] )
@@ -411,6 +430,9 @@
#endif
const char *pers = "ssl_client2";
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
@@ -491,6 +513,7 @@
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
+ opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
@@ -705,6 +728,15 @@
default: goto usage;
}
}
+ else if( strcmp( p, "allow_sha1" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.allow_sha1 = 0; break;
+ case 1: opt.allow_sha1 = 1; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -1089,9 +1121,18 @@
}
#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /* The default algorithms profile disables SHA-1, but our tests still
+ rely on it heavily. */
+ if( opt.allow_sha1 > 0 )
+ {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
+ mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+ mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ }
+
if( opt.debug_level > 0 )
mbedtls_ssl_conf_verify( &conf, my_verify, NULL );
-#endif
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 96bd35f..0582710 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -123,7 +123,9 @@
#define DFL_MIN_VERSION -1
#define DFL_MAX_VERSION -1
#define DFL_ARC4 -1
+#define DFL_SHA1 -1
#define DFL_AUTH_MODE -1
+#define DFL_CERT_REQ_CA_LIST MBEDTLS_SSL_CERT_REQ_CA_LIST_ENABLED
#define DFL_MFL_CODE MBEDTLS_SSL_MAX_FRAG_LEN_NONE
#define DFL_TRUNC_HMAC -1
#define DFL_TICKETS MBEDTLS_SSL_SESSION_TICKETS_ENABLED
@@ -326,6 +328,8 @@
"\n" \
" auth_mode=%%s default: (library default: none)\n" \
" options: none, optional, required\n" \
+ " cert_req_ca_list=%%d default: 1 (send ca list)\n" \
+ " options: 1 (send ca list), 0 (don't send)\n" \
USAGE_IO \
USAGE_SNI \
"\n" \
@@ -345,6 +349,7 @@
USAGE_ETM \
"\n" \
" arc4=%%d default: (library default: 0)\n" \
+ " allow_sha1=%%d default: 0\n" \
" min_version=%%s default: (library default: tls1)\n" \
" max_version=%%s default: (library default: tls1_2)\n" \
" force_version=%%s default: \"\" (none)\n" \
@@ -400,7 +405,9 @@
int min_version; /* minimum protocol version accepted */
int max_version; /* maximum protocol version accepted */
int arc4; /* flag for arc4 suites support */
+ int allow_sha1; /* flag for SHA-1 support */
int auth_mode; /* verify mode for connection */
+ int cert_req_ca_list; /* should we send the CA list? */
unsigned char mfl_code; /* code for maximum fragment length */
int trunc_hmac; /* accept truncated hmac? */
int tickets; /* enable / disable session tickets */
@@ -795,6 +802,24 @@
}
#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+static int ssl_sig_hashes_for_test[] = {
+#if defined(MBEDTLS_SHA512_C)
+ MBEDTLS_MD_SHA512,
+ MBEDTLS_MD_SHA384,
+#endif
+#if defined(MBEDTLS_SHA256_C)
+ MBEDTLS_MD_SHA256,
+ MBEDTLS_MD_SHA224,
+#endif
+#if defined(MBEDTLS_SHA1_C)
+ /* Allow SHA-1 as we use it extensively in tests. */
+ MBEDTLS_MD_SHA1,
+#endif
+ MBEDTLS_MD_NONE
+};
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
int main( int argc, char *argv[] )
{
int ret = 0, len, written, frags, exchanges_left;
@@ -812,6 +837,9 @@
mbedtls_ssl_cookie_ctx cookie_ctx;
#endif
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
+#endif
mbedtls_entropy_context entropy;
mbedtls_ctr_drbg_context ctr_drbg;
mbedtls_ssl_context ssl;
@@ -943,7 +971,9 @@
opt.min_version = DFL_MIN_VERSION;
opt.max_version = DFL_MAX_VERSION;
opt.arc4 = DFL_ARC4;
+ opt.allow_sha1 = DFL_SHA1;
opt.auth_mode = DFL_AUTH_MODE;
+ opt.cert_req_ca_list = DFL_CERT_REQ_CA_LIST;
opt.mfl_code = DFL_MFL_CODE;
opt.trunc_hmac = DFL_TRUNC_HMAC;
opt.tickets = DFL_TICKETS;
@@ -1113,6 +1143,15 @@
default: goto usage;
}
}
+ else if( strcmp( p, "allow_sha1" ) == 0 )
+ {
+ switch( atoi( q ) )
+ {
+ case 0: opt.allow_sha1 = 0; break;
+ case 1: opt.allow_sha1 = 1; break;
+ default: goto usage;
+ }
+ }
else if( strcmp( p, "force_version" ) == 0 )
{
if( strcmp( q, "ssl3" ) == 0 )
@@ -1155,6 +1194,12 @@
if( ( opt.auth_mode = get_auth_mode( q ) ) < 0 )
goto usage;
}
+ else if( strcmp( p, "cert_req_ca_list" ) == 0 )
+ {
+ opt.cert_req_ca_list = atoi( q );
+ if( opt.cert_req_ca_list < 0 || opt.cert_req_ca_list > 1 )
+ goto usage;
+ }
else if( strcmp( p, "max_frag_len" ) == 0 )
{
if( strcmp( q, "512" ) == 0 )
@@ -1631,9 +1676,24 @@
goto exit;
}
+#if defined(MBEDTLS_X509_CRT_PARSE_C)
+ /* The default algorithms profile disables SHA-1, but our tests still
+ rely on it heavily. Hence we allow it here. A real-world server
+ should use the default profile unless there is a good reason not to. */
+ if( opt.allow_sha1 > 0 )
+ {
+ crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
+ mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
+ mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
+ }
+#endif /* MBEDTLS_X509_CRT_PARSE_C */
+
if( opt.auth_mode != DFL_AUTH_MODE )
mbedtls_ssl_conf_authmode( &conf, opt.auth_mode );
+ if( opt.cert_req_ca_list != DFL_CERT_REQ_CA_LIST )
+ mbedtls_ssl_conf_cert_req_ca_list( &conf, opt.cert_req_ca_list );
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
if( opt.hs_to_min != DFL_HS_TO_MIN || opt.hs_to_max != DFL_HS_TO_MAX )
mbedtls_ssl_conf_handshake_timeout( &conf, opt.hs_to_min, opt.hs_to_max );
diff --git a/tests/compat.sh b/tests/compat.sh
index aa81242..c5074cb 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -824,6 +824,11 @@
else
M_CLIENT_ARGS="$M_CLIENT_ARGS crt_file=none key_file=none"
fi
+
+ # Allow SHA-1. It's disabled by default for security reasons but
+ # our tests still use certificates signed with it.
