Merge pull request #7211 from sergio-nsk/patch-3
mbedtls-2.28: Fix llvm error: variable 'default_iv_length' may be used uninitialized
diff --git a/.github/issue_template.md b/.github/issue_template.md
index 370066f..d4573a4 100644
--- a/.github/issue_template.md
+++ b/.github/issue_template.md
@@ -20,7 +20,7 @@
**OS**
Mbed OS|linux|windows|
-**mbed TLS build:**
+**Mbed TLS build:**
Version: x.x.x or git commit id
OS version: x.x.x
Configuration: please attach config.h file where possible
diff --git a/.gitignore b/.gitignore
index 6a3221c..54b3c54 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1,7 @@
# Random seed file created by test scripts and sample programs
seedfile
+# MBEDTLS_PSA_INJECT_ENTROPY seed file created by the test framework
+00000000ffffff52.psa_its
# CMake build artifacts:
CMakeCache.txt
@@ -28,6 +30,9 @@
.project
/.settings
+# Unix-like build artifacts:
+*.o
+
# MSVC build artifacts:
*.exe
*.pdb
@@ -65,3 +70,6 @@
/TAGS
/cscope*.out
/tags
+
+# Clangd compilation database
+compile_commands.json
diff --git a/.readthedocs.yaml b/.readthedocs.yaml
new file mode 100644
index 0000000..47bec76
--- /dev/null
+++ b/.readthedocs.yaml
@@ -0,0 +1,26 @@
+# .readthedocs.yaml
+# Read the Docs configuration file
+# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
+
+# Required
+version: 2
+
+# Set the version of Python and other tools you might need
+build:
+ os: ubuntu-20.04
+ tools:
+ python: "3.9"
+ jobs:
+ pre_build:
+ - ./scripts/apidoc_full.sh
+ - breathe-apidoc -o docs/api apidoc/xml
+
+# Build documentation in the docs/ directory with Sphinx
+sphinx:
+ builder: dirhtml
+ configuration: docs/conf.py
+
+# Optionally declare the Python requirements required to build your docs
+python:
+ install:
+ - requirements: docs/requirements.txt
diff --git a/.travis.yml b/.travis.yml
index eb01a44..0ffe249 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -34,6 +34,10 @@
packages:
- clang-10
- gnutls-bin
+ env:
+ # Platform tests have an allocation that returns null
+ - ASAN_OPTIONS="allocator_may_return_null=1"
+ - MSAN_OPTIONS="allocator_may_return_null=1"
script:
# Do a manual build+test sequence rather than using all.sh,
# because there's no all.sh component that does what we want,
@@ -70,6 +74,7 @@
os: windows
script:
- scripts/windows_msbuild.bat v141 # Visual Studio 2017
+ - visualc/VS2010/x64/Release/selftest.exe --ci
after_failure:
- tests/scripts/travis-log-failure.sh
diff --git a/3rdparty/everest/.gitignore b/3rdparty/everest/.gitignore
index 6eb25f6..f3c7a7c 100644
--- a/3rdparty/everest/.gitignore
+++ b/3rdparty/everest/.gitignore
@@ -1,2 +1 @@
-*.o
Makefile
diff --git a/3rdparty/everest/include/everest/vs2010/inttypes.h b/3rdparty/everest/include/everest/vs2010/inttypes.h
index d53f87f..77003be 100644
--- a/3rdparty/everest/include/everest/vs2010/inttypes.h
+++ b/3rdparty/everest/include/everest/vs2010/inttypes.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _INTTYPES_H_VS2010
diff --git a/3rdparty/everest/include/everest/vs2010/stdbool.h b/3rdparty/everest/include/everest/vs2010/stdbool.h
index 5b7039c..dcae6d8 100644
--- a/3rdparty/everest/include/everest/vs2010/stdbool.h
+++ b/3rdparty/everest/include/everest/vs2010/stdbool.h
@@ -17,7 +17,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef _STDBOOL_H_VS2010
diff --git a/3rdparty/everest/include/everest/x25519.h b/3rdparty/everest/include/everest/x25519.h
index 7a973dc..ef314d2 100644
--- a/3rdparty/everest/include/everest/x25519.h
+++ b/3rdparty/everest/include/everest/x25519.h
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#ifndef MBEDTLS_X25519_H
diff --git a/3rdparty/everest/library/Hacl_Curve25519_joined.c b/3rdparty/everest/library/Hacl_Curve25519_joined.c
index ee62be1..b7d0c92 100644
--- a/3rdparty/everest/library/Hacl_Curve25519_joined.c
+++ b/3rdparty/everest/library/Hacl_Curve25519_joined.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/3rdparty/everest/library/x25519.c b/3rdparty/everest/library/x25519.c
index 9faa9ab..83064dc 100644
--- a/3rdparty/everest/library/x25519.c
+++ b/3rdparty/everest/library/x25519.c
@@ -16,7 +16,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
#include "common.h"
diff --git a/BRANCHES.md b/BRANCHES.md
index d4fa506..f912e95 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -16,6 +16,11 @@
also maintain ABI compatibility within LTS branches; see the next section for
details.
+Every major version will become an LTS branch when the next major version is
+released. We may occasionally create LTS branches from other releases at our
+discretion.
+When a new LTS branch is created, it usually remains supported for three years.
+
## Backwards Compatibility for application code
We maintain API compatibility in released versions of Mbed TLS. If you have
@@ -71,6 +76,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.2>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.4>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index ddeb115..b001bb7 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -34,18 +34,18 @@
cmake_policy(SET CMP0012 NEW)
if(TEST_CPP)
- project("mbed TLS" C CXX)
+ project("Mbed TLS" C CXX)
else()
- project("mbed TLS" C)
+ project("Mbed TLS" C)
endif()
# Set the project root directory.
set(MBEDTLS_DIR ${CMAKE_CURRENT_SOURCE_DIR})
-option(USE_PKCS11_HELPER_LIBRARY "Build mbed TLS with the pkcs11-helper library." OFF)
-option(ENABLE_ZLIB_SUPPORT "Build mbed TLS with zlib library." OFF)
+option(USE_PKCS11_HELPER_LIBRARY "Build Mbed TLS with the pkcs11-helper library." OFF)
+option(ENABLE_ZLIB_SUPPORT "Build Mbed TLS with zlib library." OFF)
-option(ENABLE_PROGRAMS "Build mbed TLS programs." ON)
+option(ENABLE_PROGRAMS "Build Mbed TLS programs." ON)
option(UNSAFE_BUILD "Allow unsafe builds. These builds ARE NOT SECURE." OFF)
option(MBEDTLS_FATAL_WARNINGS "Compiler warnings treated as errors" ON)
@@ -57,9 +57,9 @@
# the test suites currently have compile errors with MSVC
if(CMAKE_COMPILER_IS_MSVC)
- option(ENABLE_TESTING "Build mbed TLS tests." OFF)
+ option(ENABLE_TESTING "Build Mbed TLS tests." OFF)
else()
- option(ENABLE_TESTING "Build mbed TLS tests." ON)
+ option(ENABLE_TESTING "Build Mbed TLS tests." ON)
endif()
# Warning string - created as a list for compatibility with CMake 2.8
@@ -135,6 +135,10 @@
FORCE)
endif()
+# Make MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE into PATHs
+set(MBEDTLS_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS config file (overrides default).")
+set(MBEDTLS_USER_CONFIG_FILE "" CACHE FILEPATH "Mbed TLS user config file (appended to default).")
+
# Create a symbolic link from ${base_name} in the binary directory
# to the corresponding path in the source directory.
# Note: Copies the file(s) on Windows.
@@ -219,7 +223,9 @@
endif(CMAKE_COMPILER_IS_CLANG)
if(CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts -Ohz")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warn_about_c_style_casts")
+ set(CMAKE_C_FLAGS_RELEASE "-Ohz")
+ set(CMAKE_C_FLAGS_DEBUG "--debug -On")
endif(CMAKE_COMPILER_IS_IAR)
if(CMAKE_COMPILER_IS_MSVC)
@@ -242,7 +248,7 @@
endif(CMAKE_COMPILER_IS_CLANG OR CMAKE_COMPILER_IS_GNU)
if (CMAKE_COMPILER_IS_IAR)
- set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warning_are_errors")
+ set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} --warnings_are_errors")
endif(CMAKE_COMPILER_IS_IAR)
endif(MBEDTLS_FATAL_WARNINGS)
@@ -287,12 +293,37 @@
# to define the test executables.
#
if(ENABLE_TESTING OR ENABLE_PROGRAMS)
- file(GLOB MBEDTLS_TEST_FILES ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
+ file(GLOB MBEDTLS_TEST_FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/*.c
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/drivers/*.c)
add_library(mbedtls_test OBJECT ${MBEDTLS_TEST_FILES})
target_include_directories(mbedtls_test
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library)
+
+ file(GLOB MBEDTLS_TEST_HELPER_FILES
+ ${CMAKE_CURRENT_SOURCE_DIR}/tests/src/test_helpers/*.c)
+ add_library(mbedtls_test_helpers OBJECT ${MBEDTLS_TEST_HELPER_FILES})
+ target_include_directories(mbedtls_test_helpers
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/tests/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/include
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/library
+ PRIVATE ${CMAKE_CURRENT_SOURCE_DIR}/3rdparty/everest/include)
+
+ # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(mbedtls_test
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ target_compile_definitions(mbedtls_test_helpers
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(mbedtls_test
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ target_compile_definitions(mbedtls_test_helpers
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
endif()
if(ENABLE_PROGRAMS)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index a7bf198..8bbcdcb 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -84,8 +84,14 @@
License and Copyright
---------------------
-All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible. For licensing details, please see the [License section of the README](README.md#License).
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license.
+
+Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 or GPL-2.0-or-later licenses.
+
+All new files should include the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) standard license header where possible.
The copyright on contributions is retained by the original authors of the code. Where possible for new files, this should be noted in a comment at the top of the file in the form: "Copyright The Mbed TLS Contributors".
-When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and be subject to the same Apache 2.0 license. This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
+When contributing code to us, the committer and all authors are required to make the submission under the terms of the [Developer Certificate of Origin](dco.txt), confirming that the code submitted can (legally) become part of the project, and is submitted under both the Apache-2.0 AND GPL-2.0-or-later licenses.
+
+This is done by including the standard Git `Signed-off-by:` line in every commit message. If more than one person contributed to the commit, they should also add their own `Signed-off-by:` line.
diff --git a/ChangeLog b/ChangeLog
index 3673f5d..c977a68 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,16 +1,125 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 2.28.4 branch released 2023-08-04
+
+Features
+ * Allow MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE to be set by
+ setting the CMake variable of the same name at configuration time.
+
+Bugfix
+ * Fix crypt_and_hash decryption fail when used with a stream cipher
+ mode of operation, due to the input not being a multiple of the block
+ size. Resolves #7417.
+ * Fix a bug where mbedtls_x509_string_to_names() would return success
+ when given a invalid name string, if it did not contain '=' or ','.
+ * Fix missing PSA initialization in sample programs when
+ MBEDTLS_USE_PSA_CRYPTO is enabled.
+ * Fix clang and armclang compilation error when targeting certain Arm
+ M-class CPUs (Cortex-M0, Cortex-M0+, Cortex-M1, Cortex-M23,
+ SecurCore SC000). Fixes #1077.
+ * Fixed an issue that caused compile errors when using CMake and the IAR
+ toolchain.
+ * Fix the build with MBEDTLS_PSA_INJECT_ENTROPY. Fixes #7516.
+ * Fix builds on Windows with clang.
+ * Fix compilation warnings in aes.c for certain combinations
+ of configuration options.
+ * Fix a compilation error on some platforms when including mbedtls/ssl.h
+ with all TLS support disabled. Fixes #6628.
+
+Changes
+ * Update test data to avoid failures of unit tests after 2023-08-07, and
+ update expiring certififcates in the certs module.
+
+= Mbed TLS 2.28.3 branch released 2023-03-28
+
+Features
+ * Use HOSTCC (if it is set) when compiling C code during generation of the
+ configuration-independent files. This allows them to be generated when
+ CC is set for cross compilation.
+ * AES-NI is now supported with Visual Studio.
+ * AES-NI is now supported in 32-bit builds, or when MBEDTLS_HAVE_ASM
+ is disabled, when compiling with GCC or Clang or a compatible compiler
+ for a target CPU that supports the requisite instructions (for example
+ gcc -m32 -msse2 -maes -mpclmul). (Generic x86 builds with GCC-like
+ compilers still require MBEDTLS_HAVE_ASM and a 64-bit target.)
+
+Security
+ * MBEDTLS_AESNI_C, which is enabled by default, was silently ignored on
+ builds that couldn't compile the GCC-style assembly implementation
+ (most notably builds with Visual Studio), leaving them vulnerable to
+ timing side-channel attacks. There is now an intrinsics-based AES-NI
+ implementation as a fallback for when the assembly one cannot be used.
+
+Bugfix
+ * Fix a build issue on Windows where the source and build directory could
+ not be on different drives (#5751).
+ * Fix possible integer overflow in mbedtls_timing_hardclock(), which
+ could cause a crash for certain platforms & compiler options.
+ * Fix IAR compiler warnings. Fixes #6924.
+ * Fix a bug in the build where directory names containing spaces were
+ causing generate_errors.pl to error out resulting in a build failure.
+ Fixes issue #6879.
+ * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are
+ defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.
+ * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST.
+ The library would not link if the user didn't provide an external self-test
+ function. The self-test is now provided regardless of the choice of
+ internal/alternative timing implementation. Fixes #6923.
+ * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
+ whose binary representation is longer than 20 bytes. This was already
+ forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
+ enforced also at code level.
+ * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
+ Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
+ Aaron Ucko under Valgrind.
+ * Fix behavior of certain sample programs which could, when run with no
+ arguments, access uninitialized memory in some cases. Fixes #6700 (which
+ was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
+ * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
+ Fixes #6243.
+ * Fix parsing of X.509 SubjectAlternativeName extension. Previously,
+ malformed alternative name components were not caught during initial
+ certificate parsing, but only on subsequent calls to
+ mbedtls_x509_parse_subject_alt_name(). Fixes #2838.
+ * Fix bug in conversion from OID to string in
+ mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed
+ correctly.
+ * Reject OIDs with overlong-encoded subidentifiers when converting
+ them to a string.
+ * Reject OIDs with subidentifier values exceeding UINT_MAX. Such
+ subidentifiers can be valid, but Mbed TLS cannot currently handle them.
+ * Reject OIDs that have unterminated subidentifiers, or (equivalently)
+ have the most-significant bit set in their last byte.
+ * Silence a warning about an unused local variable in bignum.c on
+ some architectures. Fixes #7166.
+ * Silence warnings from clang -Wdocumentation about empty \retval
+ descriptions, which started appearing with Clang 15. Fixes #6960.
+ * Fix undefined behavior in mbedtls_ssl_read() and mbedtls_ssl_write() if
+ len argument is 0 and buffer is NULL.
+
+Changes
+ * The C code follows a new coding style. This is transparent for users but
+ affects contributors and maintainers of local patches. For more
+ information, see
+ https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/
+ * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2.
+ As tested in issue 6790, the correlation between this define and
+ RSA decryption performance has changed lately due to security fixes.
+ To fix the performance degradation when using default values the
+ window was reduced from 6 to 2, a value that gives the best or close
+ to best results when tested on Cortex-M4 and Intel i7.
+
= Mbed TLS 2.28.2 branch released 2022-12-14
Security
* Fix potential heap buffer overread and overwrite in DTLS if
MBEDTLS_SSL_DTLS_CONNECTION_ID is enabled and
MBEDTLS_SSL_CID_IN_LEN_MAX > 2 * MBEDTLS_SSL_CID_OUT_LEN_MAX.
- * An adversary with access to precise enough information about memory
- accesses (typically, an untrusted operating system attacking a secure
- enclave) could recover an RSA private key after observing the victim
- performing a single private-key operation if the window size used for the
- exponentiation was 3 or smaller. Found and reported by Zili KOU,
+ * Fix an issue where an adversary with access to precise enough information
+ about memory accesses (typically, an untrusted operating system attacking
+ a secure enclave) could recover an RSA private key after observing the
+ victim performing a single private-key operation if the window size used
+ for the exponentiation was 3 or smaller. Found and reported by Zili KOU,
Wenjian HE, Sharad Sinha, and Wei ZHANG. See "Cache Side-channel Attacks
and Defenses of the Sliding Window Algorithm in TEEs" - Design, Automation
and Test in Europe 2023.
@@ -337,16 +446,17 @@
* It was possible to configure MBEDTLS_ECP_MAX_BITS to a value that is
too small, leading to buffer overflows in ECC operations. Fail the build
in such a case.
- * An adversary with access to precise enough information about memory
- accesses (typically, an untrusted operating system attacking a secure
- enclave) could recover an RSA private key after observing the victim
- performing a single private-key operation. Found and reported by
+ * Fix an issue where an adversary with access to precise enough information
+ about memory accesses (typically, an untrusted operating system attacking
+ a secure enclave) could recover an RSA private key after observing the
+ victim performing a single private-key operation. Found and reported by
Zili KOU, Wenjian HE, Sharad Sinha, and Wei ZHANG.
- * An adversary with access to precise enough timing information (typically, a
- co-located process) could recover a Curve25519 or Curve448 static ECDH key
- after inputting a chosen public key and observing the victim performing the
- corresponding private-key operation. Found and reported by Leila Batina,
- Lukas Chmielewski, Björn Haase, Niels Samwel and Peter Schwabe.
+ * Fix an issue where an adversary with access to precise enough timing
+ information (typically, a co-located process) could recover a Curve25519
+ or Curve448 static ECDH key after inputting a chosen public key and
+ observing the victim performing the corresponding private-key operation.
+ Found and reported by Leila Batina, Lukas Chmielewski, Björn Haase, Niels
+ Samwel and Peter Schwabe.
Bugfix
* Add printf function attributes to mbedtls_debug_print_msg to ensure we
diff --git a/ChangeLog.d/00README.md b/ChangeLog.d/00README.md
index d2ea73d..2fbc989 100644
--- a/ChangeLog.d/00README.md
+++ b/ChangeLog.d/00README.md
@@ -21,6 +21,9 @@
* Performance improvements, unless they are particularly significant.
* Changes to parts of the code base that users don't interact with directly,
such as test code and test data.
+* Fixes for compiler warnings. Releases typically contain a number of fixes
+ of this kind, so we will only mention them in the Changelog if they are
+ particularly significant.
Until Mbed TLS 2.24.0, we required changelog entries in more cases.
Looking at older changelog entries is good practice for how to write a
diff --git a/ChangeLog.d/build-without-certs.txt b/ChangeLog.d/build-without-certs.txt
deleted file mode 100644
index dcb5c77..0000000
--- a/ChangeLog.d/build-without-certs.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix build errors in test programs when MBEDTLS_CERTS_C is disabled.
- Fixes #6243.
diff --git a/ChangeLog.d/c-build-helper-hostcc.txt b/ChangeLog.d/c-build-helper-hostcc.txt
deleted file mode 100644
index 86182c3..0000000
--- a/ChangeLog.d/c-build-helper-hostcc.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Features
- * Use HOSTCC (if it is set) when compiling C code during generation of the
- configuration-independent files. This allows them to be generated when
- CC is set for cross compilation.
diff --git a/ChangeLog.d/clang-15-bignum-warning.txt b/ChangeLog.d/clang-15-bignum-warning.txt
deleted file mode 100644
index d3308b4..0000000
--- a/ChangeLog.d/clang-15-bignum-warning.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Silence a warning about an unused local variable in bignum.c on
- some architectures. Fixes #7166.
diff --git a/ChangeLog.d/coding-style.txt b/ChangeLog.d/coding-style.txt
deleted file mode 100644
index b2cff5c..0000000
--- a/ChangeLog.d/coding-style.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Changes
- * The C code follows a new coding style. This is transparent for users but
- affects contributors and maintainers of local patches. For more
- information, see
- https://mbed-tls.readthedocs.io/en/latest/kb/how-to/rewrite-branch-for-coding-style/
diff --git a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt b/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
deleted file mode 100644
index 0a90721..0000000
--- a/ChangeLog.d/conditionalize-mbedtls_mpi_sub_abs-memcpy.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix potential undefined behavior in mbedtls_mpi_sub_abs(). Reported by
- Pascal Cuoq using TrustInSoft Analyzer in #6701; observed independently by
- Aaron Ucko under Valgrind.
diff --git a/ChangeLog.d/empty-retval-description.txt b/ChangeLog.d/empty-retval-description.txt
deleted file mode 100644
index 491adf5..0000000
--- a/ChangeLog.d/empty-retval-description.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Silence warnings from clang -Wdocumentation about empty \retval
- descriptions, which started appearing with Clang 15. Fixes #6960.
diff --git a/ChangeLog.d/fix-a-few-unchecked-return.txt b/ChangeLog.d/fix-a-few-unchecked-return.txt
new file mode 100644
index 0000000..aadde36
--- /dev/null
+++ b/ChangeLog.d/fix-a-few-unchecked-return.txt
@@ -0,0 +1,3 @@
+Bugfix
+ * Fix some cases where mbedtls_mpi_mod_exp, RSA key construction or ECDSA
+ signature can silently return an incorrect result in low memory conditions.
diff --git a/ChangeLog.d/fix-example-programs-no-args.txt b/ChangeLog.d/fix-example-programs-no-args.txt
deleted file mode 100644
index 57fe37a..0000000
--- a/ChangeLog.d/fix-example-programs-no-args.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix behavior of certain sample programs which could, when run with no
- arguments, access uninitialized memory in some cases. Fixes #6700 (which
- was found by TrustInSoft Analyzer during REDOCS'22) and #1120.
diff --git a/ChangeLog.d/fix-gettimeofday-overflow.txt b/ChangeLog.d/fix-gettimeofday-overflow.txt
deleted file mode 100644
index 99a049d..0000000
--- a/ChangeLog.d/fix-gettimeofday-overflow.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix possible integer overflow in mbedtls_timing_hardclock(), which
- could cause a crash for certain platforms & compiler options.
-
diff --git a/ChangeLog.d/fix-iar-compiler-warnings.txt b/ChangeLog.d/fix-iar-compiler-warnings.txt
new file mode 100644
index 0000000..50f1dca
--- /dev/null
+++ b/ChangeLog.d/fix-iar-compiler-warnings.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Fix IAR compiler warnings. Fixes #7873, #4300.
diff --git a/ChangeLog.d/fix-iar-warnings.txt b/ChangeLog.d/fix-iar-warnings.txt
deleted file mode 100644
index 8a30132..0000000
--- a/ChangeLog.d/fix-iar-warnings.txt
+++ /dev/null
@@ -1,2 +0,0 @@
-Bugfix
- * Fix IAR compiler warnings. Fixes #6924.
diff --git a/ChangeLog.d/fix-oid-to-string-bugs.txt b/ChangeLog.d/fix-oid-to-string-bugs.txt
deleted file mode 100644
index 799f444..0000000
--- a/ChangeLog.d/fix-oid-to-string-bugs.txt
+++ /dev/null
@@ -1,6 +0,0 @@
-Bugfix
- * Fix bug in conversion from OID to string in
- mbedtls_oid_get_numeric_string(). OIDs such as 2.40.0.25 are now printed
- correctly.
- * Reject OIDs with overlong-encoded subidentifiers when converting
- OID-to-string.
diff --git a/ChangeLog.d/fix-rsaalt-test-guards.txt b/ChangeLog.d/fix-rsaalt-test-guards.txt
deleted file mode 100644
index f4f39c9..0000000
--- a/ChangeLog.d/fix-rsaalt-test-guards.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix compile error where MBEDTLS_RSA_C and MBEDTLS_X509_CRT_WRITE_C are
- defined, but MBEDTLS_PK_RSA_ALT_SUPPORT is not defined. Fixes #3174.
diff --git a/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt b/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt
deleted file mode 100644
index e7643b7..0000000
--- a/ChangeLog.d/fix_build_for_directory_names_containing_spaces.txt
+++ /dev/null
@@ -1,4 +0,0 @@
-Bugfix
- * Fix a bug in the build where directory names containing spaces were
- causing generate_errors.pl to error out resulting in a build failure.
- Fixes issue #6879.
diff --git a/ChangeLog.d/fix_hard_link_across_drives b/ChangeLog.d/fix_hard_link_across_drives
deleted file mode 100644
index 0c55c30..0000000
--- a/ChangeLog.d/fix_hard_link_across_drives
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix a build issue on Windows where the source and build directory could not be on
- different drives (#5751).
diff --git a/ChangeLog.d/fix_timing_alt.txt b/ChangeLog.d/fix_timing_alt.txt
deleted file mode 100644
index 86ec16d..0000000
--- a/ChangeLog.d/fix_timing_alt.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix a build issue when defining MBEDTLS_TIMING_ALT and MBEDTLS_SELF_TEST.
- The library would not link if the user didn't provide an external self-test
- function. The self-test is now provided regardless of the choice of
- internal/alternative timing implementation. Fixes #6923.
diff --git a/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
new file mode 100644
index 0000000..8fdc588
--- /dev/null
+++ b/ChangeLog.d/improve-doc-on-ecp-curve-optimized-representation.txt
@@ -0,0 +1,3 @@
+Features
+ * The documentation of mbedtls_ecp_group now describes the optimized
+ representation of A for some curves. Fixes #8045.
diff --git a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt b/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
deleted file mode 100644
index a85c79b..0000000
--- a/ChangeLog.d/improve_x509_cert_writing_serial_number_management.txt
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * mbedtls_x509write_crt_set_serial() now explicitly rejects serial numbers
- whose binary representation is longer than 20 bytes. This was already
- forbidden by the standard (RFC5280 - section 4.1.2.2) and now it's being
- enforced also at code level.
diff --git a/ChangeLog.d/initialize-struct-get-other-name.txt b/ChangeLog.d/initialize-struct-get-other-name.txt
new file mode 100644
index 0000000..dc8395d
--- /dev/null
+++ b/ChangeLog.d/initialize-struct-get-other-name.txt
@@ -0,0 +1,8 @@
+Bugfix
+ * Fix an issue when parsing an otherName subject alternative name into a
+ mbedtls_x509_san_other_name struct. The type-id of the otherName was not
+ copied to the struct. This meant that the struct had incomplete
+ information about the otherName SAN and contained uninitialized memory.
+ * Fix the detection of HardwareModuleName otherName SANs. These were being
+ detected by comparing the wrong field and the check was erroneously
+ inverted.
diff --git a/ChangeLog.d/mpi-window-perf b/ChangeLog.d/mpi-window-perf
deleted file mode 100644
index 0f75d6a..0000000
--- a/ChangeLog.d/mpi-window-perf
+++ /dev/null
@@ -1,7 +0,0 @@
-Changes
- * Changed the default MBEDTLS_ECP_WINDOW_SIZE from 6 to 2.
- As tested in issue 6790, the correlation between this define and
- RSA decryption performance has changed lately due to security fixes.
- To fix the performance degradation when using default values the
- window was reduced from 6 to 2, a value that gives the best or close
- to best results when tested on Cortex-M4 and Intel i7.
diff --git a/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
new file mode 100644
index 0000000..c1de491
--- /dev/null
+++ b/ChangeLog.d/x509-ec-algorithm-identifier-fix.txt
@@ -0,0 +1,4 @@
+Bugfix
+ * Fix x509 certificate generation to conform to RFC 5480 / RFC 5758 when
+ using ECC key. The certificate was rejected by some crypto frameworks.
+ Fixes #2924.
diff --git a/ChangeLog.d/x509-subaltname-ext b/ChangeLog.d/x509-subaltname-ext
deleted file mode 100644
index 7845f18..0000000
--- a/ChangeLog.d/x509-subaltname-ext
+++ /dev/null
@@ -1,5 +0,0 @@
-Bugfix
- * Fix parsing of X.509 SubjectAlternativeName extension. Previously,
- malformed alternative name components were not caught during initial
- certificate parsing, but only on subsequent calls to
- mbedtls_x509_parse_subject_alt_name(). Fixes #2838.
diff --git a/DartConfiguration.tcl b/DartConfiguration.tcl
index dfa0f07..af0578a 100644
--- a/DartConfiguration.tcl
+++ b/DartConfiguration.tcl
@@ -1,4 +1,4 @@
Site: localhost
-BuildName: mbed TLS-test
+BuildName: Mbed TLS-test
CoverageCommand: /usr/bin/gcov
MemoryCheckCommand: /usr/bin/valgrind
diff --git a/README.md b/README.md
index c4deb56..875e6bf 100644
--- a/README.md
+++ b/README.md
@@ -48,7 +48,7 @@
* GNU Make or a build tool that CMake supports.
* A C99 toolchain (compiler, linker, archiver). We actively test with GCC 5.4, Clang 3.8, IAR8 and Visual Studio 2013. More recent versions should work. Slightly older versions may work.
-* Python 3 to generate the test code.
+* Python 3.6 or later to generate the test code.
* Perl to run the tests.
### Make
@@ -249,7 +249,7 @@
License
-------
-Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license. Contributors must accept that their contributions are made under both the Apache-2.0 AND [GPL-2.0-or-later](https://spdx.org/licenses/GPL-2.0-or-later.html) licenses. This enables LTS (Long Term Support) branches of the software to be provided under either the Apache-2.0 OR GPL-2.0-or-later licenses.
+Unless specifically indicated otherwise in a file, Mbed TLS files are provided under the [Apache-2.0](https://spdx.org/licenses/Apache-2.0.html) license. See the [LICENSE](LICENSE) file for the full text of this license, and [the 'License and Copyright' section in the contributing guidelines](CONTRIBUTING.md#License-and-Copyright) for more information.
Contributing
------------
diff --git a/SECURITY.md b/SECURITY.md
index 33bbc2f..732335b 100644
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -18,3 +18,120 @@
Only the maintained branches, as listed in [`BRANCHES.md`](BRANCHES.md),
get security fixes.
Users are urged to always use the latest version of a maintained branch.
+
+## Threat model
+
+We classify attacks based on the capabilities of the attacker.
+
+### Remote attacks
+
+In this section, we consider an attacker who can observe and modify data sent
+over the network. This includes observing the content and timing of individual
+packets, as well as suppressing or delaying legitimate messages, and injecting
+messages.
+
+Mbed TLS aims to fully protect against remote attacks and to enable the user
+application in providing full protection against remote attacks. Said
+protection is limited to providing security guarantees offered by the protocol
+being implemented. (For example Mbed TLS alone won't guarantee that the
+messages will arrive without delay, as the TLS protocol doesn't guarantee that
+either.)
+
+**Warning!** Block ciphers do not yet achieve full protection against attackers
+who can measure the timing of packets with sufficient precision. For details
+and workarounds see the [Block Ciphers](#block-ciphers) section.
+
+### Local attacks
+
+In this section, we consider an attacker who can run software on the same
+machine. The attacker has insufficient privileges to directly access Mbed TLS
+assets such as memory and files.
+
+#### Timing attacks
+
+The attacker is able to observe the timing of instructions executed by Mbed TLS
+by leveraging shared hardware that both Mbed TLS and the attacker have access
+to. Typical attack vectors include cache timings, memory bus contention and
+branch prediction.
+
+Mbed TLS provides limited protection against timing attacks. The cost of
+protecting against timing attacks widely varies depending on the granularity of
+the measurements and the noise present. Therefore the protection in Mbed TLS is
+limited. We are only aiming to provide protection against **publicly
+documented attack techniques**.
+
+As attacks keep improving, so does Mbed TLS's protection. Mbed TLS is moving
+towards a model of fully timing-invariant code, but has not reached this point
+yet.
+
+**Remark:** Timing information can be observed over the network or through
+physical side channels as well. Remote and physical timing attacks are covered
+in the [Remote attacks](remote-attacks) and [Physical
+attacks](physical-attacks) sections respectively.
+
+**Warning!** Block ciphers do not yet achieve full protection. For
+details and workarounds see the [Block Ciphers](#block-ciphers) section.
+
+#### Local non-timing side channels
+
+The attacker code running on the platform has access to some sensor capable of
+picking up information on the physical state of the hardware while Mbed TLS is
+running. This could for example be an analogue-to-digital converter on the
+platform that is located unfortunately enough to pick up the CPU noise.
+
+Mbed TLS doesn't make any security guarantees against local non-timing-based
+side channel attacks. If local non-timing attacks are present in a use case or
+a user application's threat model, they need to be mitigated by the platform.
+
+#### Local fault injection attacks
+
+Software running on the same hardware can affect the physical state of the
+device and introduce faults.
+
+Mbed TLS doesn't make any security guarantees against local fault injection
+attacks. If local fault injection attacks are present in a use case or a user
+application's threat model, they need to be mitigated by the platform.
+
+### Physical attacks
+
+In this section, we consider an attacker who has access to physical information
+about the hardware Mbed TLS is running on and/or can alter the physical state
+of the hardware (e.g. power analysis, radio emissions or fault injection).
+
+Mbed TLS doesn't make any security guarantees against physical attacks. If
+physical attacks are present in a use case or a user application's threat
+model, they need to be mitigated by physical countermeasures.
+
+### Caveats
+
+#### Out-of-scope countermeasures
+
+Mbed TLS has evolved organically and a well defined threat model hasn't always
+been present. Therefore, Mbed TLS might have countermeasures against attacks
+outside the above defined threat model.
+
+The presence of such countermeasures don't mean that Mbed TLS provides
+protection against a class of attacks outside of the above described threat
+model. Neither does it mean that the failure of such a countermeasure is
+considered a vulnerability.
+
+#### Block ciphers
+
+Currently there are four block ciphers in Mbed TLS: AES, CAMELLIA, ARIA and
+DES. The pure software implementation in Mbed TLS implementation uses lookup
+tables, which are vulnerable to timing attacks.
+
+These timing attacks can be physical, local or depending on network latency
+even a remote. The attacks can result in key recovery.
+
+**Workarounds:**
+
+- Turn on hardware acceleration for AES. This is supported only on selected
+ architectures and currently only available for AES. See configuration options
+ `MBEDTLS_AESNI_C` and `MBEDTLS_PADLOCK_C` for details.
+- Add a secure alternative implementation (typically hardware acceleration) for
+ the vulnerable cipher. See the [Alternative Implementations
+Guide](docs/architecture/alternative-implementations.md) for more information.
+- Use cryptographic mechanisms that are not based on block ciphers. In
+ particular, for authenticated encryption, use ChaCha20/Poly1305 instead of
+ block cipher modes. For random generation, use HMAC\_DRBG instead of CTR\_DRBG.
diff --git a/configs/README.txt b/configs/README.txt
index 933fa7f..d2f9bcb 100644
--- a/configs/README.txt
+++ b/configs/README.txt
@@ -23,4 +23,4 @@
make
Note that the second method also works if you want to keep your custom
-configuration file outside the mbed TLS tree.
+configuration file outside the Mbed TLS tree.
diff --git a/configs/config-mini-tls1_1.h b/configs/config-mini-tls1_1.h
index 78e31d5..318e0fb 100644
--- a/configs/config-mini-tls1_1.h
+++ b/configs/config-mini-tls1_1.h
@@ -33,13 +33,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_PKCS1_V15
#define MBEDTLS_KEY_EXCHANGE_RSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_1
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-no-entropy.h b/configs/config-no-entropy.h
index 63f9411..72006eb 100644
--- a/configs/config-no-entropy.h
+++ b/configs/config-no-entropy.h
@@ -36,7 +36,7 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_PADDING_PKCS7
#define MBEDTLS_REMOVE_ARC4_CIPHERSUITES
@@ -53,7 +53,7 @@
#define MBEDTLS_X509_CHECK_KEY_USAGE
#define MBEDTLS_X509_CHECK_EXTENDED_KEY_USAGE
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-suite-b.h b/configs/config-suite-b.h
index 29897fd..545a791 100644
--- a/configs/config-suite-b.h
+++ b/configs/config-suite-b.h
@@ -40,13 +40,13 @@
#define MBEDTLS_HAVE_ASM
#define MBEDTLS_HAVE_TIME
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_DP_SECP384R1_ENABLED
#define MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
#define MBEDTLS_SSL_PROTO_TLS1_2
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/configs/config-symmetric-only.h b/configs/config-symmetric-only.h
index f05a0d7..3498738 100644
--- a/configs/config-symmetric-only.h
+++ b/configs/config-symmetric-only.h
@@ -28,7 +28,7 @@
#define MBEDTLS_HAVE_TIME
#define MBEDTLS_HAVE_TIME_DATE
-/* Mbed Crypto feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_CIPHER_MODE_CBC
#define MBEDTLS_CIPHER_MODE_CFB
#define MBEDTLS_CIPHER_MODE_CTR
@@ -45,7 +45,7 @@
#define MBEDTLS_USE_PSA_CRYPTO
#define MBEDTLS_VERSION_FEATURES
-/* Mbed Crypto modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ARC4_C
#define MBEDTLS_ASN1_PARSE_C
diff --git a/configs/config-thread.h b/configs/config-thread.h
index de24158..0de7e16 100644
--- a/configs/config-thread.h
+++ b/configs/config-thread.h
@@ -38,7 +38,7 @@
/* System support */
#define MBEDTLS_HAVE_ASM
-/* mbed TLS feature support */
+/* Mbed TLS feature support */
#define MBEDTLS_AES_ROM_TABLES
#define MBEDTLS_ECP_DP_SECP256R1_ENABLED
#define MBEDTLS_ECP_NIST_OPTIM
@@ -50,7 +50,7 @@
#define MBEDTLS_SSL_DTLS_HELLO_VERIFY
#define MBEDTLS_SSL_EXPORT_KEYS
-/* mbed TLS modules */
+/* Mbed TLS modules */
#define MBEDTLS_AES_C
#define MBEDTLS_ASN1_PARSE_C
#define MBEDTLS_ASN1_WRITE_C
diff --git a/docs/.gitignore b/docs/.gitignore
index 23f832b..11f197b 100644
--- a/docs/.gitignore
+++ b/docs/.gitignore
@@ -1,2 +1,4 @@
*.html
*.pdf
+_build/
+api/
diff --git a/docs/Makefile b/docs/Makefile
new file mode 100644
index 0000000..47510f9
--- /dev/null
+++ b/docs/Makefile
@@ -0,0 +1,40 @@
+# Minimal makefile for Sphinx documentation
+#
+
+# You can set these variables from the command line, and also
+# from the environment for the first two.
+SPHINXOPTS ?=
+SPHINXBUILD ?= sphinx-build
+SOURCEDIR = .
+BUILDDIR = _build
+
+# Put it first so that "make" without argument is like "make help".
+help:
+ @$(SPHINXBUILD) -M help "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+.PHONY: help clean apidoc breathe_apidoc Makefile
+
+# Intercept the 'clean' target so we can do the right thing for apidoc as well
+clean:
+ @# Clean the apidoc
+ $(MAKE) -C .. apidoc_clean
+ @# Clean the breathe-apidoc generated files
+ rm -rf ./api
+ @# Clean the sphinx docs
+ @$(SPHINXBUILD) -M clean "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
+
+apidoc:
+ @# Generate doxygen from source using the main Makefile
+ $(MAKE) -C .. apidoc
+
+breathe_apidoc: apidoc
+ @# Remove existing files - breathe-apidoc skips them if they're present
+ rm -rf ./api
+ @# Generate RST file structure with breathe-apidoc
+ breathe-apidoc -o ./api ../apidoc/xml
+
+# Catch-all target: route all unknown targets to Sphinx using the new
+# "make mode" option. $(O) is meant as a shortcut for $(SPHINXOPTS).
+%: Makefile breathe_apidoc
+ @# Build the relevant target with sphinx
+ @$(SPHINXBUILD) -M $@ "$(SOURCEDIR)" "$(BUILDDIR)" $(SPHINXOPTS) $(O)
diff --git a/docs/architecture/mbed-crypto-storage-specification.md b/docs/architecture/mbed-crypto-storage-specification.md
index d630e8e..2b99f77 100644
--- a/docs/architecture/mbed-crypto-storage-specification.md
+++ b/docs/architecture/mbed-crypto-storage-specification.md
@@ -1,7 +1,9 @@
-Mbed Crypto storage specification
+Mbed TLS storage specification
=================================
-This document specifies how Mbed Crypto uses storage.
+This document specifies how Mbed TLS uses storage.
+Key storage was originally introduced in a product called Mbed Crypto, which was re-distributed via Mbed TLS and has since been merged into Mbed TLS.
+This document contains historical information both from before and after this merge.
Mbed Crypto may be upgraded on an existing device with the storage preserved. Therefore:
diff --git a/docs/architecture/testing/driver-interface-test-strategy.md b/docs/architecture/testing/driver-interface-test-strategy.md
index a726c43..380fd39 100644
--- a/docs/architecture/testing/driver-interface-test-strategy.md
+++ b/docs/architecture/testing/driver-interface-test-strategy.md
@@ -1,6 +1,6 @@
-# Mbed Crypto driver interface test strategy
+# Mbed TLS driver interface test strategy
-This document describes the test strategy for the driver interfaces in Mbed Crypto. Mbed Crypto has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed Crypto itself; testing drivers is out of scope.
