Merged more constant-time checking in RSA
diff --git a/ChangeLog b/ChangeLog
index 4b05115..9419df2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,8 @@
* gen_prime() speedup
* Speedup of ECP multiplication operation
* Relaxed some SHA2 ciphersuite's version requirements
+ * Dropped use of readdir_r() instead of readdir() with threading support
+ * More constant-time checks in the RSA module
Bugfix
* Fixed X.509 hostname comparison (with non-regular characters)
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index a631a4a..8390511 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -94,17 +94,6 @@
//#define POLARSSL_HAVE_SSE2
/**
- * \def POLARSSL_HAVE_READDIR_R
- *
- * (Non Windows) System has readdir_r().
- *
- * Required for x509_crt_parse_path() in non-Windows systems.
- *
- * Comment if your system does not have support.
- */
-#define POLARSSL_HAVE_READDIR_R
-
-/**
* \def POLARSSL_HAVE_TIME
*
* System has time.h and time() / localtime() / gettimeofday().
diff --git a/include/polarssl/x509_crt.h b/include/polarssl/x509_crt.h
index a5ab178..4e7bbb7 100644
--- a/include/polarssl/x509_crt.h
+++ b/include/polarssl/x509_crt.h
@@ -172,6 +172,11 @@
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
+ * \warning This function is NOT thread-safe unless
+ * POLARSSL_THREADING_PTHREADS is defined. If you're using an
+ * alternative threading implementation, you should either use
+ * this function only in the main thread, or mutex it.
+ *
* \param chain points to the start of the chain
* \param path directory / folder to read the certificate files from
*
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 6382c53..63ab403 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -51,6 +51,10 @@
#define polarssl_free free
#endif
+#if defined(POLARSSL_THREADING_C)
+#include "polarssl/threading.h"
+#endif
+
#include <string.h>
#include <stdlib.h>
#if defined(_WIN32) && !defined(EFIX64) && !defined(EFI32)
@@ -936,6 +940,10 @@
return( ret );
}
+#if defined(POLARSSL_THREADING_PTHREAD)
+static threading_mutex_t readdir_mutex = PTHREAD_MUTEX_INITIALIZER;
+#endif
+
int x509_crt_parse_path( x509_crt *chain, const char *path )
{
int ret = 0;
@@ -991,29 +999,29 @@
FindClose( hFind );
#else /* _WIN32 */
-#if defined(POLARSSL_HAVE_READDIR_R)
- int t_ret, i;
+ int t_ret;
struct stat sb;
- struct dirent entry, *result = NULL;
+ struct dirent *entry;
char entry_name[255];
DIR *dir = opendir( path );
if( dir == NULL)
return( POLARSSL_ERR_X509_FILE_IO_ERROR );
- while( ( t_ret = readdir_r( dir, &entry, &result ) ) == 0 )
+#if defined(POLARSSL_THREADING_PTHREAD)
+ if( ( ret = polarssl_mutex_lock( &readdir_mutex ) ) != 0 )
+ return( ret );
+#endif
+
+ while( ( entry = readdir( dir ) ) != NULL )
{
- if( result == NULL )
- break;
+ snprintf( entry_name, sizeof entry_name, "%s/%s", path, entry->d_name );
- snprintf( entry_name, sizeof(entry_name), "%s/%s", path, entry.d_name );
-
- i = stat( entry_name, &sb );
-
- if( i == -1 )
+ if( stat( entry_name, &sb ) == -1 )
{
closedir( dir );
- return( POLARSSL_ERR_X509_FILE_IO_ERROR );
+ ret = POLARSSL_ERR_X509_FILE_IO_ERROR;
+ goto cleanup;
}
if( !S_ISREG( sb.st_mode ) )
@@ -1028,11 +1036,13 @@
ret += t_ret;
}
closedir( dir );
-#else /* POLARSSL_HAVE_READDIR_R */
- ((void) chain);
- ((void) path);
- ret = POLARSSL_ERR_X509_FEATURE_UNAVAILABLE;
-#endif /* POLARSSL_HAVE_READDIR_R */
+
+cleanup:
+#if defined(POLARSSL_THREADING_PTHREAD)
+ if( polarssl_mutex_unlock( &readdir_mutex ) != 0 )
+ ret = POLARSSL_ERR_THREADING_MUTEX_ERROR;
+#endif
+
#endif /* _WIN32 */
return( ret );
diff --git a/programs/pkey/dh_client.c b/programs/pkey/dh_client.c
index 18027fa..2d729df 100644
--- a/programs/pkey/dh_client.c
+++ b/programs/pkey/dh_client.c
@@ -215,7 +215,7 @@
fflush( stdout );