+ M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
+ M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
;;
"PSK")
@@ -836,6 +841,11 @@
M_CLIENT_ARGS="$M_CLIENT_ARGS psk=6162636465666768696a6b6c6d6e6f70 crt_file=none key_file=none"
O_CLIENT_ARGS="$O_CLIENT_ARGS -psk 6162636465666768696a6b6c6d6e6f70"
G_CLIENT_ARGS="$G_CLIENT_ARGS --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70"
+
+ # Allow SHA-1. It's disabled by default for security reasons but
+ # our tests still use certificates signed with it.
+ M_SERVER_ARGS="$M_SERVER_ARGS allow_sha1=1"
+ M_CLIENT_ARGS="$M_CLIENT_ARGS allow_sha1=1"
;;
esac
}
diff --git a/tests/data_files/.gitignore b/tests/data_files/.gitignore
new file mode 100644
index 0000000..d16c04c
--- /dev/null
+++ b/tests/data_files/.gitignore
@@ -0,0 +1,3 @@
+cli-rsa.csr
+server2-rsa.csr
+test-ca.csr
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
new file mode 100644
index 0000000..f7826d4
--- /dev/null
+++ b/tests/data_files/Makefile
@@ -0,0 +1,94 @@
+## This file contains a record of how some of the test data was
+## generated. The final build products are committed to the repository
+## as well to make sure that the test data is identical. You do not
+## need to use this makefile unless you're extending mbed TLS's tests.
+
+## Many data files were generated prior to the existence of this
+## makefile, so the method of their generation was not recorded.
+
+## Note that in addition to depending on the version of the data
+## generation tool, many of the build outputs are randomized, so
+## running this makefile twice would not produce the same results.
+
+## Tools
+OPENSSL ?= openssl
+
+## Build the generated test data. Note that since the final outputs
+## are committed to the repository, this target should do nothing on a
+## fresh checkout. Furthermore, since the generation is randomized,
+## re-running the same targets may result in differing files. The goal
+## of this makefile is primarily to serve as a record of how the
+## targets were generated in the first place.
+default: all_final
+
+all_intermediate := # temporary files
+all_final := # files used by tests
+
+
+
+################################################################
+#### Generate certificates from existing keys
+################################################################
+
+test_ca_key_file_rsa = test-ca.key
+test_ca_pwd_rsa = PolarSSLTest
+test_ca_config_file = test-ca.opensslconf
+
+test-ca.csr: $(test_ca_key_file_rsa) $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test CA" -out $@
+all_intermediate += test-ca.csr
+test-ca-sha1.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha1 -in test-ca.csr -out $@
+all_final += test-ca-sha1.crt
+test-ca-sha256.crt: $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.csr
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.csr -out $@
+all_final += test-ca-sha256.crt
+
+cli_crt_key_file_rsa = cli-rsa.key
+cli_crt_extensions_file = cli.opensslconf
+
+cli-rsa.csr: $(cli_crt_key_file_rsa)
+ $(OPENSSL) req -new -key $(cli_crt_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=PolarSSL Client 2" -out $@
+all_intermediate += cli-rsa.csr
+cli-rsa-sha1.crt: $(cli_crt_key_file_rsa) test-ca-sha1.crt cli-rsa.csr
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha1.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha1 -in cli-rsa.csr -out $@
+all_final += cli-rsa-sha1.crt
+cli-rsa-sha256.crt: $(cli_crt_key_file_rsa) test-ca-sha256.crt cli-rsa.csr
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in cli-rsa.csr -out $@
+all_final += cli-rsa-sha256.crt
+
+server2-rsa.csr: server2.key
+ $(OPENSSL) req -new -key server2.key -passin "pass:$(test_ca_pwd_rsa)" -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
+all_intermediate += server2-rsa.csr
+server2-sha256.crt: server2-rsa.csr
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA test-ca-sha256.crt -CAkey $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 4 -days 3653 -sha256 -in server2-rsa.csr -out $@
+all_final += server2-sha256.crt
+
+
+
+################################################################
+#### Meta targets
+################################################################
+
+all_final: $(all_final)
+all: $(all_intermediate) $(all_final)
+
+.PHONY: default all_final all
+
+# These files should not be committed to the repository.
+list_intermediate:
+ @printf '%s\n' $(all_intermediate) | sort
+# These files should be committed to the repository so that the test data is
+# available upon checkout without running a randomized process depending on
+# third-party tools.
+list_final:
+ @printf '%s\n' $(all_final) | sort
+.PHONY: list_intermediate list_final
+
+## Remove intermediate files
+clean:
+ rm -f $(all_intermediate)
+## Remove all build products, even the ones that are committed
+neat: clean
+ rm -f $(all_final)
+.PHONY: clean neat
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 680d612..60b0fd4 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -6,6 +6,8 @@
There are two main CAs for use as trusted roots:
- test-ca.crt aka "C=NL, O=PolarSSL, CN=PolarSSL Test CA"
uses a RSA-2048 key
+ test-ca-sha1.crt and test-ca-sha256.crt use the same key, signed with
+ different hashes.
- test-ca2*.crt aka "C=NL, O=PolarSSL, CN=Polarssl Test EC CA"
uses an EC key with NIST P-384 (aka secp384r1)
variants used to test the keyUsage extension
@@ -53,6 +55,8 @@
- cert_md*.crt, cert_sha*.crt: 1 R: signature hash
- cert_v1_with_ext.crt: 1 R: v1 with extensions (illegal)
- cli2.crt: 2 E: basic
+- cli-rsa.key, cli-rsa-*.crt: RSA key used for test clients, signed by
+ the RSA test CA.