+This document describes the test strategy for the driver interfaces in Mbed TLS. Mbed TLS has interfaces for secure element drivers, accelerator drivers and entropy drivers. This document is about testing Mbed TLS itself; testing drivers is out of scope.
The driver interfaces are standardized through PSA Cryptography functional specifications.
@@ -16,9 +16,9 @@
#### Dynamic secure element driver interface
-The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed Crypto and one or more third-party drivers.
+The dynamic secure element driver interface (SE interface for short) is defined by [`psa/crypto_se_driver.h`](../../../include/psa/crypto_se_driver.h). This is an interface between Mbed TLS and one or more third-party drivers.
-The SE interface consists of one function provided by Mbed Crypto (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed Crypto, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
+The SE interface consists of one function provided by Mbed TLS (`psa_register_se_driver`) and many functions that drivers must implement. To make a driver usable by Mbed TLS, the initialization code must call `psa_register_se_driver` with a structure that describes the driver. The structure mostly contains function pointers, pointing to the driver's methods. All calls to a driver function are triggered by a call to a PSA crypto API function.
### SE driver interface unit tests
@@ -57,7 +57,7 @@
#### SE driver outputs
-For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed Crypto handles the outputs.
+For each API function that leads to a driver call, call it with parameters that cause a driver to be invoked and check how Mbed TLS handles the outputs.
* Correct outputs.
* Incorrect outputs such as an invalid output length.
diff --git a/docs/architecture/testing/psa-storage-format-testing.md b/docs/architecture/testing/psa-storage-format-testing.md
index 5514dfa..a5c1fd1 100644
--- a/docs/architecture/testing/psa-storage-format-testing.md
+++ b/docs/architecture/testing/psa-storage-format-testing.md
@@ -47,7 +47,7 @@
* [Storage transaction file](#storage-transaction-resumption).
* [Driver state files](#driver-state-files).
-For a more detailed description, refer to the [Mbed Crypto storage specification](../mbed-crypto-storage-specification.md).
+For a more detailed description, refer to the [Mbed TLS storage specification](../mbed-crypto-storage-specification.md).
In addition, Mbed TLS includes an implementation of the PSA trusted storage interface on top of C stdio. This document addresses the test strategy for [PSA ITS over file](#psa-its-over-file) in a separate section below.
diff --git a/docs/architecture/testing/test-framework.md b/docs/architecture/testing/test-framework.md
index c537951..8baa390 100644
--- a/docs/architecture/testing/test-framework.md
+++ b/docs/architecture/testing/test-framework.md
@@ -30,17 +30,23 @@
#### SSL test case descriptions
-Each test case in `ssl-opt.sh` has a description which succinctly describes for a human audience what the test does. The test description is the first parameter to `run_tests`.
+Each test case in `ssl-opt.sh` has a description which succinctly describes for a human audience what the test does. The test description is the first parameter to `run_test`.
The same rules and guidelines apply as for [unit test descriptions](#unit-test-descriptions). In addition, the description must be written on the same line as `run_test`, in double quotes, for the sake of `check_test_cases.py`.
+### SSL cipher suite tests
+
+Each test case in `compat.sh` has a description which succinctly describes for a human audience what the test does. The test description is `$TITLE` defined in `run_client`.
+
+The same rules and guidelines apply as for [unit test descriptions](#unit-test-descriptions). In addition, failure cause in `compat.sh` is not classified as `ssl-opt.sh`, so the information of failed log files are followed as prompt.
+
## Running tests
### Outcome file
#### Generating an outcome file
-Unit tests and `ssl-opt.sh` record the outcome of each test case in a **test outcome file**. This feature is enabled if the environment variable `MBEDTLS_TEST_OUTCOME_FILE` is set. Set it to the path of the desired file.
+Unit tests, `ssl-opt.sh` and `compat.sh` record the outcome of each test case in a **test outcome file**. This feature is enabled if the environment variable `MBEDTLS_TEST_OUTCOME_FILE` is set. Set it to the path of the desired file.
If you run `all.sh --outcome-file test-outcome.csv`, this collects the outcome of all the test cases in `test-outcome.csv`.
@@ -52,7 +58,7 @@
* **Platform**: a description of the platform, e.g. `Linux-x86_64` or `Linux-x86_64-gcc7-msan`.
* **Configuration**: a unique description of the configuration (`config.h`).
-* **Test suite**: `test_suite_xxx` or `ssl-opt`.
+* **Test suite**: `test_suite_xxx`, `ssl-opt` or `compat`.
* **Test case**: the description of the test case.
* **Result**: one of `PASS`, `SKIP` or `FAIL`.
* **Cause**: more information explaining the result.
diff --git a/docs/conf.py b/docs/conf.py
new file mode 100644
index 0000000..41c50c7
--- /dev/null
+++ b/docs/conf.py
@@ -0,0 +1,34 @@
+# Configuration file for the Sphinx documentation builder.
+#
+# For the full list of built-in configuration values, see the documentation:
+# https://www.sphinx-doc.org/en/master/usage/configuration.html
+
+# -- Project information -----------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#project-information
+import glob
+
+project = 'Mbed TLS Versioned'
+copyright = '2023, Mbed TLS Contributors'
+author = 'Mbed TLS Contributors'
+
+# -- General configuration ---------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#general-configuration
+
+extensions = ['breathe', 'sphinx.ext.graphviz']
+
+templates_path = ['_templates']
+exclude_patterns = ['_build', 'Thumbs.db', '.DS_Store']
+
+breathe_projects = {
+ 'mbedtls-versioned': '../apidoc/xml'
+}
+breathe_default_project = 'mbedtls-versioned'
+
+primary_domain = 'c'
+highlight_language = 'c'
+
+# -- Options for HTML output -------------------------------------------------
+# https://www.sphinx-doc.org/en/master/usage/configuration.html#options-for-html-output
+
+html_theme = 'sphinx_rtd_theme'
+html_static_path = ['_static']
diff --git a/docs/getting_started.md b/docs/getting_started.md
deleted file mode 100644
index 507afa1..0000000
--- a/docs/getting_started.md
+++ /dev/null
@@ -1,962 +0,0 @@
-## Getting started with Mbed TLS
-
-### What is Mbed TLS?
-
-Mbed TLS is an open source cryptographic library that supports a wide range of
-cryptographic operations, including:
-* Key management
-* Hashing
-* Symmetric cryptography
-* Asymmetric cryptography
-* Message authentication (MAC)
-* Key generation and derivation
-* Authenticated encryption with associated data (AEAD)
-
-Mbed TLS provides a reference implementation of the cryptography interface of
-the Arm Platform Security Architecture (PSA). It is written in portable C.
-
-Mbed TLS is distributed under the Apache License, version 2.0.
-
-#### Platform Security Architecture (PSA)
-
-Arm's Platform Security Architecture (PSA) is a holistic set of threat models,
-security analyses, hardware and firmware architecture specifications, and an
-open source firmware reference implementation. PSA provides a recipe, based on
-industry best practice, that enables you to design security into both hardware
-and firmware consistently. Part of the API provided by PSA is the cryptography
-interface, which provides access to a set of primitives.
-
-### Using Mbed TLS
-
-* [Getting the Mbed TLS library](#getting-the-mbed-tls-library)
-* [Building the Mbed TLS library](#building-the-mbed-tls-library)
-* [Using the PSA Crypto API](#using-the-psa-crypto-api)
-* [Importing a key](#importing-a-key)
-* [Signing a message using RSA](#signing-a-message-using-RSA)
-* [Encrypting or decrypting using symmetric ciphers](#encrypting-or-decrypting-using-symmetric-ciphers)
-* [Hashing a message](#hashing-a-message)
-* [Deriving a new key from an existing key](#deriving-a-new-key-from-an-existing-key)
-* [Generating a random value](#generating-a-random-value)
-* [Authenticating and encrypting or decrypting a message](#authenticating-and-encrypting-or-decrypting-a-message)
-* [Generating and exporting keys](#generating-and-exporting-keys)
-* [More about the PSA Crypto API](#more-about-the-psa-crypto-api)
-
-### Getting the Mbed TLS library
-
-Mbed TLS releases are available in the [public GitHub repository](https://github.com/Mbed-TLS/mbedtls).
-
-### Building the Mbed TLS library
-
-**Prerequisites to building the library with the provided makefiles:**
-* GNU Make.
-* A C toolchain (compiler, linker, archiver) that supports C99.
-* Python 3.6 to generate the test code.
-* Perl to run the tests.
-
-If you have a C compiler such as GCC or Clang, just run `make` in the top-level
-directory to build the library, a set of unit tests and some sample programs.
-
-To select a different compiler, set the `CC` variable to the name or path of the
-compiler and linker (default: `cc`) and set `AR` to a compatible archiver
-(default: `ar`); for example:
-```
-make CC=arm-linux-gnueabi-gcc AR=arm-linux-gnueabi-ar
-```
-The provided makefiles pass options to the compiler that assume a GCC-like
-command line syntax. To use a different compiler, you may need to pass different
-values for `CFLAGS`, `WARNINGS_CFLAGS` and `LDFLAGS`.
-
-To run the unit tests on the host machine, run `make test` from the top-level
-directory. If you are cross-compiling, copy the test executable from the `tests`
-directory to the target machine.
-
-### Using the PSA Crypto API
-
-If using PSA Crypto, you must initialize the library by calling
-`psa_crypto_init()` before any other PSA API.
-
-### Importing a key
-
-To use a key for cryptography operations in PSA, you need to first
-import it. The import operation returns the identifier of the key for use
-with other function calls.
-
-**Prerequisites to importing keys:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-
-This example shows how to import a key:
-```C
-void import_a_key(const uint8_t *key, size_t key_len)
-{
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t key_id;
-
- printf("Import an AES key...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Set key attributes */
- psa_set_key_usage_flags(&attributes, 0);
- psa_set_key_algorithm(&attributes, 0);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
-
- /* Import the key */
- status = psa_import_key(&attributes, key, key_len, &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to import key\n");
- return;
- }
- printf("Imported a key\n");
-
- /* Free the attributes */
- psa_reset_key_attributes(&attributes);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-}
-```
-
-### Signing a message using RSA
-
-The PSA Crypto API supports encrypting, decrypting, signing and verifying
-messages using public key signature algorithms, such as RSA or ECDSA.
-
-**Prerequisites to performing asymmetric signature operations:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-* Have a valid key with appropriate attributes set:
- * Usage flag `PSA_KEY_USAGE_SIGN_HASH` to allow signing.
- * Usage flag `PSA_KEY_USAGE_VERIFY_HASH` to allow signature verification.
- * Algorithm set to the desired signature algorithm.
-
-This example shows how to sign a hash that has already been calculated:
-```C
-void sign_a_message_using_rsa(const uint8_t *key, size_t key_len)
-{
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- uint8_t hash[32] = {0x50, 0xd8, 0x58, 0xe0, 0x98, 0x5e, 0xcc, 0x7f,
- 0x60, 0x41, 0x8a, 0xaf, 0x0c, 0xc5, 0xab, 0x58,
- 0x7f, 0x42, 0xc2, 0x57, 0x0a, 0x88, 0x40, 0x95,
- 0xa9, 0xe8, 0xcc, 0xac, 0xd0, 0xf6, 0x54, 0x5c};
- uint8_t signature[PSA_SIGNATURE_MAX_SIZE] = {0};
- size_t signature_length;
- psa_key_id_t key_id;
-
- printf("Sign a message...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Set key attributes */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
- psa_set_key_algorithm(&attributes, PSA_ALG_RSA_PKCS1V15_SIGN_RAW);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_RSA_KEY_PAIR);
- psa_set_key_bits(&attributes, 1024);
-
- /* Import the key */
- status = psa_import_key(&attributes, key, key_len, &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to import key\n");
- return;
- }
-
- /* Sign message using the key */
- status = psa_sign_hash(key_id, PSA_ALG_RSA_PKCS1V15_SIGN_RAW,
- hash, sizeof(hash),
- signature, sizeof(signature),
- &signature_length);
- if (status != PSA_SUCCESS) {
- printf("Failed to sign\n");
- return;
- }
-
- printf("Signed a message\n");
-
- /* Free the attributes */
- psa_reset_key_attributes(&attributes);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-}
-```
-
-### Using symmetric ciphers
-
-The PSA Crypto API supports encrypting and decrypting messages using various
-symmetric cipher algorithms (both block and stream ciphers).
-
-**Prerequisites to working with the symmetric cipher API:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-* Have a symmetric key. This key's usage flags must include
- `PSA_KEY_USAGE_ENCRYPT` to allow encryption or `PSA_KEY_USAGE_DECRYPT` to
- allow decryption.
-
-**To encrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
- cipher functions.
-1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_encrypt_setup()` to specify the algorithm and the key to be
- used.
-1. Call either `psa_cipher_generate_iv()` or `psa_cipher_set_iv()` to generate
- or set the initialization vector (IV). We recommend calling
- `psa_cipher_generate_iv()`, unless you require a specific IV value.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this
- function multiple times, passing successive fragments of the message on
- successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the encrypted
- message.
-
-This example shows how to encrypt data using an AES (Advanced Encryption
-Standard) key in CBC (Cipher Block Chaining) mode with no padding (assuming all
-prerequisites have been fulfilled):
-```c
-void encrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
-{
- enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
- };
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
- uint8_t plaintext[block_size] = SOME_PLAINTEXT;
- uint8_t iv[block_size];
- size_t iv_len;
- uint8_t output[block_size];
- size_t output_len;
- psa_key_id_t key_id;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
-
- printf("Encrypt with cipher...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS)
- {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Import a key */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key, key_len, &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to import a key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- /* Encrypt the plaintext */
- status = psa_cipher_encrypt_setup(&operation, key_id, alg);
- if (status != PSA_SUCCESS) {
- printf("Failed to begin cipher operation\n");
- return;
- }
- status = psa_cipher_generate_iv(&operation, iv, sizeof(iv), &iv_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to generate IV\n");
- return;
- }
- status = psa_cipher_update(&operation, plaintext, sizeof(plaintext),
- output, sizeof(output), &output_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to update cipher operation\n");
- return;
- }
- status = psa_cipher_finish(&operation, output + output_len,
- sizeof(output) - output_len, &output_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to finish cipher operation\n");
- return;
- }
- printf("Encrypted plaintext\n");
-
- /* Clean up cipher operation context */
- psa_cipher_abort(&operation);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-}
-```
-
-**To decrypt a message with a symmetric cipher:**
-1. Allocate an operation (`psa_cipher_operation_t`) structure to pass to the
- cipher functions.
-1. Initialize the operation structure to zero or to `PSA_CIPHER_OPERATION_INIT`.
-1. Call `psa_cipher_decrypt_setup()` to specify the algorithm and the key to be
- used.
-1. Call `psa_cipher_set_iv()` with the IV for the decryption.
-1. Call `psa_cipher_update()` with the message to encrypt. You may call this
- function multiple times, passing successive fragments of the message on
- successive calls.
-1. Call `psa_cipher_finish()` to end the operation and output the decrypted
- message.
-
-This example shows how to decrypt encrypted data using an AES key in CBC mode
-with no padding (assuming all prerequisites have been fulfilled):
-```c
-void decrypt_with_symmetric_ciphers(const uint8_t *key, size_t key_len)
-{
- enum {
- block_size = PSA_BLOCK_CIPHER_BLOCK_LENGTH(PSA_KEY_TYPE_AES),
- };
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_algorithm_t alg = PSA_ALG_CBC_NO_PADDING;
- psa_cipher_operation_t operation = PSA_CIPHER_OPERATION_INIT;
- uint8_t ciphertext[block_size] = SOME_CIPHERTEXT;
- uint8_t iv[block_size] = ENCRYPTED_WITH_IV;
- uint8_t output[block_size];
- size_t output_len;
- psa_key_id_t key_id;
-
- printf("Decrypt with cipher...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS)
- {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Import a key */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key, key_len, &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to import a key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- /* Decrypt the ciphertext */
- status = psa_cipher_decrypt_setup(&operation, key_id, alg);
- if (status != PSA_SUCCESS) {
- printf("Failed to begin cipher operation\n");
- return;
- }
- status = psa_cipher_set_iv(&operation, iv, sizeof(iv));
- if (status != PSA_SUCCESS) {
- printf("Failed to set IV\n");
- return;
- }
- status = psa_cipher_update(&operation, ciphertext, sizeof(ciphertext),
- output, sizeof(output), &output_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to update cipher operation\n");
- return;
- }
- status = psa_cipher_finish(&operation, output + output_len,
- sizeof(output) - output_len, &output_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to finish cipher operation\n");
- return;
- }
- printf("Decrypted ciphertext\n");
-
- /* Clean up cipher operation context */
- psa_cipher_abort(&operation);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-}
-```
-
-#### Handling cipher operation contexts
-
-After you've initialized the operation structure with a successful call to
-`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()`, you can terminate
-the operation at any time by calling `psa_cipher_abort()`.
-
-The call to `psa_cipher_abort()` frees any resources associated with the
-operation, except for the operation structure itself.
-
-The PSA Crypto API implicitly calls `psa_cipher_abort()` when:
-* A call to `psa_cipher_generate_iv()`, `psa_cipher_set_iv()` or
- `psa_cipher_update()` fails (returning any status other than `PSA_SUCCESS`).
-* A call to `psa_cipher_finish()` succeeds or fails.
-
-After an implicit or explicit call to `psa_cipher_abort()`, the operation
-structure is invalidated; in other words, you cannot reuse the operation
-structure for the same operation. You can, however, reuse the operation
-structure for a different operation by calling either
-`psa_cipher_encrypt_setup()` or `psa_cipher_decrypt_setup()` again.
-
-You must call `psa_cipher_abort()` at some point for any operation that is
-initialized successfully (by a successful call to `psa_cipher_encrypt_setup()`
-or `psa_cipher_decrypt_setup()`).
-
-Making multiple sequential calls to `psa_cipher_abort()` on an operation that
-is terminated (either implicitly or explicitly) is safe and has no effect.
-
-### Hashing a message
-
-The PSA Crypto API lets you compute and verify hashes using various hashing
-algorithms.
-
-**Prerequisites to working with the hash APIs:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-
-**To calculate a hash:**
-1. Allocate an operation structure (`psa_hash_operation_t`) to pass to the hash
- functions.
-1. Initialize the operation structure to zero or to `PSA_HASH_OPERATION_INIT`.
-1. Call `psa_hash_setup()` to specify the hash algorithm.
-1. Call `psa_hash_update()` with the message to encrypt. You may call this
- function multiple times, passing successive fragments of the message on
- successive calls.
-1. Call `psa_hash_finish()` to calculate the hash, or `psa_hash_verify()` to
- compare the computed hash with an expected hash value.
-
-This example shows how to calculate the SHA-256 hash of a message:
-```c
- psa_status_t status;
- psa_algorithm_t alg = PSA_ALG_SHA_256;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- unsigned char input[] = { 'a', 'b', 'c' };
- unsigned char actual_hash[PSA_HASH_MAX_SIZE];
- size_t actual_hash_len;
-
- printf("Hash a message...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Compute hash of message */
- status = psa_hash_setup(&operation, alg);
- if (status != PSA_SUCCESS) {
- printf("Failed to begin hash operation\n");
- return;
- }
- status = psa_hash_update(&operation, input, sizeof(input));
- if (status != PSA_SUCCESS) {
- printf("Failed to update hash operation\n");
- return;
- }
- status = psa_hash_finish(&operation, actual_hash, sizeof(actual_hash),
- &actual_hash_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to finish hash operation\n");
- return;
- }
-
- printf("Hashed a message\n");
-
- /* Clean up hash operation context */
- psa_hash_abort(&operation);
-
- mbedtls_psa_crypto_free();
-```
-
-This example shows how to verify the SHA-256 hash of a message:
-```c
- psa_status_t status;
- psa_algorithm_t alg = PSA_ALG_SHA_256;
- psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT;
- unsigned char input[] = { 'a', 'b', 'c' };
- unsigned char expected_hash[] = {
- 0xba, 0x78, 0x16, 0xbf, 0x8f, 0x01, 0xcf, 0xea, 0x41, 0x41, 0x40, 0xde,
- 0x5d, 0xae, 0x22, 0x23, 0xb0, 0x03, 0x61, 0xa3, 0x96, 0x17, 0x7a, 0x9c,
- 0xb4, 0x10, 0xff, 0x61, 0xf2, 0x00, 0x15, 0xad
- };
- size_t expected_hash_len = PSA_HASH_LENGTH(alg);
-
- printf("Verify a hash...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Verify message hash */
- status = psa_hash_setup(&operation, alg);
- if (status != PSA_SUCCESS) {
- printf("Failed to begin hash operation\n");
- return;
- }
- status = psa_hash_update(&operation, input, sizeof(input));
- if (status != PSA_SUCCESS) {
- printf("Failed to update hash operation\n");
- return;
- }
- status = psa_hash_verify(&operation, expected_hash, expected_hash_len);
- if (status != PSA_SUCCESS) {
- printf("Failed to verify hash\n");
- return;
- }
-
- printf("Verified a hash\n");
-
- /* Clean up hash operation context */
- psa_hash_abort(&operation);
-
- mbedtls_psa_crypto_free();
-```
-
-The API provides the macro `PSA_HASH_LENGTH`, which returns the expected hash
-length (in bytes) for the specified algorithm.
-
-#### Handling hash operation contexts
-
-After a successful call to `psa_hash_setup()`, you can terminate the operation
-at any time by calling `psa_hash_abort()`. The call to `psa_hash_abort()` frees
-any resources associated with the operation, except for the operation structure
-itself.
-
-The PSA Crypto API implicitly calls `psa_hash_abort()` when:
-1. A call to `psa_hash_update()` fails (returning any status other than
- `PSA_SUCCESS`).
-1. A call to `psa_hash_finish()` succeeds or fails.
-1. A call to `psa_hash_verify()` succeeds or fails.
-
-After an implicit or explicit call to `psa_hash_abort()`, the operation
-structure is invalidated; in other words, you cannot reuse the operation
-structure for the same operation. You can, however, reuse the operation
-structure for a different operation by calling `psa_hash_setup()` again.
-
-You must call `psa_hash_abort()` at some point for any operation that is
-initialized successfully (by a successful call to `psa_hash_setup()`) .
-
-Making multiple sequential calls to `psa_hash_abort()` on an operation that has
-already been terminated (either implicitly or explicitly) is safe and has no
-effect.
-
-### Generating a random value
-
-The PSA Crypto API can generate random data.
-
-**Prerequisites to generating random data:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-
-<span class="notes">**Note:** To generate a random key, use `psa_generate_key()`
-instead of `psa_generate_random()`.</span>
-
-This example shows how to generate ten bytes of random data by calling
-`psa_generate_random()`:
-```C
- psa_status_t status;
- uint8_t random[10] = { 0 };
-
- printf("Generate random...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- status = psa_generate_random(random, sizeof(random));
- if (status != PSA_SUCCESS) {
- printf("Failed to generate a random value\n");
- return;
- }
-
- printf("Generated random data\n");
-
- /* Clean up */
- mbedtls_psa_crypto_free();
-```
-
-### Deriving a new key from an existing key
-
-The PSA Crypto API provides a key derivation API that lets you derive new keys
-from existing ones. The key derivation API has functions to take inputs,
-including other keys and data, and functions to generate outputs, such as
-new keys or other data.
-
-You must first initialize and set up a key derivation context,
-provided with a key and, optionally, other data. Then, use the key derivation
-context to either read derived data to a buffer or send derived data directly
-to a key slot.
-
-See the documentation for the particular algorithm (such as HKDF or the
-TLS 1.2 PRF) for information about which inputs to pass when, and when you can
-obtain which outputs.
-
-**Prerequisites to working with the key derivation APIs:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-* Use a key with the appropriate attributes set:
- * Usage flags set for key derivation (`PSA_KEY_USAGE_DERIVE`)
- * Key type set to `PSA_KEY_TYPE_DERIVE`.
- * Algorithm set to a key derivation algorithm
- (for example, `PSA_ALG_HKDF(PSA_ALG_SHA_256)`).
-
-**To derive a new AES-CTR 128-bit encryption key into a given key slot using HKDF
-with a given key, salt and info:**
-
-1. Set up the key derivation context using the `psa_key_derivation_setup()`
-function, specifying the derivation algorithm `PSA_ALG_HKDF(PSA_ALG_SHA_256)`.
-1. Provide an optional salt with `psa_key_derivation_input_bytes()`.
-1. Provide info with `psa_key_derivation_input_bytes()`.
-1. Provide a secret with `psa_key_derivation_input_key()`, referencing a key
- that can be used for key derivation.
-1. Set the key attributes desired for the new derived key. We'll set
- the `PSA_KEY_USAGE_ENCRYPT` usage flag and the `PSA_ALG_CTR` algorithm for
- this example.
-1. Derive the key by calling `psa_key_derivation_output_key()`.
-1. Clean up the key derivation context.
-
-At this point, the derived key slot holds a new 128-bit AES-CTR encryption key
-derived from the key, salt and info provided:
-```C
- psa_status_t status;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- static const unsigned char key[] = {
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b,
- 0x0b };
- static const unsigned char salt[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
- 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c };
- static const unsigned char info[] = {
- 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6,
- 0xf7, 0xf8, 0xf9 };
- psa_algorithm_t alg = PSA_ALG_HKDF(PSA_ALG_SHA_256);
- psa_key_derivation_operation_t operation =
- PSA_KEY_DERIVATION_OPERATION_INIT;
- size_t derived_bits = 128;
- size_t capacity = PSA_BITS_TO_BYTES(derived_bits);
- psa_key_id_t base_key;
- psa_key_id_t derived_key;
-
- printf("Derive a key (HKDF)...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Import a key for use in key derivation. If such a key has already been
- * generated or imported, you can skip this part. */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
- psa_set_key_algorithm(&attributes, alg);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_DERIVE);
- status = psa_import_key(&attributes, key, sizeof(key), &base_key);
- if (status != PSA_SUCCESS) {
- printf("Failed to import a key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- /* Derive a key */
- status = psa_key_derivation_setup(&operation, alg);
- if (status != PSA_SUCCESS) {
- printf("Failed to begin key derivation\n");
- return;
- }
- status = psa_key_derivation_set_capacity(&operation, capacity);
- if (status != PSA_SUCCESS) {
- printf("Failed to set capacity\n");
- return;
- }
- status = psa_key_derivation_input_bytes(&operation,
- PSA_KEY_DERIVATION_INPUT_SALT,
- salt, sizeof(salt));
- if (status != PSA_SUCCESS) {
- printf("Failed to input salt (extract)\n");
- return;
- }
- status = psa_key_derivation_input_key(&operation,
- PSA_KEY_DERIVATION_INPUT_SECRET,
- base_key);
- if (status != PSA_SUCCESS) {
- printf("Failed to input key (extract)\n");
- return;
- }
- status = psa_key_derivation_input_bytes(&operation,
- PSA_KEY_DERIVATION_INPUT_INFO,
- info, sizeof(info));
- if (status != PSA_SUCCESS) {
- printf("Failed to input info (expand)\n");
- return;
- }
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
- psa_set_key_algorithm(&attributes, PSA_ALG_CTR);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
- status = psa_key_derivation_output_key(&attributes, &operation,
- &derived_key);
- if (status != PSA_SUCCESS) {
- printf("Failed to derive key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- printf("Derived key\n");
-
- /* Clean up key derivation operation */
- psa_key_derivation_abort(&operation);
-
- /* Destroy the keys */
- psa_destroy_key(derived_key);
- psa_destroy_key(base_key);
-
- mbedtls_psa_crypto_free();
-```
-
-### Authenticating and encrypting or decrypting a message
-
-The PSA Crypto API provides a simple way to authenticate and encrypt with
-associated data (AEAD), supporting the `PSA_ALG_CCM` algorithm.
-
-**Prerequisites to working with the AEAD cipher APIs:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-* The key attributes for the key used for derivation must have the
- `PSA_KEY_USAGE_ENCRYPT` or `PSA_KEY_USAGE_DECRYPT` usage flags.
-
-This example shows how to authenticate and encrypt a message:
-```C
- psa_status_t status;
- static const uint8_t key[] = {
- 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
- static const uint8_t nonce[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B };
- static const uint8_t additional_data[] = {
- 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25,
- 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
- static const uint8_t input_data[] = {
- 0xB9, 0x6B, 0x49, 0xE2, 0x1D, 0x62, 0x17, 0x41,
- 0x63, 0x28, 0x75, 0xDB, 0x7F, 0x6C, 0x92, 0x43,
- 0xD2, 0xD7, 0xC2 };
- uint8_t *output_data = NULL;
- size_t output_size = 0;
- size_t output_length = 0;
- size_t tag_length = 16;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t key_id;
-
- printf("Authenticate encrypt...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- output_size = sizeof(input_data) + tag_length;
- output_data = (uint8_t *)malloc(output_size);
- if (!output_data) {
- printf("Out of memory\n");
- return;
- }
-
- /* Import a key */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_ENCRYPT);
- psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key, sizeof(key), &key_id);
- psa_reset_key_attributes(&attributes);
-
- /* Authenticate and encrypt */
- status = psa_aead_encrypt(key_id, PSA_ALG_CCM,
- nonce, sizeof(nonce),
- additional_data, sizeof(additional_data),
- input_data, sizeof(input_data),
- output_data, output_size,
- &output_length);
- if (status != PSA_SUCCESS) {
- printf("Failed to authenticate and encrypt\n");
- return;
- }
-
- printf("Authenticated and encrypted\n");
-
- /* Clean up */
- free(output_data);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-```
-
-This example shows how to authenticate and decrypt a message:
-
-```C
- psa_status_t status;
- static const uint8_t key_data[] = {
- 0xC0, 0xC1, 0xC2, 0xC3, 0xC4, 0xC5, 0xC6, 0xC7,
- 0xC8, 0xC9, 0xCA, 0xCB, 0xCC, 0xCD, 0xCE, 0xCF };
- static const uint8_t nonce[] = {
- 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
- 0x08, 0x09, 0x0A, 0x0B };
- static const uint8_t additional_data[] = {
- 0xEC, 0x46, 0xBB, 0x63, 0xB0, 0x25,
- 0x20, 0xC3, 0x3C, 0x49, 0xFD, 0x70 };
- static const uint8_t input_data[] = {
- 0x20, 0x30, 0xE0, 0x36, 0xED, 0x09, 0xA0, 0x45, 0xAF, 0x3C, 0xBA, 0xEE,
- 0x0F, 0xC8, 0x48, 0xAF, 0xCD, 0x89, 0x54, 0xF4, 0xF6, 0x3F, 0x28, 0x9A,
- 0xA1, 0xDD, 0xB2, 0xB8, 0x09, 0xCD, 0x7C, 0xE1, 0x46, 0xE9, 0x98 };
- uint8_t *output_data = NULL;
- size_t output_size = 0;
- size_t output_length = 0;
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t key_id;
-
- printf("Authenticate decrypt...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- output_size = sizeof(input_data);
- output_data = (uint8_t *)malloc(output_size);
- if (!output_data) {
- printf("Out of memory\n");
- return;
- }
-
- /* Import a key */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DECRYPT);
- psa_set_key_algorithm(&attributes, PSA_ALG_CCM);
- psa_set_key_type(&attributes, PSA_KEY_TYPE_AES);
- psa_set_key_bits(&attributes, 128);
- status = psa_import_key(&attributes, key_data, sizeof(key_data), &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to import a key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- /* Authenticate and decrypt */
- status = psa_aead_decrypt(key_id, PSA_ALG_CCM,
- nonce, sizeof(nonce),
- additional_data, sizeof(additional_data),
- input_data, sizeof(input_data),
- output_data, output_size,
- &output_length);
- if (status != PSA_SUCCESS) {
- printf("Failed to authenticate and decrypt %ld\n", status);
- return;
- }
-
- printf("Authenticated and decrypted\n");
-
- /* Clean up */
- free(output_data);
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-```
-
-### Generating and exporting keys
-
-The PSA Crypto API provides a simple way to generate a key or key pair.
-
-**Prerequisites to using key generation and export APIs:**
-* Initialize the library with a successful call to `psa_crypto_init()`.
-
-**To generate an ECDSA key:**
-1. Set the desired key attributes for key generation by calling
- `psa_set_key_algorithm()` with the chosen ECDSA algorithm (such as
- `PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256)`). You only want to export the
- public key, not the key pair (or private key); therefore, do not
- set `PSA_KEY_USAGE_EXPORT`.
-1. Generate a key by calling `psa_generate_key()`.
-1. Export the generated public key by calling `psa_export_public_key()`:
-```C
- enum {
- key_bits = 256,
- };
- psa_status_t status;
- size_t exported_length = 0;
- static uint8_t exported[PSA_KEY_EXPORT_ECC_PUBLIC_KEY_MAX_SIZE(key_bits)];
- psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- psa_key_id_t key_id;
-
- printf("Generate a key pair...\t");
- fflush(stdout);
-
- /* Initialize PSA Crypto */
- status = psa_crypto_init();
- if (status != PSA_SUCCESS) {
- printf("Failed to initialize PSA Crypto\n");
- return;
- }
-
- /* Generate a key */
- psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_SIGN_HASH);
- psa_set_key_algorithm(&attributes,
- PSA_ALG_DETERMINISTIC_ECDSA(PSA_ALG_SHA_256));
- psa_set_key_type(&attributes,
- PSA_KEY_TYPE_ECC_KEY_PAIR(PSA_ECC_FAMILY_SECP_R1));
- psa_set_key_bits(&attributes, key_bits);
- status = psa_generate_key(&attributes, &key_id);
- if (status != PSA_SUCCESS) {
- printf("Failed to generate key\n");
- return;
- }
- psa_reset_key_attributes(&attributes);
-
- status = psa_export_public_key(key_id, exported, sizeof(exported),
- &exported_length);
- if (status != PSA_SUCCESS) {
- printf("Failed to export public key %ld\n", status);
- return;
- }
-
- printf("Exported a public key\n");
-
- /* Destroy the key */
- psa_destroy_key(key_id);
-
- mbedtls_psa_crypto_free();
-```
-
-### More about the PSA Crypto API
-
-For more information about the PSA Crypto API, please see the
-[PSA Cryptography API Specification](https://arm-software.github.io/psa-api/crypto/).
diff --git a/docs/index.rst b/docs/index.rst
new file mode 100644
index 0000000..33a9722
--- /dev/null
+++ b/docs/index.rst
@@ -0,0 +1,20 @@
+.. Mbed TLS Versioned documentation master file, created by
+ sphinx-quickstart on Thu Feb 23 18:13:44 2023.
+ You can adapt this file completely to your liking, but it should at least
+ contain the root `toctree` directive.
+
+Mbed TLS API documentation
+==========================
+
+.. doxygenpage:: index
+ :project: mbedtls-versioned
+
+.. toctree::
+ :caption: Contents
+ :maxdepth: 1
+
+ Home <self>
+ api/grouplist.rst
+ api/filelist.rst
+ api/structlist.rst
+ api/unionlist.rst
diff --git a/docs/requirements.in b/docs/requirements.in
new file mode 100644
index 0000000..a523188
--- /dev/null
+++ b/docs/requirements.in
@@ -0,0 +1,2 @@
+sphinx-rtd-theme
+breathe
diff --git a/docs/requirements.txt b/docs/requirements.txt
new file mode 100644
index 0000000..4b9f3a6
--- /dev/null
+++ b/docs/requirements.txt
@@ -0,0 +1,66 @@
+#
+# This file is autogenerated by pip-compile with Python 3.9
+# by the following command:
+#
+# pip-compile requirements.in
+#
+alabaster==0.7.13
+ # via sphinx
+babel==2.12.1
+ # via sphinx
+breathe==4.35.0
+ # via -r requirements.in
+certifi==2022.12.7
+ # via requests
+charset-normalizer==3.1.0
+ # via requests
+docutils==0.17.1
+ # via
+ # breathe
+ # sphinx
+ # sphinx-rtd-theme
+idna==3.4
+ # via requests
+imagesize==1.4.1
+ # via sphinx
+importlib-metadata==6.0.0
+ # via sphinx
+jinja2==3.1.2
+ # via sphinx
+markupsafe==2.1.2
+ # via jinja2
+packaging==23.0
+ # via sphinx
+pygments==2.14.0
+ # via sphinx
+requests==2.28.2
+ # via sphinx
+snowballstemmer==2.2.0
+ # via sphinx
+sphinx==4.5.0
+ # via
+ # breathe
+ # sphinx-rtd-theme
+sphinx-rtd-theme==1.2.0
+ # via -r requirements.in
+sphinxcontrib-applehelp==1.0.4
+ # via sphinx
+sphinxcontrib-devhelp==1.0.2
+ # via sphinx
+sphinxcontrib-htmlhelp==2.0.1
+ # via sphinx
+sphinxcontrib-jquery==2.0.0
+ # via sphinx-rtd-theme
+sphinxcontrib-jsmath==1.0.1
+ # via sphinx
+sphinxcontrib-qthelp==1.0.3
+ # via sphinx
+sphinxcontrib-serializinghtml==1.1.5
+ # via sphinx
+urllib3==1.26.15
+ # via requests
+zipp==3.15.0
+ # via importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 54b2f7a..d19f93e 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,73 +22,10 @@
*/
/**
- * @mainpage mbed TLS v2.28.2 source code documentation
+ * @mainpage Mbed TLS v2.28.4 API Documentation
*
- * This documentation describes the internal structure of mbed TLS. It was
+ * This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
- * mbed TLS's source code using Doxygen. (See
- * http://www.stack.nl/~dimitri/doxygen/ for more information on Doxygen)
- *
- * mbed TLS has a simple setup: it provides the ingredients for an SSL/TLS
- * implementation. These ingredients are listed as modules in the
- * \ref mainpage_modules "Modules section". This "Modules section" introduces
- * the high-level module concepts used throughout this documentation.\n
- * Some examples of mbed TLS usage can be found in the \ref mainpage_examples
- * "Examples section".
- *
- * @section mainpage_modules Modules
- *
- * mbed TLS supports SSLv3 up to TLSv1.2 communication by providing the
- * following:
- * - TCP/IP communication functions: listen, connect, accept, read/write.
- * - SSL/TLS communication functions: init, handshake, read/write.
- * - X.509 functions: CRT, CRL and key handling
- * - Random number generation
- * - Hashing
- * - Encryption/decryption
- *
- * Above functions are split up neatly into logical interfaces. These can be
- * used separately to provide any of the above functions or to mix-and-match
- * into an SSL server/client solution that utilises a X.509 PKI. Examples of
- * such implementations are amply provided with the source code.
- *
- * Note that mbed TLS does not provide a control channel or (multiple) session
- * handling without additional work from the developer.
- *
- * @section mainpage_examples Examples
- *
- * Example server setup:
- *
- * \b Prerequisites:
- * - X.509 certificate and private key
- * - session handling functions
- *
- * \b Setup:
- * - Load your certificate and your private RSA key (X.509 interface)
- * - Setup the listening TCP socket (TCP/IP interface)
- * - Accept incoming client connection (TCP/IP interface)
- * - Initialise as an SSL-server (SSL/TLS interface)
- * - Set parameters, e.g. authentication, ciphers, CA-chain, key exchange
- * - Set callback functions RNG, IO, session handling
- * - Perform an SSL-handshake (SSL/TLS interface)
- * - Read/write data (SSL/TLS interface)
- * - Close and cleanup (all interfaces)
- *
- * Example client setup:
- *
- * \b Prerequisites:
- * - X.509 certificate and private key
- * - X.509 trusted CA certificates
- *
- * \b Setup:
- * - Load the trusted CA certificates (X.509 interface)
- * - Load your certificate and your private RSA key (X.509 interface)
- * - Setup a TCP/IP connection (TCP/IP interface)
- * - Initialise as an SSL-client (SSL/TLS interface)
- * - Set parameters, e.g. authentication mode, ciphers, CA-chain, session
- * - Set callback functions RNG, IO
- * - Perform an SSL-handshake (SSL/TLS interface)
- * - Verify the server certificate (SSL/TLS interface)
- * - Write/read data (SSL/TLS interface)
- * - Close and cleanup (all interfaces)
+ * Mbed TLS's source code using Doxygen. (See
+ * https://www.doxygen.nl for more information on Doxygen)
*/
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 1f1a9cd..adad131 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v2.28.2"
+PROJECT_NAME = "Mbed TLS v2.28.4"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
@@ -19,6 +19,9 @@
HTML_TIMESTAMP = YES
SEARCHENGINE = YES
GENERATE_LATEX = NO
+GENERATE_XML = YES
+MACRO_EXPANSION = YES
+EXPAND_ONLY_PREDEF = YES
INCLUDE_PATH = ../include
CLASS_DIAGRAMS = NO
HAVE_DOT = YES
@@ -40,3 +43,13 @@
# \retval #PSA_ERROR_INSUFFICIENT_MEMORY \emptydescription
# This avoids writing redundant text and keeps Clang happy.
ALIASES += emptydescription=""
+
+# Define away Mbed TLS macros that make parsing definitions difficult.
+# MBEDTLS_DEPRECATED is not included in this list as it's important to
+# display deprecated status in the documentation.