n = dhm.len;
- if( ( ret = dhm_make_public( &dhm, dhm.len, buf, n,
+ if( ( ret = dhm_make_public( &dhm, (int) dhm.len, buf, n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_public returned %d\n\n", ret );
diff --git a/programs/pkey/dh_server.c b/programs/pkey/dh_server.c
index d2b6cc4..245f6f0 100644
--- a/programs/pkey/dh_server.c
+++ b/programs/pkey/dh_server.c
@@ -178,7 +178,7 @@
memset( buf, 0, sizeof( buf ) );
- if( ( ret = dhm_make_params( &dhm, mpi_size( &dhm.P ), buf, &n,
+ if( ( ret = dhm_make_params( &dhm, (int) mpi_size( &dhm.P ), buf, &n,
ctr_drbg_random, &ctr_drbg ) ) != 0 )
{
printf( " failed\n ! dhm_make_params returned %d\n\n", ret );
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index 796f237..e6e9765 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -149,7 +149,7 @@
fgets( buf, sizeof(buf), f );
fclose( f );
- i = strlen( buf );
+ i = (int) strlen( buf );
if( buf[i - 1] == '\n' ) buf[i - 1] = '\0';
if( buf[i - 2] == '\r' ) buf[i - 2] = '\0';
opt.password = buf;
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 02de364..3d2c02c 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -32,9 +32,12 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
-#include <unistd.h>
#include <signal.h>
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
+#include <unistd.h>
+#endif
+
#include "polarssl/entropy.h"
#include "polarssl/ctr_drbg.h"
#include "polarssl/certs.h"
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 70ba622..a3e9f2b 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -28,7 +28,14 @@
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
+
+#if !defined(_MSC_VER) || defined(EFIX64) || defined(EFI32)
#include <unistd.h>
+#else
+#include <io.h>
+#define read _read
+#define write _write
+#endif
#if defined(_WIN32) || defined(_WIN32_WCE)
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index b4883aa..7b8ae35 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -221,28 +221,6 @@
/*
* 3. Wait until a client connects
*/
-#if defined(_WIN32_WCE)
- {
- SHELLEXECUTEINFO sei;
-
- ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
-
- sei.cbSize = sizeof( SHELLEXECUTEINFO );
- sei.fMask = 0;
- sei.hwnd = 0;
- sei.lpVerb = _T( "open" );
- sei.lpFile = _T( "https://localhost:4433/" );
- sei.lpParameters = NULL;
- sei.lpDirectory = NULL;
- sei.nShow = SW_SHOWNORMAL;
-
- ShellExecuteEx( &sei );
- }
-#elif defined(_WIN32)
- ShellExecute( NULL, "open", "https://localhost:4433/",
- NULL, NULL, SW_SHOWNORMAL );
-#endif
-
client_fd = -1;
printf( " . Waiting for a remote connection ..." );
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 2a046a7..96cbb49 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -770,28 +770,6 @@
/*
* 3. Wait until a client connects
*/
-#if defined(_WIN32_WCE)
- {
- SHELLEXECUTEINFO sei;
-
- ZeroMemory( &sei, sizeof( SHELLEXECUTEINFO ) );
-
- sei.cbSize = sizeof( SHELLEXECUTEINFO );
- sei.fMask = 0;
- sei.hwnd = 0;
- sei.lpVerb = _T( "open" );
- sei.lpFile = _T( "https://localhost:4433/" );
- sei.lpParameters = NULL;
- sei.lpDirectory = NULL;
- sei.nShow = SW_SHOWNORMAL;
-
- ShellExecuteEx( &sei );
- }
-#elif defined(_WIN32)
- ShellExecute( NULL, "open", "https://localhost:4433/",
- NULL, NULL, SW_SHOWNORMAL );
-#endif
-
client_fd = -1;
printf( " . Waiting for a remote connection ..." );
diff --git a/programs/test/benchmark.c b/programs/test/benchmark.c
index 4d5a06b..34219c5 100644
--- a/programs/test/benchmark.c
+++ b/programs/test/benchmark.c
@@ -419,13 +419,13 @@
mpi_read_string( &dhm.P, 16, dhm_P[i] );
mpi_read_string( &dhm.G, 16, dhm_G[i] );
dhm.len = mpi_size( &dhm.P );
- dhm_make_public( &dhm, dhm.len, buf, dhm.len, myrand, NULL );
+ dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len, myrand, NULL );
mpi_copy( &dhm.GY, &dhm.GX );