- enco-cert-utf8str.pem: see enco-ca-prstr.pem above
- server1*.crt: 1* R C* P1*: misc *(server1-v1 see test-ca-v1.crt above)
*CRL for: .cert_type.crt, .crt, .key_usage.crt, .v1.crt
@@ -91,3 +95,13 @@
Note: crl_future would revoke server9 and cert_sha384.crt if signed by CA 1
crl-rsa-pss* would revoke server6.crt if signed by CA 2
+
+Generation
+----------
+
+Newer test files have been generated through commands in the Makefile. The
+resulting files are committed to the repository so that the tests can
+run without having to re-do the generation and so that the output is the
+same for everyone (the generation process is randomized).
+
+The origin of older certificates has not been recorded.
diff --git a/tests/data_files/cli-rsa-sha1.crt b/tests/data_files/cli-rsa-sha1.crt
new file mode 100644
index 0000000..906f6df
--- /dev/null
+++ b/tests/data_files/cli-rsa-sha1.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA1MTMwNzEwWhcNMjcwNTA2MTMwNzEwWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
+gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
+BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
+EwQCMAAwDQYJKoZIhvcNAQEFBQADggEBAE/yq2fOqjI0jm52TwdVsTUvZ+B2s16u
+C4Qj/c89iZ7VfplpOAEV9+G6gHm/gf2O7Jgj0yXfFugQ2d+lR70cH64JFn9N1Rg9
+gCo5EDBLourI8R0Kkg9zdlShBv7giwqg667Qjsu+oEWVerICOqNQGolotYSZvmtJ
+7RiD8I4MXB4Qt0sSjxE897pvc4ODem10zXzvedv/q11q1mUn2L1fFc1dGIguk1fn
+I/XP87FCapRobUTYrF6IvdqFaUMQ7lF3GiUIvjDPb4Wt1CyHhi/tu/SfV3fmX3rs
+19UeGnvC7AdQ+OwLt3nEIlSpqVKPXHKfRKZg1WzZNgCQtNB1SrZAzFc=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa-sha256.crt b/tests/data_files/cli-rsa-sha256.crt
new file mode 100644
index 0000000..a0fc11e
--- /dev/null
+++ b/tests/data_files/cli-rsa-sha256.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhTCCAm2gAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA1MTMwNzU5WhcNMjcwNTA2MTMwNzU5WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENsaWVudCAyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o4GSMIGPMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITBjBgNVHSMEXDBa
+gBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNV
+BAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEAMAkGA1Ud
+EwQCMAAwDQYJKoZIhvcNAQELBQADggEBAC7yO786NvcHpK8UovKIG9cB32oSQQom
+LoR0eHDRzdqEkoq7yGZufHFiRAAzbMqJfogRtxlrWAeB4y/jGaMBV25IbFOIcH2W
+iCEaMMbG+VQLKNvuC63kmw/Zewc9ThM6Pa1Hcy0axT0faf1B/U01j0FIcw/6mTfK
+D8w48OIwc1yr0JtutCVjig5DC0yznGMt32RyseOLcUe+lfq005v2PAiCozr5X8rE
+ofGZpiM2NqRPePgYy+Vc75Zk28xkRQq1ncprgQb3S4vTsZdScpM9hLf+eMlrgqlj
+c5PLSkXBeLE5+fedkyfTaLxxQlgCpuoOhKBm04/R1pWNzUHyqagjO9Q=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/cli-rsa.key b/tests/data_files/cli-rsa.key
new file mode 100644
index 0000000..eb1d3bc
--- /dev/null
+++ b/tests/data_files/cli-rsa.key
@@ -0,0 +1,27 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIEpAIBAAKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6fM60Nj4o8VmXl3ETZzGaF
+B9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu1C93KYRhTYJQj6eVSHD1
+bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEwMjDV0/YI0FZPRo7yX/k9
+Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v4Jv4EFbMs44TFeY0BGbH
+7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx//DZrtenNLQNiTrM9AM+v
+dqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQABAoIBAGdNtfYDiap6bzst
+yhCiI8m9TtrhZw4MisaEaN/ll3XSjaOG2dvV6xMZCMV+5TeXDHOAZnY18Yi18vzz
+4Ut2TnNFzizCECYNaA2fST3WgInnxUkV3YXAyP6CNxJaCmv2aA0yFr2kFVSeaKGt
+ymvljNp2NVkvm7Th8fBQBO7I7AXhz43k0mR7XmPgewe8ApZOG3hstkOaMvbWAvWA
+zCZupdDjZYjOJqlA4eEA4H8/w7F83r5CugeBE8LgEREjLPiyejrU5H1fubEY+h0d
+l5HZBJ68ybTXfQ5U9o/QKA3dd0toBEhhdRUDGzWtjvwkEQfqF1reGWj/tod/gCpf
+DFi6X0ECgYEA4wOv/pjSC3ty6TuOvKX2rOUiBrLXXv2JSxZnMoMiWI5ipLQt+RYT
+VPafL/m7Dn6MbwjayOkcZhBwk5CNz5A6Q4lJ64Mq/lqHznRCQQ2Mc1G8eyDF/fYL
+Ze2pLvwP9VD5jTc2miDfw+MnvJhywRRLcemDFP8k4hQVtm8PMp3ZmNECgYEA4gz7
+wzObR4gn8ibe617uQPZjWzUj9dUHYd+in1gwBCIrtNnaRn9I9U/Q6tegRYpii4ys
+c176NmU+umy6XmuSKV5qD9bSpZWG2nLFnslrN15Lm3fhZxoeMNhBaEDTnLT26yoi
+33gp0mSSWy94ZEqipms+ULF6sY1ZtFW6tpGFoy8CgYAQHhnnvJflIs2ky4q10B60
+ZcxFp3rtDpkp0JxhFLhiizFrujMtZSjYNm5U7KkgPVHhLELEUvCmOnKTt4ap/vZ0
+BxJNe1GZH3pW6SAvGDQpl9sG7uu/vTFP+lCxukmzxB0DrrDcvorEkKMom7ZCCRvW
+KZsZ6YeH2Z81BauRj218kQKBgQCUV/DgKP2985xDTT79N08jUo3hTP5MVYCCuj/+
+UeEw1TvZcx3LJby7P6Xad6a1/BqveaGyFKIfEFIaBUBItk801sDDpDaYc4gL00Xc
+7lFuBHOZkxJYlss5QrGpuOEl9ZwUt5IrFLBdYaKqNHzNVC1pCPfb/JyH6Dr2HUxq
+gxUwAQKBgQCcU6G2L8AG9d9c0UpOyL1tMvFe5Ttw0KjlQVdsh1MP6yigYo9DYuwu
+bHFVW2r0dBTqegP2/KTOxKzaHfC1qf0RGDsUoJCNJrd1cwoCLG8P2EF4w3OBrKqv
+8u4ytY0F+Vlanj5lm3TaoHSVF1+NWPyOTiwevIECGKwSxvlki4fDAA==
+-----END RSA PRIVATE KEY-----
\ No newline at end of file
diff --git a/tests/data_files/cli.opensslconf b/tests/data_files/cli.opensslconf
new file mode 100644
index 0000000..ae9ab9d
--- /dev/null
+++ b/tests/data_files/cli.opensslconf
@@ -0,0 +1,4 @@
+[cli-rsa]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:false
diff --git a/tests/data_files/print_c.pl b/tests/data_files/print_c.pl
new file mode 100755
index 0000000..d0ec137
--- /dev/null
+++ b/tests/data_files/print_c.pl
@@ -0,0 +1,34 @@
+#!/usr/bin/env perl
+use strict;
+use warnings;
+
+if (!@ARGV || $ARGV[0] == '--help') {
+ print <<EOF;
+Usage: $0 mbedtls_test_foo <file.pem
+ $0 TEST_FOO mbedtls_test_foo <file.pem
+Print out a PEM file as C code defining a string constant.