+PREDEFINED = "MBEDTLS_CHECK_RETURN_CRITICAL=" \
+ "MBEDTLS_CHECK_RETURN_TYPICAL=" \
+ "MBEDTLS_CHECK_RETURN_OPTIONAL=" \
+ "MBEDTLS_PRINTF_ATTRIBUTE(a,b)=" \
+ "__DOXYGEN__" \
+
diff --git a/include/CMakeLists.txt b/include/CMakeLists.txt
index 62c0f62..11b417b 100644
--- a/include/CMakeLists.txt
+++ b/include/CMakeLists.txt
@@ -1,4 +1,4 @@
-option(INSTALL_MBEDTLS_HEADERS "Install mbed TLS headers." ON)
+option(INSTALL_MBEDTLS_HEADERS "Install Mbed TLS headers." ON)
if(INSTALL_MBEDTLS_HEADERS)
diff --git a/include/mbedtls/aesni.h b/include/mbedtls/aesni.h
index 653b146..6741dea 100644
--- a/include/mbedtls/aesni.h
+++ b/include/mbedtls/aesni.h
@@ -36,13 +36,49 @@
#define MBEDTLS_AESNI_AES 0x02000000u
#define MBEDTLS_AESNI_CLMUL 0x00000002u
-#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
+/* Can we do AESNI with inline assembly?
+ * (Only implemented with gas syntax, only for 64-bit.)
+ */
+#if defined(MBEDTLS_HAVE_ASM) && defined(__GNUC__) && \
(defined(__amd64__) || defined(__x86_64__)) && \
!defined(MBEDTLS_HAVE_X86_64)
#define MBEDTLS_HAVE_X86_64
#endif
+#if defined(MBEDTLS_AESNI_C)
+
+/* Can we do AESNI with intrinsics?
+ * (Only implemented with certain compilers, only for certain targets.)
+ *
+ * NOTE: MBEDTLS_AESNI_HAVE_INTRINSICS and MBEDTLS_AESNI_HAVE_CODE are internal
+ * macros that may change in future releases.
+ */
+#undef MBEDTLS_AESNI_HAVE_INTRINSICS
+#if defined(_MSC_VER)
+/* Visual Studio supports AESNI intrinsics since VS 2008 SP1. We only support
+ * VS 2013 and up for other reasons anyway, so no need to check the version. */
+#define MBEDTLS_AESNI_HAVE_INTRINSICS
+#endif
+/* GCC-like compilers: currently, we only support intrinsics if the requisite
+ * target flag is enabled when building the library (e.g. `gcc -mpclmul -msse2`
+ * or `clang -maes -mpclmul`). */
+#if defined(__GNUC__) && defined(__AES__) && defined(__PCLMUL__)
+#define MBEDTLS_AESNI_HAVE_INTRINSICS
+#endif
+
+/* Choose the implementation of AESNI, if one is available. */
+#undef MBEDTLS_AESNI_HAVE_CODE
+/* To minimize disruption when releasing the intrinsics-based implementation,
+ * favor the assembly-based implementation if it's available. We intend to
+ * revise this in a later release of Mbed TLS 3.x. In the long run, we will
+ * likely remove the assembly implementation. */
#if defined(MBEDTLS_HAVE_X86_64)
+#define MBEDTLS_AESNI_HAVE_CODE 1 // via assembly
+#elif defined(MBEDTLS_AESNI_HAVE_INTRINSICS)
+#define MBEDTLS_AESNI_HAVE_CODE 2 // via intrinsics
+#endif
+
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
#ifdef __cplusplus
extern "C" {
@@ -131,6 +167,7 @@
}
#endif
-#endif /* MBEDTLS_HAVE_X86_64 */
+#endif /* MBEDTLS_AESNI_HAVE_CODE */
+#endif /* MBEDTLS_AESNI_C */
#endif /* MBEDTLS_AESNI_H */
diff --git a/include/mbedtls/aria.h b/include/mbedtls/aria.h
index 9856a1c..d307ff9 100644
--- a/include/mbedtls/aria.h
+++ b/include/mbedtls/aria.h
@@ -274,10 +274,6 @@
* \brief This function performs an ARIA-CTR encryption or decryption
* operation.
*
- * This function performs the operation defined in the \p mode
- * parameter (encrypt/decrypt), on the input data buffer
- * defined in the \p input parameter.
- *
* Due to the nature of CTR, you must use the same key schedule
* for both encryption and decryption operations. Therefore, you
* must use the context initialized with mbedtls_aria_setkey_enc()
diff --git a/include/mbedtls/asn1.h b/include/mbedtls/asn1.h
index 540cdcc..82aaee8 100644
--- a/include/mbedtls/asn1.h
+++ b/include/mbedtls/asn1.h
@@ -453,7 +453,7 @@
* on a successful invocation.
* \param end The end of the ASN.1 SEQUENCE container.
* \param tag_must_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_must_value.
+ * the SEQUENCE before comparing to \p tag_must_val.
* \param tag_must_val The required value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_must_mask.
* Mismatching tags lead to an error.
@@ -462,7 +462,7 @@
* while a value of \c 0xFF for \p tag_must_mask means
* that \p tag_must_val is the only allowed tag.
* \param tag_may_mask A mask to be applied to the ASN.1 tags found within
- * the SEQUENCE before comparing to \p tag_may_value.
+ * the SEQUENCE before comparing to \p tag_may_val.
* \param tag_may_val The desired value of each ASN.1 tag found in the
* SEQUENCE, after masking with \p tag_may_mask.
* Mismatching tags will be silently ignored.
diff --git a/include/mbedtls/asn1write.h b/include/mbedtls/asn1write.h
index a439268..f453169 100644
--- a/include/mbedtls/asn1write.h
+++ b/include/mbedtls/asn1write.h
@@ -159,6 +159,27 @@
size_t par_len);
/**
+ * \brief Write an AlgorithmIdentifier sequence in ASN.1 format.
+ *
+ * \note This function works backwards in data buffer.
+ *
+ * \param p The reference to the current position pointer.
+ * \param start The start of the buffer, for bounds-checking.
+ * \param oid The OID of the algorithm to write.
+ * \param oid_len The length of the algorithm's OID.
+ * \param par_len The length of the parameters, which must be already written.
+ * \param has_par If there are any parameters. If 0, par_len must be 0. If 1
+ * and \p par_len is 0, NULL parameters are added.
+ *
+ * \return The number of bytes written to \p p on success.
+ * \return A negative \c MBEDTLS_ERR_ASN1_XXX error code on failure.
+ */
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p,
+ unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par);
+
+/**
* \brief Write a boolean tag (#MBEDTLS_ASN1_BOOLEAN) and value
* in ASN.1 format.
*
diff --git a/include/mbedtls/bignum.h b/include/mbedtls/bignum.h
index 788ea21..cbed259 100644
--- a/include/mbedtls/bignum.h
+++ b/include/mbedtls/bignum.h
@@ -533,7 +533,7 @@
* \param X The destination MPI. This must point to an initialized MPI.
* \param buf The input buffer. This must be a readable buffer of length
* \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
+ * \param buflen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
@@ -548,7 +548,7 @@
* \param X The destination MPI. This must point to an initialized MPI.
* \param buf The input buffer. This must be a readable buffer of length
* \p buflen Bytes.
- * \param buflen The length of the input buffer \p p in Bytes.
+ * \param buflen The length of the input buffer \p buf in Bytes.
*
* \return \c 0 if successful.
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if memory allocation failed.
@@ -986,8 +986,8 @@
* \return #MBEDTLS_ERR_MPI_ALLOC_FAILED if a memory allocation failed.
* \return #MBEDTLS_ERR_MPI_BAD_INPUT_DATA if \p N is less than
* or equal to one.
- * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p has no modular inverse
- * with respect to \p N.
+ * \return #MBEDTLS_ERR_MPI_NOT_ACCEPTABLE if \p A has no modular
+ * inverse with respect to \p N.
*/
int mbedtls_mpi_inv_mod(mbedtls_mpi *X, const mbedtls_mpi *A,
const mbedtls_mpi *N);
@@ -1039,7 +1039,7 @@
* This must point to an initialized MPI.
* \param rounds The number of bases to perform the Miller-Rabin primality
* test for. The probability of returning 0 on a composite is
- * at most 2<sup>-2*\p rounds</sup>.
+ * at most 2<sup>-2*\p rounds </sup>.
* \param f_rng The RNG function to use. This must not be \c NULL.
* \param p_rng The RNG parameter to be passed to \p f_rng.
* This may be \c NULL if \p f_rng doesn't use
diff --git a/include/mbedtls/bn_mul.h b/include/mbedtls/bn_mul.h
index a0bc4d0..6414e54 100644
--- a/include/mbedtls/bn_mul.h
+++ b/include/mbedtls/bn_mul.h
@@ -677,6 +677,15 @@
#if defined(__arm__) && !defined(MULADDC_CANNOT_USE_R7)
#if defined(__thumb__) && !defined(__thumb2__)
+#if !defined(__ARMCC_VERSION) && !defined(__clang__) \
+ && !defined(__llvm__) && !defined(__INTEL_COMPILER)
+/*
+ * Thumb 1 ISA. This code path has only been tested successfully on gcc;
+ * it does not compile on clang or armclang.
+ *
+ * Other compilers which define __GNUC__ may not work. The above macro
+ * attempts to exclude these untested compilers.
+ */
#define MULADDC_INIT \
asm( \
@@ -731,6 +740,8 @@
"r6", "r7", "r8", "r9", "cc" \
);
+#endif /* Compiler is gcc */
+
#elif (__ARM_ARCH >= 6) && \
defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
diff --git a/include/mbedtls/camellia.h b/include/mbedtls/camellia.h
index 05397d2..e840947 100644
--- a/include/mbedtls/camellia.h
+++ b/include/mbedtls/camellia.h
@@ -231,7 +231,7 @@
* *note Due to the nature of CTR mode, you should use the same
* key for both encryption and decryption. In particular, calls
* to this function should be preceded by a key-schedule via
- * mbedtls_camellia_setkey_enc() regardless of whether \p mode
+ * mbedtls_camellia_setkey_enc() regardless of whether the mode
* is #MBEDTLS_CAMELLIA_ENCRYPT or #MBEDTLS_CAMELLIA_DECRYPT.
*
* \warning You must never reuse a nonce value with the same key. Doing so
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 2ab9982..dddcb73 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -35,7 +35,7 @@
*/
#include <limits.h>
#if CHAR_BIT != 8
-#error "mbed TLS requires a platform with 8-bit chars"
+#error "Mbed TLS requires a platform with 8-bit chars"
#endif
#if defined(_WIN32)
@@ -69,10 +69,6 @@
#error "MBEDTLS_HAVE_TIME_DATE without MBEDTLS_HAVE_TIME does not make sense"
#endif
-#if defined(MBEDTLS_AESNI_C) && !defined(MBEDTLS_HAVE_ASM)
-#error "MBEDTLS_AESNI_C defined, but not all prerequisites"
-#endif
-
#if defined(MBEDTLS_CTR_DRBG_C) && !defined(MBEDTLS_AES_C)
#error "MBEDTLS_CTR_DRBG_C defined, but not all prerequisites"
#endif
diff --git a/include/mbedtls/cipher.h b/include/mbedtls/cipher.h
index aa155d7..56fc2d8 100644
--- a/include/mbedtls/cipher.h
+++ b/include/mbedtls/cipher.h
@@ -427,7 +427,7 @@
const mbedtls_cipher_mode_t mode);
/**
- * \brief This function initializes a \p cipher_context as NONE.
+ * \brief This function initializes a \p ctx as NONE.
*
* \param ctx The context to be initialized. This must not be \c NULL.
*/
@@ -602,7 +602,7 @@
* \param ctx The context of the cipher. This must be initialized.
*
* \return The key length of the cipher in bits.
- * \return #MBEDTLS_KEY_LENGTH_NONE if ctx \p has not been
+ * \return #MBEDTLS_KEY_LENGTH_NONE if \p ctx has not been
* initialized.
*/
static inline int mbedtls_cipher_get_key_bitlen(
@@ -779,7 +779,7 @@
* \param ctx The generic cipher context. This must be initialized and
* bound to a key.
* \param output The buffer to write data to. This needs to be a writable
- * buffer of at least \p block_size Bytes.
+ * buffer of at least block_size Bytes.
* \param olen The length of the data written to the \p output buffer.
* This may not be \c NULL.
*
diff --git a/include/mbedtls/compat-1.3.h b/include/mbedtls/compat-1.3.h
index 3a34cf6..117c88a 100644
--- a/include/mbedtls/compat-1.3.h
+++ b/include/mbedtls/compat-1.3.h
@@ -1,7 +1,7 @@
/**
* \file compat-1.3.h
*
- * \brief Compatibility definitions for using mbed TLS with client code written
+ * \brief Compatibility definitions for using Mbed TLS with client code written
* for the PolarSSL naming conventions.
*
* \deprecated Use the new names directly instead
diff --git a/include/mbedtls/config.h b/include/mbedtls/config.h
index 1e4d95e..7b1f38a 100644
--- a/include/mbedtls/config.h
+++ b/include/mbedtls/config.h
@@ -51,7 +51,7 @@
* include/mbedtls/bn_mul.h
*
* Required by:
- * MBEDTLS_AESNI_C
+ * MBEDTLS_AESNI_C (on some platforms)
* MBEDTLS_PADLOCK_C
*
* Comment to disable the use of assembly code.
@@ -163,19 +163,51 @@
*
* Enable the memory allocation layer.
*
- * By default mbed TLS uses the system-provided calloc() and free().
+ * By default Mbed TLS uses the system-provided calloc() and free().
* This allows different allocators (self-implemented or provided) to be
* provided to the platform abstraction layer.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY without the
+ * Enabling #MBEDTLS_PLATFORM_MEMORY without the
* MBEDTLS_PLATFORM_{FREE,CALLOC}_MACROs will provide
* "mbedtls_platform_set_calloc_free()" allowing you to set an alternative calloc() and
* free() function pointer at runtime.
*
- * Enabling MBEDTLS_PLATFORM_MEMORY and specifying
+ * Enabling #MBEDTLS_PLATFORM_MEMORY and specifying
* MBEDTLS_PLATFORM_{CALLOC,FREE}_MACROs will allow you to specify the
* alternate function at compile time.
*
+ * An overview of how the value of mbedtls_calloc is determined:
+ *
+ * - if !MBEDTLS_PLATFORM_MEMORY
+ * - mbedtls_calloc = calloc
+ * - if MBEDTLS_PLATFORM_MEMORY
+ * - if (MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_CALLOC_MACRO
+ * - if !(MBEDTLS_PLATFORM_CALLOC_MACRO && MBEDTLS_PLATFORM_FREE_MACRO):
+ * - Dynamic setup via mbedtls_platform_set_calloc_free is now possible with a default value MBEDTLS_PLATFORM_STD_CALLOC.
+ * - How is MBEDTLS_PLATFORM_STD_CALLOC handled?
+ * - if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - MBEDTLS_PLATFORM_STD_CALLOC is not set to anything;
+ * - MBEDTLS_PLATFORM_STD_MEM_HDR can be included if present;
+ * - if !MBEDTLS_PLATFORM_NO_STD_FUNCTIONS:
+ * - if MBEDTLS_PLATFORM_STD_CALLOC is present:
+ * - User-defined MBEDTLS_PLATFORM_STD_CALLOC is respected;
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC:
+ * - MBEDTLS_PLATFORM_STD_CALLOC = calloc
+ *
+ * - At this point the presence of MBEDTLS_PLATFORM_STD_CALLOC is checked.
+ * - if !MBEDTLS_PLATFORM_STD_CALLOC
+ * - MBEDTLS_PLATFORM_STD_CALLOC = uninitialized_calloc
+ *
+ * - mbedtls_calloc = MBEDTLS_PLATFORM_STD_CALLOC.
+ *
+ * Defining MBEDTLS_PLATFORM_CALLOC_MACRO and #MBEDTLS_PLATFORM_STD_CALLOC at the same time is not possible.
+ * MBEDTLS_PLATFORM_CALLOC_MACRO and MBEDTLS_PLATFORM_FREE_MACRO must both be defined or undefined at the same time.
+ * #MBEDTLS_PLATFORM_STD_CALLOC and #MBEDTLS_PLATFORM_STD_FREE do not have to be defined at the same time, as, if they are used,
+ * dynamic setup of these functions is possible. See the tree above to see how are they handled in all cases.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ *
* Requires: MBEDTLS_PLATFORM_C
*
* Enable this layer to allow use of alternative memory allocators.
@@ -204,10 +236,10 @@
/**
* \def MBEDTLS_PLATFORM_EXIT_ALT
*
- * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let mbed TLS support the
+ * MBEDTLS_PLATFORM_XXX_ALT: Uncomment a macro to let Mbed TLS support the
* function in the platform abstraction layer.
*
- * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_PLATFORM_PRINTF_ALT, Mbed TLS will
* provide a function "mbedtls_platform_set_printf()" that allows you to set an
* alternative printf function pointer.
*
@@ -234,6 +266,45 @@
//#define MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT
/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_gmtime_r(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * gmtime() is not a thread-safe function as defined in the C standard. The
+ * library will try to use safer implementations of this function, such as
+ * gmtime_r() when available. However, if Mbed TLS cannot identify the target
+ * system, the implementation of mbedtls_platform_gmtime_r() will default to
+ * using the standard gmtime(). In this case, calls from the library to
+ * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
+ * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
+ * library are also guarded with this mutex to avoid race conditions. However,
+ * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
+ * unconditionally use the implementation for mbedtls_platform_gmtime_r()
+ * supplied at compile time.
+ */
+//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
+
+/**
+ * Uncomment the macro to let Mbed TLS use your alternate implementation of
+ * mbedtls_platform_zeroize(). This replaces the default implementation in
+ * platform_util.c.
+ *
+ * mbedtls_platform_zeroize() is a widely used function across the library to
+ * zero a block of memory. The implementation is expected to be secure in the
+ * sense that it has been written to prevent the compiler from removing calls
+ * to mbedtls_platform_zeroize() as part of redundant code elimination
+ * optimizations. However, it is difficult to guarantee that calls to
+ * mbedtls_platform_zeroize() will not be optimized by the compiler as older
+ * versions of the C language standards do not provide a secure implementation
+ * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
+ * configure their own implementation of mbedtls_platform_zeroize(), for
+ * example by using directives specific to their compiler, features from newer
+ * C standards (e.g using memset_s() in C11) or calling a secure memset() from
+ * their system (e.g explicit_bzero() in BSD).
+ */
+//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+/**
* \def MBEDTLS_DEPRECATED_WARNING
*
* Mark deprecated functions and features so that they generate a warning if
@@ -329,7 +400,7 @@
/** \} name SECTION: System support */
/**
- * \name SECTION: mbed TLS feature support
+ * \name SECTION: Mbed TLS feature support
*
* This section sets support for features that are or are not needed
* within the modules that are enabled.
@@ -352,7 +423,7 @@
/**
* \def MBEDTLS_AES_ALT
*
- * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS__MODULE_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternate core implementation of a symmetric crypto, an arithmetic or hash
* module (e.g. platform specific assembly optimized implementations). Keep
* in mind that the function prototypes should remain the same.
@@ -360,7 +431,7 @@
* This replaces the whole module. If you only want to replace one of the
* functions, use one of the MBEDTLS__FUNCTION_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_AES_ALT, mbed TLS will no longer
+ * Example: In case you uncomment MBEDTLS_AES_ALT, Mbed TLS will no longer
* provide the "struct mbedtls_aes_context" definition and omit the base
* function declarations and implementations. "aes_alt.h" will be included from
* "aes.h" to include the new function definitions.
@@ -413,14 +484,14 @@
/**
* \def MBEDTLS_MD2_PROCESS_ALT
*
- * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use you
+ * MBEDTLS__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use you
* alternate core implementation of symmetric crypto or hash function. Keep in
* mind that function prototypes should remain the same.
*
- * This replaces only one function. The header file from mbed TLS is still
+ * This replaces only one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS__MODULE_NAME__ALT flags.
*
- * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, mbed TLS will
+ * Example: In case you uncomment MBEDTLS_SHA256_PROCESS_ALT, Mbed TLS will
* no longer provide the mbedtls_sha1_process() function, but it will still provide
* the other function (using your mbedtls_sha1_process() function) and the definition
* of mbedtls_sha1_context, so your implementation of mbedtls_sha1_process must be compatible
@@ -480,11 +551,11 @@
*
* Expose a part of the internal interface of the Elliptic Curve Point module.
*
- * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let mbed TLS use your
+ * MBEDTLS_ECP__FUNCTION_NAME__ALT: Uncomment a macro to let Mbed TLS use your
* alternative core implementation of elliptic curve arithmetic. Keep in mind
* that function prototypes should remain the same.
*
- * This partially replaces one function. The header file from mbed TLS is still
+ * This partially replaces one function. The header file from Mbed TLS is still
* used, in contrast to the MBEDTLS_ECP_ALT flag. The original implementation
* is still present and it is used for group structures not supported by the
* alternative.
@@ -508,11 +579,11 @@
* implement optimized set up and tear down instructions.
*
* Example: In case you set MBEDTLS_ECP_INTERNAL_ALT and
- * MBEDTLS_ECP_DOUBLE_JAC_ALT, mbed TLS will still provide the ecp_double_jac()
+ * MBEDTLS_ECP_DOUBLE_JAC_ALT, Mbed TLS will still provide the ecp_double_jac()
* function, but will use your mbedtls_internal_ecp_double_jac() if the group
* for the operation is supported by your implementation (i.e. your
* mbedtls_internal_ecp_grp_capable() function returns 1 for this group). If the
- * group is not supported by your implementation, then the original mbed TLS
+ * group is not supported by your implementation, then the original Mbed TLS
* implementation of ecp_double_jac() is used instead, unless this fallback
* behaviour is disabled by setting MBEDTLS_ECP_NO_FALLBACK (in which case
* ecp_double_jac() will return MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE).
@@ -543,7 +614,7 @@
/**
* \def MBEDTLS_TEST_NULL_ENTROPY
*
- * Enables testing and use of mbed TLS without any configured entropy sources.
+ * Enables testing and use of Mbed TLS without any configured entropy sources.
* This permits use of the library on platforms before an entropy source has
* been integrated (see for example the MBEDTLS_ENTROPY_HARDWARE_ALT or the
* MBEDTLS_ENTROPY_NV_SEED switches).
@@ -560,7 +631,7 @@
/**
* \def MBEDTLS_ENTROPY_HARDWARE_ALT
*
- * Uncomment this macro to let mbed TLS use your own implementation of a
+ * Uncomment this macro to let Mbed TLS use your own implementation of a
* hardware entropy collector.
*
* Your function must be called \c mbedtls_hardware_poll(), have the same
@@ -787,6 +858,15 @@
#define MBEDTLS_REMOVE_3DES_CIPHERSUITES
/**
+ * Enable the verified implementations of ECDH primitives from Project Everest
+ * (currently only Curve25519). This feature changes the layout of ECDH
+ * contexts and therefore is a compatibility break for applications that access
+ * fields of a mbedtls_ecdh_context structure directly. See also
+ * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ */
+//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
+
+/**
* \def MBEDTLS_ECP_DP_SECP192R1_ENABLED
*
* MBEDTLS_ECP_XXXX_ENABLED: Enables specific curves within the Elliptic Curve
@@ -871,7 +951,7 @@
* - Changes the behaviour of TLS 1.2 clients (not servers) when using the
* ECDHE-ECDSA key exchange (not other key exchanges) to make all ECC
* computations restartable:
- * - ECDH operations from the key exchange, only for Short Weierstass
+ * - ECDH operations from the key exchange, only for Short Weierstrass
* curves;
* - verification of the server's key exchange signature;
* - verification of the server's certificate chain;
@@ -1458,8 +1538,8 @@
* );
* ```
* The \c context value is initialized to 0 before the first call.
- * The function must fill the \c output buffer with \p output_size bytes
- * of random data and set \c *output_length to \p output_size.
+ * The function must fill the \c output buffer with \c output_size bytes
+ * of random data and set \c *output_length to \c output_size.
*
* Requires: MBEDTLS_PSA_CRYPTO_C
*
@@ -1559,7 +1639,7 @@
* \def MBEDTLS_SSL_ALL_ALERT_MESSAGES
*
* Enable sending of alert messages in case of encountered errors as per RFC.
- * If you choose not to send the alert messages, mbed TLS can still communicate
+ * If you choose not to send the alert messages, Mbed TLS can still communicate
* with other servers, only debugging of failures is harder.
*
* The advantage of not sending alert messages, is that no information is given
@@ -2086,6 +2166,23 @@
//#define MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH
/**
+ * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
+ * signature and ciphersuite selection. Without this build-time option, SHA-1
+ * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
+ * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
+ * default. At the time of writing, there is no practical attack on the use
+ * of SHA-1 in handshake signatures, hence this option is turned on by default
+ * to preserve compatibility with existing peers, but the general
+ * warning applies nonetheless:
+ *
+ * \warning SHA-1 is considered a weak message digest and its use constitutes
+ * a security risk. If possible, we recommend avoiding dependencies
+ * on it, and considering stronger message digests instead.
+ *
+ */
+//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
+
+/**
* \def MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN
*
* Enable testing of the constant-flow nature of some sensitive functions with
@@ -2332,26 +2429,44 @@
* Uncomment to enable use of ZLIB
*/
//#define MBEDTLS_ZLIB_SUPPORT
-/** \} name SECTION: mbed TLS feature support */
+/** \} name SECTION: Mbed TLS feature support */
/**
- * \name SECTION: mbed TLS modules
+ * \name SECTION: Mbed TLS modules
*
- * This section enables or disables entire modules in mbed TLS
+ * This section enables or disables entire modules in Mbed TLS
* \{
*/
/**
* \def MBEDTLS_AESNI_C
*
- * Enable AES-NI support on x86-64.
+ * Enable AES-NI support on x86-64 or x86-32.
+ *
+ * \note AESNI is only supported with certain compilers and target options:
+ * - Visual Studio 2013: supported.
+ * - GCC, x86-64, target not explicitly supporting AESNI:
+ * requires MBEDTLS_HAVE_ASM.
+ * - GCC, x86-32, target not explicitly supporting AESNI:
+ * not supported.
+ * - GCC, x86-64 or x86-32, target supporting AESNI: supported.
+ * For this assembly-less implementation, you must currently compile
+ * `library/aesni.c` and `library/aes.c` with machine options to enable
+ * SSE2 and AESNI instructions: `gcc -msse2 -maes -mpclmul` or
+ * `clang -maes -mpclmul`.
+ * - Non-x86 targets: this option is silently ignored.
+ * - Other compilers: this option is silently ignored.
+ *
+ * \note
+ * Above, "GCC" includes compatible compilers such as Clang.
+ * The limitations on target support are likely to be relaxed in the future.
*
* Module: library/aesni.c
* Caller: library/aes.c
*
- * Requires: MBEDTLS_HAVE_ASM
+ * Requires: MBEDTLS_HAVE_ASM (on some platforms, see note)
*
- * This modules adds support for the AES-NI instructions on x86-64
+ * This modules adds support for the AES-NI instructions on x86.
*/
#define MBEDTLS_AESNI_C
@@ -3040,7 +3155,7 @@
* Module: library/memory_buffer_alloc.c
*
* Requires: MBEDTLS_PLATFORM_C
- * MBEDTLS_PLATFORM_MEMORY (to use it within mbed TLS)
+ * MBEDTLS_PLATFORM_MEMORY (to use it within Mbed TLS)
*
* Enable this module to enable the buffer memory allocator.
*/
@@ -3480,7 +3595,7 @@
* \def MBEDTLS_THREADING_C
*
* Enable the threading abstraction layer.
- * By default mbed TLS assumes it is used in a non-threaded environment or that
+ * By default Mbed TLS assumes it is used in a non-threaded environment or that
* contexts are not shared between threads. If you do intend to use contexts
* between threads, you will need to enable this layer to prevent race
* conditions. See also our Knowledge Base article about threading:
@@ -3494,7 +3609,7 @@
* You will have to enable either MBEDTLS_THREADING_ALT or
* MBEDTLS_THREADING_PTHREAD.
*
- * Enable this layer to allow use of mutexes within mbed TLS
+ * Enable this layer to allow use of mutexes within Mbed TLS
*/
//#define MBEDTLS_THREADING_C
@@ -3646,7 +3761,7 @@
*/
#define MBEDTLS_XTEA_C
-/** \} name SECTION: mbed TLS modules */
+/** \} name SECTION: Mbed TLS modules */
/**
* \name SECTION: General configuration options
@@ -3780,8 +3895,29 @@
/* Platform options */
//#define MBEDTLS_PLATFORM_STD_MEM_HDR <stdlib.h> /**< Header to include if MBEDTLS_PLATFORM_NO_STD_FUNCTIONS is defined. Don't define if no header is needed. */
-//#define MBEDTLS_PLATFORM_STD_CALLOC calloc /**< Default allocator to use, can be undefined */
-//#define MBEDTLS_PLATFORM_STD_FREE free /**< Default free to use, can be undefined */
+
+/** \def MBEDTLS_PLATFORM_STD_CALLOC
+ *
+ * Default allocator to use, can be undefined.
+ * It must initialize the allocated buffer memory to zeroes.
+ * The size of the buffer is the product of the two parameters.
+ * The calloc function returns either a null pointer or a pointer to the allocated space.
+ * If the product is 0, the function may either return NULL or a valid pointer to an array of size 0 which is a valid input to the deallocation function.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_CALLOC always fails, returning a null pointer.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details.
+ * The corresponding deallocation function is #MBEDTLS_PLATFORM_STD_FREE.
+ */
+//#define MBEDTLS_PLATFORM_STD_CALLOC calloc
+
+/** \def MBEDTLS_PLATFORM_STD_FREE
+ *
+ * Default free to use, can be undefined.
+ * NULL is a valid parameter, and the function must do nothing.
+ * A non-null parameter will always be a pointer previously returned by #MBEDTLS_PLATFORM_STD_CALLOC and not yet freed.
+ * An uninitialized #MBEDTLS_PLATFORM_STD_FREE does not do anything.
+ * See the description of #MBEDTLS_PLATFORM_MEMORY for more details (same principles as for MBEDTLS_PLATFORM_STD_CALLOC apply).
+ */
+//#define MBEDTLS_PLATFORM_STD_FREE free
//#define MBEDTLS_PLATFORM_STD_EXIT exit /**< Default exit to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_TIME time /**< Default time to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< Default fprintf to use, can be undefined */
@@ -3794,10 +3930,10 @@
//#define MBEDTLS_PLATFORM_STD_NV_SEED_WRITE mbedtls_platform_std_nv_seed_write /**< Default nv_seed_write function to use, can be undefined */
//#define MBEDTLS_PLATFORM_STD_NV_SEED_FILE "seedfile" /**< Seed file to read/write with default implementation */
-/* To Use Function Macros MBEDTLS_PLATFORM_C must be enabled */
+/* To use the following function macros, MBEDTLS_PLATFORM_C must be enabled. */
/* MBEDTLS_PLATFORM_XXX_MACRO and MBEDTLS_PLATFORM_XXX_ALT cannot both be defined */
-//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined */
-//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined */
+//#define MBEDTLS_PLATFORM_CALLOC_MACRO calloc /**< Default allocator macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_CALLOC for requirements. */
+//#define MBEDTLS_PLATFORM_FREE_MACRO free /**< Default free macro to use, can be undefined. See MBEDTLS_PLATFORM_STD_FREE for requirements. */
//#define MBEDTLS_PLATFORM_EXIT_MACRO exit /**< Default exit macro to use, can be undefined */
//#define MBEDTLS_PLATFORM_TIME_MACRO time /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
//#define MBEDTLS_PLATFORM_TIME_TYPE_MACRO time_t /**< Default time macro to use, can be undefined. MBEDTLS_HAVE_TIME must be enabled */
@@ -4070,71 +4206,6 @@
//#define MBEDTLS_X509_MAX_INTERMEDIATE_CA 8 /**< Maximum number of intermediate CAs in a verification chain. */
//#define MBEDTLS_X509_MAX_FILE_PATH_LEN 512 /**< Maximum length of a path/filename string in bytes including the null terminator character ('\0'). */
-/**
- * Allow SHA-1 in the default TLS configuration for TLS 1.2 handshake
- * signature and ciphersuite selection. Without this build-time option, SHA-1
- * support must be activated explicitly through mbedtls_ssl_conf_sig_hashes.
- * The use of SHA-1 in TLS <= 1.1 and in HMAC-SHA-1 is always allowed by
- * default. At the time of writing, there is no practical attack on the use
- * of SHA-1 in handshake signatures, hence this option is turned on by default
- * to preserve compatibility with existing peers, but the general
- * warning applies nonetheless:
- *
- * \warning SHA-1 is considered a weak message digest and its use constitutes
- * a security risk. If possible, we recommend avoiding dependencies
- * on it, and considering stronger message digests instead.
- *
- */
-//#define MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE
-
-/**
- * Uncomment the macro to let mbed TLS use your alternate implementation of
- * mbedtls_platform_zeroize(). This replaces the default implementation in
- * platform_util.c.
- *
- * mbedtls_platform_zeroize() is a widely used function across the library to
- * zero a block of memory. The implementation is expected to be secure in the
- * sense that it has been written to prevent the compiler from removing calls
- * to mbedtls_platform_zeroize() as part of redundant code elimination
- * optimizations. However, it is difficult to guarantee that calls to
- * mbedtls_platform_zeroize() will not be optimized by the compiler as older
- * versions of the C language standards do not provide a secure implementation
- * of memset(). Therefore, MBEDTLS_PLATFORM_ZEROIZE_ALT enables users to
- * configure their own implementation of mbedtls_platform_zeroize(), for
- * example by using directives specific to their compiler, features from newer
- * C standards (e.g using memset_s() in C11) or calling a secure memset() from
- * their system (e.g explicit_bzero() in BSD).
- */
-//#define MBEDTLS_PLATFORM_ZEROIZE_ALT
-
-/**
- * Uncomment the macro to let Mbed TLS use your alternate implementation of
- * mbedtls_platform_gmtime_r(). This replaces the default implementation in
- * platform_util.c.
- *
- * gmtime() is not a thread-safe function as defined in the C standard. The
- * library will try to use safer implementations of this function, such as
- * gmtime_r() when available. However, if Mbed TLS cannot identify the target
- * system, the implementation of mbedtls_platform_gmtime_r() will default to
- * using the standard gmtime(). In this case, calls from the library to
- * gmtime() will be guarded by the global mutex mbedtls_threading_gmtime_mutex
- * if MBEDTLS_THREADING_C is enabled. We recommend that calls from outside the
- * library are also guarded with this mutex to avoid race conditions. However,
- * if the macro MBEDTLS_PLATFORM_GMTIME_R_ALT is defined, Mbed TLS will
- * unconditionally use the implementation for mbedtls_platform_gmtime_r()
- * supplied at compile time.
- */
-//#define MBEDTLS_PLATFORM_GMTIME_R_ALT
-
-/**
- * Enable the verified implementations of ECDH primitives from Project Everest
- * (currently only Curve25519). This feature changes the layout of ECDH
- * contexts and therefore is a compatibility break for applications that access
- * fields of a mbedtls_ecdh_context structure directly. See also
- * MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
- */
-//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
-
/** \} name SECTION: Module configuration options */
/* Target and application specific configurations
diff --git a/include/mbedtls/config_psa.h b/include/mbedtls/config_psa.h
index 8a5c68f..67d5df1 100644
--- a/include/mbedtls/config_psa.h
+++ b/include/mbedtls/config_psa.h
@@ -110,6 +110,10 @@
#if defined(PSA_WANT_ALG_HKDF)
#if !defined(MBEDTLS_PSA_ACCEL_ALG_HKDF)
+/*
+ * The PSA implementation has its own implementation of HKDF, separate from
+ * hkdf.c. No need to enable MBEDTLS_HKDF_C here.
+ */
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_HKDF 1
#endif /* !MBEDTLS_PSA_ACCEL_ALG_HKDF */
@@ -617,7 +621,7 @@
#if defined(MBEDTLS_MD_C)
#define MBEDTLS_PSA_BUILTIN_ALG_HMAC 1
#define PSA_WANT_ALG_HMAC 1
-#define PSA_WANT_KEY_TYPE_HMAC
+#define PSA_WANT_KEY_TYPE_HMAC 1
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PRF 1
#define PSA_WANT_ALG_TLS12_PRF 1
#define MBEDTLS_PSA_BUILTIN_ALG_TLS12_PSK_TO_MS 1
@@ -755,69 +759,69 @@
#if defined(MBEDTLS_ECP_DP_BP256R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_256 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_256
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_256 1
#endif
#if defined(MBEDTLS_ECP_DP_BP384R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_384 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_384
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_384 1
#endif
#if defined(MBEDTLS_ECP_DP_BP512R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_BRAINPOOL_P_R1_512 1
-#define PSA_WANT_ECC_BRAINPOOL_P_R1_512
+#define PSA_WANT_ECC_BRAINPOOL_P_R1_512 1
#endif
#if defined(MBEDTLS_ECP_DP_CURVE25519_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_255 1
-#define PSA_WANT_ECC_MONTGOMERY_255
+#define PSA_WANT_ECC_MONTGOMERY_255 1
#endif
/* Curve448 is not yet supported via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/4249) */
#if 0 && defined(MBEDTLS_ECP_DP_CURVE448_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_MONTGOMERY_448 1
-#define PSA_WANT_ECC_MONTGOMERY_448
+#define PSA_WANT_ECC_MONTGOMERY_448 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_192 1
-#define PSA_WANT_ECC_SECP_R1_192
+#define PSA_WANT_ECC_SECP_R1_192 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP224R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_224 1
-#define PSA_WANT_ECC_SECP_R1_224
+#define PSA_WANT_ECC_SECP_R1_224 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP256R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_256 1
-#define PSA_WANT_ECC_SECP_R1_256
+#define PSA_WANT_ECC_SECP_R1_256 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP384R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_384 1
-#define PSA_WANT_ECC_SECP_R1_384
+#define PSA_WANT_ECC_SECP_R1_384 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP521R1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_R1_521 1
-#define PSA_WANT_ECC_SECP_R1_521
+#define PSA_WANT_ECC_SECP_R1_521 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP192K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_192 1
-#define PSA_WANT_ECC_SECP_K1_192
+#define PSA_WANT_ECC_SECP_K1_192 1
#endif
/* SECP224K1 is buggy via the PSA API (https://github.com/Mbed-TLS/mbedtls/issues/3541) */
#if 0 && defined(MBEDTLS_ECP_DP_SECP224K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_224 1
-#define PSA_WANT_ECC_SECP_K1_224
+#define PSA_WANT_ECC_SECP_K1_224 1
#endif
#if defined(MBEDTLS_ECP_DP_SECP256K1_ENABLED)
#define MBEDTLS_PSA_BUILTIN_ECC_SECP_K1_256 1
-#define PSA_WANT_ECC_SECP_K1_256
+#define PSA_WANT_ECC_SECP_K1_256 1
#endif
#endif /* MBEDTLS_PSA_CRYPTO_CONFIG */
diff --git a/include/mbedtls/ecdsa.h b/include/mbedtls/ecdsa.h
index e42d114..b7029d7 100644
--- a/include/mbedtls/ecdsa.h
+++ b/include/mbedtls/ecdsa.h
@@ -266,8 +266,9 @@
* \param md_alg The hash algorithm used to hash the original data.
* \param f_rng_blind The RNG function used for blinding. This must not be
* \c NULL.
- * \param p_rng_blind The RNG context to be passed to \p f_rng. This may be
- * \c NULL if \p f_rng doesn't need a context parameter.
+ * \param p_rng_blind The RNG context to be passed to \p f_rng_blind. This
+ * may be \c NULL if \p f_rng_blind doesn't need
+ * a context parameter.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_ECP_XXX or \c MBEDTLS_MPI_XXX
@@ -344,7 +345,7 @@
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -386,7 +387,7 @@
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param md_alg The message digest that was used to hash the message.
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -453,7 +454,7 @@
* and have a group and private key bound to it, for example
* via mbedtls_ecdsa_genkey() or mbedtls_ecdsa_from_keypair().
* \param hash The message hash to be signed. This must be a readable
- * buffer of length \p blen Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The length of the hash \p hash in Bytes.
* \param sig The buffer to which to write the signature. This must be a
* writable buffer of length at least twice as large as the
@@ -490,7 +491,7 @@
* \param ctx The ECDSA context to use. This must be initialized
* and have a group and public key bound to it.
* \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The size of the hash \p hash.
* \param sig The signature to read and verify. This must be a readable
* buffer of length \p slen Bytes.
@@ -520,7 +521,7 @@
* \param ctx The ECDSA context to use. This must be initialized
* and have a group and public key bound to it.
* \param hash The message hash that was signed. This must be a readable
- * buffer of length \p size Bytes.
+ * buffer of length \p hlen Bytes.
* \param hlen The size of the hash \p hash.