snprintf( title, sizeof( title ), "DHE-%d", dhm_sizes[i] );
TIME_PUBLIC( title, "handshake",
olen = sizeof( buf );
- ret |= dhm_make_public( &dhm, dhm.len, buf, dhm.len,
+ ret |= dhm_make_public( &dhm, (int) dhm.len, buf, dhm.len,
myrand, NULL );
ret |= dhm_calc_secret( &dhm, buf, &olen, myrand, NULL ) );
diff --git a/programs/test/ssl_test.c b/programs/test/ssl_test.c
index debdb07..2162132 100644
--- a/programs/test/ssl_test.c
+++ b/programs/test/ssl_test.c
@@ -434,7 +434,7 @@
int main( int argc, char *argv[] )
{
- int i, j, n;
+ int i;
const int *list;
int ret = 1;
int nb_conn;
@@ -474,14 +474,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
continue;
diff --git a/programs/util/pem2der.c b/programs/util/pem2der.c
index f372684..f1da438 100644
--- a/programs/util/pem2der.c
+++ b/programs/util/pem2der.c
@@ -174,7 +174,7 @@
unsigned char der_buffer[4096];
char buf[1024];
size_t pem_size, der_size = sizeof(der_buffer);
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -201,13 +201,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index 2388dc9..c738b4a 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -128,7 +128,7 @@
int ret = 0;
pk_context key;
char buf[1024];
- int i, j, n;
+ int i;
char *p, *q, *r;
x509write_csr req;
entropy_context entropy;
@@ -166,13 +166,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "filename" ) == 0 )
opt.filename = q;
else if( strcmp( p, "output_file" ) == 0 )
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index beac089..a2f2656 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -183,7 +183,7 @@
*subject_key = &loaded_subject_key;
char buf[1024];
char issuer_name[128];
- int i, j, n;
+ int i;
char *p, *q, *r;
#if defined(POLARSSL_X509_CSR_PARSE_C)
char subject_name[128];
@@ -244,13 +244,6 @@
goto usage;
*q++ = '\0';
- n = strlen( p );
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
if( strcmp( p, "request_file" ) == 0 )
opt.request_file = q;
else if( strcmp( p, "subject_key" ) == 0 )
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index 4bc3703..0e4cd88 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -66,7 +66,7 @@
int ret = 0;
unsigned char buf[100000];
x509_crl crl;
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -85,14 +85,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index 9f478f2..1f9d628 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -66,7 +66,7 @@
int ret = 0;
unsigned char buf[100000];
x509_csr csr;
- int i, j, n;
+ int i;
char *p, *q;
/*
@@ -85,14 +85,6 @@
for( i = 1; i < argc; i++ )
{
- n = strlen( argv[i] );
-
- for( j = 0; j < n; j++ )
- {
- if( argv[i][j] >= 'A' && argv[i][j] <= 'Z' )
- argv[i][j] |= 0x20;
- }
-
p = argv[i];
if( ( q = strchr( p, '=' ) ) == NULL )
goto usage;
diff --git a/tests/data_files/dir1/test-ca.crt b/tests/data_files/dir1/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir1/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir2/test-ca.crt b/tests/data_files/dir2/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir2/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir2/test-ca2.crt b/tests/data_files/dir2/test-ca2.crt
new file mode 100644
index 0000000..d41a420
--- /dev/null
+++ b/tests/data_files/dir2/test-ca2.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
+ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
+aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
+JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
+t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
+uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir3/Readme b/tests/data_files/dir3/Readme
new file mode 100644
index 0000000..189dadc
--- /dev/null
+++ b/tests/data_files/dir3/Readme
@@ -0,0 +1 @@
+This is just to make sure files that don't parse as certs are ignored.