+
+Used to include some of the test data in /library/certs.c for
+self-tests and sample programs.
+EOF
+ exit;
+}
+
+my $pp_name = @ARGV > 1 ? shift @ARGV : undef;
+my $name = shift @ARGV;
+
+my @lines = map {chomp; s/([\\"])/\\$1/g; "\"$_\\r\\n\""} <STDIN>;
+
+if (defined $pp_name) {
+ foreach ("#define $pp_name", @lines[0..@lines-2]) {
+ printf "%-72s\\\n", $_;
+ }
+ print "$lines[@lines-1]\n";
+ print "const char $name\[\] = $pp_name;\n";
+} else {
+ print "const char $name\[\] =";
+ foreach (@lines) {
+ print "\n$_";
+ }
+ print ";\n";
+}
diff --git a/tests/data_files/server2-sha256.crt b/tests/data_files/server2-sha256.crt
new file mode 100644
index 0000000..006d9db
--- /dev/null
+++ b/tests/data_files/server2-sha256.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDfTCCAmWgAwIBAgIBBDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA5MTM1MTA1WhcNMjcwNTEwMTM1MTA1WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBkjCBjzAd
+BgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwYwYDVR0jBFwwWoAUtFrkpbPe
+0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBADAJBgNVHRMEAjAAMA0G
+CSqGSIb3DQEBCwUAA4IBAQAQf85QSjAeP+l6hirPorUL+k/3BznAh/6RXdveBO3K
+uwtqK5qI59+3N+ZLXP7fr2Z5eO8qpchRgNNwT0LKglAEXGWn30PYI1GKSiqAaK0X
+CUNIrxV3qKqOLbtqP1dMdiwsmiHYrN8E9UdysObedE2yDNLpTMHPJBZ+k6FowTyZ
+IpUuabkxMBFxmLv+nOBDOiaCzintEcdJdY4F6p5j8jwMvVNVAXNfxAEwa0MoVRTt
+/GORvq4ZEfsatVA+HRi602m+dZETTWKSODrj8AuQcG8/i1AOhk3C1WNOFKj/ZSfB
+2P6EQmhLeRp4bO+3rG73T3R2yn0PZYQ7ZrjFPPKqgu+n
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-sha1.crt b/tests/data_files/test-ca-sha1.crt
new file mode 100644
index 0000000..7cb35d4
--- /dev/null
+++ b/tests/data_files/test-ca-sha1.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAfDd5khSv/+K3De9qmH/ID3CVapGS
+EN5MlXS5vvGCjZSA41MuXkUl11akKHXQ9aLlp85OZUdGbfQ5wwCoj/MymbT4fES2
+1dI8O1oI3PZI/0dqEvQETlIwSoZV2c/oaPRfh2E99v2+8FNIaZOfV2MX1n9+6AdO
+W2nlK2oklozXSYg6KWtISr8N8Ofew2LQ9+riFlrrdaxsr8CoJqPqMDTq7FUmkDmO
+oHize/h9bFksIunKoVQHa8P4w/W9bnR69nziyhZotbwOOkAWVnIyEM9QnaKWXeIy
+rP6ewcTQjNYkguHJ8RY9rW+5bdaSY4EljSqZ3P3F+zo8P6sVi3qSlai5lQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-sha256.crt b/tests/data_files/test-ca-sha256.crt
new file mode 100644
index 0000000..b14e405
--- /dev/null
+++ b/tests/data_files/test-ca-sha256.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTcwNTA0MTY1NzAxWhcNMjcwNTA1MTY1NzAxWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/MGMGA1UdIwRcMFqA
+FLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UE
+CgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQAwDAYDVR0T
+BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEAHK/HHrTZMnnVMpde1io+voAtql7j
+4sRhLrjD7o3THtwRbDa2diCvpq0Sq23Ng2LMYoXsOxoL/RQK3iN7UKxV3MKPEr0w
+XQS+kKQqiT2bsfrjnWMVHZtUOMpm6FNqcdGm/Rss3vKda2lcKl8kUnq/ylc1+QbB
+G6A6tUvQcr2ZyWfVg+mM5XkhTrOOXus2OLikb4WwEtJTJRNE0f+yPODSUz0/vT57
+ApH0CnB80bYJshYHPHHymOtleAB8KSYtqm75g/YNobjnjB6cm4HkW3OZRVIl6fYY
+n20NRVA1Vjs6GAROr4NqW4k/+LofY9y0LLDE+p0oIEKXIsIvhPr39swxSA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
new file mode 100644
index 0000000..12835df
--- /dev/null
+++ b/tests/data_files/test-ca.opensslconf
@@ -0,0 +1,13 @@
+[req]
+x509_extensions = v3_ca
+distinguished_name = req_dn
+
+[req_dn]
+countryName = NL
+organizationalUnitName = PolarSSL
+commonName = PolarSSL Test CA
+
+[v3_ca]
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
+basicConstraints = CA:true
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index ea96901..7c33c5c 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -486,6 +486,15 @@
armc6_build_test "--target=arm-arm-none-eabi -march=armv8-m.main"
armc6_build_test "--target=aarch64-arm-none-eabi"
+msg "build: allow SHA1 in certificates by default"
+cleanup
+cp "$CONFIG_H" "$CONFIG_BAK"
+scripts/config.pl set MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+CFLAGS='-Werror -Wall -Wextra' make
+msg "test: allow SHA1 in certificates by default"
+make test
+tests/ssl-opt.sh -f SHA-1
+
msg "build: Windows cross build - mingw64, make (Link Library)" # ~ 30s
cleanup
CC=i686-w64-mingw32-gcc AR=i686-w64-mingw32-ar LD=i686-w64-minggw32-ld CFLAGS='-Werror -Wall -Wextra' WINDOWS_BUILD=1 make lib programs
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index abd27a8..b0fd696 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -19,6 +19,10 @@
# everything with a backslach except '\0' and backslash at EOL
my $doxy_re = qr/\\(?!0|\n)/;
+# Return an error code to the environment if a potential error in the
+# source code is found.