* \param sig The signature to read and verify. This must be a readable
* buffer of length \p slen Bytes.
diff --git a/include/mbedtls/ecp.h b/include/mbedtls/ecp.h
index 5402e74..4995090 100644
--- a/include/mbedtls/ecp.h
+++ b/include/mbedtls/ecp.h
@@ -42,6 +42,11 @@
#include "mbedtls/bignum.h"
+#if (defined(__ARMCC_VERSION) || defined(_MSC_VER)) && \
+ !defined(inline) && !defined(__cplusplus)
+#define inline __inline
+#endif
+
/*
* ECP error codes
*/
@@ -214,7 +219,7 @@
#if !defined(MBEDTLS_ECP_ALT)
/*
- * default mbed TLS elliptic curve arithmetic implementation
+ * default Mbed TLS elliptic curve arithmetic implementation
*
* (in case MBEDTLS_ECP_ALT is defined then the developer has to provide an
* alternative implementation for the whole module and it will replace this
@@ -236,6 +241,27 @@
* odd prime as mbedtls_ecp_mul() requires an odd number, and
* mbedtls_ecdsa_sign() requires that it is prime for blinding purposes.
*
+ * The default implementation only initializes \p A without setting it to the
+ * authentic value for curves with <code>A = -3</code>(SECP256R1, etc), in which
+ * case you need to load \p A by yourself when using domain parameters directly,
+ * for example:
+ * \code
+ * mbedtls_mpi_init(&A);
+ * mbedtls_ecp_group_init(&grp);
+ * CHECK_RETURN(mbedtls_ecp_group_load(&grp, grp_id));
+ * if (mbedtls_ecp_group_a_is_minus_3(&grp)) {
+ * CHECK_RETURN(mbedtls_mpi_sub_int(&A, &grp.P, 3));
+ * } else {
+ * CHECK_RETURN(mbedtls_mpi_copy(&A, &grp.A));
+ * }
+ *
+ * do_something_with_a(&A);
+ *
+ * cleanup:
+ * mbedtls_mpi_free(&A);
+ * mbedtls_ecp_group_free(&grp);
+ * \endcode
+ *
* For Montgomery curves, we do not store \p A, but <code>(A + 2) / 4</code>,
* which is the quantity used in the formulas. Additionally, \p nbits is
* not the size of \p N but the required size for private keys.
@@ -256,8 +282,11 @@
typedef struct mbedtls_ecp_group {
mbedtls_ecp_group_id id; /*!< An internal group identifier. */
mbedtls_mpi P; /*!< The prime modulus of the base field. */
- mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. For
- Montgomery curves: <code>(A + 2) / 4</code>. */
+ mbedtls_mpi A; /*!< For Short Weierstrass: \p A in the equation. Note that
+ \p A is not set to the authentic value in some cases.
+ Refer to detailed description of ::mbedtls_ecp_group if
+ using domain parameters in the structure.
+ For Montgomery curves: <code>(A + 2) / 4</code>. */
mbedtls_mpi B; /*!< For Short Weierstrass: \p B in the equation.
For Montgomery curves: unused. */
mbedtls_ecp_point G; /*!< The generator of the subgroup used. */
@@ -990,6 +1019,26 @@
#if defined(MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED)
/**
+ * \brief This function checks if domain parameter A of the curve is
+ * \c -3.
+ *
+ * \note This function is only defined for short Weierstrass curves.
+ * It may not be included in builds without any short
+ * Weierstrass curve.
+ *
+ * \param grp The ECP group to use.
+ * This must be initialized and have group parameters
+ * set, for example through mbedtls_ecp_group_load().
+ *
+ * \return \c 1 if <code>A = -3</code>.
+ * \return \c 0 Otherwise.
+ */
+static inline int mbedtls_ecp_group_a_is_minus_3(const mbedtls_ecp_group *grp)
+{
+ return grp->A.p == NULL;
+}
+
+/**
* \brief This function performs multiplication and addition of two
* points by integers: \p R = \p m * \p P + \p n * \p Q
*
@@ -1081,7 +1130,7 @@
*
* It only checks that the point is non-zero, has
* valid coordinates and lies on the curve. It does not verify
- * that it is indeed a multiple of \p G. This additional
+ * that it is indeed a multiple of \c G. This additional
* check is computationally more expensive, is not required
* by standards, and should not be necessary if the group
* used has a small cofactor. In particular, it is useless for
@@ -1106,7 +1155,7 @@
const mbedtls_ecp_point *pt);
/**
- * \brief This function checks that an \p mbedtls_mpi is a
+ * \brief This function checks that an \c mbedtls_mpi is a
* valid private key for this curve.
*
* \note This function uses bare components rather than an
diff --git a/include/mbedtls/entropy_poll.h b/include/mbedtls/entropy_poll.h
index eca3b56..fed6862 100644
--- a/include/mbedtls/entropy_poll.h
+++ b/include/mbedtls/entropy_poll.h
@@ -82,7 +82,7 @@
/**
* \brief Entropy poll callback for a hardware source
*
- * \warning This is not provided by mbed TLS!
+ * \warning This is not provided by Mbed TLS!
* See \c MBEDTLS_ENTROPY_HARDWARE_ALT in config.h.
*
* \note This must accept NULL as its first argument.
diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index dd3c787..0d6230f 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -171,9 +171,9 @@
}
/**
- * \brief Translate a mbed TLS error code into a string representation,
- * Result is truncated if necessary and always includes a terminating
- * null byte.
+ * \brief Translate an Mbed TLS error code into a string representation.
+ * The result is truncated if necessary and always includes a
+ * terminating null byte.
*
* \param errnum error code
* \param buffer buffer to place representation in
diff --git a/include/mbedtls/hmac_drbg.h b/include/mbedtls/hmac_drbg.h
index 3ccf61c..6b22485 100644
--- a/include/mbedtls/hmac_drbg.h
+++ b/include/mbedtls/hmac_drbg.h
@@ -186,8 +186,8 @@
* \param len The length of the personalization string.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len * 3 / 2
- * where \p entropy_len is the entropy length
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \c entropy_len * 3 / 2
+ * where \c entropy_len is the entropy length
* described above.
*
* \return \c 0 if successful.
@@ -316,8 +316,8 @@
* \param len The length of the additional data.
* This must be at most #MBEDTLS_HMAC_DRBG_MAX_INPUT
* and also at most
- * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \p entropy_len
- * where \p entropy_len is the entropy length
+ * #MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT - \c entropy_len
+ * where \c entropy_len is the entropy length
* (see mbedtls_hmac_drbg_set_entropy_len()).
*
* \return \c 0 if successful.
diff --git a/include/mbedtls/net_sockets.h b/include/mbedtls/net_sockets.h
index c8bcde0..6bcd920 100644
--- a/include/mbedtls/net_sockets.h
+++ b/include/mbedtls/net_sockets.h
@@ -283,6 +283,10 @@
* \brief Closes down the connection and free associated data
*
* \param ctx The context to close
+ *
+ * \note This function frees and clears data associated with the
+ * context but does not free the memory pointed to by \p ctx.
+ * This memory is the responsibility of the caller.
*/
void mbedtls_net_close(mbedtls_net_context *ctx);
@@ -290,6 +294,10 @@
* \brief Gracefully shutdown the connection and free associated data
*
* \param ctx The context to free
+ *
+ * \note This function frees and clears data associated with the
+ * context but does not free the memory pointed to by \p ctx.
+ * This memory is the responsibility of the caller.
*/
void mbedtls_net_free(mbedtls_net_context *ctx);
diff --git a/include/mbedtls/pk.h b/include/mbedtls/pk.h
index a226e71..0e9d58a 100644
--- a/include/mbedtls/pk.h
+++ b/include/mbedtls/pk.h
@@ -395,13 +395,18 @@
*
* \return 0 on success (signature is valid),
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
+ * signature in \p sig but its length is less than \p sig_len,
* or a specific error code.
*
* \note For RSA keys, the default padding type is PKCS#1 v1.5.
* Use \c mbedtls_pk_verify_ext( MBEDTLS_PK_RSASSA_PSS, ... )
* to verify RSASSA_PSS signatures.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function,
+ * if the key might be an ECC (ECDSA) key.
+ *
* \note If hash_len is 0, then the length associated with md_alg
* is used instead, or an error returned if it is invalid.
*
@@ -454,7 +459,7 @@
* #MBEDTLS_ERR_PK_TYPE_MISMATCH if the PK context can't be
* used for this type of signatures,
* #MBEDTLS_ERR_PK_SIG_LEN_MISMATCH if there is a valid
- * signature in sig but its length is less than \p siglen,
+ * signature in \p sig but its length is less than \p sig_len,
* or a specific error code.
*
* \note If hash_len is 0, then the length associated with md_alg
diff --git a/include/mbedtls/pkcs11.h b/include/mbedtls/pkcs11.h
index 80a8a9c..908a1bc 100644
--- a/include/mbedtls/pkcs11.h
+++ b/include/mbedtls/pkcs11.h
@@ -71,7 +71,7 @@
MBEDTLS_DEPRECATED void mbedtls_pkcs11_init(mbedtls_pkcs11_context *ctx);
/**
- * Fill in a mbed TLS certificate, based on the given PKCS11 helper certificate.
+ * Fill in a Mbed TLS certificate, based on the given PKCS11 helper certificate.
*
* \deprecated This function is deprecated and will be removed in a
* future version of the library.
diff --git a/include/mbedtls/platform.h b/include/mbedtls/platform.h
index 9033852..c8c6e63 100644
--- a/include/mbedtls/platform.h
+++ b/include/mbedtls/platform.h
@@ -135,15 +135,28 @@
#endif
#endif /* MBEDTLS_PLATFORM_NO_STD_FUNCTIONS */
+/* Enable certain documented defines only when generating doxygen to avoid
+ * an "unrecognized define" error. */
+#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_CALLOC)
+#define MBEDTLS_PLATFORM_STD_CALLOC
+#endif
+
+#if defined(__DOXYGEN__) && !defined(MBEDTLS_PLATFORM_STD_FREE)
+#define MBEDTLS_PLATFORM_STD_FREE
+#endif
/** \} name SECTION: Module settings */
/*
* The function pointers for calloc and free.
+ * Please see MBEDTLS_PLATFORM_STD_CALLOC and MBEDTLS_PLATFORM_STD_FREE
+ * in mbedtls_config.h for more information about behaviour and requirements.
*/
#if defined(MBEDTLS_PLATFORM_MEMORY)
#if defined(MBEDTLS_PLATFORM_FREE_MACRO) && \
defined(MBEDTLS_PLATFORM_CALLOC_MACRO)
+#undef mbedtls_free
+#undef mbedtls_calloc
#define mbedtls_free MBEDTLS_PLATFORM_FREE_MACRO
#define mbedtls_calloc MBEDTLS_PLATFORM_CALLOC_MACRO
#else
@@ -165,6 +178,8 @@
void (*free_func)(void *));
#endif /* MBEDTLS_PLATFORM_FREE_MACRO && MBEDTLS_PLATFORM_CALLOC_MACRO */
#else /* !MBEDTLS_PLATFORM_MEMORY */
+#undef mbedtls_free
+#undef mbedtls_calloc
#define mbedtls_free free
#define mbedtls_calloc calloc
#endif /* MBEDTLS_PLATFORM_MEMORY && !MBEDTLS_PLATFORM_{FREE,CALLOC}_MACRO */
@@ -189,6 +204,7 @@
int mbedtls_platform_set_fprintf(int (*fprintf_func)(FILE *stream, const char *,
...));
#else
+#undef mbedtls_fprintf
#if defined(MBEDTLS_PLATFORM_FPRINTF_MACRO)
#define mbedtls_fprintf MBEDTLS_PLATFORM_FPRINTF_MACRO
#else
@@ -213,6 +229,7 @@
*/
int mbedtls_platform_set_printf(int (*printf_func)(const char *, ...));
#else /* !MBEDTLS_PLATFORM_PRINTF_ALT */
+#undef mbedtls_printf
#if defined(MBEDTLS_PLATFORM_PRINTF_MACRO)
#define mbedtls_printf MBEDTLS_PLATFORM_PRINTF_MACRO
#else
@@ -248,6 +265,7 @@
int mbedtls_platform_set_snprintf(int (*snprintf_func)(char *s, size_t n,
const char *format, ...));
#else /* MBEDTLS_PLATFORM_SNPRINTF_ALT */
+#undef mbedtls_snprintf
#if defined(MBEDTLS_PLATFORM_SNPRINTF_MACRO)
#define mbedtls_snprintf MBEDTLS_PLATFORM_SNPRINTF_MACRO
#else
@@ -284,6 +302,7 @@
int mbedtls_platform_set_vsnprintf(int (*vsnprintf_func)(char *s, size_t n,
const char *format, va_list arg));
#else /* MBEDTLS_PLATFORM_VSNPRINTF_ALT */
+#undef mbedtls_vsnprintf
#if defined(MBEDTLS_PLATFORM_VSNPRINTF_MACRO)
#define mbedtls_vsnprintf MBEDTLS_PLATFORM_VSNPRINTF_MACRO
#else
@@ -308,6 +327,7 @@
*/
int mbedtls_platform_set_exit(void (*exit_func)(int status));
#else
+#undef mbedtls_exit
#if defined(MBEDTLS_PLATFORM_EXIT_MACRO)
#define mbedtls_exit MBEDTLS_PLATFORM_EXIT_MACRO
#else
@@ -360,6 +380,8 @@
int (*nv_seed_write_func)(unsigned char *buf, size_t buf_len)
);
#else
+#undef mbedtls_nv_seed_read
+#undef mbedtls_nv_seed_write
#if defined(MBEDTLS_PLATFORM_NV_SEED_READ_MACRO) && \
defined(MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO)
#define mbedtls_nv_seed_read MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
diff --git a/include/mbedtls/platform_time.h b/include/mbedtls/platform_time.h
index eee61d6..112286b 100644
--- a/include/mbedtls/platform_time.h
+++ b/include/mbedtls/platform_time.h
@@ -1,7 +1,7 @@
/**
* \file platform_time.h
*
- * \brief mbed TLS Platform time abstraction
+ * \brief Mbed TLS Platform time abstraction
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/platform_util.h b/include/mbedtls/platform_util.h
index 55fc431..62f6d70 100644
--- a/include/mbedtls/platform_util.h
+++ b/include/mbedtls/platform_util.h
@@ -221,6 +221,11 @@
#define MBEDTLS_IGNORE_RETURN(result) ((void) !(result))
#endif
+/* If the following macro is defined, the library is being built by the test
+ * framework, and the framework is going to provide a replacement
+ * mbedtls_platform_zeroize() using a preprocessor macro, so the function
+ * declaration should be omitted. */
+#if !defined(MBEDTLS_TEST_DEFINES_ZEROIZE) //no-check-names
/**
* \brief Securely zeroize a buffer
*
@@ -244,6 +249,7 @@
*
*/
void mbedtls_platform_zeroize(void *buf, size_t len);
+#endif
#if defined(MBEDTLS_HAVE_TIME_DATE)
/**
diff --git a/include/mbedtls/rsa.h b/include/mbedtls/rsa.h
index f8725ff..37f07c0 100644
--- a/include/mbedtls/rsa.h
+++ b/include/mbedtls/rsa.h
@@ -260,15 +260,15 @@
* \brief This function completes an RSA context from
* a set of imported core parameters.
*
- * To setup an RSA public key, precisely \p N and \p E
+ * To setup an RSA public key, precisely \c N and \c E
* must have been imported.
*
* To setup an RSA private key, sufficient information must
* be present for the other parameters to be derivable.
*
* The default implementation supports the following:
- * <ul><li>Derive \p P, \p Q from \p N, \p D, \p E.</li>
- * <li>Derive \p N, \p D from \p P, \p Q, \p E.</li></ul>
+ * <ul><li>Derive \c P, \c Q from \c N, \c D, \c E.</li>
+ * <li>Derive \c N, \c D from \c P, \c Q, \c E.</li></ul>
* Alternative implementations need not support these.
*
* If this function runs successfully, it guarantees that
@@ -537,7 +537,7 @@
* \note This function does not handle message padding.
*
* \note Make sure to set \p input[0] = 0 or ensure that
- * input is smaller than \p N.
+ * input is smaller than \c N.
*
* \return \c 0 on success.
* \return An \c MBEDTLS_ERR_RSA_XXX error code on failure.
@@ -1109,8 +1109,8 @@
* verification using the mode from the context.
*
* \note For PKCS#1 v2.1 encoding, see comments on
- * mbedtls_rsa_rsassa_pss_verify() about \p md_alg and
- * \p hash_id.
+ * mbedtls_rsa_rsassa_pss_verify() about \c md_alg and
+ * \c hash_id.
*
* \deprecated It is deprecated and discouraged to call this function
* in #MBEDTLS_RSA_PRIVATE mode. Future versions of the library
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 7836ece..cc9a270 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -494,6 +494,7 @@
/* Dummy type used only for its size */
union mbedtls_ssl_premaster_secret {
+ unsigned char dummy; /* Make the union non-empty even with SSL disabled */
#if defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
unsigned char _pms_rsa[48]; /* RFC 5246 8.1.1 */
#endif
@@ -1544,6 +1545,10 @@
* Calling mbedtls_ssl_setup again is not supported, even
* if no session is active.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param ssl SSL context
* \param conf SSL configuration to use
*
@@ -1742,10 +1747,10 @@
* \param own_cid The address of the readable buffer holding the CID we want
* the peer to use when sending encrypted messages to us.
* This may be \c NULL if \p own_cid_len is \c 0.
- * This parameter is unused if \p enabled is set to
+ * This parameter is unused if \p enable is set to
* MBEDTLS_SSL_CID_DISABLED.
* \param own_cid_len The length of \p own_cid.
- * This parameter is unused if \p enabled is set to
+ * This parameter is unused if \p enable is set to
* MBEDTLS_SSL_CID_DISABLED.
*
* \note The value of \p own_cid_len must match the value of the
@@ -2569,8 +2574,8 @@
*
* \param session The session structure to be saved.
* \param buf The buffer to write the serialized data to. It must be a
- * writeable buffer of at least \p len bytes, or may be \c
- * NULL if \p len is \c 0.
+ * writeable buffer of at least \p buf_len bytes, or may be \c
+ * NULL if \p buf_len is \c 0.
* \param buf_len The number of bytes available for writing in \p buf.
* \param olen The size in bytes of the data that has been or would have
* been written. It must point to a valid \c size_t.
@@ -2655,7 +2660,7 @@
* record headers.
*
* \return \c 0 on success.
- * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p own_cid_len
+ * \return #MBEDTLS_ERR_SSL_BAD_INPUT_DATA if \p len
* is too large.
*/
int mbedtls_ssl_conf_cid(mbedtls_ssl_config *conf, size_t len,
@@ -3980,6 +3985,10 @@
* in which case the datagram of the underlying transport that is
* currently being processed might or might not contain further
* DTLS records.
+ *
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
*/
int mbedtls_ssl_handshake(mbedtls_ssl_context *ssl);
diff --git a/include/mbedtls/ssl_ciphersuites.h b/include/mbedtls/ssl_ciphersuites.h
index 5300125..cdf724c 100644
--- a/include/mbedtls/ssl_ciphersuites.h
+++ b/include/mbedtls/ssl_ciphersuites.h
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.h
*
- * \brief SSL Ciphersuites for mbed TLS
+ * \brief SSL Ciphersuites for Mbed TLS
*/
/*
* Copyright The Mbed TLS Contributors
diff --git a/include/mbedtls/threading.h b/include/mbedtls/threading.h
index 25de77e..5b5efca 100644
--- a/include/mbedtls/threading.h
+++ b/include/mbedtls/threading.h
@@ -63,9 +63,9 @@
* \brief Set your alternate threading implementation function
* pointers and initialize global mutexes. If used, this
* function must be called once in the main thread before any
- * other mbed TLS function is called, and
+ * other Mbed TLS function is called, and
* mbedtls_threading_free_alt() must be called once in the main
- * thread after all other mbed TLS functions.
+ * thread after all other Mbed TLS functions.
*
* \note mutex_init() and mutex_free() don't return a status code.
* If mutex_init() fails, it should leave its argument (the
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index 1324eae..b602eca 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -21,7 +21,7 @@
*/
/*
* This set of compile-time defines and run-time variables can be used to
- * determine the version number of the mbed TLS library used.
+ * determine the version number of the Mbed TLS library used.
*/
#ifndef MBEDTLS_VERSION_H
#define MBEDTLS_VERSION_H
@@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 28
-#define MBEDTLS_VERSION_PATCH 2
+#define MBEDTLS_VERSION_PATCH 4
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x021C0200
-#define MBEDTLS_VERSION_STRING "2.28.2"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.28.2"
+#define MBEDTLS_VERSION_NUMBER 0x021C0400
+#define MBEDTLS_VERSION_STRING "2.28.4"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 2.28.4"
#if defined(MBEDTLS_VERSION_C)
@@ -72,9 +72,9 @@
void mbedtls_version_get_string(char *string);
/**
- * Get the full version string ("mbed TLS x.y.z").
+ * Get the full version string ("Mbed TLS x.y.z").
*
- * \param string The string that will receive the value. The mbed TLS version
+ * \param string The string that will receive the value. The Mbed TLS version
* string will use 18 bytes AT MOST including a terminating
* null byte.
* (So the buffer should be at least 18 bytes to receive this
@@ -84,12 +84,12 @@
/**
* \brief Check if support for a feature was compiled into this
- * mbed TLS binary. This allows you to see at runtime if the
+ * Mbed TLS binary. This allows you to see at runtime if the
* library was for instance compiled with or without
* Multi-threading support.
*
* \note only checks against defines in the sections "System
- * support", "mbed TLS modules" and "mbed TLS feature
+ * support", "Mbed TLS modules" and "Mbed TLS feature
* support" in config.h
*
* \param feature The string for the define to check (e.g. "MBEDTLS_AES_C")
diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index 8fd321a..f00f3a6 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -361,7 +361,8 @@
mbedtls_asn1_named_data *first);
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
- unsigned char *sig, size_t size);
+ unsigned char *sig, size_t size,
+ mbedtls_pk_type_t pk_alg);
#define MBEDTLS_X509_SAFE_SNPRINTF \
do { \
diff --git a/include/mbedtls/x509_crl.h b/include/mbedtls/x509_crl.h
index 895eca0..1405021 100644
--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -95,6 +95,10 @@
/**
* \brief Parse a DER-encoded CRL and append it to the chained list
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in DER format
* \param buflen size of the buffer
@@ -109,6 +113,10 @@
*
* \note Multiple CRLs are accepted only if using PEM format
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain points to the start of the chain
* \param buf buffer holding the CRL data in PEM or DER format
* \param buflen size of the buffer
@@ -124,6 +132,10 @@
*
* \note Multiple CRLs are accepted only if using PEM format
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain points to the start of the chain
* \param path filename to read the CRLs from (in PEM or DER encoding)
*
diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 235e00c..bf883e8 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -283,6 +283,10 @@
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -344,6 +348,10 @@
* \brief Parse a single DER formatted certificate and add it
* to the end of the provided chained list.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -394,6 +402,10 @@
* temporary ownership of the CRT buffer until the CRT
* is destroyed.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain The pointer to the start of the CRT chain to attach to.
* When parsing the first CRT in a chain, this should point
* to an instance of ::mbedtls_x509_crt initialized through
@@ -434,6 +446,10 @@
* long as the certificates are enclosed in the PEM specific
* '-----{BEGIN/END} CERTIFICATE-----' delimiters.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain The chain to which to add the parsed certificates.
* \param buf The buffer holding the certificate data in PEM or DER format.
* For certificates in PEM encoding, this may be a concatenation
@@ -458,6 +474,10 @@
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param chain points to the start of the chain
* \param path filename to read the certificates from
*
@@ -489,7 +509,7 @@
* \param san_buf The buffer holding the raw data item of the subject
* alternative name.
* \param san The target structure to populate with the parsed presentation
- * of the subject alternative name encoded in \p san_raw.
+ * of the subject alternative name encoded in \p san_buf.
*
* \note Only "dnsName" and "otherName" of type hardware_module_name
* as defined in RFC 4180 is supported.
@@ -497,7 +517,7 @@
* \note This function should be called on a single raw data of
* subject alternative name. For example, after successful
* certificate parsing, one must iterate on every item in the
- * \p crt->subject_alt_names sequence, and pass it to
+ * \c crt->subject_alt_names sequence, and pass it to
* this function.
*
* \warning The target structure contains pointers to the raw data of the
@@ -894,7 +914,7 @@
* \brief Set the issuer name for a Certificate
* Issuer names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS CA"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS CA"
*
* \param ctx CRT context to use
* \param issuer_name issuer name to set
@@ -909,7 +929,7 @@
* \brief Set the subject name for a Certificate
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CRT context to use
* \param subject_name subject name to set
diff --git a/include/mbedtls/x509_csr.h b/include/mbedtls/x509_csr.h
index fa7ef04..6daf57b 100644
--- a/include/mbedtls/x509_csr.h
+++ b/include/mbedtls/x509_csr.h
@@ -82,6 +82,10 @@
*
* \note CSR attributes (if any) are currently silently ignored.
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
@@ -96,6 +100,10 @@
*
* \note See notes for \c mbedtls_x509_csr_parse_der()
*
+ * \note If #MBEDTLS_USE_PSA_CRYPTO is enabled, the PSA crypto
+ * subsystem must have been initialized by calling
+ * psa_crypto_init() before calling this function.
+ *
* \param csr CSR context to fill
* \param buf buffer holding the CRL data
* \param buflen size of the buffer
@@ -163,7 +171,7 @@
* \brief Set the subject name for a CSR
* Subject names should contain a comma-separated list
* of OID types and values:
- * e.g. "C=UK,O=ARM,CN=mbed TLS Server 1"
+ * e.g. "C=UK,O=ARM,CN=Mbed TLS Server 1"
*
* \param ctx CSR context to use
* \param subject_name subject name to set
diff --git a/include/psa/crypto_compat.h b/include/psa/crypto_compat.h
index 5cb225b..24239f5 100644
--- a/include/psa/crypto_compat.h
+++ b/include/psa/crypto_compat.h
@@ -5,7 +5,7 @@
*
* This header declares alternative names for macro and functions.
* New application code should not use these names.
- * These names may be removed in a future version of Mbed Crypto.
+ * These names may be removed in a future version of Mbed TLS.
*
* \note This file may not be included directly. Applications must
* include psa/crypto.h.
diff --git a/include/psa/crypto_extra.h b/include/psa/crypto_extra.h
index fa3e383..92f0b68 100644
--- a/include/psa/crypto_extra.h
+++ b/include/psa/crypto_extra.h
@@ -107,7 +107,7 @@
* indicates the slot number that contains it.
* \retval #PSA_ERROR_NOT_PERMITTED
* The caller is not permitted to query the slot number.
- * Mbed Crypto currently does not return this error.
+ * Mbed TLS currently does not return this error.
* \retval #PSA_ERROR_INVALID_ARGUMENT
* The key is not located in a secure element.
*/
@@ -219,7 +219,7 @@
* resource consumption related to the PSA keystore.
*
* \note The content of this structure is not part of the stable API and ABI
- * of Mbed Crypto and may change arbitrarily from version to version.
+ * of Mbed TLS and may change arbitrarily from version to version.
*/
typedef struct mbedtls_psa_stats_s {
/** Number of slots containing key material for a volatile key. */
@@ -248,7 +248,7 @@
/** \brief Get statistics about
* resource consumption related to the PSA keystore.
*
- * \note When Mbed Crypto is built as part of a service, with isolation
+ * \note When Mbed TLS is built as part of a service, with isolation
* between the application and the keystore, the service may or
* may not expose this function.
*/
diff --git a/include/psa/crypto_se_driver.h b/include/psa/crypto_se_driver.h
index e2acb71..a7c42dc 100644
--- a/include/psa/crypto_se_driver.h
+++ b/include/psa/crypto_se_driver.h
@@ -137,7 +137,7 @@
psa_key_location_t location);
#if defined(__DOXYGEN_ONLY__) || !defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto with secure element support enabled defines this type in
+/* Mbed TLS with secure element support enabled defines this type in
* crypto_types.h because it is also visible to applications through an
* implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
@@ -836,7 +836,7 @@
* and #PSA_ERROR_DOES_NOT_EXIST if the driver can determine that there
* is no key with the specified slot number.
*
- * This is an Mbed Crypto extension.
+ * This is an Mbed TLS extension.
*/
PSA_KEY_CREATION_REGISTER,
#endif
diff --git a/include/psa/crypto_struct.h b/include/psa/crypto_struct.h
index 743c6ad..18cbcf4 100644
--- a/include/psa/crypto_struct.h
+++ b/include/psa/crypto_struct.h
@@ -35,8 +35,8 @@
* GCC and Clang initialize the whole structure to 0 (at the time of writing),
* but MSVC and CompCert don't.
*
- * In Mbed Crypto, multipart operation structures live independently from
- * the key. This allows Mbed Crypto to free the key objects when destroying
+ * In Mbed TLS, multipart operation structures live independently from
+ * the key. This allows Mbed TLS to free the key objects when destroying
* a key slot. If a multipart operation needs to remember the key after
* the setup function returns, the operation structure needs to contain a
* copy of the key.
diff --git a/include/psa/crypto_types.h b/include/psa/crypto_types.h
index 54662a5..d47d3eb 100644
--- a/include/psa/crypto_types.h
+++ b/include/psa/crypto_types.h
@@ -295,7 +295,7 @@
typedef psa_key_id_t mbedtls_svc_key_id_t;
#else /* MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER */
-/* Implementation-specific: The Mbed Cryptography library can be built as
+/* Implementation-specific: The Mbed TLS library can be built as
* part of a multi-client service that exposes the PSA Cryptography API in each
* client and encodes the client identity in the key identifier argument of
* functions such as psa_open_key().
@@ -437,7 +437,7 @@
#ifndef __DOXYGEN_ONLY__
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-/* Mbed Crypto defines this type in crypto_types.h because it is also
+/* Mbed TLS defines this type in crypto_types.h because it is also
* visible to applications through an implementation-specific extension.
* For the PSA Cryptography specification, this type is only visible
* via crypto_se_driver.h. */
diff --git a/library/.gitignore b/library/.gitignore
index 3a63a63..9aa6322 100644
--- a/library/.gitignore
+++ b/library/.gitignore
@@ -1,4 +1,3 @@
-*.o
libmbed*
*.sln
*.vcxproj
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index fd3a3e7..1bff6bc 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -1,7 +1,7 @@
-option(USE_STATIC_MBEDTLS_LIBRARY "Build mbed TLS static library." ON)
-option(USE_SHARED_MBEDTLS_LIBRARY "Build mbed TLS shared library." OFF)
-option(LINK_WITH_PTHREAD "Explicitly link mbed TLS library to pthread." OFF)
-option(LINK_WITH_TRUSTED_STORAGE "Explicitly link mbed TLS library to trusted_storage." OFF)
+option(USE_STATIC_MBEDTLS_LIBRARY "Build Mbed TLS static library." ON)
+option(USE_SHARED_MBEDTLS_LIBRARY "Build Mbed TLS shared library." OFF)
+option(LINK_WITH_PTHREAD "Explicitly link Mbed TLS library to pthread." OFF)
+option(LINK_WITH_TRUSTED_STORAGE "Explicitly link Mbed TLS library to trusted_storage." OFF)
# Set the project root directory if it's not already defined, as may happen if
# the library folder is included directly by a parent project, without
@@ -204,15 +204,15 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.2 SOVERSION 7)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 2.28.4 SOVERSION 7)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.2 SOVERSION 1)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 2.28.4 SOVERSION 1)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.2 SOVERSION 14)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 2.28.4 SOVERSION 14)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
@@ -229,6 +229,15 @@
PRIVATE ${thirdparty_inc})
target_compile_definitions(${target}
PRIVATE ${thirdparty_def})
+ # Pass-through MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
+ if(MBEDTLS_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_CONFIG_FILE="${MBEDTLS_CONFIG_FILE}")
+ endif()
+ if(MBEDTLS_USER_CONFIG_FILE)
+ target_compile_definitions(${target}
+ PUBLIC MBEDTLS_USER_CONFIG_FILE="${MBEDTLS_USER_CONFIG_FILE}")
+ endif()
install(TARGETS ${target}
DESTINATION ${LIB_INSTALL_DIR}
PERMISSIONS OWNER_READ OWNER_WRITE GROUP_READ WORLD_READ)
diff --git a/library/aes.c b/library/aes.c
index bcdf3c7..d5a45fd 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -19,7 +19,7 @@
/*
* The AES block cipher was designed by Vincent Rijmen and Joan Daemen.
*
- * http://csrc.nist.gov/encryption/aes/rijndael/Rijndael.pdf
+ * https://csrc.nist.gov/csrc/media/projects/cryptographic-standards-and-guidelines/documents/aes-development/rijndael-ammended.pdf
* http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf
*/
@@ -50,8 +50,7 @@
#define AES_VALIDATE(cond) \
MBEDTLS_INTERNAL_VALIDATE(cond)
-#if defined(MBEDTLS_PADLOCK_C) && \
- (defined(MBEDTLS_HAVE_X86) || defined(MBEDTLS_PADLOCK_ALIGN16))
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
static int aes_padlock_ace = -1;
#endif
@@ -59,6 +58,8 @@
/*
* Forward S-box
*/
+#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static const unsigned char FSb[256] =
{
0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5,
@@ -94,6 +95,8 @@
0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68,
0x41, 0x99, 0x2D, 0x0F, 0xB0, 0x54, 0xBB, 0x16
};
+#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
/*
* Forward tables
@@ -165,6 +168,7 @@
V(C3, 41, 41, 82), V(B0, 99, 99, 29), V(77, 2D, 2D, 5A), V(11, 0F, 0F, 1E), \
V(CB, B0, B0, 7B), V(FC, 54, 54, A8), V(D6, BB, BB, 6D), V(3A, 16, 16, 2C)
+#if !defined(MBEDTLS_AES_ENCRYPT_ALT)
#define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t FT0[256] = { FT };
#undef V
@@ -185,8 +189,11 @@
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) */
+
#undef FT
+#if !defined(MBEDTLS_AES_DECRYPT_ALT)
/*
* Reverse S-box
*/
@@ -225,6 +232,7 @@
0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26,
0xE1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0C, 0x7D
};
+#endif /* defined(MBEDTLS_AES_DECRYPT_ALT)) */
/*
* Reverse tables
@@ -296,6 +304,8 @@
V(71, 01, A8, 39), V(DE, B3, 0C, 08), V(9C, E4, B4, D8), V(90, C1, 56, 64), \
V(61, 84, CB, 7B), V(70, B6, 32, D5), V(74, 5C, 6C, 48), V(42, 57, B8, D0)
+#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
+
#define V(a, b, c, d) 0x##a##b##c##d
static const uint32_t RT0[256] = { RT };
#undef V
@@ -316,8 +326,11 @@
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
+
#undef RT
+#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/*
* Round constants
*/
@@ -327,31 +340,44 @@
0x00000010, 0x00000020, 0x00000040, 0x00000080,
0x0000001B, 0x00000036
};
+#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
#else /* MBEDTLS_AES_ROM_TABLES */
/*
* Forward S-box & tables
*/
+#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static unsigned char FSb[256];
+#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
+#if !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
static uint32_t FT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t FT1[256];
static uint32_t FT2[256];
static uint32_t FT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#endif /* !defined(MBEDTLS_AES_ENCRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
/*
* Reverse S-box & tables
*/
+#if !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT))
static unsigned char RSb[256];
+#endif /* !(defined(MBEDTLS_AES_SETKEY_ENC_ALT) && defined(MBEDTLS_AES_DECRYPT_ALT)) */
+
+#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
static uint32_t RT0[256];
#if !defined(MBEDTLS_AES_FEWER_TABLES)
static uint32_t RT1[256];
static uint32_t RT2[256];
static uint32_t RT3[256];
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
+#if !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
/*
* Round constants
*/
@@ -429,6 +455,7 @@
x = RSb[i];
+#if !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT)
RT0[i] = ((uint32_t) MUL(0x0E, x)) ^
((uint32_t) MUL(0x09, x) << 8) ^
((uint32_t) MUL(0x0D, x) << 16) ^
@@ -439,9 +466,12 @@
RT2[i] = ROTL8(RT1[i]);
RT3[i] = ROTL8(RT2[i]);
#endif /* !MBEDTLS_AES_FEWER_TABLES */
+#endif /* !defined(MBEDTLS_AES_DECRYPT_ALT) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) */
}
}
+#endif /* !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
+
#undef ROTL8
#endif /* MBEDTLS_AES_ROM_TABLES */
@@ -512,6 +542,58 @@
}
#endif /* MBEDTLS_CIPHER_MODE_XTS */
+/* Some implementations need the round keys to be aligned.
+ * Return an offset to be added to buf, such that (buf + offset) is
+ * correctly aligned.
+ * Note that the offset is in units of elements of buf, i.e. 32-bit words,
+ * i.e. an offset of 1 means 4 bytes and so on.
+ */
+#if (defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)) || \
+ (defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2)
+#define MAY_NEED_TO_ALIGN
+#endif
+
+#if defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_ENC_ALT)
+static unsigned mbedtls_aes_rk_offset(uint32_t *buf)
+{
+#if defined(MAY_NEED_TO_ALIGN)
+ int align_16_bytes = 0;
+
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+ if (aes_padlock_ace == -1) {
+ aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
+ }
+ if (aes_padlock_ace) {
+ align_16_bytes = 1;
+ }
+#endif
+
+#if defined(MBEDTLS_AESNI_C) && MBEDTLS_AESNI_HAVE_CODE == 2
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+ align_16_bytes = 1;
+ }
+#endif
+
+ if (align_16_bytes) {
+ /* These implementations needs 16-byte alignment
+ * for the round key array. */
+ unsigned delta = ((uintptr_t) buf & 0x0000000fU) / 4;
+ if (delta == 0) {
+ return 0;
+ } else {
+ return 4 - delta; // 16 bytes = 4 uint32_t
+ }
+ }
+#else /* MAY_NEED_TO_ALIGN */
+ (void) buf;
+#endif /* MAY_NEED_TO_ALIGN */
+
+ return 0;
+}
+#endif /* defined(MAY_NEED_TO_ALIGN) || !defined(MBEDTLS_AES_SETKEY_DEC_ALT) || \
+ !defined(MBEDTLS_AES_SETKEY_ENC_ALT) */
+
/*
* AES key schedule (encryption)
*/
@@ -539,18 +621,9 @@
}
#endif
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
- if (aes_padlock_ace == -1) {
- aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
- }
+ ctx->rk = RK = ctx->buf + mbedtls_aes_rk_offset(ctx->buf);
- if (aes_padlock_ace) {
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf);
- } else
-#endif
- ctx->rk = RK = ctx->buf;
-
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
return mbedtls_aesni_setkey_enc((unsigned char *) ctx->rk, key, keybits);
}
@@ -640,16 +713,7 @@
mbedtls_aes_init(&cty);
-#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
- if (aes_padlock_ace == -1) {
- aes_padlock_ace = mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE);
- }
-
- if (aes_padlock_ace) {
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16(ctx->buf);
- } else
-#endif
- ctx->rk = RK = ctx->buf;
+ ctx->rk = RK = ctx->buf + mbedtls_aes_rk_offset(ctx->buf);
/* Also checks keybits */
if ((ret = mbedtls_aes_setkey_enc(&cty, key, keybits)) != 0) {
@@ -658,7 +722,7 @@
ctx->nr = cty.nr;
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
mbedtls_aesni_inverse_key((unsigned char *) ctx->rk,
(const unsigned char *) cty.rk, ctx->nr);
@@ -964,6 +1028,30 @@
}
#endif /* !MBEDTLS_DEPRECATED_REMOVED */
+#if defined(MAY_NEED_TO_ALIGN)
+/* VIA Padlock and our intrinsics-based implementation of AESNI require
+ * the round keys to be aligned on a 16-byte boundary. We take care of this
+ * before creating them, but the AES context may have moved (this can happen
+ * if the library is called from a language with managed memory), and in later
+ * calls it might have a different alignment with respect to 16-byte memory.
+ * So we may need to realign.
+ * NOTE: In the LTS branch, the context contains a pointer to within itself,
+ * so if it has been moved, things will probably go pear-shaped. We keep this
+ * code for compatibility with the development branch, in case of future changes.