diff --git a/tests/data_files/dir3/test-ca.crt b/tests/data_files/dir3/test-ca.crt
new file mode 100644
index 0000000..3c1d14c
--- /dev/null
+++ b/tests/data_files/dir3/test-ca.crt
@@ -0,0 +1,80 @@
+Certificate:
+ Data:
+ Version: 3 (0x2)
+ Serial Number: 0 (0x0)
+ Signature Algorithm: sha1WithRSAEncryption
+ Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Validity
+ Not Before: Feb 12 14:44:00 2011 GMT
+ Not After : Feb 12 14:44:00 2021 GMT
+ Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
+ Subject Public Key Info:
+ Public Key Algorithm: rsaEncryption
+ RSA Public Key: (2048 bit)
+ Modulus (2048 bit):
+ 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
+ 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
+ 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
+ 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
+ e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
+ cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
+ ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
+ 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
+ c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
+ 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
+ e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
+ 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
+ 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
+ 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
+ e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
+ 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
+ ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
+ a2:d5
+ Exponent: 65537 (0x10001)
+ X509v3 extensions:
+ X509v3 Basic Constraints:
+ CA:TRUE
+ X509v3 Subject Key Identifier:
+ B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ X509v3 Authority Key Identifier:
+ keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
+ DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
+ serial:00
+
+ Signature Algorithm: sha1WithRSAEncryption
+ b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
+ 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
+ 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
+ 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
+ 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
+ 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
+ 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
+ e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
+ e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
+ 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
+ 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
+ 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
+ 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
+ e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
+ f7:e0:e9:54
+-----BEGIN CERTIFICATE-----
+MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
+/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
+BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
+dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
+SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
+DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
+pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
+m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
+7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/dir3/test-ca2.crt b/tests/data_files/dir3/test-ca2.crt
new file mode 100644
index 0000000..d41a420
--- /dev/null
+++ b/tests/data_files/dir3/test-ca2.crt
@@ -0,0 +1,15 @@
+-----BEGIN CERTIFICATE-----
+MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
+QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
+ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
+aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
+JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
+t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
+uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+-----END CERTIFICATE-----
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 567dcd2..85e7728 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -722,3 +722,15 @@
X509 CRL ASN1 (TBSCertList, no entries)
x509parse_crl:"30463031020100300d06092a864886f70d01010e0500300f310d300b0603550403130441424344170c303930313031303030303030300d06092a864886f70d01010e050003020001":"CRL version \: 1\nissuer name \: CN=ABCD\nthis update \: 2009-01-01 00\:00\:00\nnext update \: 0000-00-00 00\:00\:00\nRevoked certificates\:\nsigned using \: RSA with SHA-224\n":0
+
+X509 CRT parse path #1 (empty dir)
+x509_crt_parse_path:"data_files/dir0":0:0
+
+X509 CRT parse path #2 (one cert)
+x509_crt_parse_path:"data_files/dir1":0:1
+
+X509 CRT parse path #3 (two certs)
+x509_crt_parse_path:"data_files/dir2":0:2
+
+X509 CRT parse path #4 (two certs, one non-cert)
+x509_crt_parse_path:"data_files/dir3":1:2
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index ff57058..4cc0803 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -224,6 +224,27 @@
}
/* END_CASE */
+/* BEGIN_CASE depends_on:POLARSSL_FS_IO:POLARSSL_X509_CRT_PARSE_C */
+void x509_crt_parse_path( char *crt_path, int ret, int nb_crt )
+{
+ x509_crt chain, *cur;
+ int i;
+
+ x509_crt_init( &chain );
+
+ TEST_ASSERT( x509_crt_parse_path( &chain, crt_path ) == ret );
+
+ /* Check how many certs we got */
+ for( i = 0, cur = &chain; cur != NULL; cur = cur->next )
+ if( cur->raw.p != NULL )
+ i++;
+
+ TEST_ASSERT( i == nb_crt );
+
+ x509_crt_init( &chain );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:POLARSSL_X509_CRT_PARSE_C:POLARSSL_SELF_TEST */
void x509_selftest()
{