+my $exit_code = 0;
+
sub check_file {
my ($fname) = @_;
open my $fh, '<', $fname or die "Failed to open '$fname': $!\n";
@@ -32,6 +36,7 @@
if ($block_start and $line =~ m/$doxy_re/) {
print "$fname:$block_start: directive on line $.\n";
$block_start = 0; # report only one directive per block
+ $exit_code = 1;
}
}
@@ -45,13 +50,15 @@
}
}
-# locate root directory based on invocation name
-my $root = dirname($0) . '/..';
-chdir $root or die "Can't chdir to '$root': $!\n";
-
-# just do it
+# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
- check_dir($dir)
+ if (! -d $dir) {
+ die "This script must be run from the mbed TLS root directory";
+ } else {
+ check_dir($dir)
+ }
}
+exit $exit_code;
+
__END__
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index f7b43f6..398405b 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -635,6 +635,10 @@
G_SRV="$G_SRV -p $SRV_PORT"
G_CLI="$G_CLI -p +SRV_PORT localhost"
+# Allow SHA-1, because many of our test certificates use it
+P_SRV="$P_SRV allow_sha1=1"
+P_CLI="$P_CLI allow_sha1=1"
+
# Also pick a unique name for intermediate files
SRV_OUT="srv_out.$$"
CLI_OUT="cli_out.$$"
@@ -706,6 +710,40 @@
-S "SSL - None of the common ciphersuites is usable" \
-S "SSL - The server has no ciphersuites in common"
+# Tests for SHA-1 support
+
+run_test "SHA-1 forbidden by default in server certificate" \
+ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
+ "$P_CLI debug_level=2 allow_sha1=0" \
+ 1 \
+ -c "The certificate is signed with an unacceptable hash"
+
+run_test "SHA-1 explicitly allowed in server certificate" \
+ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2.crt" \
+ "$P_CLI allow_sha1=1" \
+ 0
+
+run_test "SHA-256 allowed by default in server certificate" \
+ "$P_SRV key_file=data_files/server2.key crt_file=data_files/server2-sha256.crt" \
+ "$P_CLI allow_sha1=0" \
+ 0
+
+run_test "SHA-1 forbidden by default in client certificate" \
+ "$P_SRV auth_mode=required allow_sha1=0" \
+ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
+ 1 \
+ -s "The certificate is signed with an unacceptable hash"
+
+run_test "SHA-1 explicitly allowed in client certificate" \
+ "$P_SRV auth_mode=required allow_sha1=1" \
+ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha1.crt" \
+ 0
+
+run_test "SHA-256 allowed by default in client certificate" \
+ "$P_SRV auth_mode=required allow_sha1=0" \
+ "$P_CLI key_file=data_files/cli-rsa.key crt_file=data_files/cli-rsa-sha256.crt" \
+ 0
+
# Tests for Truncated HMAC extension
run_test "Truncated HMAC: client default, server default" \
@@ -1847,6 +1885,23 @@
# detect that its write end of the connection is closed and abort
# before reading the alert message.
+run_test "Authentication: client cert not trusted, server required" \
+ "$P_SRV debug_level=3 auth_mode=required" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+ key_file=data_files/server5.key" \
+ 1 \
+ -S "skip write certificate request" \
+ -C "skip parse certificate request" \
+ -c "got a certificate request" \
+ -C "skip write certificate" \
+ -C "skip write certificate verify" \
+ -S "skip parse certificate verify" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -s "! mbedtls_ssl_handshake returned" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -s "X509 - Certificate verification failed"
+
run_test "Authentication: client badcert, server optional" \
"$P_SRV debug_level=3 auth_mode=optional" \
"$P_CLI debug_level=3 crt_file=data_files/server5-badsign.crt \
@@ -1946,6 +2001,34 @@
-C "! mbedtls_ssl_handshake returned" \
-S "X509 - Certificate verification failed"
+# Tests for CA list in CertificateRequest messages
+
+run_test "Authentication: send CA list in CertificateRequest (default)" \
+ "$P_SRV debug_level=3 auth_mode=required" \
+ "$P_CLI crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key" \
+ 0 \
+ -s "requested DN"
+
+run_test "Authentication: do not send CA list in CertificateRequest" \
+ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
+ "$P_CLI crt_file=data_files/server6.crt \
+ key_file=data_files/server6.key" \
+ 0 \
+ -S "requested DN"
+
+run_test "Authentication: send CA list in CertificateRequest, client self signed" \
+ "$P_SRV debug_level=3 auth_mode=required cert_req_ca_list=0" \
+ "$P_CLI debug_level=3 crt_file=data_files/server5-selfsigned.crt \
+ key_file=data_files/server5.key" \
+ 1 \
+ -S "requested DN" \
+ -s "x509_verify_cert() returned" \
+ -s "! The certificate is not correctly signed by the trusted CA" \
+ -s "! mbedtls_ssl_handshake returned" \
+ -c "! mbedtls_ssl_handshake returned" \
+ -s "X509 - Certificate verification failed"
+
# Tests for certificate selection based on SHA verson
run_test "Certificate hash: client TLS 1.2 -> SHA-2" \
@@ -2878,12 +2961,19 @@
# Test for ClientHello without extensions
requires_gnutls
-run_test "ClientHello without extensions" \
+run_test "ClientHello without extensions, SHA-1 allowed" \
"$P_SRV debug_level=3" \
"$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
0 \
-s "dumping 'client hello extensions' (0 bytes)"
+requires_gnutls
+run_test "ClientHello without extensions, SHA-1 forbidden in certificates on server" \
+ "$P_SRV debug_level=3 key_file=data_files/server2.key crt_file=data_files/server2.crt allow_sha1=0" \
+ "$G_CLI --priority=NORMAL:%NO_EXTENSIONS:%DISABLE_SAFE_RENEGOTIATION" \
+ 0 \
+ -s "dumping 'client hello extensions' (0 bytes)"
+
# Tests for mbedtls_ssl_get_bytes_avail()
run_test "mbedtls_ssl_get_bytes_avail: no extra data" \
diff --git a/tests/suites/test_suite_ecjpake.function b/tests/suites/test_suite_ecjpake.function
index 11cf8dc..5c8856b 100644
--- a/tests/suites/test_suite_ecjpake.function
+++ b/tests/suites/test_suite_ecjpake.function
@@ -109,7 +109,10 @@
void read_round_one( int role, char *data, int ref_ret )
{
mbedtls_ecjpake_context ctx;
- const unsigned char pw[] = {};
+
+ const unsigned char * pw = NULL;
+ const size_t pw_len = 0;
+
unsigned char *msg;
size_t len;
@@ -119,7 +122,7 @@
TEST_ASSERT( msg != NULL );
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, role,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, 0 ) == 0 );
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
TEST_ASSERT( mbedtls_ecjpake_read_round_one( &ctx, msg, len ) == ref_ret );
@@ -133,7 +136,10 @@
void read_round_two_cli( char *data, int ref_ret )
{
mbedtls_ecjpake_context ctx;
- const unsigned char pw[] = {};
+
+ const unsigned char * pw = NULL;
+ const size_t pw_len = 0;
+
unsigned char *msg;
size_t len;
@@ -143,7 +149,7 @@
TEST_ASSERT( msg != NULL );
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_CLIENT,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, 0 ) == 0 );
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
TEST_ASSERT( ecjpake_test_load( &ctx,
ADD_SIZE( ecjpake_test_x1 ), ADD_SIZE( ecjpake_test_x2 ),
@@ -163,7 +169,10 @@
void read_round_two_srv( char *data, int ref_ret )
{
mbedtls_ecjpake_context ctx;
- const unsigned char pw[] = {};
+
+ const unsigned char * pw = NULL;
+ const size_t pw_len = 0;
+
unsigned char *msg;
size_t len;
@@ -173,7 +182,7 @@
TEST_ASSERT( msg != NULL );