+ */
+static void aes_maybe_realign(mbedtls_aes_context *ctx)
+{
+ unsigned current_offset = (unsigned) (ctx->rk - ctx->buf);
+ unsigned new_offset = mbedtls_aes_rk_offset(ctx->buf);
+ if (new_offset != current_offset) {
+ memmove(ctx->buf + new_offset, // new address
+ ctx->buf + current_offset, // current address
+ (ctx->nr + 1) * 16); // number of round keys * bytes per rk
+ ctx->rk = ctx->buf + new_offset;
+ }
+}
+#endif
+
/*
* AES-ECB block encryption/decryption
*/
@@ -978,7 +1066,11 @@
AES_VALIDATE_RET(mode == MBEDTLS_AES_ENCRYPT ||
mode == MBEDTLS_AES_DECRYPT);
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MAY_NEED_TO_ALIGN)
+ aes_maybe_realign(ctx);
+#endif
+
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
return mbedtls_aesni_crypt_ecb(ctx, mode, input, output);
}
@@ -986,13 +1078,7 @@
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
if (aes_padlock_ace) {
- if (mbedtls_padlock_xcryptecb(ctx, mode, input, output) == 0) {
- return 0;
- }
-
- // If padlock data misaligned, we just fall back to
- // unaccelerated mode
- //
+ return mbedtls_padlock_xcryptecb(ctx, mode, input, output);
}
#endif
@@ -1785,6 +1871,32 @@
memset(key, 0, 32);
mbedtls_aes_init(&ctx);
+ if (verbose != 0) {
+#if defined(MBEDTLS_AES_ALT)
+ mbedtls_printf(" AES note: alternative implementation.\n");
+#else /* MBEDTLS_AES_ALT */
+#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
+ if (mbedtls_padlock_has_support(MBEDTLS_PADLOCK_ACE)) {
+ mbedtls_printf(" AES note: using VIA Padlock.\n");
+ } else
+#endif
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_AES)) {
+ mbedtls_printf(" AES note: using AESNI via ");
+#if MBEDTLS_AESNI_HAVE_CODE == 1
+ mbedtls_printf("assembly");
+#elif MBEDTLS_AESNI_HAVE_CODE == 2
+ mbedtls_printf("intrinsics");
+#else
+ mbedtls_printf("(unknown)");
+#endif
+ mbedtls_printf(".\n");
+ } else
+#endif
+ mbedtls_printf(" AES note: built-in implementation.\n");
+#endif /* MBEDTLS_AES_ALT */
+ }
+
/*
* ECB mode
*/
diff --git a/library/aesni.c b/library/aesni.c
index 2a44b0e..866b6cb 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -18,21 +18,14 @@
*/
/*
- * [AES-WP] http://software.intel.com/en-us/articles/intel-advanced-encryption-standard-aes-instructions-set
- * [CLMUL-WP] http://software.intel.com/en-us/articles/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode/
+ * [AES-WP] https://www.intel.com/content/www/us/en/developer/articles/tool/intel-advanced-encryption-standard-aes-instructions-set.html
+ * [CLMUL-WP] https://www.intel.com/content/www/us/en/develop/download/intel-carry-less-multiplication-instruction-and-its-usage-for-computing-the-gcm-mode.html
*/
#include "common.h"
#if defined(MBEDTLS_AESNI_C)
-#if defined(__has_feature)
-#if __has_feature(memory_sanitizer)
-#warning \
- "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
-#endif
-#endif
-
#include "mbedtls/aesni.h"
#include <string.h>
@@ -43,7 +36,16 @@
#endif
/* *INDENT-ON* */
-#if defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
+
+#if MBEDTLS_AESNI_HAVE_CODE == 2
+#if !defined(_WIN32)
+#include <cpuid.h>
+#else
+#include <intrin.h>
+#endif
+#include <immintrin.h>
+#endif
/*
* AES-NI support detection routine
@@ -54,17 +56,355 @@
static unsigned int c = 0;
if (!done) {
+#if MBEDTLS_AESNI_HAVE_CODE == 2
+ static unsigned info[4] = { 0, 0, 0, 0 };
+#if defined(_MSC_VER)
+ __cpuid(info, 1);
+#else
+ __cpuid(1, info[0], info[1], info[2], info[3]);
+#endif
+ c = info[2];
+#else /* AESNI using asm */
asm ("movl $1, %%eax \n\t"
"cpuid \n\t"
: "=c" (c)
:
: "eax", "ebx", "edx");
+#endif /* MBEDTLS_AESNI_HAVE_CODE */
done = 1;
}
return (c & what) != 0;
}
+#if MBEDTLS_AESNI_HAVE_CODE == 2
+
+/*
+ * AES-NI AES-ECB block en(de)cryption
+ */
+int mbedtls_aesni_crypt_ecb(mbedtls_aes_context *ctx,
+ int mode,
+ const unsigned char input[16],
+ unsigned char output[16])
+{
+ const __m128i *rk = (const __m128i *) (ctx->rk);
+ unsigned nr = ctx->nr; // Number of remaining rounds
+
+ // Load round key 0
+ __m128i state;
+ memcpy(&state, input, 16);
+ state = _mm_xor_si128(state, rk[0]); // state ^= *rk;
+ ++rk;
+ --nr;
+
+ if (mode == 0) {
+ while (nr != 0) {
+ state = _mm_aesdec_si128(state, *rk);
+ ++rk;
+ --nr;
+ }
+ state = _mm_aesdeclast_si128(state, *rk);
+ } else {
+ while (nr != 0) {
+ state = _mm_aesenc_si128(state, *rk);
+ ++rk;
+ --nr;
+ }
+ state = _mm_aesenclast_si128(state, *rk);
+ }
+
+ memcpy(output, &state, 16);
+ return 0;
+}
+
+/*
+ * GCM multiplication: c = a times b in GF(2^128)
+ * Based on [CLMUL-WP] algorithms 1 (with equation 27) and 5.
+ */
+
+static void gcm_clmul(const __m128i aa, const __m128i bb,
+ __m128i *cc, __m128i *dd)
+{
+ /*
+ * Caryless multiplication dd:cc = aa * bb
+ * using [CLMUL-WP] algorithm 1 (p. 12).
+ */
+ *cc = _mm_clmulepi64_si128(aa, bb, 0x00); // a0*b0 = c1:c0
+ *dd = _mm_clmulepi64_si128(aa, bb, 0x11); // a1*b1 = d1:d0
+ __m128i ee = _mm_clmulepi64_si128(aa, bb, 0x10); // a0*b1 = e1:e0
+ __m128i ff = _mm_clmulepi64_si128(aa, bb, 0x01); // a1*b0 = f1:f0
+ ff = _mm_xor_si128(ff, ee); // e1+f1:e0+f0
+ ee = ff; // e1+f1:e0+f0
+ ff = _mm_srli_si128(ff, 8); // 0:e1+f1
+ ee = _mm_slli_si128(ee, 8); // e0+f0:0
+ *dd = _mm_xor_si128(*dd, ff); // d1:d0+e1+f1
+ *cc = _mm_xor_si128(*cc, ee); // c1+e0+f0:c0
+}
+
+static void gcm_shift(__m128i *cc, __m128i *dd)
+{
+ /* [CMUCL-WP] Algorithm 5 Step 1: shift cc:dd one bit to the left,
+ * taking advantage of [CLMUL-WP] eq 27 (p. 18). */
+ // // *cc = r1:r0
+ // // *dd = r3:r2
+ __m128i cc_lo = _mm_slli_epi64(*cc, 1); // r1<<1:r0<<1
+ __m128i dd_lo = _mm_slli_epi64(*dd, 1); // r3<<1:r2<<1
+ __m128i cc_hi = _mm_srli_epi64(*cc, 63); // r1>>63:r0>>63
+ __m128i dd_hi = _mm_srli_epi64(*dd, 63); // r3>>63:r2>>63
+ __m128i xmm5 = _mm_srli_si128(cc_hi, 8); // 0:r1>>63
+ cc_hi = _mm_slli_si128(cc_hi, 8); // r0>>63:0
+ dd_hi = _mm_slli_si128(dd_hi, 8); // 0:r1>>63
+
+ *cc = _mm_or_si128(cc_lo, cc_hi); // r1<<1|r0>>63:r0<<1
+ *dd = _mm_or_si128(_mm_or_si128(dd_lo, dd_hi), xmm5); // r3<<1|r2>>62:r2<<1|r1>>63
+}
+
+static __m128i gcm_reduce(__m128i xx)
+{
+ // // xx = x1:x0
+ /* [CLMUL-WP] Algorithm 5 Step 2 */
+ __m128i aa = _mm_slli_epi64(xx, 63); // x1<<63:x0<<63 = stuff:a
+ __m128i bb = _mm_slli_epi64(xx, 62); // x1<<62:x0<<62 = stuff:b
+ __m128i cc = _mm_slli_epi64(xx, 57); // x1<<57:x0<<57 = stuff:c
+ __m128i dd = _mm_slli_si128(_mm_xor_si128(_mm_xor_si128(aa, bb), cc), 8); // a+b+c:0
+ return _mm_xor_si128(dd, xx); // x1+a+b+c:x0 = d:x0
+}
+
+static __m128i gcm_mix(__m128i dx)
+{
+ /* [CLMUL-WP] Algorithm 5 Steps 3 and 4 */
+ __m128i ee = _mm_srli_epi64(dx, 1); // e1:x0>>1 = e1:e0'
+ __m128i ff = _mm_srli_epi64(dx, 2); // f1:x0>>2 = f1:f0'
+ __m128i gg = _mm_srli_epi64(dx, 7); // g1:x0>>7 = g1:g0'
+
+ // e0'+f0'+g0' is almost e0+f0+g0, except for some missing
+ // bits carried from d. Now get those bits back in.
+ __m128i eh = _mm_slli_epi64(dx, 63); // d<<63:stuff
+ __m128i fh = _mm_slli_epi64(dx, 62); // d<<62:stuff
+ __m128i gh = _mm_slli_epi64(dx, 57); // d<<57:stuff
+ __m128i hh = _mm_srli_si128(_mm_xor_si128(_mm_xor_si128(eh, fh), gh), 8); // 0:missing bits of d
+
+ return _mm_xor_si128(_mm_xor_si128(_mm_xor_si128(_mm_xor_si128(ee, ff), gg), hh), dx);
+}
+
+void mbedtls_aesni_gcm_mult(unsigned char c[16],
+ const unsigned char a[16],
+ const unsigned char b[16])
+{
+ __m128i aa, bb, cc, dd;
+
+ /* The inputs are in big-endian order, so byte-reverse them */
+ for (size_t i = 0; i < 16; i++) {
+ ((uint8_t *) &aa)[i] = a[15 - i];
+ ((uint8_t *) &bb)[i] = b[15 - i];
+ }
+
+ gcm_clmul(aa, bb, &cc, &dd);
+ gcm_shift(&cc, &dd);
+ /*
+ * Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
+ * using [CLMUL-WP] algorithm 5 (p. 18).
+ * Currently dd:cc holds x3:x2:x1:x0 (already shifted).
+ */
+ __m128i dx = gcm_reduce(cc);
+ __m128i xh = gcm_mix(dx);
+ cc = _mm_xor_si128(xh, dd); // x3+h1:x2+h0
+
+ /* Now byte-reverse the outputs */
+ for (size_t i = 0; i < 16; i++) {
+ c[i] = ((uint8_t *) &cc)[15 - i];
+ }
+
+ return;
+}
+
+/*
+ * Compute decryption round keys from encryption round keys
+ */
+void mbedtls_aesni_inverse_key(unsigned char *invkey,
+ const unsigned char *fwdkey, int nr)
+{
+ __m128i *ik = (__m128i *) invkey;
+ const __m128i *fk = (const __m128i *) fwdkey + nr;
+
+ *ik = *fk;
+ for (--fk, ++ik; fk > (const __m128i *) fwdkey; --fk, ++ik) {
+ *ik = _mm_aesimc_si128(*fk);
+ }
+ *ik = *fk;
+}
+
+/*
+ * Key expansion, 128-bit case
+ */
+static __m128i aesni_set_rk_128(__m128i state, __m128i xword)
+{
+ /*
+ * Finish generating the next round key.
+ *
+ * On entry state is r3:r2:r1:r0 and xword is X:stuff:stuff:stuff
+ * with X = rot( sub( r3 ) ) ^ RCON (obtained with AESKEYGENASSIST).
+ *
+ * On exit, xword is r7:r6:r5:r4
+ * with r4 = X + r0, r5 = r4 + r1, r6 = r5 + r2, r7 = r6 + r3
+ * and this is returned, to be written to the round key buffer.
+ */
+ xword = _mm_shuffle_epi32(xword, 0xff); // X:X:X:X
+ xword = _mm_xor_si128(xword, state); // X+r3:X+r2:X+r1:r4
+ state = _mm_slli_si128(state, 4); // r2:r1:r0:0
+ xword = _mm_xor_si128(xword, state); // X+r3+r2:X+r2+r1:r5:r4
+ state = _mm_slli_si128(state, 4); // r1:r0:0:0
+ xword = _mm_xor_si128(xword, state); // X+r3+r2+r1:r6:r5:r4
+ state = _mm_slli_si128(state, 4); // r0:0:0:0
+ state = _mm_xor_si128(xword, state); // r7:r6:r5:r4
+ return state;
+}
+
+static void aesni_setkey_enc_128(unsigned char *rk_bytes,
+ const unsigned char *key)
+{
+ __m128i *rk = (__m128i *) rk_bytes;
+
+ memcpy(&rk[0], key, 16);
+ rk[1] = aesni_set_rk_128(rk[0], _mm_aeskeygenassist_si128(rk[0], 0x01));
+ rk[2] = aesni_set_rk_128(rk[1], _mm_aeskeygenassist_si128(rk[1], 0x02));
+ rk[3] = aesni_set_rk_128(rk[2], _mm_aeskeygenassist_si128(rk[2], 0x04));
+ rk[4] = aesni_set_rk_128(rk[3], _mm_aeskeygenassist_si128(rk[3], 0x08));
+ rk[5] = aesni_set_rk_128(rk[4], _mm_aeskeygenassist_si128(rk[4], 0x10));
+ rk[6] = aesni_set_rk_128(rk[5], _mm_aeskeygenassist_si128(rk[5], 0x20));
+ rk[7] = aesni_set_rk_128(rk[6], _mm_aeskeygenassist_si128(rk[6], 0x40));
+ rk[8] = aesni_set_rk_128(rk[7], _mm_aeskeygenassist_si128(rk[7], 0x80));
+ rk[9] = aesni_set_rk_128(rk[8], _mm_aeskeygenassist_si128(rk[8], 0x1B));
+ rk[10] = aesni_set_rk_128(rk[9], _mm_aeskeygenassist_si128(rk[9], 0x36));
+}
+
+/*
+ * Key expansion, 192-bit case
+ */
+static void aesni_set_rk_192(__m128i *state0, __m128i *state1, __m128i xword,
+ unsigned char *rk)
+{
+ /*
+ * Finish generating the next 6 quarter-keys.
+ *
+ * On entry state0 is r3:r2:r1:r0, state1 is stuff:stuff:r5:r4
+ * and xword is stuff:stuff:X:stuff with X = rot( sub( r3 ) ) ^ RCON
+ * (obtained with AESKEYGENASSIST).
+ *
+ * On exit, state0 is r9:r8:r7:r6 and state1 is stuff:stuff:r11:r10
+ * and those are written to the round key buffer.
+ */
+ xword = _mm_shuffle_epi32(xword, 0x55); // X:X:X:X
+ xword = _mm_xor_si128(xword, *state0); // X+r3:X+r2:X+r1:X+r0
+ *state0 = _mm_slli_si128(*state0, 4); // r2:r1:r0:0
+ xword = _mm_xor_si128(xword, *state0); // X+r3+r2:X+r2+r1:X+r1+r0:X+r0
+ *state0 = _mm_slli_si128(*state0, 4); // r1:r0:0:0
+ xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1:X+r2+r1+r0:X+r1+r0:X+r0
+ *state0 = _mm_slli_si128(*state0, 4); // r0:0:0:0
+ xword = _mm_xor_si128(xword, *state0); // X+r3+r2+r1+r0:X+r2+r1+r0:X+r1+r0:X+r0
+ *state0 = xword; // = r9:r8:r7:r6
+
+ xword = _mm_shuffle_epi32(xword, 0xff); // r9:r9:r9:r9
+ xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5:r9+r4
+ *state1 = _mm_slli_si128(*state1, 4); // stuff:stuff:r4:0
+ xword = _mm_xor_si128(xword, *state1); // stuff:stuff:r9+r5+r4:r9+r4
+ *state1 = xword; // = stuff:stuff:r11:r10
+
+ /* Store state0 and the low half of state1 into rk, which is conceptually
+ * an array of 24-byte elements. Since 24 is not a multiple of 16,
+ * rk is not necessarily aligned so just `*rk = *state0` doesn't work. */
+ memcpy(rk, state0, 16);
+ memcpy(rk + 16, state1, 8);
+}
+
+static void aesni_setkey_enc_192(unsigned char *rk,
+ const unsigned char *key)
+{
+ /* First round: use original key */
+ memcpy(rk, key, 24);
+ /* aes.c guarantees that rk is aligned on a 16-byte boundary. */
+ __m128i state0 = ((__m128i *) rk)[0];
+ __m128i state1 = _mm_loadl_epi64(((__m128i *) rk) + 1);
+
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x01), rk + 24 * 1);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x02), rk + 24 * 2);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x04), rk + 24 * 3);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x08), rk + 24 * 4);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x10), rk + 24 * 5);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x20), rk + 24 * 6);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x40), rk + 24 * 7);
+ aesni_set_rk_192(&state0, &state1, _mm_aeskeygenassist_si128(state1, 0x80), rk + 24 * 8);
+}
+
+/*
+ * Key expansion, 256-bit case
+ */
+static void aesni_set_rk_256(__m128i state0, __m128i state1, __m128i xword,
+ __m128i *rk0, __m128i *rk1)
+{
+ /*
+ * Finish generating the next two round keys.
+ *
+ * On entry state0 is r3:r2:r1:r0, state1 is r7:r6:r5:r4 and
+ * xword is X:stuff:stuff:stuff with X = rot( sub( r7 )) ^ RCON
+ * (obtained with AESKEYGENASSIST).
+ *
+ * On exit, *rk0 is r11:r10:r9:r8 and *rk1 is r15:r14:r13:r12
+ */
+ xword = _mm_shuffle_epi32(xword, 0xff);
+ xword = _mm_xor_si128(xword, state0);
+ state0 = _mm_slli_si128(state0, 4);
+ xword = _mm_xor_si128(xword, state0);
+ state0 = _mm_slli_si128(state0, 4);
+ xword = _mm_xor_si128(xword, state0);
+ state0 = _mm_slli_si128(state0, 4);
+ state0 = _mm_xor_si128(state0, xword);
+ *rk0 = state0;
+
+ /* Set xword to stuff:Y:stuff:stuff with Y = subword( r11 )
+ * and proceed to generate next round key from there */
+ xword = _mm_aeskeygenassist_si128(state0, 0x00);
+ xword = _mm_shuffle_epi32(xword, 0xaa);
+ xword = _mm_xor_si128(xword, state1);
+ state1 = _mm_slli_si128(state1, 4);
+ xword = _mm_xor_si128(xword, state1);
+ state1 = _mm_slli_si128(state1, 4);
+ xword = _mm_xor_si128(xword, state1);
+ state1 = _mm_slli_si128(state1, 4);
+ state1 = _mm_xor_si128(state1, xword);
+ *rk1 = state1;
+}
+
+static void aesni_setkey_enc_256(unsigned char *rk_bytes,
+ const unsigned char *key)
+{
+ __m128i *rk = (__m128i *) rk_bytes;
+
+ memcpy(&rk[0], key, 16);
+ memcpy(&rk[1], key + 16, 16);
+
+ /*
+ * Main "loop" - Generating one more key than necessary,
+ * see definition of mbedtls_aes_context.buf
+ */
+ aesni_set_rk_256(rk[0], rk[1], _mm_aeskeygenassist_si128(rk[1], 0x01), &rk[2], &rk[3]);
+ aesni_set_rk_256(rk[2], rk[3], _mm_aeskeygenassist_si128(rk[3], 0x02), &rk[4], &rk[5]);
+ aesni_set_rk_256(rk[4], rk[5], _mm_aeskeygenassist_si128(rk[5], 0x04), &rk[6], &rk[7]);
+ aesni_set_rk_256(rk[6], rk[7], _mm_aeskeygenassist_si128(rk[7], 0x08), &rk[8], &rk[9]);
+ aesni_set_rk_256(rk[8], rk[9], _mm_aeskeygenassist_si128(rk[9], 0x10), &rk[10], &rk[11]);
+ aesni_set_rk_256(rk[10], rk[11], _mm_aeskeygenassist_si128(rk[11], 0x20), &rk[12], &rk[13]);
+ aesni_set_rk_256(rk[12], rk[13], _mm_aeskeygenassist_si128(rk[13], 0x40), &rk[14], &rk[15]);
+}
+
+#else /* MBEDTLS_AESNI_HAVE_CODE == 1 */
+
+#if defined(__has_feature)
+#if __has_feature(memory_sanitizer)
+#warning \
+ "MBEDTLS_AESNI_C is known to cause spurious error reports with some memory sanitizers as they do not understand the assembly code."
+#endif
+#endif
+
/*
* Binutils needs to be at least 2.19 to support AES-NI instructions.
* Unfortunately, a lot of users have a lower version now (2014-04).
@@ -75,13 +415,13 @@
* Operand macros are in gas order (src, dst) as opposed to Intel order
* (dst, src) in order to blend better into the surrounding assembly code.
*/
-#define AESDEC ".byte 0x66,0x0F,0x38,0xDE,"
-#define AESDECLAST ".byte 0x66,0x0F,0x38,0xDF,"
-#define AESENC ".byte 0x66,0x0F,0x38,0xDC,"
-#define AESENCLAST ".byte 0x66,0x0F,0x38,0xDD,"
-#define AESIMC ".byte 0x66,0x0F,0x38,0xDB,"
-#define AESKEYGENA ".byte 0x66,0x0F,0x3A,0xDF,"
-#define PCLMULQDQ ".byte 0x66,0x0F,0x3A,0x44,"
+#define AESDEC(regs) ".byte 0x66,0x0F,0x38,0xDE," regs "\n\t"
+#define AESDECLAST(regs) ".byte 0x66,0x0F,0x38,0xDF," regs "\n\t"
+#define AESENC(regs) ".byte 0x66,0x0F,0x38,0xDC," regs "\n\t"
+#define AESENCLAST(regs) ".byte 0x66,0x0F,0x38,0xDD," regs "\n\t"
+#define AESIMC(regs) ".byte 0x66,0x0F,0x38,0xDB," regs "\n\t"
+#define AESKEYGENA(regs, imm) ".byte 0x66,0x0F,0x3A,0xDF," regs "," imm "\n\t"
+#define PCLMULQDQ(regs, imm) ".byte 0x66,0x0F,0x3A,0x44," regs "," imm "\n\t"
#define xmm0_xmm0 "0xC0"
#define xmm0_xmm1 "0xC8"
@@ -109,25 +449,25 @@
"1: \n\t" // encryption loop
"movdqu (%1), %%xmm1 \n\t" // load round key
- AESENC xmm1_xmm0 "\n\t" // do round
- "add $16, %1 \n\t" // point to next round key
- "subl $1, %0 \n\t" // loop
- "jnz 1b \n\t"
- "movdqu (%1), %%xmm1 \n\t" // load round key
- AESENCLAST xmm1_xmm0 "\n\t" // last round
- "jmp 3f \n\t"
+ AESENC(xmm1_xmm0) // do round
+ "add $16, %1 \n\t" // point to next round key
+ "subl $1, %0 \n\t" // loop
+ "jnz 1b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
+ AESENCLAST(xmm1_xmm0) // last round
+ "jmp 3f \n\t"
- "2: \n\t" // decryption loop
- "movdqu (%1), %%xmm1 \n\t"
- AESDEC xmm1_xmm0 "\n\t" // do round
- "add $16, %1 \n\t"
- "subl $1, %0 \n\t"
- "jnz 2b \n\t"
- "movdqu (%1), %%xmm1 \n\t" // load round key
- AESDECLAST xmm1_xmm0 "\n\t" // last round
+ "2: \n\t" // decryption loop
+ "movdqu (%1), %%xmm1 \n\t"
+ AESDEC(xmm1_xmm0) // do round
+ "add $16, %1 \n\t"
+ "subl $1, %0 \n\t"
+ "jnz 2b \n\t"
+ "movdqu (%1), %%xmm1 \n\t" // load round key
+ AESDECLAST(xmm1_xmm0) // last round
- "3: \n\t"
- "movdqu %%xmm0, (%4) \n\t" // export output
+ "3: \n\t"
+ "movdqu %%xmm0, (%4) \n\t" // export output
:
: "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
: "memory", "cc", "xmm0", "xmm1");
@@ -158,84 +498,84 @@
/*
* Caryless multiplication xmm2:xmm1 = xmm0 * xmm1
- * using [CLMUL-WP] algorithm 1 (p. 13).
+ * using [CLMUL-WP] algorithm 1 (p. 12).
*/
"movdqa %%xmm1, %%xmm2 \n\t" // copy of b1:b0
"movdqa %%xmm1, %%xmm3 \n\t" // same
"movdqa %%xmm1, %%xmm4 \n\t" // same
- PCLMULQDQ xmm0_xmm1 ",0x00 \n\t" // a0*b0 = c1:c0
- PCLMULQDQ xmm0_xmm2 ",0x11 \n\t" // a1*b1 = d1:d0
- PCLMULQDQ xmm0_xmm3 ",0x10 \n\t" // a0*b1 = e1:e0
- PCLMULQDQ xmm0_xmm4 ",0x01 \n\t" // a1*b0 = f1:f0
- "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
- "movdqa %%xmm4, %%xmm3 \n\t" // same
- "psrldq $8, %%xmm4 \n\t" // 0:e1+f1
- "pslldq $8, %%xmm3 \n\t" // e0+f0:0
- "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
- "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
+ PCLMULQDQ(xmm0_xmm1, "0x00") // a0*b0 = c1:c0
+ PCLMULQDQ(xmm0_xmm2, "0x11") // a1*b1 = d1:d0
+ PCLMULQDQ(xmm0_xmm3, "0x10") // a0*b1 = e1:e0
+ PCLMULQDQ(xmm0_xmm4, "0x01") // a1*b0 = f1:f0
+ "pxor %%xmm3, %%xmm4 \n\t" // e1+f1:e0+f0
+ "movdqa %%xmm4, %%xmm3 \n\t" // same
+ "psrldq $8, %%xmm4 \n\t" // 0:e1+f1
+ "pslldq $8, %%xmm3 \n\t" // e0+f0:0
+ "pxor %%xmm4, %%xmm2 \n\t" // d1:d0+e1+f1
+ "pxor %%xmm3, %%xmm1 \n\t" // c1+e0+f1:c0
/*
* Now shift the result one bit to the left,
- * taking advantage of [CLMUL-WP] eq 27 (p. 20)
+ * taking advantage of [CLMUL-WP] eq 27 (p. 18)
*/
- "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
- "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
- "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
- "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
- "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
- "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
- "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
- "pslldq $8, %%xmm3 \n\t" // r0>>63:0
- "pslldq $8, %%xmm4 \n\t" // r2>>63:0
- "psrldq $8, %%xmm5 \n\t" // 0:r1>>63
- "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
- "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
- "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
+ "movdqa %%xmm1, %%xmm3 \n\t" // r1:r0
+ "movdqa %%xmm2, %%xmm4 \n\t" // r3:r2
+ "psllq $1, %%xmm1 \n\t" // r1<<1:r0<<1
+ "psllq $1, %%xmm2 \n\t" // r3<<1:r2<<1
+ "psrlq $63, %%xmm3 \n\t" // r1>>63:r0>>63
+ "psrlq $63, %%xmm4 \n\t" // r3>>63:r2>>63
+ "movdqa %%xmm3, %%xmm5 \n\t" // r1>>63:r0>>63
+ "pslldq $8, %%xmm3 \n\t" // r0>>63:0
+ "pslldq $8, %%xmm4 \n\t" // r2>>63:0
+ "psrldq $8, %%xmm5 \n\t" // 0:r1>>63
+ "por %%xmm3, %%xmm1 \n\t" // r1<<1|r0>>63:r0<<1
+ "por %%xmm4, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1
+ "por %%xmm5, %%xmm2 \n\t" // r3<<1|r2>>62:r2<<1|r1>>63
/*
* Now reduce modulo the GCM polynomial x^128 + x^7 + x^2 + x + 1
- * using [CLMUL-WP] algorithm 5 (p. 20).
+ * using [CLMUL-WP] algorithm 5 (p. 18).
* Currently xmm2:xmm1 holds x3:x2:x1:x0 (already shifted).
*/
/* Step 2 (1) */
- "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
- "movdqa %%xmm1, %%xmm4 \n\t" // same
- "movdqa %%xmm1, %%xmm5 \n\t" // same
- "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
- "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
- "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
+ "movdqa %%xmm1, %%xmm3 \n\t" // x1:x0
+ "movdqa %%xmm1, %%xmm4 \n\t" // same
+ "movdqa %%xmm1, %%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // x1<<63:x0<<63 = stuff:a
+ "psllq $62, %%xmm4 \n\t" // x1<<62:x0<<62 = stuff:b
+ "psllq $57, %%xmm5 \n\t" // x1<<57:x0<<57 = stuff:c
/* Step 2 (2) */
- "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
- "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
- "pslldq $8, %%xmm3 \n\t" // a+b+c:0
- "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
+ "pxor %%xmm4, %%xmm3 \n\t" // stuff:a+b
+ "pxor %%xmm5, %%xmm3 \n\t" // stuff:a+b+c
+ "pslldq $8, %%xmm3 \n\t" // a+b+c:0
+ "pxor %%xmm3, %%xmm1 \n\t" // x1+a+b+c:x0 = d:x0
/* Steps 3 and 4 */
- "movdqa %%xmm1,%%xmm0 \n\t" // d:x0
- "movdqa %%xmm1,%%xmm4 \n\t" // same
- "movdqa %%xmm1,%%xmm5 \n\t" // same
- "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
- "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
- "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
- "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
- "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
+ "movdqa %%xmm1,%%xmm0 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psrlq $1, %%xmm0 \n\t" // e1:x0>>1 = e1:e0'
+ "psrlq $2, %%xmm4 \n\t" // f1:x0>>2 = f1:f0'
+ "psrlq $7, %%xmm5 \n\t" // g1:x0>>7 = g1:g0'
+ "pxor %%xmm4, %%xmm0 \n\t" // e1+f1:e0'+f0'
+ "pxor %%xmm5, %%xmm0 \n\t" // e1+f1+g1:e0'+f0'+g0'
// e0'+f0'+g0' is almost e0+f0+g0, ex\tcept for some missing
// bits carried from d. Now get those\t bits back in.
- "movdqa %%xmm1,%%xmm3 \n\t" // d:x0
- "movdqa %%xmm1,%%xmm4 \n\t" // same
- "movdqa %%xmm1,%%xmm5 \n\t" // same
- "psllq $63, %%xmm3 \n\t" // d<<63:stuff
- "psllq $62, %%xmm4 \n\t" // d<<62:stuff
- "psllq $57, %%xmm5 \n\t" // d<<57:stuff
- "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
- "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
- "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
- "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
- "pxor %%xmm1, %%xmm0 \n\t" // h1:h0
- "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
+ "movdqa %%xmm1,%%xmm3 \n\t" // d:x0
+ "movdqa %%xmm1,%%xmm4 \n\t" // same
+ "movdqa %%xmm1,%%xmm5 \n\t" // same
+ "psllq $63, %%xmm3 \n\t" // d<<63:stuff
+ "psllq $62, %%xmm4 \n\t" // d<<62:stuff
+ "psllq $57, %%xmm5 \n\t" // d<<57:stuff
+ "pxor %%xmm4, %%xmm3 \n\t" // d<<63+d<<62:stuff
+ "pxor %%xmm5, %%xmm3 \n\t" // missing bits of d:stuff
+ "psrldq $8, %%xmm3 \n\t" // 0:missing bits of d
+ "pxor %%xmm3, %%xmm0 \n\t" // e1+f1+g1:e0+f0+g0
+ "pxor %%xmm1, %%xmm0 \n\t" // h1:h0
+ "pxor %%xmm2, %%xmm0 \n\t" // x3+h1:x2+h0
- "movdqu %%xmm0, (%2) \n\t" // done
+ "movdqu %%xmm0, (%2) \n\t" // done
:
: "r" (aa), "r" (bb), "r" (cc)
: "memory", "cc", "xmm0", "xmm1", "xmm2", "xmm3", "xmm4", "xmm5");
@@ -261,8 +601,8 @@
for (fk -= 16, ik += 16; fk > fwdkey; fk -= 16, ik += 16) {
asm ("movdqu (%0), %%xmm0 \n\t"
- AESIMC xmm0_xmm0 "\n\t"
- "movdqu %%xmm0, (%1) \n\t"
+ AESIMC(xmm0_xmm0)
+ "movdqu %%xmm0, (%1) \n\t"
:
: "r" (fk), "r" (ik)
: "memory", "xmm0");
@@ -306,16 +646,16 @@
/* Main "loop" */
"2: \n\t"
- AESKEYGENA xmm0_xmm1 ",0x01 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x02 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x04 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x08 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x10 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x20 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x40 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x80 \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x1B \n\tcall 1b \n\t"
- AESKEYGENA xmm0_xmm1 ",0x36 \n\tcall 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x01") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x02") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x04") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x08") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x10") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x20") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x40") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x80") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x1B") "call 1b \n\t"
+ AESKEYGENA(xmm0_xmm1, "0x36") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
@@ -364,14 +704,14 @@
"ret \n\t"
"2: \n\t"
- AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x80 \n\tcall 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x80") "call 1b \n\t"
:
: "r" (rk), "r" (key)
@@ -414,36 +754,38 @@
/* Set xmm2 to stuff:Y:stuff:stuff with Y = subword( r11 )
* and proceed to generate next round key from there */
- AESKEYGENA xmm0_xmm2 ",0x00 \n\t"
- "pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm1, %%xmm2 \n\t"
- "pslldq $4, %%xmm1 \n\t"
- "pxor %%xmm2, %%xmm1 \n\t"
- "add $16, %0 \n\t"
- "movdqu %%xmm1, (%0) \n\t"
- "ret \n\t"
+ AESKEYGENA(xmm0_xmm2, "0x00")
+ "pshufd $0xaa, %%xmm2, %%xmm2 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm1, %%xmm2 \n\t"
+ "pslldq $4, %%xmm1 \n\t"
+ "pxor %%xmm2, %%xmm1 \n\t"
+ "add $16, %0 \n\t"
+ "movdqu %%xmm1, (%0) \n\t"
+ "ret \n\t"
/*
* Main "loop" - Generating one more key than necessary,
* see definition of mbedtls_aes_context.buf
*/
- "2: \n\t"
- AESKEYGENA xmm1_xmm2 ",0x01 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x02 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x04 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x08 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x10 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x20 \n\tcall 1b \n\t"
- AESKEYGENA xmm1_xmm2 ",0x40 \n\tcall 1b \n\t"
+ "2: \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x01") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x02") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x04") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x08") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x10") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x20") "call 1b \n\t"
+ AESKEYGENA(xmm1_xmm2, "0x40") "call 1b \n\t"
:
: "r" (rk), "r" (key)
: "memory", "cc", "0");
}
+#endif /* MBEDTLS_AESNI_HAVE_CODE */
+
/*
* Key expansion, wrapper
*/
@@ -461,6 +803,6 @@
return 0;
}
-#endif /* MBEDTLS_HAVE_X86_64 */
+#endif /* MBEDTLS_AESNI_HAVE_CODE */
#endif /* MBEDTLS_AESNI_C */
diff --git a/library/asn1write.c b/library/asn1write.c
index 0b487dc..a499bea 100644
--- a/library/asn1write.c
+++ b/library/asn1write.c
@@ -195,13 +195,22 @@
const char *oid, size_t oid_len,
size_t par_len)
{
+ return mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len, par_len, 1);
+}
+
+int mbedtls_asn1_write_algorithm_identifier_ext(unsigned char **p, unsigned char *start,
+ const char *oid, size_t oid_len,
+ size_t par_len, int has_par)
+{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
- if (par_len == 0) {
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
- } else {
- len += par_len;
+ if (has_par) {
+ if (par_len == 0) {
+ MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_null(p, start));
+ } else {
+ len += par_len;
+ }
}
MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_oid(p, start, oid, oid_len));
diff --git a/library/bignum.c b/library/bignum.c
index 5dca3a9..384b924 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -2121,8 +2121,9 @@
* and squarings. Firstly, when multiplying by an element of the window
* W[i], we do a constant-trace table lookup to obfuscate i. This leaves
* squarings as having a different memory access patterns from other
- * multiplications. So secondly, we put the accumulator X in the table as
- * well, and also do a constant-trace table lookup to multiply by X.
+ * multiplications. So secondly, we put the accumulator in the table as
+ * well, and also do a constant-trace table lookup to multiply by the
+ * accumulator which is W[x_index].
*
* This way, all multiplications take the form of a lookup-and-multiply.
* The number of lookup-and-multiply operations inside each iteration of
@@ -2135,19 +2136,16 @@
* observe both memory accesses and branches. However, branch prediction
* exploitation typically requires many traces of execution over the same
* data, which is defeated by randomized blinding.
- *
- * To achieve this, we make a copy of X and we use the table entry in each
- * calculation from this point on.
*/
const size_t x_index = 0;
mbedtls_mpi_init(&W[x_index]);
- mbedtls_mpi_copy(&W[x_index], X);
j = N->n + 1;
- /* All W[i] and X must have at least N->n limbs for the mpi_montmul()
- * and mpi_montred() calls later. Here we ensure that W[1] and X are
- * large enough, and later we'll grow other W[i] to the same length.
- * They must not be shrunk midway through this function!
+ /* All W[i] including the accumulator must have at least N->n limbs for
+ * the mpi_montmul() and mpi_montred() calls later. Here we ensure that
+ * W[1] and the accumulator W[x_index] are large enough. later we'll grow
+ * other W[i] to the same length. They must not be shrunk midway through
+ * this function!
*/
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[x_index], j));
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(&W[1], j));
@@ -2328,7 +2326,7 @@
/*
* Load the result in the output variable.
*/
- mbedtls_mpi_copy(X, &W[x_index]);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(X, &W[x_index]));
cleanup:
diff --git a/library/certs.c b/library/certs.c
index af1f98c..5b2948d 100644
--- a/library/certs.c
+++ b/library/certs.c
@@ -38,69 +38,69 @@
/* This is taken from tests/data_files/test-ca2.crt */
/* BEGIN FILE string macro TEST_CA_CRT_EC_PEM tests/data_files/test-ca2.crt */
-#define TEST_CA_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
- "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
- "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
- "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
- "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \
- "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \
- "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \
- "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \
- "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \
+#define TEST_CA_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICBDCCAYigAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE\r\n" \
+ "BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0\r\n" \
+ "IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO\r\n" \
+ "4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK\r\n" \
+ "6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1AwTjAMBgNVHRMEBTADAQH/\r\n" \
+ "MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSdbSAk\r\n" \
+ "SQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMFHKrjAPpHB0BN1a\r\n" \
+ "LH8TwcJ3vh0AxeKZj30mRdOKBmg/jLS3rU3g8VQBHpn8sOTTBwIxANxPO5AerimZ\r\n" \
+ "hCjMe0d4CTHf1gFZMF70+IqEP+o5VHsIp2Cqvflb0VGWFC5l9a4cQg==\r\n" \
"-----END CERTIFICATE-----\r\n"
/* END FILE */
/* This is generated from tests/data_files/test-ca2.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_CA_CRT_EC_DER tests/data_files/test-ca2.crt.der */
-#define TEST_CA_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
- 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
- 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
- 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
- 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
- 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
- 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
- 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
- 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
- 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
- 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
- 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
- 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
- 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
- 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
- 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
- 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
- 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
- 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
- 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
- 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
- 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
- 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
- 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
- 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
- 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
- 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
- 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
- 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
- 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
- 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
- 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
- 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
- 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
- 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
- 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
- 0xf5, 0xae, 0x1c, 0x42 \
+#define TEST_CA_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x04, 0x30, 0x82, 0x01, 0x88, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x09, 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, \
+ 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, \
+ 0x05, 0x00, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x39, \
+ 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, 0x30, 0x5a, 0x17, \
+ 0x0d, 0x32, 0x39, 0x30, 0x32, 0x31, 0x30, 0x31, 0x34, 0x34, 0x34, 0x30, \
+ 0x30, 0x5a, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, \
+ 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, \
+ 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, 0x53, 0x4c, \
+ 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x13, 0x50, \
+ 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, 0x73, 0x74, \
+ 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x76, 0x30, 0x10, 0x06, 0x07, \
+ 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x05, 0x2b, 0x81, 0x04, \
+ 0x00, 0x22, 0x03, 0x62, 0x00, 0x04, 0xc3, 0xda, 0x2b, 0x34, 0x41, 0x37, \
+ 0x58, 0x2f, 0x87, 0x56, 0xfe, 0xfc, 0x89, 0xba, 0x29, 0x43, 0x4b, 0x4e, \
+ 0xe0, 0x6e, 0xc3, 0x0e, 0x57, 0x53, 0x33, 0x39, 0x58, 0xd4, 0x52, 0xb4, \
+ 0x91, 0x95, 0x39, 0x0b, 0x23, 0xdf, 0x5f, 0x17, 0x24, 0x62, 0x48, 0xfc, \
+ 0x1a, 0x95, 0x29, 0xce, 0x2c, 0x2d, 0x87, 0xc2, 0x88, 0x52, 0x80, 0xaf, \
+ 0xd6, 0x6a, 0xab, 0x21, 0xdd, 0xb8, 0xd3, 0x1c, 0x6e, 0x58, 0xb8, 0xca, \
+ 0xe8, 0xb2, 0x69, 0x8e, 0xf3, 0x41, 0xad, 0x29, 0xc3, 0xb4, 0x5f, 0x75, \
+ 0xa7, 0x47, 0x6f, 0xd5, 0x19, 0x29, 0x55, 0x69, 0x9a, 0x53, 0x3b, 0x20, \
+ 0xb4, 0x66, 0x16, 0x60, 0x33, 0x1e, 0xa3, 0x50, 0x30, 0x4e, 0x30, 0x0c, \
+ 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, \
+ 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x9d, \
+ 0x6d, 0x20, 0x24, 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, \
+ 0x7e, 0x24, 0xc9, 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x1f, 0x06, 0x03, 0x55, \
+ 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, \
+ 0x49, 0x01, 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, \
+ 0xdb, 0xfb, 0x36, 0x7c, 0x30, 0x0c, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x05, 0x00, 0x03, 0x68, 0x00, 0x30, 0x65, 0x02, \
+ 0x30, 0x51, 0xca, 0xae, 0x30, 0x0f, 0xa4, 0x70, 0x74, 0x04, 0xdd, 0x5a, \
+ 0x2c, 0x7f, 0x13, 0xc1, 0xc2, 0x77, 0xbe, 0x1d, 0x00, 0xc5, 0xe2, 0x99, \
+ 0x8f, 0x7d, 0x26, 0x45, 0xd3, 0x8a, 0x06, 0x68, 0x3f, 0x8c, 0xb4, 0xb7, \
+ 0xad, 0x4d, 0xe0, 0xf1, 0x54, 0x01, 0x1e, 0x99, 0xfc, 0xb0, 0xe4, 0xd3, \
+ 0x07, 0x02, 0x31, 0x00, 0xdc, 0x4f, 0x3b, 0x90, 0x1e, 0xae, 0x29, 0x99, \
+ 0x84, 0x28, 0xcc, 0x7b, 0x47, 0x78, 0x09, 0x31, 0xdf, 0xd6, 0x01, 0x59, \
+ 0x30, 0x5e, 0xf4, 0xf8, 0x8a, 0x84, 0x3f, 0xea, 0x39, 0x54, 0x7b, 0x08, \
+ 0xa7, 0x60, 0xaa, 0xbd, 0xf9, 0x5b, 0xd1, 0x51, 0x96, 0x14, 0x2e, 0x65, \
+ 0xf5, 0xae, 0x1c, 0x42 \
}
/* END FILE */
@@ -348,33 +348,33 @@
#define TEST_CA_KEY_RSA_PEM \
"-----BEGIN RSA PRIVATE KEY-----\r\n" \
"Proc-Type: 4,ENCRYPTED\r\n" \
- "DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B\r\n" \
+ "AES-128-CBC,781840E6B804AE83D2AF71127C4CE314\r\n" \
"\r\n" \
- "9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA\r\n" \
- "7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq\r\n" \
- "Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo\r\n" \
- "PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb\r\n" \
- "GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9\r\n" \
- "gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq\r\n" \
- "QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w\r\n" \
- "PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x\r\n" \
- "vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU\r\n" \
- "WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X\r\n" \
- "JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR\r\n" \
- "KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe\r\n" \
- "Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J\r\n" \
- "9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2\r\n" \
- "iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/\r\n" \
- "tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT\r\n" \
- "P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL\r\n" \
- "1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb\r\n" \
- "nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5\r\n" \
- "X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq\r\n" \
- "rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz\r\n" \
- "L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l\r\n" \
- "I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR\r\n" \
- "wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde\r\n" \
- "P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2\r\n" \
+ "etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79\r\n" \
+ "NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO\r\n" \
+ "bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB\r\n" \
+ "skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV\r\n" \
+ "sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45\r\n" \
+ "U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G\r\n" \
+ "L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl\r\n" \
+ "UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC\r\n" \
+ "itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM\r\n" \
+ "sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB\r\n" \
+ "/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m\r\n" \
+ "1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV\r\n" \
+ "UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21\r\n" \
+ "7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG\r\n" \
+ "ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm\r\n" \
+ "cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W\r\n" \
+ "R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts\r\n" \
+ "EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP\r\n" \
+ "90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD\r\n" \
+ "gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR\r\n" \
+ "xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ\r\n" \
+ "0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp\r\n" \
+ "fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX\r\n" \
+ "9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H\r\n" \
+ "PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU\r\n" \
"-----END RSA PRIVATE KEY-----\r\n"
/* END FILE */
@@ -501,72 +501,72 @@
/* This is taken from tests/data_files/server5.crt. */
/* BEGIN FILE string macro TEST_SRV_CRT_EC_PEM tests/data_files/server5.crt */
-#define TEST_SRV_CRT_EC_PEM \
- "-----BEGIN CERTIFICATE-----\r\n" \
- "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
- "MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
- "A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
- "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
- "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
- "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
- "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh\r\n" \
- "clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
- "CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S\r\n" \
- "C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V\r\n" \
- "fGa5kHvHARBPc8YAIVIqDvHH1Q==\r\n" \
+#define TEST_SRV_CRT_EC_PEM \
+ "-----BEGIN CERTIFICATE-----\r\n" \
+ "MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN\r\n" \
+ "MjMwNjE1MDMzNDE4WhcNMzMwNjEyMDMzNDE4WjA0MQswCQYDVQQGEwJOTDERMA8G\r\n" \
+ "A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG\r\n" \
+ "CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA\r\n" \
+ "2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd\r\n" \
+ "BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB\r\n" \
+ "PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh\r\n" \
+ "clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG\r\n" \
+ "CCqGSM49BAMCA2gAMGUCMAHFbGEzx8dZaUlIltT5s1QO9FvKmvFer4uRY3ntEy9S\r\n" \
+ "k7DCCozM86WWLjfzbJ78bwIxAJYRPF1CzNEiXPHb9O46ZPHKo2S5x//g/54RowAK\r\n" \
+ "uZz+hKPuMi6YY6cIm81jfeaSZQ==\r\n" \
"-----END CERTIFICATE-----\r\n"
/* END FILE */
/* This is generated from tests/data_files/server5.crt.der using `xxd -i`. */
/* BEGIN FILE binary macro TEST_SRV_CRT_EC_DER tests/data_files/server5.crt.der */
-#define TEST_SRV_CRT_EC_DER { \
- 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
- 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
- 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
- 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
- 0x31, 0x33, 0x30, 0x39, 0x32, 0x34, 0x31, 0x35, 0x35, 0x32, 0x30, 0x34, \
- 0x5a, 0x17, 0x0d, 0x32, 0x33, 0x30, 0x39, 0x32, 0x32, 0x31, 0x35, 0x35, \
- 0x32, 0x30, 0x34, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
- 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
- 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
- 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, \
- 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
- 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
- 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
- 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
- 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
- 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
- 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
- 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
- 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
- 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
- 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
- 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
- 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
- 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
- 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
- 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
- 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x13, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
- 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
- 0x03, 0x13, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
- 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
- 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
- 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
- 0x30, 0x65, 0x02, 0x31, 0x00, 0x9a, 0x2c, 0x5c, 0xd7, 0xa6, 0xdb, 0xa2, \
- 0xe5, 0x64, 0x0d, 0xf0, 0xb9, 0x4e, 0xdd, 0xd7, 0x61, 0xd6, 0x13, 0x31, \
- 0xc7, 0xab, 0x73, 0x80, 0xbb, 0xd3, 0xd3, 0x73, 0x13, 0x54, 0xad, 0x92, \
- 0x0b, 0x5d, 0xab, 0xd0, 0xbc, 0xf7, 0xae, 0x2f, 0xe6, 0xa1, 0x21, 0x29, \
- 0x35, 0x95, 0xaa, 0x3e, 0x39, 0x02, 0x30, 0x21, 0x36, 0x7f, 0x9d, 0xc6, \
- 0x5d, 0xc6, 0x0b, 0xab, 0x27, 0xf2, 0x25, 0x1d, 0x3b, 0xf1, 0xcf, 0xf1, \
- 0x35, 0x25, 0x14, 0xe7, 0xe5, 0xf1, 0x97, 0xb5, 0x59, 0xe3, 0x5e, 0x15, \
- 0x7c, 0x66, 0xb9, 0x90, 0x7b, 0xc7, 0x01, 0x10, 0x4f, 0x73, 0xc6, 0x00, \
- 0x21, 0x52, 0x2a, 0x0e, 0xf1, 0xc7, 0xd5 \
+#define TEST_SRV_CRT_EC_DER { \
+ 0x30, 0x82, 0x02, 0x1f, 0x30, 0x82, 0x01, 0xa5, 0xa0, 0x03, 0x02, 0x01, \
+ 0x02, 0x02, 0x01, 0x09, 0x30, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, \
+ 0x3d, 0x04, 0x03, 0x02, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, 0x54, 0x65, \
+ 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x30, 0x1e, 0x17, 0x0d, \
+ 0x32, 0x33, 0x30, 0x36, 0x31, 0x35, 0x30, 0x33, 0x33, 0x34, 0x31, 0x38, \
+ 0x5a, 0x17, 0x0d, 0x33, 0x33, 0x30, 0x36, 0x31, 0x32, 0x30, 0x33, 0x33, \
+ 0x34, 0x31, 0x38, 0x5a, 0x30, 0x34, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, \
+ 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, 0x0f, 0x06, \
+ 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x53, \
+ 0x53, 0x4c, 0x31, 0x12, 0x30, 0x10, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, \
+ 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x30, 0x59, \
+ 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, \
+ 0x04, 0x37, 0xcc, 0x56, 0xd9, 0x76, 0x09, 0x1e, 0x5a, 0x72, 0x3e, 0xc7, \
+ 0x59, 0x2d, 0xff, 0x20, 0x6e, 0xee, 0x7c, 0xf9, 0x06, 0x91, 0x74, 0xd0, \
+ 0xad, 0x14, 0xb5, 0xf7, 0x68, 0x22, 0x59, 0x62, 0x92, 0x4e, 0xe5, 0x00, \
+ 0xd8, 0x23, 0x11, 0xff, 0xea, 0x2f, 0xd2, 0x34, 0x5d, 0x5d, 0x16, 0xbd, \
+ 0x8a, 0x88, 0xc2, 0x6b, 0x77, 0x0d, 0x55, 0xcd, 0x8a, 0x2a, 0x0e, 0xfa, \
+ 0x01, 0xc8, 0xb4, 0xed, 0xff, 0xa3, 0x81, 0x9d, 0x30, 0x81, 0x9a, 0x30, \
+ 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, \
+ 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x50, 0x61, 0xa5, \
+ 0x8f, 0xd4, 0x07, 0xd9, 0xd7, 0x82, 0x01, 0x0c, 0xe5, 0x65, 0x7f, 0x8c, \
+ 0x63, 0x46, 0xa7, 0x13, 0xbe, 0x30, 0x6e, 0x06, 0x03, 0x55, 0x1d, 0x23, \
+ 0x04, 0x67, 0x30, 0x65, 0x80, 0x14, 0x9d, 0x6d, 0x20, 0x24, 0x49, 0x01, \
+ 0x3f, 0x2b, 0xcb, 0x78, 0xb5, 0x19, 0xbc, 0x7e, 0x24, 0xc9, 0xdb, 0xfb, \
+ 0x36, 0x7c, 0xa1, 0x42, 0xa4, 0x40, 0x30, 0x3e, 0x31, 0x0b, 0x30, 0x09, \
+ 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x4e, 0x4c, 0x31, 0x11, 0x30, \
+ 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x50, 0x6f, 0x6c, 0x61, \
+ 0x72, 0x53, 0x53, 0x4c, 0x31, 0x1c, 0x30, 0x1a, 0x06, 0x03, 0x55, 0x04, \
+ 0x03, 0x0c, 0x13, 0x50, 0x6f, 0x6c, 0x61, 0x72, 0x73, 0x73, 0x6c, 0x20, \
+ 0x54, 0x65, 0x73, 0x74, 0x20, 0x45, 0x43, 0x20, 0x43, 0x41, 0x82, 0x09, \
+ 0x00, 0xc1, 0x43, 0xe2, 0x7e, 0x62, 0x43, 0xcc, 0xe8, 0x30, 0x0a, 0x06, \
+ 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x04, 0x03, 0x02, 0x03, 0x68, 0x00, \
+ 0x30, 0x65, 0x02, 0x30, 0x01, 0xc5, 0x6c, 0x61, 0x33, 0xc7, 0xc7, 0x59, \
+ 0x69, 0x49, 0x48, 0x96, 0xd4, 0xf9, 0xb3, 0x54, 0x0e, 0xf4, 0x5b, 0xca, \
+ 0x9a, 0xf1, 0x5e, 0xaf, 0x8b, 0x91, 0x63, 0x79, 0xed, 0x13, 0x2f, 0x52, \
+ 0x93, 0xb0, 0xc2, 0x0a, 0x8c, 0xcc, 0xf3, 0xa5, 0x96, 0x2e, 0x37, 0xf3, \
+ 0x6c, 0x9e, 0xfc, 0x6f, 0x02, 0x31, 0x00, 0x96, 0x11, 0x3c, 0x5d, 0x42, \
+ 0xcc, 0xd1, 0x22, 0x5c, 0xf1, 0xdb, 0xf4, 0xee, 0x3a, 0x64, 0xf1, 0xca, \
+ 0xa3, 0x64, 0xb9, 0xc7, 0xff, 0xe0, 0xff, 0x9e, 0x11, 0xa3, 0x00, 0x0a, \
+ 0xb9, 0x9c, 0xfe, 0x84, 0xa3, 0xee, 0x32, 0x2e, 0x98, 0x63, 0xa7, 0x08, \
+ 0x9b, 0xcd, 0x63, 0x7d, 0xe6, 0x92, 0x65 \
}
/* END FILE */
diff --git a/library/cipher.c b/library/cipher.c
index 36f87c3..4b715d4 100644
--- a/library/cipher.c
+++ b/library/cipher.c
@@ -1,7 +1,7 @@
/**
* \file cipher.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/cipher_wrap.c b/library/cipher_wrap.c
index 737cf97..f92d000 100644
--- a/library/cipher_wrap.c
+++ b/library/cipher_wrap.c
@@ -1,7 +1,7 @@
/**
* \file cipher_wrap.c
*
- * \brief Generic cipher wrapper for mbed TLS
+ * \brief Generic cipher wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/common.h b/library/common.h
index 2786c97..e162aa3 100644
--- a/library/common.h
+++ b/library/common.h
@@ -29,6 +29,7 @@
#include "mbedtls/config.h"
#endif
+#include <assert.h>
#include <stddef.h>
#include <stdint.h>
@@ -347,4 +348,18 @@
}
#endif
+/* Always provide a static assert macro, so it can be used unconditionally.
+ * It will expand to nothing on some systems.
+ * Can be used outside functions (but don't add a trailing ';' in that case:
+ * the semicolon is included here to avoid triggering -Wextra-semi when
+ * MBEDTLS_STATIC_ASSERT() expands to nothing).
+ * Can't use the C11-style `defined(static_assert)` on FreeBSD, since it
+ * defines static_assert even with -std=c99, but then complains about it.
+ */
+#if defined(static_assert) && !defined(__FreeBSD__)
+#define MBEDTLS_STATIC_ASSERT(expr, msg) static_assert(expr, msg);
+#else
+#define MBEDTLS_STATIC_ASSERT(expr, msg)
+#endif
+
#endif /* MBEDTLS_LIBRARY_COMMON_H */
diff --git a/library/constant_time.c b/library/constant_time.c
index 5279301..c0f53bb 100644
--- a/library/constant_time.c
+++ b/library/constant_time.c
@@ -263,40 +263,6 @@
#if defined(MBEDTLS_BIGNUM_C)
-/** Select between two sign values without branches.
- *
- * This is functionally equivalent to `condition ? if1 : if0` but uses only bit
- * operations in order to avoid branches.
- *
- * \note if1 and if0 must be either 1 or -1, otherwise the result
- * is undefined.
- *
- * \param condition Condition to test; must be either 0 or 1.
- * \param if1 The first sign; must be either +1 or -1.
- * \param if0 The second sign; must be either +1 or -1.
- *
- * \return \c if1 if \p condition is nonzero, otherwise \c if0.
- * */
-static int mbedtls_ct_cond_select_sign(unsigned char condition,
- int if1,
- int if0)
-{
- /* In order to avoid questions about what we can reasonably assume about
- * the representations of signed integers, move everything to unsigned
- * by taking advantage of the fact that if1 and if0 are either +1 or -1. */
- unsigned uif1 = if1 + 1;
- unsigned uif0 = if0 + 1;
-
- /* condition was 0 or 1, mask is 0 or 2 as are uif1 and uif0 */
- const unsigned mask = condition << 1;
-
- /* select uif1 or uif0 */
- unsigned ur = (uif0 & ~mask) | (uif1 & mask);
-
- /* ur is now 0 or 2, convert back to -1 or +1 */
- return (int) ur - 1;
-}
-
void mbedtls_ct_mpi_uint_cond_assign(size_t n,
mbedtls_mpi_uint *dest,
const mbedtls_mpi_uint *src,
@@ -559,7 +525,7 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(X, Y->n));
- X->s = mbedtls_ct_cond_select_sign(assign, Y->s, X->s);
+ X->s = (int) mbedtls_ct_uint_if(assign, Y->s, X->s);
mbedtls_ct_mpi_uint_cond_assign(Y->n, X->p, Y->p, assign);
@@ -599,8 +565,8 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_grow(Y, X->n));
s = X->s;
- X->s = mbedtls_ct_cond_select_sign(swap, Y->s, X->s);
- Y->s = mbedtls_ct_cond_select_sign(swap, s, Y->s);
+ X->s = (int) mbedtls_ct_uint_if(swap, Y->s, X->s);
+ Y->s = (int) mbedtls_ct_uint_if(swap, s, Y->s);
for (i = 0; i < X->n; i++) {
diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 652c5cb..6f553dc 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c
@@ -19,7 +19,7 @@
/*
* The NIST SP 800-90 DRBGs are described in the following publication.
*
- * http://csrc.nist.gov/publications/nistpubs/800-90/SP800-90revised_March2007.pdf
+ * https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-90r.pdf
*/
#include "common.h"
@@ -30,6 +30,7 @@
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include <limits.h>
#include <string.h>
#if defined(MBEDTLS_FS_IO)
diff --git a/library/debug.c b/library/debug.c
index ab8b352..3e794b5 100644
--- a/library/debug.c
+++ b/library/debug.c
@@ -30,6 +30,7 @@
#include <stdio.h>
#include <string.h>
+/* DEBUG_BUF_SIZE must be at least 2 */
#define DEBUG_BUF_SIZE 512
static int debug_threshold = 0;
@@ -69,6 +70,8 @@
char str[DEBUG_BUF_SIZE];
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ MBEDTLS_STATIC_ASSERT(DEBUG_BUF_SIZE >= 2, "DEBUG_BUF_SIZE too small");
+
if (NULL == ssl ||
NULL == ssl->conf ||
NULL == ssl->conf->f_dbg ||
@@ -80,10 +83,15 @@
ret = mbedtls_vsnprintf(str, DEBUG_BUF_SIZE, format, argp);
va_end(argp);
- if (ret >= 0 && ret < DEBUG_BUF_SIZE - 1) {
- str[ret] = '\n';
- str[ret + 1] = '\0';
+ if (ret < 0) {
+ ret = 0;
+ } else {
+ if (ret >= DEBUG_BUF_SIZE - 1) {
+ ret = DEBUG_BUF_SIZE - 2;
+ }
}
+ str[ret] = '\n';
+ str[ret + 1] = '\0';
debug_send_line(ssl, level, file, line, str);
}
diff --git a/library/ecdh.c b/library/ecdh.c
index 2007e16..9f002d9 100644
--- a/library/ecdh.c
+++ b/library/ecdh.c
@@ -20,7 +20,7 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
* RFC 4492
*/
diff --git a/library/ecdsa.c b/library/ecdsa.c
index 42a65dc..3ede933 100644
--- a/library/ecdsa.c
+++ b/library/ecdsa.c
@@ -20,7 +20,7 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
*/
#include "common.h"
@@ -366,7 +366,7 @@
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->sig != NULL) {
- mbedtls_mpi_copy(r, pr);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_copy(r, pr));
}
#endif
@@ -457,7 +457,7 @@
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(d, data, grp_len));
MBEDTLS_MPI_CHK(derive_mpi(grp, &h, buf, blen));
MBEDTLS_MPI_CHK(mbedtls_mpi_write_binary(&h, data + grp_len, grp_len));
- mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len);
+ MBEDTLS_MPI_CHK(mbedtls_hmac_drbg_seed_buf(p_rng, md_info, data, 2 * grp_len));
#if defined(MBEDTLS_ECP_RESTARTABLE)
if (rs_ctx != NULL && rs_ctx->det != NULL) {
diff --git a/library/ecjpake.c b/library/ecjpake.c
index 3728d1a..17fa698 100644
--- a/library/ecjpake.c
+++ b/library/ecjpake.c
@@ -1060,7 +1060,7 @@
#if !defined(MBEDTLS_ECJPAKE_ALT)
/* 'reference handshake' tests can only be run against implementations
* for which we have 100% control over how the random ephemeral keys
- * are generated. This is only the case for the internal mbed TLS
+ * are generated. This is only the case for the internal Mbed TLS
* implementation, so these tests are skipped in case the internal
* implementation is swapped out for an alternative one. */
if (verbose != 0) {
diff --git a/library/ecp.c b/library/ecp.c
index 9051490..dc8e279 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -20,13 +20,15 @@
/*
* References:
*
- * SEC1 http://www.secg.org/index.php?action=secg,docs_secg
+ * SEC1 https://www.secg.org/sec1-v2.pdf
* GECC = Guide to Elliptic Curve Cryptography - Hankerson, Menezes, Vanstone
* FIPS 186-3 http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf
* RFC 4492 for the related TLS structures and constants
+ * - https://www.rfc-editor.org/rfc/rfc4492
* RFC 7748 for the Curve448 and Curve25519 curve definitions
+ * - https://www.rfc-editor.org/rfc/rfc7748
*
- * [Curve25519] http://cr.yp.to/ecdh/curve25519-20060209.pdf
+ * [Curve25519] https://cr.yp.to/ecdh/curve25519-20060209.pdf
*
* [2] CORON, Jean-S'ebastien. Resistance against differential power analysis
* for elliptic curve cryptosystems. In : Cryptographic Hardware and
@@ -164,7 +166,7 @@
unsigned char secret_bytes[MBEDTLS_ECP_MAX_BYTES];
/* The list starts with strong hashes */
const mbedtls_md_type_t md_type =
- (const mbedtls_md_type_t) (mbedtls_md_list()[0]);
+ (mbedtls_md_type_t) (mbedtls_md_list()[0]);
const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(md_type);
if (secret_len > MBEDTLS_ECP_MAX_BYTES) {
@@ -2591,6 +2593,7 @@
void *p_rng)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int have_rng = 1;
size_t i;
unsigned char b;
mbedtls_ecp_point RP;
@@ -2623,9 +2626,8 @@
/* RP.X might be slightly larger than P, so reduce it */
MOD_ADD(RP.X);
- /* Randomize coordinates of the starting point */
- int have_rng = 1;
#if defined(MBEDTLS_ECP_NO_INTERNAL_RNG)
+ /* Derandomize coordinates of the starting point */
if (f_rng == NULL) {
have_rng = 0;
}
diff --git a/library/ecp_invasive.h b/library/ecp_invasive.h
index 18815be..d6f6f95 100644
--- a/library/ecp_invasive.h
+++ b/library/ecp_invasive.h
@@ -61,7 +61,7 @@
* This is the bit-size of the key minus 1:
* 254 for Curve25519 or 447 for Curve448.
* \param d The randomly generated key. This is a number of size
- * exactly \p n_bits + 1 bits, with the least significant bits
+ * exactly \p high_bit + 1 bits, with the least significant bits
* masked as specified in [Curve25519] and in [RFC7748] §5.
* \param f_rng The RNG function.
* \param p_rng The RNG context to be passed to \p f_rng.
@@ -69,7 +69,7 @@
* \return \c 0 on success.
* \return \c MBEDTLS_ERR_ECP_xxx or MBEDTLS_ERR_MPI_xxx on failure.
*/
-int mbedtls_ecp_gen_privkey_mx(size_t n_bits,
+int mbedtls_ecp_gen_privkey_mx(size_t high_bit,
mbedtls_mpi *d,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng);
diff --git a/library/entropy.c b/library/entropy.c
index af78acc..e9a7ae6 100644
--- a/library/entropy.c
+++ b/library/entropy.c
@@ -31,6 +31,8 @@
#include "mbedtls/entropy_poll.h"
#include "mbedtls/platform_util.h"
#include "mbedtls/error.h"
+#include "mbedtls/sha256.h"
+#include "mbedtls/sha512.h"
#include <string.h>
diff --git a/library/gcm.c b/library/gcm.c
index f7db0d4..0c958c7 100644
--- a/library/gcm.c
+++ b/library/gcm.c
@@ -93,7 +93,7 @@
ctx->HL[8] = vl;
ctx->HH[8] = vh;
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
/* With CLMUL support, we need only h, not the rest of the table */
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
return 0;
@@ -190,7 +190,7 @@
unsigned char lo, hi, rem;
uint64_t zh, zl;
-#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
unsigned char h[16];
@@ -202,7 +202,7 @@
mbedtls_aesni_gcm_mult(output, x, h);
return;
}
-#endif /* MBEDTLS_AESNI_C && MBEDTLS_HAVE_X86_64 */
+#endif /* MBEDTLS_AESNI_HAVE_CODE */
lo = x[15] & 0xf;
@@ -754,6 +754,27 @@
int i, j, ret;
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
+ if (verbose != 0) {
+#if defined(MBEDTLS_GCM_ALT)
+ mbedtls_printf(" GCM note: alternative implementation.\n");
+#else /* MBEDTLS_GCM_ALT */
+#if defined(MBEDTLS_AESNI_HAVE_CODE)
+ if (mbedtls_aesni_has_support(MBEDTLS_AESNI_CLMUL)) {
+ mbedtls_printf(" GCM note: using AESNI via ");
+#if MBEDTLS_AESNI_HAVE_CODE == 1
+ mbedtls_printf("assembly");
+#elif MBEDTLS_AESNI_HAVE_CODE == 2
+ mbedtls_printf("intrinsics");
+#else
+ mbedtls_printf("(unknown)");
+#endif
+ mbedtls_printf(".\n");
+ } else
+#endif
+ mbedtls_printf(" GCM note: built-in implementation.\n");
+#endif /* MBEDTLS_GCM_ALT */
+ }
+
for (j = 0; j < 3; j++) {
int key_len = 128 + 64 * j;
diff --git a/library/md.c b/library/md.c
index 1e24ee4..4556378 100644
--- a/library/md.c
+++ b/library/md.c
@@ -1,7 +1,7 @@
/**
* \file md.c
*
- * \brief Generic message digest wrapper for mbed TLS
+ * \brief Generic message digest wrapper for Mbed TLS
*
* \author Adriaan de Jong <dejong@fox-it.com>
*
diff --git a/library/mps_common.h b/library/mps_common.h
index 4a10176..80e3133 100644
--- a/library/mps_common.h
+++ b/library/mps_common.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_error.h b/library/mps_error.h
index 15570d2..5113959 100644
--- a/library/mps_error.h
+++ b/library/mps_error.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_reader.h b/library/mps_reader.h
index bff6705..bb912ec 100644
--- a/library/mps_reader.h
+++ b/library/mps_reader.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/mps_trace.h b/library/mps_trace.h
index 6f0455f..f8e0a5d 100644
--- a/library/mps_trace.h
+++ b/library/mps_trace.h
@@ -14,7 +14,7 @@
* See the License for the specific language governing permissions and
* limitations under the License.
*
- * This file is part of mbed TLS (https://tls.mbed.org)
+ * This file is part of Mbed TLS (https://tls.mbed.org)
*/
/**
diff --git a/library/net_sockets.c b/library/net_sockets.c
index bdd82ac..2c2a876 100644
--- a/library/net_sockets.c
+++ b/library/net_sockets.c
@@ -90,6 +90,7 @@
#include <errno.h>
#define IS_EINTR(ret) ((ret) == EINTR)
+#define SOCKET int
#endif /* ( _WIN32 || _WIN32_WCE ) && !EFIX64 && !EFI32 */
@@ -494,13 +495,13 @@
FD_ZERO(&read_fds);
if (rw & MBEDTLS_NET_POLL_READ) {
rw &= ~MBEDTLS_NET_POLL_READ;
- FD_SET(fd, &read_fds);
+ FD_SET((SOCKET) fd, &read_fds);
}
FD_ZERO(&write_fds);
if (rw & MBEDTLS_NET_POLL_WRITE) {
rw &= ~MBEDTLS_NET_POLL_WRITE;
- FD_SET(fd, &write_fds);
+ FD_SET((SOCKET) fd, &write_fds);
}
if (rw != 0) {
@@ -608,7 +609,7 @@
}
FD_ZERO(&read_fds);
- FD_SET(fd, &read_fds);
+ FD_SET((SOCKET) fd, &read_fds);
tv.tv_sec = timeout / 1000;
tv.tv_usec = (timeout % 1000) * 1000;
diff --git a/library/oid.c b/library/oid.c
index 4ec752f..12a9650 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -775,65 +775,26 @@
cipher_alg)
#endif /* MBEDTLS_PKCS12_C */
-#define OID_SAFE_SNPRINTF \
- do { \
- if (ret < 0 || (size_t) ret >= n) \
- return MBEDTLS_ERR_OID_BUF_TOO_SMALL; \
- \
- n -= (size_t) ret; \
- p += (size_t) ret; \
- } while (0)
-
/* Return the x.y.z.... style numeric string for the given OID */
int mbedtls_oid_get_numeric_string(char *buf, size_t size,
const mbedtls_asn1_buf *oid)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
- size_t i, n;
- unsigned int value;
- char *p;
+ char *p = buf;
+ size_t n = size;
+ unsigned int value = 0;
- p = buf;
- n = size;
-
- /* First subidentifier contains first two OID components */
- i = 0;
- value = 0;
- if ((oid->p[0]) == 0x80) {
- /* Overlong encoding is not allowed */
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
+ if (size > INT_MAX) {
+ /* Avoid overflow computing return value */
+ return MBEDTLS_ERR_ASN1_INVALID_LENGTH;
}
- while (i < oid->len && ((oid->p[i] & 0x80) != 0)) {
- /* Prevent overflow in value. */
- if (value > (UINT_MAX >> 7)) {
- return MBEDTLS_ERR_ASN1_INVALID_DATA;
- }
-
- value |= oid->p[i] & 0x7F;
- value <<= 7;
- i++;
- }
- if (i >= oid->len) {
+ if (oid->len <= 0) {
+ /* OID must not be empty */
return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
}
- /* Last byte of first subidentifier */
- value |= oid->p[i] & 0x7F;
- i++;
- unsigned int component1 = value / 40;
- if (component1 > 2) {
- /* The first component can only be 0, 1 or 2.
- * If oid->p[0] / 40 is greater than 2, the leftover belongs to
- * the second component. */
- component1 = 2;
- }
- unsigned int component2 = value - (40 * component1);
- ret = mbedtls_snprintf(p, n, "%u.%u", component1, component2);
- OID_SAFE_SNPRINTF;
-
- value = 0;
- for (; i < oid->len; i++) {
+ for (size_t i = 0; i < oid->len; i++) {
/* Prevent overflow in value. */
if (value > (UINT_MAX >> 7)) {
return MBEDTLS_ERR_ASN1_INVALID_DATA;
@@ -848,12 +809,38 @@
if (!(oid->p[i] & 0x80)) {
/* Last byte */
- ret = mbedtls_snprintf(p, n, ".%u", value);
- OID_SAFE_SNPRINTF;
+ if (n == size) {
+ int component1;
+ unsigned int component2;
+ /* First subidentifier contains first two OID components */
+ if (value >= 80) {
+ component1 = '2';
+ component2 = value - 80;
+ } else if (value >= 40) {
+ component1 = '1';
+ component2 = value - 40;
+ } else {
+ component1 = '0';
+ component2 = value;
+ }
+ ret = mbedtls_snprintf(p, n, "%c.%u", component1, component2);
+ } else {
+ ret = mbedtls_snprintf(p, n, ".%u", value);
+ }
+ if (ret < 2 || (size_t) ret >= n) {
+ return MBEDTLS_ERR_OID_BUF_TOO_SMALL;
+ }
+ n -= (size_t) ret;
+ p += ret;
value = 0;
}
}
+ if (value != 0) {
+ /* Unterminated subidentifier */
+ return MBEDTLS_ERR_ASN1_OUT_OF_DATA;
+ }
+
return (int) (size - n);
}
diff --git a/library/pk.c b/library/pk.c
index d46a934..12f4120 100644
--- a/library/pk.c
+++ b/library/pk.c
@@ -646,6 +646,7 @@
psa_key_type_t key_type;
size_t bits;
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ psa_status_t status;
/* export the private key material in the format PSA wants */
if (mbedtls_pk_get_type(pk) != MBEDTLS_PK_ECKEY) {
@@ -668,7 +669,9 @@
psa_set_key_algorithm(&attributes, PSA_ALG_ECDSA(hash_alg));
/* import private key into PSA */
- if (PSA_SUCCESS != psa_import_key(&attributes, d, d_len, key)) {
+ status = psa_import_key(&attributes, d, d_len, key);
+ mbedtls_platform_zeroize(d, sizeof(d));
+ if (status != PSA_SUCCESS) {
return MBEDTLS_ERR_PK_HW_ACCEL_FAILED;
}
diff --git a/library/pkparse.c b/library/pkparse.c
index deaff0b..76fe0c8 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1235,6 +1235,8 @@
mbedtls_pem_context pem;
#endif
+ (void) pk_info;
+
PK_VALIDATE_RET(pk != NULL);
if (keylen == 0) {
return MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
diff --git a/library/pkwrite.c b/library/pkwrite.c
index 0107f20..88e6855 100644
--- a/library/pkwrite.c
+++ b/library/pkwrite.c
@@ -178,6 +178,11 @@
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
size_t len = 0;
+ (void) p;
+ (void) start;
+ (void) key;
+ (void) ret;
+
PK_VALIDATE_RET(p != NULL);
PK_VALIDATE_RET(*p != NULL);
PK_VALIDATE_RET(start != NULL);
@@ -313,6 +318,10 @@
unsigned char *c;
size_t len = 0;
+ (void) ret;
+ (void) c;
+ (void) key;
+
PK_VALIDATE_RET(key != NULL);
if (size == 0) {
return MBEDTLS_ERR_ASN1_BUF_TOO_SMALL;
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index c58fdae..e4b865e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -47,7 +47,6 @@
#include "psa_crypto_random_impl.h"
-#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "mbedtls/platform.h"
@@ -1473,6 +1472,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
/* Reject a zero-length output buffer now, since this can never be a
@@ -1499,7 +1499,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
status = psa_driver_wrapper_export_public_key(
@@ -1512,14 +1512,12 @@
return (status == PSA_SUCCESS) ? unlock_status : status;
}
-#if defined(static_assert)
-static_assert((MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
- "One or more key attribute flag is listed as both external-only and dual-use");
-static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
- "One or more key attribute flag is listed as both internal-only and dual-use");
-static_assert((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
- "One or more key attribute flag is listed as both internal-only and external-only");
-#endif
+MBEDTLS_STATIC_ASSERT((MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both external-only and dual-use")
+MBEDTLS_STATIC_ASSERT((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_DUAL_USE) == 0,
+ "One or more key attribute flag is listed as both internal-only and dual-use")
+MBEDTLS_STATIC_ASSERT((PSA_KA_MASK_INTERNAL_ONLY & MBEDTLS_PSA_KA_MASK_EXTERNAL_ONLY) == 0,
+ "One or more key attribute flag is listed as both internal-only and external-only")
/** Validate that a key policy is internally well-formed.
*
@@ -1782,11 +1780,10 @@
psa_key_slot_number_t slot_number =
psa_key_slot_get_slot_number(slot);
-#if defined(static_assert)
- static_assert(sizeof(slot_number) ==
- sizeof(data.slot_number),
- "Slot number size does not match psa_se_key_data_storage_t");
-#endif
+ MBEDTLS_STATIC_ASSERT(sizeof(slot_number) ==
+ sizeof(data.slot_number),
+ "Slot number size does not match psa_se_key_data_storage_t");
+
memcpy(&data.slot_number, &slot_number, sizeof(slot_number));
status = psa_save_persistent_key(&slot->attr,
(uint8_t *) &data,
@@ -2410,6 +2407,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
/* A context must be freshly initialized before it can be set up. */
@@ -2427,7 +2425,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2598,6 +2596,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
uint8_t operation_mac_size = 0;
@@ -2610,7 +2609,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -2736,6 +2735,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot;
*signature_length = 0;
@@ -2768,7 +2768,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3307,6 +3307,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
psa_key_usage_t usage = (cipher_operation == MBEDTLS_ENCRYPT ?
PSA_KEY_USAGE_ENCRYPT :
@@ -3342,7 +3343,7 @@
}
operation->default_iv_length = PSA_CIPHER_IV_LENGTH(slot->attr.type, alg);
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3565,6 +3566,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
uint8_t local_iv[PSA_CIPHER_IV_MAX_SIZE];
size_t default_iv_length = 0;
@@ -3581,7 +3583,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -3637,6 +3639,7 @@
{
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
+ psa_key_attributes_t attributes;
psa_key_slot_t *slot = NULL;
if (!PSA_ALG_IS_CIPHER(alg)) {
@@ -3651,7 +3654,7 @@
goto exit;
}
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4255,6 +4258,7 @@
uint8_t *data = NULL;
size_t bytes = PSA_BITS_TO_BYTES(bits);
psa_status_t status;
+ psa_key_attributes_t attributes;
if (!key_type_is_raw_bytes(slot->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
@@ -4283,7 +4287,7 @@
}
slot->attr.bits = (psa_key_bits_t) bits;
- psa_key_attributes_t attributes = {
+ attributes = (psa_key_attributes_t) {
.core = slot->attr
};
@@ -4895,14 +4899,16 @@
size_t shared_secret_size,
size_t *shared_secret_length)
{
+ mbedtls_ecp_keypair *ecp = NULL;
+ psa_status_t status;
+
switch (alg) {
#if defined(MBEDTLS_PSA_BUILTIN_ALG_ECDH)
case PSA_ALG_ECDH:
if (!PSA_KEY_TYPE_IS_ECC_KEY_PAIR(private_key->attr.type)) {
return PSA_ERROR_INVALID_ARGUMENT;
}
- mbedtls_ecp_keypair *ecp = NULL;
- psa_status_t status = mbedtls_psa_ecp_load_representation(
+ status = mbedtls_psa_ecp_load_representation(
private_key->attr.type,
private_key->attr.bits,
private_key->key.data,
@@ -4920,6 +4926,8 @@
return status;
#endif /* MBEDTLS_PSA_BUILTIN_ALG_ECDH */
default:
+ (void) ecp;
+ (void) status;
(void) private_key;
(void) peer_key;
(void) peer_key_length;
@@ -5015,6 +5023,7 @@
psa_status_t status = PSA_ERROR_CORRUPTION_DETECTED;
psa_status_t unlock_status = PSA_ERROR_CORRUPTION_DETECTED;
psa_key_slot_t *slot = NULL;
+ size_t expected_length;
if (!PSA_ALG_IS_KEY_AGREEMENT(alg)) {
status = PSA_ERROR_INVALID_ARGUMENT;
@@ -5034,7 +5043,7 @@
* PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() is exact so the point is moot.
* If FFDH is implemented, PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE() can easily
* be exact for it as well. */
- size_t expected_length =
+ expected_length =
PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE(slot->attr.type, slot->attr.bits);
if (output_size < expected_length) {
status = PSA_ERROR_BUFFER_TOO_SMALL;
@@ -5070,6 +5079,10 @@
/* Random generation */
/****************************************************************/
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include "mbedtls/entropy_poll.h"
+#endif
+
/** Initialize the PSA random generator.
*/
static void mbedtls_psa_random_init(mbedtls_psa_random_context_t *rng)
@@ -5204,8 +5217,6 @@
#endif /* MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG */
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
-#include "mbedtls/entropy_poll.h"
-
psa_status_t mbedtls_psa_inject_entropy(const uint8_t *seed,
size_t seed_size)
{
diff --git a/library/psa_crypto_core.h b/library/psa_crypto_core.h
index 688ea38..781c9d2 100644
--- a/library/psa_crypto_core.h
+++ b/library/psa_crypto_core.h
@@ -238,12 +238,12 @@
const uint8_t *data,
size_t data_length);
-/** Convert an mbed TLS error code to a PSA error code
+/** Convert an Mbed TLS error code to a PSA error code
*
* \note This function is provided solely for the convenience of
* Mbed TLS and may be removed at any time without notice.