TEST_ASSERT( mbedtls_ecjpake_setup( &ctx, MBEDTLS_ECJPAKE_SERVER,
- MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, 0 ) == 0 );
+ MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
TEST_ASSERT( ecjpake_test_load( &ctx,
ADD_SIZE( ecjpake_test_x3 ), ADD_SIZE( ecjpake_test_x4 ),
diff --git a/tests/suites/test_suite_pk.data b/tests/suites/test_suite_pk.data
index 22a7fa8..f6ea378 100644
--- a/tests/suites/test_suite_pk.data
+++ b/tests/suites/test_suite_pk.data
@@ -150,3 +150,6 @@
depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_RSA_C
mbedtls_pk_check_pair:"data_files/ec_256_pub.pem":"data_files/server1.key":MBEDTLS_ERR_PK_TYPE_MISMATCH
+RSA hash_len overflow (size_t vs unsigned int)
+depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64
+pk_rsa_overflow:
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 08a2623..5fa8a69 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -5,6 +5,9 @@
#include "mbedtls/ecp.h"
#include "mbedtls/rsa.h"
+/* For detecting 64-bit compilation */
+#include "mbedtls/bignum.h"
+
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len );
#define RSA_KEY_SIZE 512
@@ -414,6 +417,34 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_HAVE_INT64 */
+void pk_rsa_overflow( )
+{
+ mbedtls_pk_context pk;
+ size_t hash_len = (size_t)-1;
+
+ mbedtls_pk_init( &pk );
+
+ TEST_ASSERT( mbedtls_pk_setup( &pk,
+ mbedtls_pk_info_from_type( MBEDTLS_PK_RSA ) ) == 0 );
+
+#if defined(MBEDTLS_PKCS1_V21)
+ TEST_ASSERT( mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, NULL, &pk,
+ MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0 ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_PKCS1_V21 */
+
+ TEST_ASSERT( mbedtls_pk_verify( &pk, MBEDTLS_MD_NONE, NULL, hash_len,
+ NULL, 0 ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+ TEST_ASSERT( mbedtls_pk_sign( &pk, MBEDTLS_MD_NONE, NULL, hash_len, NULL, 0,
+ rnd_std_rand, NULL ) == MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+
+exit:
+ mbedtls_pk_free( &pk );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_RSA_C:MBEDTLS_PK_RSA_ALT_SUPPORT */
void pk_rsa_alt( )
{
@@ -461,6 +492,11 @@
/* Test signature */
TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, sizeof hash,
sig, &sig_len, rnd_std_rand, NULL ) == 0 );
+#if defined(MBEDTLS_HAVE_INT64)
+ TEST_ASSERT( mbedtls_pk_sign( &alt, MBEDTLS_MD_NONE, hash, (size_t)-1,
+ NULL, NULL, rnd_std_rand, NULL ) ==
+ MBEDTLS_ERR_PK_BAD_INPUT_DATA );
+#endif /* MBEDTLS_HAVE_INT64 */
TEST_ASSERT( sig_len == RSA_KEY_LEN );
TEST_ASSERT( mbedtls_pk_verify( &rsa, MBEDTLS_MD_NONE,
hash, sizeof hash, sig, sig_len ) == 0 );
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 22e608f..05fa6e7 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.4.1"
+check_compiletime_version:"2.5.0"
Check runtime library version
-check_runtime_version:"2.4.1"
+check_runtime_version:"2.5.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 11605ab..08f3324 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -357,375 +357,383 @@
X509 Certificate verification #1 (Revoked Cert, Expired CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #1a (Revoked Cert, Future CRL, no CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #2 (Revoked Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #2a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"localhost":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #3 (Revoked Cert, Future CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_EXPIRED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #3a (Revoked Cert, Expired CRL, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCRL_FUTURE | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #4 (Valid Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/test-ca.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_EXPIRED:"compat":"NULL"
X509 Certificate verification #4a (Revoked Cert, Future CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-future.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #5 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #6 (Revoked Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Server 1":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #7 (Revoked Cert, CN Mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"PolarSSL Wrong CN":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED | MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #8 (Valid Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #8a (Expired Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
+x509_verify:"data_files/server5-expired.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 Certificate verification #8b (Future Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL"
+x509_verify:"data_files/server5-future.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 Certificate verification #9 (Not trusted Cert)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #10 (Not trusted Cert, Expired CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #12 (Valid Cert MD4 Digest)
depends_on:MBEDTLS_MD4_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"NULL"
+x509_verify:"data_files/cert_md4.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
X509 Certificate verification #13 (Valid Cert MD5 Digest)
depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"NULL"
+x509_verify:"data_files/cert_md5.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_BAD_MD:"compat":"NULL"
-X509 Certificate verification #14 (Valid Cert SHA1 Digest)
+X509 Certificate verification #14 (Valid Cert SHA1 Digest explicitly allowed in profile)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
+
+X509 Certificate verification #14 (Valid Cert SHA1 Digest allowed in compile-time default profile)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"default":"NULL"
+
+X509 Certificate verification #14 (Valid Cert SHA1 Digest forbidden in default profile)
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:!MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_CERTIFICATES
+x509_verify:"data_files/cert_sha1.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_BAD_MD | MBEDTLS_X509_BADCERT_BAD_MD:"default":"NULL"
X509 Certificate verification #15 (Valid Cert SHA224 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_sha224.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #16 (Valid Cert SHA256 Digest)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_sha256.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #17 (Valid Cert SHA384 Digest)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_sha384.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #18 (Valid Cert SHA512 Digest)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #19 (Valid Cert, denying callback)
depends_on:MBEDTLS_SHA512_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"verify_none"
+x509_verify:"data_files/cert_sha512.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_OTHER:"compat":"verify_none"
X509 Certificate verification #19 (Not trusted Cert, allowing callback)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"verify_all"
+x509_verify:"data_files/server2.crt":"data_files/server1.crt":"data_files/crl_expired.pem":"NULL":0:0:"compat":"verify_all"