*
- * \param ret An mbed TLS-thrown error code
+ * \param ret An Mbed TLS-thrown error code
*
* \return The corresponding PSA error code
*/
diff --git a/library/psa_crypto_se.c b/library/psa_crypto_se.c
index b660393..7bea10a 100644
--- a/library/psa_crypto_se.c
+++ b/library/psa_crypto_se.c
@@ -22,7 +22,6 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
-#include <assert.h>
#include <stdint.h>
#include <string.h>
@@ -315,10 +314,8 @@
}
/* Driver table entries are 0-initialized. 0 is not a valid driver
* location because it means a transparent key. */
-#if defined(static_assert)
- static_assert(PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
- "Secure element support requires 0 to mean a local key");
-#endif
+ MBEDTLS_STATIC_ASSERT(PSA_KEY_LOCATION_LOCAL_STORAGE == 0,
+ "Secure element support requires 0 to mean a local key");
if (location == PSA_KEY_LOCATION_LOCAL_STORAGE) {
return PSA_ERROR_INVALID_ARGUMENT;
}
diff --git a/library/psa_crypto_storage.h b/library/psa_crypto_storage.h
index 04768f8..37ca46e 100644
--- a/library/psa_crypto_storage.h
+++ b/library/psa_crypto_storage.h
@@ -39,7 +39,7 @@
/* Sanity check: a file size must fit in 32 bits. Allow a generous
* 64kB of metadata. */
#if PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
-#error PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000
+#error "PSA_CRYPTO_MAX_STORAGE_SIZE > 0xffff0000"
#endif
/** The maximum permitted persistent slot number.
@@ -202,7 +202,7 @@
#if defined(MBEDTLS_PSA_CRYPTO_SE_C)
/** This symbol is defined if transaction support is required. */
-#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS
+#define PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS 1
#endif
#if defined(PSA_CRYPTO_STORAGE_HAS_TRANSACTIONS)
diff --git a/library/rsa_internal.c b/library/rsa_internal.c
index 2ff51c3..41ceff0 100644
--- a/library/rsa_internal.c
+++ b/library/rsa_internal.c
@@ -126,7 +126,7 @@
}
for (; attempt < num_primes; ++attempt) {
- mbedtls_mpi_lset(&K, primes[attempt]);
+ MBEDTLS_MPI_CHK(mbedtls_mpi_lset(&K, primes[attempt]));
/* Check if gcd(K,N) = 1 */
MBEDTLS_MPI_CHK(mbedtls_mpi_gcd(P, &K, N));
diff --git a/library/ssl_ciphersuites.c b/library/ssl_ciphersuites.c
index b37921a..f1e9956 100644
--- a/library/ssl_ciphersuites.c
+++ b/library/ssl_ciphersuites.c
@@ -1,7 +1,7 @@
/**
* \file ssl_ciphersuites.c
*
- * \brief SSL ciphersuites for mbed TLS
+ * \brief SSL ciphersuites for Mbed TLS
*
* Copyright The Mbed TLS Contributors
* SPDX-License-Identifier: Apache-2.0
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index a38e764..8a2ab7b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5429,8 +5429,10 @@
n = (len < ssl->in_msglen)
? len : ssl->in_msglen;
- memcpy(buf, ssl->in_offt, n);
- ssl->in_msglen -= n;
+ if (len != 0) {
+ memcpy(buf, ssl->in_offt, n);
+ ssl->in_msglen -= n;
+ }
/* Zeroising the plaintext buffer to erase unused application data
from the memory. */
@@ -5506,7 +5508,9 @@
*/
ssl->out_msglen = len;
ssl->out_msgtype = MBEDTLS_SSL_MSG_APPLICATION_DATA;
- memcpy(ssl->out_msg, buf, len);
+ if (len > 0) {
+ memcpy(ssl->out_msg, buf, len);
+ }
if ((ret = mbedtls_ssl_write_record(ssl, SSL_FORCE_FLUSH)) != 0) {
MBEDTLS_SSL_DEBUG_RET(1, "mbedtls_ssl_write_record", ret);
diff --git a/library/timing.c b/library/timing.c
index 47e34f9..94b55b3 100644
--- a/library/timing.c
+++ b/library/timing.c
@@ -17,6 +17,8 @@
* limitations under the License.
*/
+#include <string.h>
+
#include "common.h"
#include "mbedtls/platform.h"
@@ -231,17 +233,20 @@
unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
{
- struct _hr_time *t = (struct _hr_time *) val;
+ struct _hr_time t;
if (reset) {
- QueryPerformanceCounter(&t->start);
+ QueryPerformanceCounter(&t.start);
+ memcpy(val, &t, sizeof(struct _hr_time));
return 0;
} else {
unsigned long delta;
LARGE_INTEGER now, hfreq;
+ /* We can't safely cast val because it may not be aligned, so use memcpy */
+ memcpy(&t, val, sizeof(struct _hr_time));
QueryPerformanceCounter(&now);
QueryPerformanceFrequency(&hfreq);
- delta = (unsigned long) ((now.QuadPart - t->start.QuadPart) * 1000ul
+ delta = (unsigned long) ((now.QuadPart - t.start.QuadPart) * 1000ul
/ hfreq.QuadPart);
return delta;
}
@@ -277,17 +282,20 @@
unsigned long mbedtls_timing_get_timer(struct mbedtls_timing_hr_time *val, int reset)
{
- struct _hr_time *t = (struct _hr_time *) val;
+ struct _hr_time t;
if (reset) {
- gettimeofday(&t->start, NULL);
+ gettimeofday(&t.start, NULL);
+ memcpy(val, &t, sizeof(struct _hr_time));
return 0;
} else {
unsigned long delta;
struct timeval now;
+ /* We can't safely cast val because it may not be aligned, so use memcpy */
+ memcpy(&t, val, sizeof(struct _hr_time));
gettimeofday(&now, NULL);
- delta = (now.tv_sec - t->start.tv_sec) * 1000ul
- + (now.tv_usec - t->start.tv_usec) / 1000;
+ delta = (now.tv_sec - t.start.tv_sec) * 1000ul
+ + (now.tv_usec - t.start.tv_usec) / 1000;
return delta;
}
}
diff --git a/library/version_features.c b/library/version_features.c
index 049a58a..ad8a357 100644
--- a/library/version_features.c
+++ b/library/version_features.c
@@ -75,6 +75,12 @@
#if defined(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT)
"MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT",
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ "MBEDTLS_PLATFORM_GMTIME_R_ALT",
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ "MBEDTLS_PLATFORM_ZEROIZE_ALT",
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
#if defined(MBEDTLS_DEPRECATED_WARNING)
"MBEDTLS_DEPRECATED_WARNING",
#endif /* MBEDTLS_DEPRECATED_WARNING */
@@ -312,6 +318,9 @@
#if defined(MBEDTLS_REMOVE_3DES_CIPHERSUITES)
"MBEDTLS_REMOVE_3DES_CIPHERSUITES",
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED",
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
"MBEDTLS_ECP_DP_SECP192R1_ENABLED",
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -576,6 +585,9 @@
#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
"MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH",
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE",
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
"MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN",
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
diff --git a/library/x509.c b/library/x509.c
index 38eb2e6..d61ef4a 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -53,13 +53,17 @@
#include <time.h>
#endif
-#define CHECK(code) if ((ret = (code)) != 0) { return ret; }
+#define CHECK(code) \
+ do { \
+ if ((ret = (code)) != 0) { \
+ return ret; \
+ } \
+ } while (0)
+
#define CHECK_RANGE(min, max, val) \
- do \
- { \
- if ((val) < (min) || (val) > (max)) \
- { \
- return ret; \
+ do { \
+ if ((val) < (min) || (val) > (max)) { \
+ return ret; \
} \
} while (0)
diff --git a/library/x509_create.c b/library/x509_create.c
index 50db956..bd772d3 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -125,7 +125,7 @@
int mbedtls_x509_string_to_names(mbedtls_asn1_named_data **head, const char *name)
{
- int ret = 0;
+ int ret = MBEDTLS_ERR_X509_INVALID_NAME;
const char *s = name, *c = s;
const char *end = s + strlen(s);
const char *oid = NULL;
@@ -177,6 +177,9 @@
s = c + 1;
in_tag = 1;
+
+ /* Successfully parsed one name, update ret to success */
+ ret = 0;
}
if (!in_tag && s != c + 1) {
@@ -282,9 +285,11 @@
int mbedtls_x509_write_sig(unsigned char **p, unsigned char *start,
const char *oid, size_t oid_len,
- unsigned char *sig, size_t size)
+ unsigned char *sig, size_t size,
+ mbedtls_pk_type_t pk_alg)
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ int write_null_par;
size_t len = 0;
if (*p < start || (size_t) (*p - start) < size) {
@@ -307,8 +312,19 @@
// Write OID
//
- MBEDTLS_ASN1_CHK_ADD(len, mbedtls_asn1_write_algorithm_identifier(p, start, oid,
- oid_len, 0));
+ if (pk_alg == MBEDTLS_PK_ECDSA) {
+ /*
+ * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
+ * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
+ * https://www.rfc-editor.org/rfc/rfc5758#section-3.
+ */
+ write_null_par = 0;
+ } else {
+ write_null_par = 1;
+ }
+ MBEDTLS_ASN1_CHK_ADD(len,
+ mbedtls_asn1_write_algorithm_identifier_ext(p, start, oid, oid_len,
+ 0, write_null_par));
return (int) len;
}
diff --git a/library/x509_crt.c b/library/x509_crt.c
index e7fcaf4..0e91bd8 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1741,6 +1741,7 @@
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME, &cur_oid) != 0) {
return MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE;
}
+ other_name->type_id = cur_oid;
p += len;
if ((ret = mbedtls_asn1_get_tag(&p, end, &len,
@@ -1829,7 +1830,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &other_name->value.hardware_module_name.oid) != 0) {
+ &other_name->type_id) == 0) {
ret = mbedtls_snprintf(p, n, "\n%s hardware module name :", prefix);
MBEDTLS_X509_SAFE_SNPRINTF;
ret =
@@ -1944,16 +1945,19 @@
return 0;
}
-#define PRINT_ITEM(i) \
- { \
- ret = mbedtls_snprintf(p, n, "%s" i, sep); \
- MBEDTLS_X509_SAFE_SNPRINTF; \
- sep = ", "; \
- }
+#define PRINT_ITEM(i) \
+ do { \
+ ret = mbedtls_snprintf(p, n, "%s" i, sep); \
+ MBEDTLS_X509_SAFE_SNPRINTF; \
+ sep = ", "; \
+ } while (0)
-#define CERT_TYPE(type, name) \
- if (ns_cert_type & (type)) \
- PRINT_ITEM(name);
+#define CERT_TYPE(type, name) \
+ do { \
+ if (ns_cert_type & (type)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
static int x509_info_cert_type(char **buf, size_t *size,
unsigned char ns_cert_type)
@@ -1978,9 +1982,12 @@
return 0;
}
-#define KEY_USAGE(code, name) \
- if (key_usage & (code)) \
- PRINT_ITEM(name);
+#define KEY_USAGE(code, name) \
+ do { \
+ if (key_usage & (code)) { \
+ PRINT_ITEM(name); \
+ } \
+ } while (0)
static int x509_info_key_usage(char **buf, size_t *size,
unsigned int key_usage)
diff --git a/library/x509write_crt.c b/library/x509write_crt.c
index a8f4c28..e994411 100644
--- a/library/x509write_crt.c
+++ b/library/x509write_crt.c
@@ -342,6 +342,7 @@
size_t sub_len = 0, pub_len = 0, sig_and_oid_len = 0, sig_len;
size_t len = 0;
mbedtls_pk_type_t pk_alg;
+ int write_sig_null_par;
/*
* Prepare data to be signed at the end of the target buffer
@@ -433,9 +434,20 @@
/*
* Signature ::= AlgorithmIdentifier
*/
+ if (pk_alg == MBEDTLS_PK_ECDSA) {
+ /*
+ * The AlgorithmIdentifier's parameters field must be absent for DSA/ECDSA signature
+ * algorithms, see https://www.rfc-editor.org/rfc/rfc5480#page-17 and
+ * https://www.rfc-editor.org/rfc/rfc5758#section-3.
+ */
+ write_sig_null_par = 0;
+ } else {
+ write_sig_null_par = 1;
+ }
MBEDTLS_ASN1_CHK_ADD(len,
- mbedtls_asn1_write_algorithm_identifier(&c, buf,
- sig_oid, strlen(sig_oid), 0));
+ mbedtls_asn1_write_algorithm_identifier_ext(&c, buf,
+ sig_oid, strlen(sig_oid),
+ 0, write_sig_null_par));
/*
* Serial ::= INTEGER
@@ -492,8 +504,8 @@
* into the CRT buffer. */
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len, mbedtls_x509_write_sig(&c2, c,
- sig_oid, sig_oid_len, sig,
- sig_len));
+ sig_oid, sig_oid_len,
+ sig, sig_len, pk_alg));
/*
* Memory layout after this step:
diff --git a/library/x509write_csr.c b/library/x509write_csr.c
index a421fde..178b166 100644
--- a/library/x509write_csr.c
+++ b/library/x509write_csr.c
@@ -265,7 +265,7 @@
c2 = buf + size;
MBEDTLS_ASN1_CHK_ADD(sig_and_oid_len,
mbedtls_x509_write_sig(&c2, buf + len, sig_oid, sig_oid_len,
- sig, sig_len));
+ sig, sig_len, pk_alg));
/*
* Compact the space between the CSR data and signature by moving the
diff --git a/programs/.gitignore b/programs/.gitignore
index d402607..59634b5 100644
--- a/programs/.gitignore
+++ b/programs/.gitignore
@@ -5,9 +5,6 @@
*.sln
*.vcxproj
-*.o
-*.exe
-
aes/crypt_and_hash
hash/generic_sum
hash/hello
diff --git a/programs/aes/crypt_and_hash.c b/programs/aes/crypt_and_hash.c
index 434c609..98253c6 100644
--- a/programs/aes/crypt_and_hash.c
+++ b/programs/aes/crypt_and_hash.c
@@ -92,6 +92,9 @@
const mbedtls_md_info_t *md_info;
mbedtls_cipher_context_t cipher_ctx;
mbedtls_md_context_t md_ctx;
+ mbedtls_cipher_mode_t cipher_mode;
+ unsigned int cipher_block_size;
+ unsigned char md_size;
#if defined(_WIN32_WCE)
long filesize, offset;
#elif defined(_WIN32)
@@ -240,6 +243,9 @@
goto exit;
}
+ md_size = mbedtls_md_get_size(md_info);
+ cipher_block_size = mbedtls_cipher_get_block_size(&cipher_ctx);
+
if (mode == MODE_ENCRYPT) {
/*
* Generate the initialization vector as:
@@ -332,9 +338,9 @@
/*
* Encrypt and write the ciphertext.
*/
- for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
- ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
- mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
+ for (offset = 0; offset < filesize; offset += cipher_block_size) {
+ ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
+ cipher_block_size : (unsigned int) (filesize - offset);
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%ld bytes) failed\n", (long) ilen);
@@ -379,8 +385,8 @@
goto exit;
}
- if (fwrite(digest, 1, mbedtls_md_get_size(md_info), fout) != mbedtls_md_get_size(md_info)) {
- mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", mbedtls_md_get_size(md_info));
+ if (fwrite(digest, 1, md_size, fout) != md_size) {
+ mbedtls_fprintf(stderr, "fwrite(%d bytes) failed\n", md_size);
goto exit;
}
}
@@ -395,12 +401,12 @@
* N*16 .. (N+1)*16 - 1 Encrypted Block #N
* (N+1)*16 .. (N+1)*16 + n Hash(ciphertext)
*/
- if (filesize < 16 + mbedtls_md_get_size(md_info)) {
+ if (filesize < 16 + md_size) {
mbedtls_fprintf(stderr, "File too short to be encrypted.\n");
goto exit;
}
- if (mbedtls_cipher_get_block_size(&cipher_ctx) == 0) {
+ if (cipher_block_size == 0) {
mbedtls_fprintf(stderr, "Invalid cipher block size: 0. \n");
goto exit;
}
@@ -408,18 +414,21 @@
/*
* Check the file size.
*/
- if (cipher_info->mode != MBEDTLS_MODE_GCM &&
- ((filesize - mbedtls_md_get_size(md_info)) %
- mbedtls_cipher_get_block_size(&cipher_ctx)) != 0) {
+ cipher_mode = cipher_info->mode;
+ if (cipher_mode != MBEDTLS_MODE_GCM &&
+ cipher_mode != MBEDTLS_MODE_CTR &&
+ cipher_mode != MBEDTLS_MODE_CFB &&
+ cipher_mode != MBEDTLS_MODE_OFB &&
+ ((filesize - md_size) % cipher_block_size) != 0) {
mbedtls_fprintf(stderr, "File content not a multiple of the block size (%u).\n",
- mbedtls_cipher_get_block_size(&cipher_ctx));
+ cipher_block_size);
goto exit;
}
/*
* Subtract the IV + HMAC length.
*/
- filesize -= (16 + mbedtls_md_get_size(md_info));
+ filesize -= (16 + md_size);
/*
* Read the IV and original filesize modulo 16.
@@ -481,13 +490,13 @@
/*
* Decrypt and write the plaintext.
*/
- for (offset = 0; offset < filesize; offset += mbedtls_cipher_get_block_size(&cipher_ctx)) {
- ilen = ((unsigned int) filesize - offset > mbedtls_cipher_get_block_size(&cipher_ctx)) ?
- mbedtls_cipher_get_block_size(&cipher_ctx) : (unsigned int) (filesize - offset);
+ for (offset = 0; offset < filesize; offset += cipher_block_size) {
+ ilen = ((unsigned int) filesize - offset > cipher_block_size) ?
+ cipher_block_size : (unsigned int) (filesize - offset);
if (fread(buffer, 1, ilen, fin) != ilen) {
mbedtls_fprintf(stderr, "fread(%u bytes) failed\n",
- mbedtls_cipher_get_block_size(&cipher_ctx));
+ cipher_block_size);
goto exit;
}
@@ -515,14 +524,14 @@
goto exit;
}
- if (fread(buffer, 1, mbedtls_md_get_size(md_info), fin) != mbedtls_md_get_size(md_info)) {
- mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", mbedtls_md_get_size(md_info));
+ if (fread(buffer, 1, md_size, fin) != md_size) {
+ mbedtls_fprintf(stderr, "fread(%d bytes) failed\n", md_size);
goto exit;
}
/* Use constant-time buffer comparison */
diff = 0;
- for (i = 0; i < mbedtls_md_get_size(md_info); i++) {
+ for (i = 0; i < md_size; i++) {
diff |= digest[i] ^ buffer[i];
}
diff --git a/programs/fuzz/common.c b/programs/fuzz/common.c
index 56b9a13..96a24f7 100644
--- a/programs/fuzz/common.c
+++ b/programs/fuzz/common.c
@@ -13,7 +13,7 @@
}
#endif
-void dummy_init()
+void dummy_init(void)
{
#if defined(MBEDTLS_PLATFORM_TIME_ALT)
mbedtls_platform_set_time(dummy_constant_time);
diff --git a/programs/fuzz/common.h b/programs/fuzz/common.h
index 6b5b515..d5b098f 100644
--- a/programs/fuzz/common.h
+++ b/programs/fuzz/common.h
@@ -19,7 +19,7 @@
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t dummy_constant_time(mbedtls_time_t *time);
#endif
-void dummy_init();
+void dummy_init(void);
int dummy_send(void *ctx, const unsigned char *buf, size_t len);
int fuzz_recv(void *ctx, unsigned char *buf, size_t len);
diff --git a/programs/fuzz/fuzz_client.c b/programs/fuzz/fuzz_client.c
index a415874..2de51a6 100644
--- a/programs/fuzz/fuzz_client.c
+++ b/programs/fuzz/fuzz_client.c
@@ -77,6 +77,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -184,6 +191,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsclient.c b/programs/fuzz/fuzz_dtlsclient.c
index 1fcbc92..d414bb3 100644
--- a/programs/fuzz/fuzz_dtlsclient.c
+++ b/programs/fuzz/fuzz_dtlsclient.c
@@ -61,6 +61,13 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
srand(1);
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
@@ -119,6 +126,9 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_dtlsserver.c b/programs/fuzz/fuzz_dtlsserver.c
index 529fbbf..df4087a 100644
--- a/programs/fuzz/fuzz_dtlsserver.c
+++ b/programs/fuzz/fuzz_dtlsserver.c
@@ -74,6 +74,13 @@
mbedtls_entropy_init(&entropy);
mbedtls_ssl_cookie_init(&cookie_ctx);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -152,9 +159,16 @@
exit:
mbedtls_ssl_cookie_free(&cookie_ctx);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_pk_free(&pkey);
+ mbedtls_x509_crt_free(&srvcert);
+#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
mbedtls_ssl_free(&ssl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_privkey.c b/programs/fuzz/fuzz_privkey.c
index c24f275..d1da589 100644
--- a/programs/fuzz/fuzz_privkey.c
+++ b/programs/fuzz/fuzz_privkey.c
@@ -18,6 +18,14 @@
}
mbedtls_pk_init(&pk);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
ret = mbedtls_pk_parse_key(&pk, Data, Size, NULL, 0);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
@@ -63,6 +71,10 @@
abort();
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pk);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_pubkey.c b/programs/fuzz/fuzz_pubkey.c
index 388b4c5..daca2b3 100644
--- a/programs/fuzz/fuzz_pubkey.c
+++ b/programs/fuzz/fuzz_pubkey.c
@@ -9,6 +9,12 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_pk_parse_public_key(&pk, Data, Size);
if (ret == 0) {
#if defined(MBEDTLS_RSA_C)
@@ -64,6 +70,10 @@
abort();
}
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_pk_free(&pk);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_server.c b/programs/fuzz/fuzz_server.c
index e161d7e..06aeb5e 100644
--- a/programs/fuzz/fuzz_server.c
+++ b/programs/fuzz/fuzz_server.c
@@ -89,6 +89,13 @@
mbedtls_ssl_ticket_init(&ticket_ctx);
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, dummy_entropy, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
goto exit;
@@ -195,8 +202,14 @@
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_ssl_config_free(&conf);
+#if defined(MBEDTLS_X509_CRT_PARSE_C) && defined(MBEDTLS_PEM_PARSE_C)
+ mbedtls_x509_crt_free(&srvcert);
+ mbedtls_pk_free(&pkey);
+#endif
mbedtls_ssl_free(&ssl);
-
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif
#else
(void) Data;
(void) Size;
diff --git a/programs/fuzz/fuzz_x509crl.c b/programs/fuzz/fuzz_x509crl.c
index 3aaa8e5..1140c3d 100644
--- a/programs/fuzz/fuzz_x509crl.c
+++ b/programs/fuzz/fuzz_x509crl.c
@@ -9,10 +9,20 @@
unsigned char buf[4096];
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crl_parse(&crl, Data, Size);
if (ret == 0) {
ret = mbedtls_x509_crl_info((char *) buf, sizeof(buf) - 1, " ", &crl);
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crl_free(&crl);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509crt.c b/programs/fuzz/fuzz_x509crt.c
index a5cb7ec..3593236 100644
--- a/programs/fuzz/fuzz_x509crt.c
+++ b/programs/fuzz/fuzz_x509crt.c
@@ -9,10 +9,20 @@
unsigned char buf[4096];
mbedtls_x509_crt_init(&crt);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_crt_parse(&crt, Data, Size);
if (ret == 0) {
ret = mbedtls_x509_crt_info((char *) buf, sizeof(buf) - 1, " ", &crt);
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_crt_free(&crt);
#else
(void) Data;
diff --git a/programs/fuzz/fuzz_x509csr.c b/programs/fuzz/fuzz_x509csr.c
index afd2031..0ca9b87 100644
--- a/programs/fuzz/fuzz_x509csr.c
+++ b/programs/fuzz/fuzz_x509csr.c
@@ -9,10 +9,20 @@
unsigned char buf[4096];
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
ret = mbedtls_x509_csr_parse(&csr, Data, Size);
if (ret == 0) {
ret = mbedtls_x509_csr_info((char *) buf, sizeof(buf) - 1, " ", &csr);
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+exit:
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_x509_csr_free(&csr);
#else
(void) Data;
diff --git a/programs/fuzz/onefile.c b/programs/fuzz/onefile.c
index 8399735..0d202b1 100644
--- a/programs/fuzz/onefile.c
+++ b/programs/fuzz/onefile.c
@@ -18,34 +18,48 @@
FILE *fp;
uint8_t *Data;
size_t Size;
+ const char *argv0 = argv[0] == NULL ? "PROGRAM_NAME" : argv[0];
if (argc != 2) {
+ fprintf(stderr, "Usage: %s REPRODUCER_FILE\n", argv0);
return 1;
}
//opens the file, get its size, and reads it into a buffer
fp = fopen(argv[1], "rb");
if (fp == NULL) {
+ fprintf(stderr, "%s: Error in fopen\n", argv0);
+ perror(argv[1]);
return 2;
}
if (fseek(fp, 0L, SEEK_END) != 0) {
+ fprintf(stderr, "%s: Error in fseek(SEEK_END)\n", argv0);
+ perror(argv[1]);
fclose(fp);
return 2;
}
Size = ftell(fp);
if (Size == (size_t) -1) {
+ fprintf(stderr, "%s: Error in ftell\n", argv0);
+ perror(argv[1]);
fclose(fp);
return 2;
}
if (fseek(fp, 0L, SEEK_SET) != 0) {
+ fprintf(stderr, "%s: Error in fseek(0)\n", argv0);
+ perror(argv[1]);
fclose(fp);
return 2;
}
Data = malloc(Size);
if (Data == NULL) {
+ fprintf(stderr, "%s: Could not allocate memory\n", argv0);
+ perror(argv[1]);
fclose(fp);
return 2;
}
if (fread(Data, Size, 1, fp) != 1) {
+ fprintf(stderr, "%s: Error in fread\n", argv0);
+ perror(argv[1]);
free(Data);
fclose(fp);
return 2;
diff --git a/programs/pkey/gen_key.c b/programs/pkey/gen_key.c
index 1a6463d..cd21743 100644
--- a/programs/pkey/gen_key.c
+++ b/programs/pkey/gen_key.c
@@ -204,6 +204,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -411,6 +420,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/pkey/key_app.c b/programs/pkey/key_app.c
index a757cb3..2f30830 100644
--- a/programs/pkey/key_app.c
+++ b/programs/pkey/key_app.c
@@ -91,6 +91,15 @@
mbedtls_pk_init(&pk);
memset(buf, 0, sizeof(buf));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto cleanup;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -275,6 +284,9 @@
#endif
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P); mbedtls_mpi_free(&Q);
mbedtls_mpi_free(&D); mbedtls_mpi_free(&E); mbedtls_mpi_free(&DP);
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
diff --git a/programs/pkey/key_app_writer.c b/programs/pkey/key_app_writer.c
index 0009d91..e986ada 100644
--- a/programs/pkey/key_app_writer.c
+++ b/programs/pkey/key_app_writer.c
@@ -205,6 +205,15 @@
memset(buf, 0, sizeof(buf));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P); mbedtls_mpi_init(&Q);
mbedtls_mpi_init(&D); mbedtls_mpi_init(&E); mbedtls_mpi_init(&DP);
mbedtls_mpi_init(&DQ); mbedtls_mpi_init(&QP);
@@ -400,6 +409,9 @@
mbedtls_mpi_free(&DQ); mbedtls_mpi_free(&QP);
mbedtls_pk_free(&key);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/pkey/pk_decrypt.c b/programs/pkey/pk_decrypt.c
index 1dff75c..c3ff53d 100644
--- a/programs/pkey/pk_decrypt.c
+++ b/programs/pkey/pk_decrypt.c
@@ -71,6 +71,15 @@
memset(result, 0, sizeof(result));
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 2) {
mbedtls_printf("usage: mbedtls_pk_decrypt <key_file>\n");
@@ -142,6 +151,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_encrypt.c b/programs/pkey/pk_encrypt.c
index 9a2549a..5f5a424 100644
--- a/programs/pkey/pk_encrypt.c
+++ b/programs/pkey/pk_encrypt.c
@@ -67,6 +67,15 @@
mbedtls_entropy_init(&entropy);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_encrypt <key_file> <string of max 100 characters>\n");
@@ -144,6 +153,9 @@
mbedtls_pk_free(&pk);
mbedtls_entropy_free(&entropy);
mbedtls_ctr_drbg_free(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_sign.c b/programs/pkey/pk_sign.c
index 19a855b..2a8b7a4 100644
--- a/programs/pkey/pk_sign.c
+++ b/programs/pkey/pk_sign.c
@@ -66,6 +66,15 @@
mbedtls_ctr_drbg_init(&ctr_drbg);
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_sign <key_file> <filename>\n");
@@ -141,6 +150,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/pk_verify.c b/programs/pkey/pk_verify.c
index f816e92..96a5d28 100644
--- a/programs/pkey/pk_verify.c
+++ b/programs/pkey/pk_verify.c
@@ -58,6 +58,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: mbedtls_pk_verify <key_file> <filename>\n");
@@ -117,6 +126,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_ERROR_C)
if (exit_code != MBEDTLS_EXIT_SUCCESS) {
diff --git a/programs/pkey/rsa_sign_pss.c b/programs/pkey/rsa_sign_pss.c
index d1afdee..effff25 100644
--- a/programs/pkey/rsa_sign_pss.c
+++ b/programs/pkey/rsa_sign_pss.c
@@ -67,6 +67,15 @@
mbedtls_pk_init(&pk);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_sign_pss <key_file> <filename>\n");
@@ -149,6 +158,9 @@
mbedtls_pk_free(&pk);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/pkey/rsa_verify_pss.c b/programs/pkey/rsa_verify_pss.c
index 1718872..a9c75ef 100644
--- a/programs/pkey/rsa_verify_pss.c
+++ b/programs/pkey/rsa_verify_pss.c
@@ -61,6 +61,15 @@
mbedtls_pk_init(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc != 3) {
mbedtls_printf("usage: rsa_verify_pss <key_file> <filename>\n");
@@ -127,6 +136,9 @@
exit:
mbedtls_pk_free(&pk);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/psa/key_ladder_demo.sh b/programs/psa/key_ladder_demo.sh
index 67de085..e21d1ab 100755
--- a/programs/psa/key_ladder_demo.sh
+++ b/programs/psa/key_ladder_demo.sh
@@ -17,9 +17,27 @@
set -e -u
-program="${0%/*}"/key_ladder_demo
+program_name="key_ladder_demo"
+program="${0%/*}/$program_name"
files_to_clean=
+if [ ! -e "$program" ]; then
+ # Look for programs in the current directory and the directories above it
+ for dir in "." ".." "../.."; do
+ program="$dir/programs/psa/$program_name"
+ if [ -e "$program" ]; then
+ break
+ fi
+ done
+ if [ ! -e "$program" ]; then
+ echo "Could not find $program_name executable"
+
+ echo "If building out-of-tree, this script must be run" \
+ "from the project build directory."
+ exit 1
+ fi
+fi
+
run () {
echo
echo "# $1"
diff --git a/programs/ssl/dtls_client.c b/programs/ssl/dtls_client.c
index ad51cbe..beac5d5 100644
--- a/programs/ssl/dtls_client.c
+++ b/programs/ssl/dtls_client.c
@@ -113,11 +113,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -324,12 +334,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/ssl/dtls_server.c b/programs/ssl/dtls_server.c
index 4310f4e..2128d02 100644
--- a/programs/ssl/dtls_server.c
+++ b/programs/ssl/dtls_server.c
@@ -124,6 +124,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -394,6 +404,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
printf(" Press Enter to exit this program.\n");
diff --git a/programs/ssl/mini_client.c b/programs/ssl/mini_client.c
index 688c9fc..27154d8 100644
--- a/programs/ssl/mini_client.c
+++ b/programs/ssl/mini_client.c
@@ -179,8 +179,16 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init(&ca);
#endif
-
mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers, strlen(pers)) != 0) {
ret = ctr_drbg_seed_failed;
@@ -266,7 +274,6 @@
exit:
mbedtls_net_free(&server_fd);
-
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
@@ -274,6 +281,9 @@
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_free(&ca);
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(ret);
}
diff --git a/programs/ssl/ssl_client1.c b/programs/ssl/ssl_client1.c
index ffdef3b..933ae75 100644
--- a/programs/ssl/ssl_client1.c
+++ b/programs/ssl/ssl_client1.c
@@ -95,11 +95,21 @@
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
+
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -274,12 +284,14 @@
#endif
mbedtls_net_free(&server_fd);
-
mbedtls_x509_crt_free(&cacert);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/ssl/ssl_context_info.c b/programs/ssl/ssl_context_info.c
index a8b2b47..ebdef4f 100644
--- a/programs/ssl/ssl_context_info.c
+++ b/programs/ssl/ssl_context_info.c
@@ -23,6 +23,7 @@
#include MBEDTLS_CONFIG_FILE
#endif
#include "mbedtls/debug.h"
+#include "mbedtls/platform.h"
#include <stdio.h>
#include <stdlib.h>
@@ -127,12 +128,12 @@
/*
* Basic printing functions
*/
-void print_version()
+void print_version(void)
{
printf("%s v%d.%d\n", PROG_NAME, VER_MAJOR, VER_MINOR);
}
-void print_usage()
+void print_usage(void)
{
print_version();
printf("\nThis program is used to deserialize an Mbed TLS SSL session from the base64 code provided\n"
@@ -181,7 +182,7 @@
/*
* Exit from the program in case of error
*/
-void error_exit()
+void error_exit(void)
{
if (NULL != b64_file) {
fclose(b64_file);
@@ -939,6 +940,15 @@
size_t ssl_max_len = SSL_INIT_LEN;
size_t ssl_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ return MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/* The 'b64_file' is opened when parsing arguments to check that the
* file name is correct */
parse_arguments(argc, argv);
@@ -1007,6 +1017,10 @@
printf("Finished. No valid base64 code found\n");
}
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
return 0;
}
diff --git a/programs/ssl/ssl_fork_server.c b/programs/ssl/ssl_fork_server.c
index 5a4ac3e..d50a6b8 100644
--- a/programs/ssl/ssl_fork_server.c
+++ b/programs/ssl/ssl_fork_server.c
@@ -69,7 +69,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
@@ -109,6 +109,15 @@
mbedtls_x509_crt_init(&srvcert);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
signal(SIGCHLD, SIG_IGN);
/*
@@ -369,13 +378,15 @@
exit:
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" Press Enter to exit this program.\n");
diff --git a/programs/ssl/ssl_mail_client.c b/programs/ssl/ssl_mail_client.c
index 6f1dc1c..a10aa76 100644
--- a/programs/ssl/ssl_mail_client.c
+++ b/programs/ssl/ssl_mail_client.c
@@ -366,6 +366,16 @@
mbedtls_x509_crt_init(&clicert);
mbedtls_pk_init(&pkey);
mbedtls_ctr_drbg_init(&ctr_drbg);
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -455,7 +465,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -762,9 +771,9 @@
mbedtls_printf(" > Write content to server:");
fflush(stdout);
- len = sprintf((char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
+ len = sprintf((char *) buf, "From: %s\r\nSubject: Mbed TLS Test mail\r\n\r\n"
"This is a simple test mail from the "
- "mbed TLS mail client example.\r\n"
+ "Mbed TLS mail client example.\r\n"
"\r\n"
"Enjoy!", opt.mail_from);
ret = write_ssl_data(&ssl, buf, len);
@@ -792,6 +801,9 @@
mbedtls_ssl_config_free(&conf);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/ssl/ssl_pthread_server.c b/programs/ssl/ssl_pthread_server.c
index 4d7e648..a2a0ca3 100644
--- a/programs/ssl/ssl_pthread_server.c
+++ b/programs/ssl/ssl_pthread_server.c
@@ -71,7 +71,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
@@ -337,6 +337,16 @@
*/
mbedtls_entropy_init(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
/*
* 1. Load the certificates and private RSA key
*/
@@ -477,14 +487,14 @@
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
mbedtls_ssl_config_free(&conf);
-
mbedtls_net_free(&listen_fd);
-
mbedtls_mutex_free(&debug_mutex);
-
#if defined(MBEDTLS_MEMORY_BUFFER_ALLOC_C)
mbedtls_memory_buffer_alloc_free();
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" Press Enter to exit this program.\n");
diff --git a/programs/ssl/ssl_server.c b/programs/ssl/ssl_server.c
index 8f6a573..f8ce7c4 100644
--- a/programs/ssl/ssl_server.c
+++ b/programs/ssl/ssl_server.c
@@ -64,7 +64,7 @@
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n"
#define DEBUG_LEVEL 0
@@ -109,6 +109,16 @@
mbedtls_entropy_init(&entropy);
mbedtls_ctr_drbg_init(&ctr_drbg);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ ret = MBEDTLS_ERR_SSL_HW_ACCEL_FAILED;
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
#if defined(MBEDTLS_DEBUG_C)
mbedtls_debug_set_threshold(DEBUG_LEVEL);
#endif
@@ -347,7 +357,6 @@
mbedtls_net_free(&client_fd);
mbedtls_net_free(&listen_fd);
-
mbedtls_x509_crt_free(&srvcert);
mbedtls_pk_free(&pkey);
mbedtls_ssl_free(&ssl);
@@ -357,6 +366,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" Press Enter to exit this program.\n");
diff --git a/programs/ssl/ssl_server2.c b/programs/ssl/ssl_server2.c
index 2d5a133..c01bf13 100644
--- a/programs/ssl/ssl_server2.c
+++ b/programs/ssl/ssl_server2.c
@@ -160,7 +160,7 @@
* packets (for fragmentation purposes) */
#define HTTP_RESPONSE \
"HTTP/1.0 200 OK\r\nContent-Type: text/html\r\n\r\n" \
- "<h2>mbed TLS Test Server</h2>\r\n" \
+ "<h2>Mbed TLS Test Server</h2>\r\n" \
"<p>Successful connection using: %s</p>\r\n" // LONG_RESPONSE
/*
diff --git a/programs/test/dlopen_demo.sh b/programs/test/dlopen_demo.sh
index 2dde3eb..a6a9022 100755
--- a/programs/test/dlopen_demo.sh
+++ b/programs/test/dlopen_demo.sh
@@ -20,8 +20,29 @@
set -e -u
+program_name="dlopen"
program_dir="${0%/*}"
-program="$program_dir/dlopen"
+program="$program_dir/$program_name"
+
+if [ ! -e "$program" ]; then
+ # Look for programs in the current directory and the directories above it
+ for dir in "." ".." "../.."; do
+ program_dir="$dir/programs/test"
+ program="$program_dir/$program_name"
+ if [ -e "$program" ]; then
+ break
+ fi
+ done
+ if [ ! -e "$program" ]; then
+ echo "Could not find $program_name program"
+
+ echo "Make sure that Mbed TLS is built as a shared library." \
+ "If building out-of-tree, this script must be run" \
+ "from the project build directory."