X509 Certificate verification #21 (domain matching wildcard certificate, case insensitive)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"NULL"
+x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.ExAmPlE.com":0:0:"compat":"NULL"
X509 Certificate verification #22 (domain not matching wildcard certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #23 (domain not matching wildcard certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_wildcard.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #24 (domain matching CN of multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.com":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #25 (domain matching multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.net":0:0:"compat":"NULL"
X509 Certificate verification #26 (domain not matching multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"xample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #27 (domain not matching multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"bexample.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #28 (domain not matching wildcard in multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"example.org":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH:"compat":"NULL"
X509 Certificate verification #29 (domain matching wildcard in multi certificate)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"NULL"
+x509_verify:"data_files/cert_example_multi.crt":"data_files/test-ca.crt":"data_files/crl.pem":"mail.example.org":0:0:"compat":"NULL"
X509 Certificate verification #30 (domain matching multi certificate without CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.shotokan-braunschweig.de":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #31 (domain not matching multi certificate without CN)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15
-x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/cert_example_multi_nocn.crt":"data_files/test-ca.crt":"data_files/crl.pem":"www.example.net":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_CN_MISMATCH + MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #32 (Valid, EC cert, RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server3.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #33 (Valid, RSA cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server4.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #34 (Valid, EC cert, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #35 (Revoked, EC CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #36 (Valid, EC CA, SHA1 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5-sha1.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #37 (Valid, EC CA, SHA224 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5-sha224.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #38 (Valid, EC CA, SHA384 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5-sha384.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #39 (Valid, EC CA, SHA512 Digest)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C:MBEDTLS_SHA512_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5-sha512.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #40 (Valid, depth 0, RSA, CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/test-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #41 (Valid, depth 0, EC, CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/test-ca2.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #42 (Depth 0, not CA, RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/server2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #43 (Depth 0, not CA, EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/server5.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #44 (Corrupted signature, EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server5-badsign.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #45 (Corrupted signature, RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server2-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #46 (Valid, depth 2, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca2.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #47 (Untrusted, depth 2, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server7_int-ca.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #48 (Missing intermediate CA, EC-RSA-EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server7.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #49 (Valid, depth 2, RSA-EC-RSA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server8_int-ca2.crt":"data_files/test-ca.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #50 (Valid, multiple CAs)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/test-ca_cat12.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #51 (Valid, multiple CAs, reverse order)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server2.crt":"data_files/test-ca_cat21.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #52 (CA keyUsage valid)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt_crl.crt":"data_files/crl-ec-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #53 (CA keyUsage missing cRLSign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #54 (CA keyUsage missing cRLSign, no CRL)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crt.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #55 (CA keyUsage missing keyCertSign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-crl.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #56 (CA keyUsage plain wrong)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_X509_CHECK_KEY_USAGE:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED
-x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2.ku-ds.crt":"data_files/crl-ec-sha256.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #57 (Valid, RSASSA-PSS, SHA-1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #58 (Valid, RSASSA-PSS, SHA-224)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-sha224.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha224.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #59 (Valid, RSASSA-PSS, SHA-256)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-sha256.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha256.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #60 (Valid, RSASSA-PSS, SHA-384)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-sha384.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha384.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #61 (Valid, RSASSA-PSS, SHA-512)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-sha512.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha512.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #62 (Revoked, RSASSA-PSS, SHA-1)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #63 (Revoked, RSASSA-PSS, SHA-1, CRL badsign)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server9.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1-badsign.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCRL_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #64 (Valid, RSASSA-PSS, SHA-1, not top)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-with-ca.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #65 (RSASSA-PSS, SHA1, bad cert signature)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server9-badsign.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #66 (RSASSA-PSS, SHA1, no RSA CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server9.crt":"data_files/test-ca2.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #67 (Valid, RSASSA-PSS, all defaults)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server9-defaults.crt":"data_files/test-ca.crt":"data_files/crl-rsa-pss-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #68 (RSASSA-PSS, wrong salt_len)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server9-bad-saltlen.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #69 (RSASSA-PSS, wrong mgf_hash)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server9-bad-mgfhash.crt":"data_files/test-ca.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #70 (v1 trusted CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server1-v1.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #71 (v1 trusted CA, other)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server2-v1.crt":"data_files/server1-v1.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #72 (v1 chain)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server2-v1-chain.crt":"data_files/test-ca-v1.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #73 (selfsigned trusted without CA bit)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5-selfsigned.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #74 (signed by selfsigned trusted without CA bit)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"NULL"
+x509_verify:"data_files/server6-ss-child.crt":"data_files/server5-selfsigned.crt":"data_files/crl.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_NOT_TRUSTED:"compat":"NULL"
X509 Certificate verification #75 (encoding mismatch)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #76 (multiple CRLs, not revoked)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #77 (multiple CRLs, revoked)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ec-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #78 (multiple CRLs, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_rsa-ec.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #79 (multiple CRLs, revoked by future)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"NULL"
+x509_verify:"data_files/server6.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED|MBEDTLS_X509_BADCRL_FUTURE:"compat":"NULL"
X509 Certificate verification #80 (multiple CRLs, first future, revoked by second)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"NULL"
+x509_verify:"data_files/server1.crt":"data_files/test-ca_cat12.crt":"data_files/crl_cat_ecfut-rsa.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_REVOKED:"compat":"NULL"
X509 Certificate verification #81 (multiple CRLs, none relevant)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/enco-cert-utf8str.pem":"data_files/enco-ca-prstr.pem":"data_files/crl_cat_rsa-ec.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #82 (Not yet valid CA and valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #83 (valid CA and Not yet valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-future.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #84 (valid CA and Not yet valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-present-past.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #85 (Not yet valid CA and valid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-present.crt":"data_files/crl-ec-sha1.pem":"NULL":0:0:"compat":"NULL"
X509 Certificate verification #86 (Not yet valid CA and invalid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-future-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_FUTURE:"compat":"NULL"
X509 Certificate verification #87 (Expired CA and invalid CA)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_SHA256_C
-x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"NULL"
+x509_verify:"data_files/server5.crt":"data_files/test-ca2_cat-past-invalid.crt":"data_files/crl-ec-sha1.pem":"NULL":MBEDTLS_ERR_X509_CERT_VERIFY_FAILED:MBEDTLS_X509_BADCERT_EXPIRED:"compat":"NULL"
X509 Certificate verification callback: trusted EE cert
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index 5eec72a..a9f7cee 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -7,6 +7,8 @@
#include "mbedtls/oid.h"
#include "mbedtls/base64.h"
+/* Profile for backward compatibility. Allows SHA-1, unlike the default
+ profile. */
const mbedtls_x509_crt_profile compat_profile =
{
MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 ) |
@@ -221,6 +223,7 @@
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_X509_CRL_PARSE_C */
void x509_verify( char *crt_file, char *ca_file, char *crl_file,
char *cn_name_str, int result, int flags_result,
+ char *profile_str,
char *verify_callback )
{
mbedtls_x509_crt crt;
@@ -230,6 +233,7 @@
int res;
int (*f_vrfy)(void *, mbedtls_x509_crt *, int, uint32_t *) = NULL;
char * cn_name = NULL;
+ const mbedtls_x509_crt_profile *profile;
mbedtls_x509_crt_init( &crt );
mbedtls_x509_crt_init( &ca );
@@ -238,6 +242,13 @@
if( strcmp( cn_name_str, "NULL" ) != 0 )
cn_name = cn_name_str;
+ if( strcmp( profile_str, "default" ) == 0 )
+ profile = &mbedtls_x509_crt_profile_default;
+ else if( strcmp( profile_str, "compat" ) == 0 )
+ profile = &compat_profile;
+ else
+ TEST_ASSERT( "Unknown algorithm profile" == 0 );
+
if( strcmp( verify_callback, "NULL" ) == 0 )
f_vrfy = NULL;
else if( strcmp( verify_callback, "verify_none" ) == 0 )
@@ -251,7 +262,7 @@
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crl_parse_file( &crl, crl_file ) == 0 );
- res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, &compat_profile, cn_name, &flags, f_vrfy, NULL );
+ res = mbedtls_x509_crt_verify_with_profile( &crt, &ca, &crl, profile, cn_name, &flags, f_vrfy, NULL );
TEST_ASSERT( res == ( result ) );
TEST_ASSERT( flags == (uint32_t)( flags_result ) );
@@ -280,8 +291,10 @@
TEST_ASSERT( mbedtls_x509_crt_parse_file( &crt, crt_file ) == 0 );
TEST_ASSERT( mbedtls_x509_crt_parse_file( &ca, ca_file ) == 0 );
- ret = mbedtls_x509_crt_verify( &crt, &ca, NULL, NULL, &flags,
- verify_print, &vrfy_ctx );
+ ret = mbedtls_x509_crt_verify_with_profile( &crt, &ca, NULL,
+ &compat_profile,
+ NULL, &flags,
+ verify_print, &vrfy_ctx );
TEST_ASSERT( ret == exp_ret );
TEST_ASSERT( strcmp( vrfy_ctx.buf, exp_vrfy_out ) == 0 );
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 0d24644..65730cd 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -172,6 +172,7 @@
<ClInclude Include="..\..\include\mbedtls\ecdsa.h" />
<ClInclude Include="..\..\include\mbedtls\ecjpake.h" />
<ClInclude Include="..\..\include\mbedtls\ecp.h" />
+ <ClInclude Include="..\..\include\mbedtls\ecp_internal.h" />
<ClInclude Include="..\..\include\mbedtls\entropy.h" />
<ClInclude Include="..\..\include\mbedtls\entropy_poll.h" />
<ClInclude Include="..\..\include\mbedtls\error.h" />