+ exit 1
+ fi
+fi
+
top_dir="$program_dir/../.."
library_dir="$top_dir/library"
diff --git a/programs/test/query_config.c b/programs/test/query_config.c
index b3a6a59..9bf717c 100644
--- a/programs/test/query_config.c
+++ b/programs/test/query_config.c
@@ -260,6 +260,22 @@
}
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
+ return( 0 );
+ }
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
#if defined(MBEDTLS_DEPRECATED_WARNING)
if( strcmp( "MBEDTLS_DEPRECATED_WARNING", config ) == 0 )
{
@@ -892,6 +908,14 @@
}
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
+ return( 0 );
+ }
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
if( strcmp( "MBEDTLS_ECP_DP_SECP192R1_ENABLED", config ) == 0 )
{
@@ -1596,6 +1620,14 @@
}
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
+ {
+ MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
+ return( 0 );
+ }
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
if( strcmp( "MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN", config ) == 0 )
{
@@ -2844,38 +2876,6 @@
}
#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
- if( strcmp( "MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE );
- return( 0 );
- }
-#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
-
-#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
- if( strcmp( "MBEDTLS_PLATFORM_ZEROIZE_ALT", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_ZEROIZE_ALT );
- return( 0 );
- }
-#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
-
-#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
- if( strcmp( "MBEDTLS_PLATFORM_GMTIME_R_ALT", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_PLATFORM_GMTIME_R_ALT );
- return( 0 );
- }
-#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- if( strcmp( "MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED", config ) == 0 )
- {
- MACRO_EXPANSION_TO_STR( MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED );
- return( 0 );
- }
-#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
-
/* If the symbol is not found, return an error */
return 1;
}
@@ -2946,6 +2946,14 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT);
#endif /* MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT */
+#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_GMTIME_R_ALT);
+#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
+
+#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_ZEROIZE_ALT);
+#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
+
#if defined(MBEDTLS_DEPRECATED_WARNING)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_DEPRECATED_WARNING);
#endif /* MBEDTLS_DEPRECATED_WARNING */
@@ -3262,6 +3270,10 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_REMOVE_3DES_CIPHERSUITES);
#endif /* MBEDTLS_REMOVE_3DES_CIPHERSUITES */
+#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED);
+#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
+
#if defined(MBEDTLS_ECP_DP_SECP192R1_ENABLED)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECP_DP_SECP192R1_ENABLED);
#endif /* MBEDTLS_ECP_DP_SECP192R1_ENABLED */
@@ -3614,6 +3626,10 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH);
#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
+ OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE);
+#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
+
#if defined(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN)
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN);
#endif /* MBEDTLS_TEST_CONSTANT_FLOW_MEMSAN */
@@ -4238,22 +4254,6 @@
OUTPUT_MACRO_NAME_VALUE(MBEDTLS_X509_MAX_FILE_PATH_LEN);
#endif /* MBEDTLS_X509_MAX_FILE_PATH_LEN */
-#if defined(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE);
-#endif /* MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE */
-
-#if defined(MBEDTLS_PLATFORM_ZEROIZE_ALT)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_ZEROIZE_ALT);
-#endif /* MBEDTLS_PLATFORM_ZEROIZE_ALT */
-
-#if defined(MBEDTLS_PLATFORM_GMTIME_R_ALT)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_PLATFORM_GMTIME_R_ALT);
-#endif /* MBEDTLS_PLATFORM_GMTIME_R_ALT */
-
-#if defined(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED)
- OUTPUT_MACRO_NAME_VALUE(MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED);
-#endif /* MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED */
-
}
#if defined(_MSC_VER)
diff --git a/programs/test/selftest.c b/programs/test/selftest.c
index 598c66e..f45eb85 100644
--- a/programs/test/selftest.c
+++ b/programs/test/selftest.c
@@ -77,23 +77,51 @@
void *empty2 = mbedtls_calloc(0, 1);
void *buffer1 = mbedtls_calloc(1, 1);
void *buffer2 = mbedtls_calloc(1, 1);
+ unsigned int buffer_3_size = 256;
+ unsigned int buffer_4_size = 4097; /* Allocate more than the usual page size */
+ unsigned char *buffer3 = mbedtls_calloc(buffer_3_size, 1);
+ unsigned char *buffer4 = mbedtls_calloc(buffer_4_size, 1);
if (empty1 == NULL && empty2 == NULL) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (NULL)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (NULL)\n");
}
} else if (empty1 == NULL || empty2 == NULL) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): failed (mix of NULL and non-NULL)\n");
+ mbedtls_printf(" CALLOC(0,1): failed (mix of NULL and non-NULL)\n");
}
++failures;
} else if (empty1 == empty2) {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (same non-null)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (same non-null)\n");
}
} else {
if (verbose) {
- mbedtls_printf(" CALLOC(0): passed (distinct non-null)\n");
+ mbedtls_printf(" CALLOC(0,1): passed (distinct non-null)\n");
+ }
+ }
+
+ mbedtls_free(empty1);
+ mbedtls_free(empty2);
+
+ empty1 = mbedtls_calloc(1, 0);
+ empty2 = mbedtls_calloc(1, 0);
+ if (empty1 == NULL && empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (NULL)\n");
+ }
+ } else if (empty1 == NULL || empty2 == NULL) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): failed (mix of NULL and non-NULL)\n");
+ }
+ ++failures;
+ } else if (empty1 == empty2) {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (same non-null)\n");
+ }
+ } else {
+ if (verbose) {
+ mbedtls_printf(" CALLOC(1,0): passed (distinct non-null)\n");
}
}
@@ -126,6 +154,28 @@
}
}
+ for (unsigned int i = 0; i < buffer_3_size; i++) {
+ if (buffer3[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_3_size);
+ }
+ break;
+ }
+ }
+
+ for (unsigned int i = 0; i < buffer_4_size; i++) {
+ if (buffer4[i] != 0) {
+ ++failures;
+ if (verbose) {
+ mbedtls_printf(" CALLOC(%u): failed (memory not initialized to 0)\n",
+ buffer_4_size);
+ }
+ break;
+ }
+ }
+
if (verbose) {
mbedtls_printf("\n");
}
@@ -133,6 +183,8 @@
mbedtls_free(empty2);
mbedtls_free(buffer1);
mbedtls_free(buffer2);
+ mbedtls_free(buffer3);
+ mbedtls_free(buffer4);
return failures;
}
#endif /* MBEDTLS_SELF_TEST */
@@ -353,6 +405,9 @@
unsigned char buf[1000000];
#endif
void *pointer;
+#if defined(_WIN32)
+ int ci = 0; /* ci = 1 => running in CI, so don't wait for a key press */
+#endif
/*
* The C standard doesn't guarantee that all-bits-0 is the representation
@@ -380,6 +435,10 @@
} else if (strcmp(*argp, "--exclude") == 0 ||
strcmp(*argp, "-x") == 0) {
exclude_mode = 1;
+#if defined(_WIN32)
+ } else if (strcmp(*argp, "--ci") == 0) {
+ ci = 1;
+#endif
} else {
break;
}
@@ -450,8 +509,10 @@
mbedtls_printf(" [ All tests PASS ]\n\n");
}
#if defined(_WIN32)
- mbedtls_printf(" Press Enter to exit this program.\n");
- fflush(stdout); getchar();
+ if (!ci) {
+ mbedtls_printf(" Press Enter to exit this program.\n");
+ fflush(stdout); getchar();
+ }
#endif
}
diff --git a/programs/test/udp_proxy.c b/programs/test/udp_proxy.c
index cc0bf79..d31947a 100644
--- a/programs/test/udp_proxy.c
+++ b/programs/test/udp_proxy.c
@@ -645,7 +645,7 @@
memcpy(&prev[prev_len++], delay, sizeof(packet));
}
-int send_delayed()
+int send_delayed(void)
{
uint8_t offset;
int ret;
diff --git a/programs/x509/cert_app.c b/programs/x509/cert_app.c
index b14b084..294e994 100644
--- a/programs/x509/cert_app.c
+++ b/programs/x509/cert_app.c
@@ -157,6 +157,7 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&cacert);
+ mbedtls_entropy_init(&entropy);
#if defined(MBEDTLS_X509_CRL_PARSE_C)
mbedtls_x509_crl_init(&cacrl);
#else
@@ -165,6 +166,15 @@
memset(&cacrl, 0, sizeof(mbedtls_x509_crl));
#endif
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -342,7 +352,6 @@
mbedtls_printf("\n . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -452,6 +461,9 @@
#endif
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/x509/cert_req.c b/programs/x509/cert_req.c
index d7818d7..db200d9 100644
--- a/programs/x509/cert_req.c
+++ b/programs/x509/cert_req.c
@@ -162,6 +162,16 @@
mbedtls_pk_init(&key);
mbedtls_ctr_drbg_init(&ctr_drbg);
memset(buf, 0, sizeof(buf));
+ mbedtls_entropy_init(&entropy);
+
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
if (argc < 2) {
usage:
@@ -294,7 +304,6 @@
mbedtls_printf(" . Seeding the random number generator...");
fflush(stdout);
- mbedtls_entropy_init(&entropy);
if ((ret = mbedtls_ctr_drbg_seed(&ctr_drbg, mbedtls_entropy_func, &entropy,
(const unsigned char *) pers,
strlen(pers))) != 0) {
@@ -365,6 +374,9 @@
mbedtls_pk_free(&key);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/x509/cert_write.c b/programs/x509/cert_write.c
index ea20144..02ff836 100644
--- a/programs/x509/cert_write.c
+++ b/programs/x509/cert_write.c
@@ -241,6 +241,15 @@
mbedtls_x509_crt_init(&issuer_crt);
memset(buf, 0, 1024);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -717,6 +726,9 @@
mbedtls_mpi_free(&serial);
mbedtls_ctr_drbg_free(&ctr_drbg);
mbedtls_entropy_free(&entropy);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/x509/crl_app.c b/programs/x509/crl_app.c
index b00f9f3..e3e0577 100644
--- a/programs/x509/crl_app.c
+++ b/programs/x509/crl_app.c
@@ -72,6 +72,15 @@
*/
mbedtls_x509_crl_init(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -127,6 +136,9 @@
exit:
mbedtls_x509_crl_free(&crl);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/programs/x509/load_roots.c b/programs/x509/load_roots.c
index faf4ba9..e28f35a 100644
--- a/programs/x509/load_roots.c
+++ b/programs/x509/load_roots.c
@@ -127,6 +127,15 @@
struct mbedtls_timing_hr_time timer;
unsigned long ms;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc <= 1) {
mbedtls_printf(USAGE);
goto exit;
@@ -191,6 +200,9 @@
exit_code = MBEDTLS_EXIT_SUCCESS;
exit:
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
mbedtls_exit(exit_code);
}
#endif /* necessary configuration */
diff --git a/programs/x509/req_app.c b/programs/x509/req_app.c
index dd7fac7..b447c6a 100644
--- a/programs/x509/req_app.c
+++ b/programs/x509/req_app.c
@@ -72,6 +72,15 @@
*/
mbedtls_x509_csr_init(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_status_t status = psa_crypto_init();
+ if (status != PSA_SUCCESS) {
+ mbedtls_fprintf(stderr, "Failed to initialize PSA Crypto implementation: %d\n",
+ (int) status);
+ goto exit;
+ }
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+
if (argc < 2) {
usage:
mbedtls_printf(USAGE);
@@ -127,6 +136,9 @@
exit:
mbedtls_x509_csr_free(&csr);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_psa_crypto_free();
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(_WIN32)
mbedtls_printf(" + Press Enter to exit this program.\n");
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index df629e9..b84308d 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -125,7 +125,7 @@
sed -e "s/_VERSION_PATCH .\{1,\}/_VERSION_PATCH $PATCH/" | \
sed -e "s/_VERSION_NUMBER .\{1,\}/_VERSION_NUMBER $VERSION_NR/" | \
sed -e "s/_VERSION_STRING .\{1,\}/_VERSION_STRING \"$VERSION\"/" | \
- sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"mbed TLS $VERSION\"/" \
+ sed -e "s/_VERSION_STRING_FULL .\{1,\}/_VERSION_STRING_FULL \"Mbed TLS $VERSION\"/" \
> tmp
mv tmp include/mbedtls/version.h
@@ -136,7 +136,7 @@
[ $VERBOSE ] && echo "Bumping PROJECT_NAME in doxygen/mbedtls.doxyfile and doxygen/input/doc_mainpage.h"
for i in doxygen/mbedtls.doxyfile doxygen/input/doc_mainpage.h;
do
- sed -e "s/mbed TLS v[0-9\.]\{1,\}/mbed TLS v$VERSION/g" < $i > tmp
+ sed -e "s/\\([Mm]bed TLS v\\)[0-9][0-9.]*/\\1$VERSION/g" < $i > tmp
mv tmp $i
done
diff --git a/scripts/code_style.py b/scripts/code_style.py
index c31fb29..54b5168 100755
--- a/scripts/code_style.py
+++ b/scripts/code_style.py
@@ -22,7 +22,7 @@
import re
import subprocess
import sys
-from typing import FrozenSet, List
+from typing import FrozenSet, List, Optional
UNCRUSTIFY_SUPPORTED_VERSION = "0.75.1"
CONFIG_FILE = ".uncrustify.cfg"
@@ -63,31 +63,42 @@
checks = re.findall(CHECK_CALL_RE, content)
return frozenset(word for s in checks for word in s.split())
-def get_src_files() -> List[str]:
+def get_src_files(since: Optional[str]) -> List[str]:
"""
- Use git ls-files to get a list of the source files
+ Use git to get a list of the source files.
+
+ The optional argument since is a commit, indicating to only list files
+ that have changed since that commit. Without this argument, list all
+ files known to git.
+
+ Only C files are included, and certain files (generated, or 3rdparty)
+ are excluded.
"""
- git_ls_files_cmd = ["git", "ls-files",
- "*.[hc]",
- "tests/suites/*.function",
- "scripts/data_files/*.fmt"]
+ file_patterns = ["*.[hc]",
+ "tests/suites/*.function",
+ "scripts/data_files/*.fmt"]
+ output = subprocess.check_output(["git", "ls-files"] + file_patterns,
+ universal_newlines=True)
+ src_files = output.split()
+ if since:
+ # get all files changed in commits since the starting point
+ cmd = ["git", "log", since + "..HEAD", "--name-only", "--pretty=", "--"] + src_files
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ committed_changed_files = output.split()
+ # and also get all files with uncommitted changes
+ cmd = ["git", "diff", "--name-only", "--"] + src_files
+ output = subprocess.check_output(cmd, universal_newlines=True)
+ uncommitted_changed_files = output.split()
+ src_files = list(set(committed_changed_files + uncommitted_changed_files))
- result = subprocess.run(git_ls_files_cmd, stdout=subprocess.PIPE,
- check=False)
-
- if result.returncode != 0:
- print_err("git ls-files returned: " + str(result.returncode))
- return []
- else:
- generated_files = list_generated_files()
- src_files = str(result.stdout, "utf-8").split()
- # Don't correct style for third-party files (and, for simplicity,
- # companion files in the same subtree), or for automatically
- # generated files (we're correcting the templates instead).
- src_files = [filename for filename in src_files
- if not (filename.startswith("3rdparty/") or
- filename in generated_files)]
- return src_files
+ generated_files = list_generated_files()
+ # Don't correct style for third-party files (and, for simplicity,
+ # companion files in the same subtree), or for automatically
+ # generated files (we're correcting the templates instead).
+ src_files = [filename for filename in src_files
+ if not (filename.startswith("3rdparty/") or
+ filename in generated_files)]
+ return src_files
def get_uncrustify_version() -> str:
"""
@@ -182,6 +193,10 @@
parser.add_argument('-f', '--fix', action='store_true',
help=('modify source files to fix the code style '
'(default: print diff, do not modify files)'))
+ parser.add_argument('-s', '--since', metavar='COMMIT', const='mbedtls-2.28', nargs='?',
+ help=('only check files modified since the specified commit'
+ ' (e.g. --since=HEAD~3 or --since=mbedtls-2.28). If no'
+ ' commit is specified, default to mbedtls-2.28.'))
# --subset is almost useless: it only matters if there are no files
# ('code_style.py' without arguments checks all files known to Git,
# 'code_style.py --subset' does nothing). In particular,
@@ -194,7 +209,7 @@
args = parser.parse_args()
- covered = frozenset(get_src_files())
+ covered = frozenset(get_src_files(args.since))
# We only check files that are known to git
if args.subset or args.operands:
src_files = [f for f in args.operands if f in covered]
diff --git a/scripts/config.py b/scripts/config.py
index c106a97..2f79978 100755
--- a/scripts/config.py
+++ b/scripts/config.py
@@ -2,7 +2,7 @@
"""Mbed TLS configuration file manipulation library and tool
-Basic usage, to read the Mbed TLS or Mbed Crypto configuration:
+Basic usage, to read the Mbed TLS configuration:
config = ConfigFile()
if 'MBEDTLS_RSA_C' in config: print('RSA is enabled')
"""
@@ -200,7 +200,7 @@
'MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG', # behavior change + build dependency
'MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER', # incompatible with USE_PSA_CRYPTO
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
- 'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
+ 'MBEDTLS_PSA_INJECT_ENTROPY', # conflicts with platform entropy sources
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', # removes a feature
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
@@ -225,7 +225,11 @@
Exclude alternative implementations of library functions since they require
an implementation of the relevant functions and an xxx_alt.h header.
"""
- if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT':
+ if name in (
+ 'MBEDTLS_PLATFORM_GMTIME_R_ALT',
+ 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT',
+ 'MBEDTLS_PLATFORM_ZEROIZE_ALT',
+ ):
# Similar to non-platform xxx_ALT, requires platform_alt.h
return False
return name.startswith('MBEDTLS_PLATFORM_')
@@ -468,7 +472,7 @@
def main():
"""Command line config.h manipulation tool."""
parser = argparse.ArgumentParser(description="""
- Mbed TLS and Mbed Crypto configuration file manipulation tool.
+ Mbed TLS configuration file manipulation tool.
""")
parser.add_argument('--file', '-f',
help="""File to read (and modify if requested).
diff --git a/scripts/footprint.sh b/scripts/footprint.sh
index 4d7be7a..8e7f60a 100755
--- a/scripts/footprint.sh
+++ b/scripts/footprint.sh
@@ -17,7 +17,7 @@
#
# Purpose
#
-# This script determines ROM size (or code size) for the standard mbed TLS
+# This script determines ROM size (or code size) for the standard Mbed TLS
# configurations, when built for a Cortex M3/M4 target.
#
# Configurations included:
@@ -108,7 +108,7 @@
fi
log ""
-log "mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
+log "Mbed TLS $MBEDTLS_VERSION$GIT_VERSION"
log "$( arm-none-eabi-gcc --version | head -n1 )"
log "CFLAGS=$ARMGCC_FLAGS"
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
index 74a9527..6b1ef10 100755
--- a/scripts/generate_features.pl
+++ b/scripts/generate_features.pl
@@ -39,8 +39,8 @@
my $feature_format_file = $data_dir.'/version_features.fmt';
-my @sections = ( "System support", "mbed TLS modules",
- "mbed TLS feature support" );
+my @sections = ( "System support", "Mbed TLS modules",
+ "Mbed TLS feature support" );
my $line_separator = $/;
undef $/;
diff --git a/scripts/lcov.sh b/scripts/lcov.sh
index 8d141ee..6bba02f 100755
--- a/scripts/lcov.sh
+++ b/scripts/lcov.sh
@@ -51,7 +51,7 @@
lcov --rc lcov_branch_coverage=1 --add-tracefile Coverage/tmp/files.info --add-tracefile Coverage/tmp/tests.info -o Coverage/tmp/all.info
lcov --rc lcov_branch_coverage=1 --remove Coverage/tmp/all.info -o Coverage/tmp/final.info '*.h'
gendesc tests/Descriptions.txt -o Coverage/tmp/descriptions
- genhtml --title "mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
+ genhtml --title "Mbed TLS" --description-file Coverage/tmp/descriptions --keep-descriptions --legend --branch-coverage -o Coverage Coverage/tmp/final.info
rm -f Coverage/tmp/*.info Coverage/tmp/descriptions
echo "Coverage report in: Coverage/index.html"
}
diff --git a/scripts/output_env.sh b/scripts/output_env.sh
index 1d9e0fa..5356132 100755
--- a/scripts/output_env.sh
+++ b/scripts/output_env.sh
@@ -105,9 +105,37 @@
print_version "gcc" "--version" "" "head -n 1"
echo
+if [ -n "${GCC_EARLIEST+set}" ]; then
+ print_version "${GCC_EARLIEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${GCC_LATEST+set}" ]; then
+ print_version "${GCC_LATEST}" "--version" "" "head -n 1"
+else
+ echo " GCC_LATEST : Not configured."
+fi
+echo
+
print_version "clang" "--version" "" "head -n 2"
echo
+if [ -n "${CLANG_EARLIEST+set}" ]; then
+ print_version "${CLANG_EARLIEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_EARLIEST : Not configured."
+fi
+echo
+
+if [ -n "${CLANG_LATEST+set}" ]; then
+ print_version "${CLANG_LATEST}" "--version" "" "head -n 2"
+else
+ echo " CLANG_LATEST : Not configured."
+fi
+echo
+
print_version "ldd" "--version" "" "head -n 1"
echo
diff --git a/scripts/rename.pl b/scripts/rename.pl
index 9ea5f09..2214f37 100755
--- a/scripts/rename.pl
+++ b/scripts/rename.pl
@@ -17,8 +17,8 @@
#
# Purpose
#
-# This script migrates application source code from the mbed TLS 1.3 API to the
-# mbed TLS 2.0 API.
+# This script migrates application source code from the Mbed TLS 1.3 API to the
+# Mbed TLS 2.0 API.
#
# The script processes the given source code and renames identifiers - functions
# types, enums etc, as
@@ -88,7 +88,7 @@
if( dir($filename)->parent eq $lib_include_dir ||
dir($filename)->parent eq $lib_source_dir )
{
- die "Script cannot be executed on the mbed TLS library itself.";
+ die "Script cannot be executed on the Mbed TLS library itself.";
}
if( -d $filename ) { print STDERR "skip (directory)\n"; next }
diff --git a/tests/.gitignore b/tests/.gitignore
index 8f7315d..4678d8d 100644
--- a/tests/.gitignore
+++ b/tests/.gitignore
@@ -10,8 +10,6 @@
include/test/instrument_record_status.h
-src/*.o
-src/drivers/*.o
src/libmbed*
libtestdriver1/*
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index ca477ac..10de8c7 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -50,7 +50,9 @@
DEPENDS ${CMAKE_CURRENT_SOURCE_DIR}/scripts/generate_test_code.py ${mbedtls_target} ${CMAKE_CURRENT_SOURCE_DIR}/suites/helpers.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/main_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/host_test.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${suite_name}.function ${CMAKE_CURRENT_SOURCE_DIR}/suites/test_suite_${data_name}.data
)
- add_executable(test_suite_${data_name} test_suite_${data_name}.c $<TARGET_OBJECTS:mbedtls_test>)
+ add_executable(test_suite_${data_name} test_suite_${data_name}.c
+ $<TARGET_OBJECTS:mbedtls_test>
+ $<TARGET_OBJECTS:mbedtls_test_helpers>)
target_link_libraries(test_suite_${data_name} ${libs})
# Include test-specific header files from ./include and private header
# files (used by some invasive tests) from ../library. Public header
diff --git a/tests/Makefile b/tests/Makefile
index 44ff43c..27dcacb 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -86,7 +86,7 @@
$(MBEDLIBS):
$(MAKE) -C ../library
-MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c))
+MBEDTLS_TEST_OBJS=$(patsubst %.c,%.o,$(wildcard src/*.c src/drivers/*.c src/test_helpers/*.c))
mbedtls_test: $(MBEDTLS_TEST_OBJS)
@@ -107,6 +107,10 @@
echo " CC $<"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+src/test_helpers/%.o : src/test_helpers/%.c
+ echo " CC $<"
+ $(CC) $(LOCAL_CFLAGS) $(CFLAGS) -o $@ -c $<
+
C_FILES := $(addsuffix .c,$(APPS))
c: $(C_FILES)
@@ -143,7 +147,7 @@
clean:
ifndef WINDOWS
rm -rf $(BINARIES) *.c *.datax
- rm -f src/*.o src/drivers/*.o src/libmbed*
+ rm -f src/*.o src/drivers/*.o src/test_helpers/*.o src/libmbed*
rm -f include/test/instrument_record_status.h
rm -rf libtestdriver1
else
@@ -152,6 +156,7 @@
if exist *.datax del /Q /F *.datax
if exist src/*.o del /Q /F src/*.o
if exist src/drivers/*.o del /Q /F src/drivers/*.o
+ if exist src/test_helpers/*.o del /Q /F src/test_helpers/*.o
if exist src/libmbed* del /Q /F src/libmed*
if exist include/test/instrument_record_status.h del /Q /F include/test/instrument_record_status.h
endif
diff --git a/tests/compat.sh b/tests/compat.sh
index e7f9d49..ba8465b 100755
--- a/tests/compat.sh
+++ b/tests/compat.sh
@@ -30,6 +30,11 @@
# where it may output seemingly unlimited length error logs.
ulimit -f 20971520
+ORIGINAL_PWD=$PWD
+if ! cd "$(dirname "$0")"; then
+ exit 125
+fi
+
# initialise counters
TESTS=0
FAILED=0
@@ -77,6 +82,17 @@
PEER_GNUTLS=""
fi
+guess_config_name() {
+ if git diff --quiet ../include/mbedtls/config.h 2>/dev/null; then
+ echo "default"
+ else
+ echo "unknown"
+ fi
+}
+: ${MBEDTLS_TEST_OUTCOME_FILE=}
+: ${MBEDTLS_TEST_CONFIGURATION:="$(guess_config_name)"}
+: ${MBEDTLS_TEST_PLATFORM:="$(uname -s | tr -c \\n0-9A-Za-z _)-$(uname -m | tr -c \\n0-9A-Za-z _)"}
+
# default values for options
# /!\ keep this synchronised with:
# - basic-build-test.sh
@@ -112,6 +128,38 @@
printf " \tAlso available: GnuTLS (needs v3.2.15 or higher)\n"
printf " -M|--memcheck\tCheck memory leaks and errors.\n"
printf " -v|--verbose\tSet verbose output.\n"
+ printf " --list-test-case\tList all potential test cases (No Execution)\n"
+ printf " --outcome-file\tFile where test outcomes are written\n"
+ printf " \t(default: \$MBEDTLS_TEST_OUTCOME_FILE, none if empty)\n"
+}
+
+# print_test_case <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+print_test_case() {
+ for i in $3; do
+ uniform_title $1 $2 $i
+ echo $TITLE
+ done
+}
+
+# list_test_case lists all potential test cases in compat.sh without execution
+list_test_case() {
+ for MODE in $MODES; do
+ for TYPE in $TYPES; do
+ for VERIFY in $VERIFIES; do
+ VERIF=$(echo $VERIFY | tr '[:upper:]' '[:lower:]')
+ reset_ciphersuites
+ add_common_ciphersuites
+ add_openssl_ciphersuites
+ add_gnutls_ciphersuites
+ add_mbedtls_ciphersuites
+ print_test_case m O "$O_CIPHERS"
+ print_test_case O m "$O_CIPHERS"
+ print_test_case m G "$G_CIPHERS"
+ print_test_case G m "$G_CIPHERS"
+ print_test_case m m "$M_CIPHERS"
+ done
+ done
+ done
}
get_options() {
@@ -141,6 +189,15 @@
-M|--memcheck)
MEMCHECK=1
;;
+ # Please check scripts/check_test_cases.py correspondingly
+ # if you have to modify option, --list-test-case
+ --list-test-case)
+ list_test_case
+ exit $?
+ ;;
+ --outcome-file)
+ shift; MBEDTLS_TEST_OUTCOME_FILE=$1
+ ;;
-h|--help)
print_usage
exit 0
@@ -219,7 +276,7 @@
{
if [ "X" != "X$FILTER" -o "X" != "X$EXCLUDE" ];
then
- # Ciphersuite for mbed TLS
+ # Ciphersuite for Mbed TLS
M_CIPHERS=$( filter "$M_CIPHERS" )
# Ciphersuite for OpenSSL
@@ -229,7 +286,7 @@
G_CIPHERS=$( filter "$G_CIPHERS" )
fi
- # For GnuTLS client -> mbed TLS server,
+ # For GnuTLS client -> Mbed TLS server,
# we need to force IPv4 by connecting to 127.0.0.1 but then auth fails
if is_dtls "$MODE" && [ "X$VERIFY" = "XYES" ]; then
G_CIPHERS=""
@@ -1145,20 +1202,59 @@
echo "EXIT: $EXIT" >> $CLI_OUT
}
+# record_outcome <outcome> [<failure-reason>]
+record_outcome() {
+ echo "$1"
+ if [ -n "$MBEDTLS_TEST_OUTCOME_FILE" ]; then
+ # The test outcome file has the format (in single line):
+ # platform;configuration;
+ # test suite name;test case description;
+ # PASS/FAIL/SKIP;[failure cause]
+ printf '%s;%s;%s;%s;%s;%s\n' \
+ "$MBEDTLS_TEST_PLATFORM" "$MBEDTLS_TEST_CONFIGURATION" \
+ "compat" "$TITLE" \
+ "$1" "${2-}" \
+ >> "$MBEDTLS_TEST_OUTCOME_FILE"
+ fi
+}
+
+# display additional information if test case fails
+report_fail() {
+ FAIL_PROMPT="outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
+ record_outcome "FAIL" "$FAIL_PROMPT"
+ cp $SRV_OUT c-srv-${TESTS}.log
+ cp $CLI_OUT c-cli-${TESTS}.log
+ echo " ! $FAIL_PROMPT"
+
+ if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
+ echo " ! server output:"
+ cat c-srv-${TESTS}.log
+ echo " ! ==================================================="
+ echo " ! client output:"
+ cat c-cli-${TESTS}.log
+ fi
+}
+
+# uniform_title <CLIENT> <SERVER> <STANDARD_CIPHER_SUITE>
+# $TITLE is considered as test case description for both --list-test-case and
+# MBEDTLS_TEST_OUTCOME_FILE. This function aims to control the format of
+# each test case description.
+uniform_title() {
+ TITLE="$1->$2 $MODE,$VERIF $3"
+}
+
# run_client <name> <cipher>
run_client() {
# announce what we're going to do
TESTS=$(( $TESTS + 1 ))
- TITLE="`echo $1 | head -c1`->`echo $SERVER_NAME | head -c1`"
- TITLE="$TITLE $MODE,$VERIF $2"
- printf "%s " "$TITLE"
- LEN=$(( 72 - `echo "$TITLE" | wc -c` ))
- for i in `seq 1 $LEN`; do printf '.'; done; printf ' '
+ uniform_title "${1%"${1#?}"}" "${SERVER_NAME%"${SERVER_NAME#?}"}" $2
+ DOTS72="........................................................................"
+ printf "%s %.*s " "$TITLE" "$((71 - ${#TITLE}))" "$DOTS72"
# should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then
SKIP_NEXT="NO"
- echo "SKIP"
+ record_outcome "SKIP"
SKIPPED=$(( $SKIPPED + 1 ))
return
fi
@@ -1252,26 +1348,14 @@
# report and count result
case $RESULT in
"0")
- echo PASS
+ record_outcome "PASS"
;;
"1")
- echo SKIP
+ record_outcome "SKIP"
SKIPPED=$(( $SKIPPED + 1 ))
;;
"2")
- echo FAIL
- cp $SRV_OUT c-srv-${TESTS}.log
- cp $CLI_OUT c-cli-${TESTS}.log
- echo " ! outputs saved to c-srv-${TESTS}.log, c-cli-${TESTS}.log"
-
- if [ "${LOG_FAILURE_ON_STDOUT:-0}" != 0 ]; then
- echo " ! server output:"
- cat c-srv-${TESTS}.log
- echo " ! ==================================================="
- echo " ! client output:"
- cat c-cli-${TESTS}.log
- fi
-
+ report_fail
FAILED=$(( $FAILED + 1 ))
;;
esac
@@ -1283,13 +1367,16 @@
# MAIN
#
-if cd $( dirname $0 ); then :; else
- echo "cd $( dirname $0 ) failed" >&2
- exit 1
-fi
-
get_options "$@"
+# Make the outcome file path relative to the original directory, not
+# to .../tests
+case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*)
+ MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE"
+ ;;
+esac
+
# sanity checks, avoid an avalanche of errors
if [ ! -x "$M_SRV" ]; then
echo "Command '$M_SRV' is not an executable file" >&2
diff --git a/tests/configs/user-config-for-test.h b/tests/configs/user-config-for-test.h
index 6e7c154..fbec4f4 100644
--- a/tests/configs/user-config-for-test.h
+++ b/tests/configs/user-config-for-test.h
@@ -57,3 +57,23 @@
#define MBEDTLS_PSA_ACCEL_ALG_HMAC
#endif /* PSA_CRYPTO_DRIVER_TEST_ALL */
+
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+#include <stddef.h>
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+#define MBEDTLS_PLATFORM_NV_SEED_READ_MACRO mbedtls_test_inject_entropy_seed_read
+#define MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO mbedtls_test_inject_entropy_seed_write
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
diff --git a/tests/configs/user-config-zeroize-memset.h b/tests/configs/user-config-zeroize-memset.h
new file mode 100644
index 0000000..fcdd1f0
--- /dev/null
+++ b/tests/configs/user-config-zeroize-memset.h
@@ -0,0 +1,29 @@
+/* mbedtls_config.h modifier that defines mbedtls_platform_zeroize() to be
+ * memset(), so that the compile can check arguments for us.
+ * Used for testing.
+ */
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <string.h>
+
+/* Define _ALT so we don't get the built-in implementation. The test code will
+ * also need to define MBEDTLS_TEST_DEFINES_ZEROIZE so we don't get the
+ * declaration. */
+#define MBEDTLS_PLATFORM_ZEROIZE_ALT
+
+#define mbedtls_platform_zeroize(buf, len) memset(buf, 0, len)
diff --git a/tests/data_files/Makefile b/tests/data_files/Makefile
index b123dc9..f67db07 100644
--- a/tests/data_files/Makefile
+++ b/tests/data_files/Makefile
@@ -1,7 +1,7 @@
## This file contains a record of how some of the test data was
## generated. The final build products are committed to the repository
## as well to make sure that the test data is identical. You do not
-## need to use this makefile unless you're extending mbed TLS's tests.
+## need to use this makefile unless you're extending Mbed TLS's tests.
## Many data files were generated prior to the existence of this
## makefile, so the method of their generation was not recorded.
@@ -41,6 +41,10 @@
test_ca_pwd_rsa = PolarSSLTest
test_ca_config_file = test-ca.opensslconf
+$(test_ca_key_file_rsa):
+ $(OPENSSL) genrsa -aes-128-cbc -passout pass:$(test_ca_pwd_rsa) -out $@ 2048
+all_final += $(test_ca_key_file_rsa)
+
test-ca.req.sha256: $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_rsa) password=$(test_ca_pwd_rsa) subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" md=SHA256
all_intermediate += test-ca.req.sha256
@@ -57,6 +61,14 @@
$(OPENSSL) pkey -in $< -out $@ -inform PEM -outform DER -passin "pass:$(test_ca_pwd_rsa)"
all_final += test-ca.key.der
+# This is only used for generating cert_example_multi_nocn.crt
+test-ca_nocn.crt: $(test_ca_key_file_rsa)
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 selfsign=1 \
+ subject_key=$(test_ca_key_file_rsa) subject_pwd=$(test_ca_pwd_rsa) subject_name="C=NL" \
+ issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) issuer_name="C=NL" \
+ not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
+all_intermediate += test-ca_nocn.crt
+
test-ca-sha1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
$(MBEDTLS_CERT_WRITE) is_ca=1 serial=3 request_file=test-ca.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=PolarSSL Test CA" issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144400 not_after=20290210144400 md=SHA1 version=3 output_file=$@
all_final += test-ca-sha1.crt
@@ -93,6 +105,16 @@
cert_example_multi.crt: cert_example_multi.csr
$(OPENSSL) x509 -req -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) -extfile $(test_ca_config_file) -extensions dns_alt_names -passin "pass:$(test_ca_pwd_rsa)" -set_serial 17 -days 3653 -sha256 -in $< > $@
+cert_example_multi_nocn.csr: rsa_pkcs1_1024_clear.pem
+ $(MBEDTLS_CERT_REQ) filename=$< output_file=$@ subject_name='C=NL'
+all_intermediate += cert_example_multi_nocn.csr
+
+cert_example_multi_nocn.crt: cert_example_multi_nocn.csr test-ca_nocn.crt
+ $(OPENSSL) x509 -req -CA test-ca_nocn.crt -CAkey $(test_ca_key_file_rsa) \
+ -extfile $(test_ca_config_file) -extensions ext_multi_nocn -passin "pass:$(test_ca_pwd_rsa)" \
+ -set_serial 0xf7c67ff8e9a963f9 -days 3653 -sha1 -in $< > $@
+all_final += cert_example_multi_nocn.crt
+
$(test_ca_key_file_rsa_alt):test-ca.opensslconf
$(OPENSSL) genrsa -out $@ 2048
test-ca-alt.csr: $(test_ca_key_file_rsa_alt) $(test_ca_config_file)
@@ -112,19 +134,61 @@
test_ca_key_file_ec = test-ca2.key
test-ca2.req.sha256: $(test_ca_key_file_ec)
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
+ $(MBEDTLS_CERT_REQ) output_file=$@ filename=$(test_ca_key_file_ec) \
+ subject_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" md=SHA256
all_intermediate += test-ca2.req.sha256
test-ca2.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
- $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) not_before=20190210144400 not_after=20290210144400 md=SHA256 version=3 output_file=$@
-all_final += test-ca.crt
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 selfsign=1 \
+ request_file=test-ca2.req.sha256 \
+ issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" \
+ issuer_key=$(test_ca_key_file_ec) \
+ not_before=20190210144400 not_after=20290210144400 \
+ md=SHA256 version=3 output_file=$@
+all_final += test-ca2.crt
+
+test-ca2.ku-%.crt: test-ca2.ku-%.crt.openssl.v3_ext $(test_ca_key_file_ec) test-ca2.req.sha256
+ $(OPENSSL) x509 -req -in test-ca2.req.sha256 -extfile $< \
+ -signkey $(test_ca_key_file_ec) -days 3653 -out $@
+
+all_final += test-ca2.ku-crl.crt \
+ test-ca2.ku-crt.crt \
+ test-ca2.ku-crt_crl.crt \
+ test-ca2.ku-ds.crt
+
+test-ca2-future.crt: $(test_ca_key_file_ec) test-ca2.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=13926223505202072808 request_file=test-ca2.req.sha256 selfsign=1 \
+ issuer_name="C=NL,O=PolarSSL,CN=Polarssl Test EC CA" issuer_key=$(test_ca_key_file_ec) \
+ not_before=20290210144400 not_after=20390210144400 md=SHA256 version=3 output_file=$@
+all_intermediate += test-ca2-future.crt
+
+test_ca_ec_cat := # files that concatenate different crt
+test-ca2_cat-future-invalid.crt: test-ca2-future.crt server6.crt
+test_ca_ec_cat += test-ca2_cat-future-invalid.crt
+test-ca2_cat-future-present.crt: test-ca2-future.crt test-ca2.crt
+test_ca_ec_cat += test-ca2_cat-future-present.crt
+test-ca2_cat-present-future.crt: test-ca2.crt test-ca2-future.crt
+test_ca_ec_cat += test-ca2_cat-present-future.crt
+test-ca2_cat-present-past.crt: test-ca2.crt test-ca2-expired.crt
+test_ca_ec_cat += test-ca2_cat-present-past.crt
+test-ca2_cat-past-invalid.crt: test-ca2-expired.crt server6.crt
+test_ca_ec_cat += test-ca2_cat-past-invalid.crt
+test-ca2_cat-past-present.crt: test-ca2-expired.crt test-ca2.crt
+test_ca_ec_cat += test-ca2_cat-past-present.crt
+$(test_ca_ec_cat):
+ cat $^ > $@
+all_final += $(test_ca_ec_cat)
test-ca-any_policy.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
+ -key $(test_ca_key_file_rsa) -passin "pass:$(test_ca_pwd_rsa)" \
+ -set_serial 0 -days 3653 -sha256 -in test-ca.req.sha256 -out $@
all_final += test-ca-any_policy.crt
test-ca-any_policy_ec.crt: $(test_ca_key_file_ec) test-ca.req_ec.sha256
- $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 -in test-ca.req_ec.sha256 -out $@
+ $(OPENSSL) req -x509 -config $(test_ca_config_file) -extensions v3_any_policy_ca \
+ -key $(test_ca_key_file_ec) -set_serial 0 -days 3653 -sha256 \
+ -in test-ca.req_ec.sha256 -out $@
all_final += test-ca-any_policy_ec.crt
test-ca-any_policy_with_qualifier.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
@@ -175,10 +239,37 @@
test-int-ca.csr: test-int-ca.key $(test_ca_config_file)
$(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca.key -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate CA" -out $@
-all_intermediate += test-int-ca.csr
+
+test-int-ca2.csr: test-int-ca2.key $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca2.key \
+ -subj "/C=NL/O=PolarSSL/CN=PolarSSL Test Intermediate EC CA" -out $@
+
+test-int-ca3.csr: test-int-ca3.key $(test_ca_config_file)
+ $(OPENSSL) req -new -config $(test_ca_config_file) -key test-int-ca3.key \
+ -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -out $@
+
+all_intermediate += test-int-ca.csr test-int-ca2.csr test-int-ca3.csr
+
+test-int-ca.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca \
+ -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
+
+test-int-ca2.crt: $(test_ca_key_file_rsa) $(test_ca_crt) $(test_ca_config_file) test-int-ca2.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt) \
+ -CAkey $(test_ca_key_file_rsa) -set_serial 15 -days 3653 -sha256 -in test-int-ca2.csr \
+ -passin "pass:$(test_ca_pwd_rsa)" -out $@
+
+# Note: This requests openssl version >= 3.x.xx
+test-int-ca3.crt: test-int-ca2.crt test-int-ca2.key $(test_ca_config_file) test-int-ca3.csr
+ $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions no_subj_auth_id \
+ -CA test-int-ca2.crt -CAkey test-int-ca2.key -set_serial 77 -days 3653 \
+ -sha256 -in test-int-ca3.csr -out $@
+
test-int-ca-exp.crt: $(test_ca_crt_file_ec) $(test_ca_key_file_ec) $(test_ca_config_file) test-int-ca.csr
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(test_ca_config_file) -extensions v3_ca -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) -set_serial 14 -days 3653 -sha256 -in test-int-ca.csr -out $@
-all_final += test-int-ca-exp.crt
+
+all_final += test-int-ca-exp.crt test-int-ca.crt test-int-ca2.crt test-int-ca3.crt
enco-cert-utf8str.pem: rsa_pkcs1_1024_clear.pem
$(MBEDTLS_CERT_WRITE) subject_key=rsa_pkcs1_1024_clear.pem subject_name="CN=dw.yonan.net" issuer_crt=enco-ca-prstr.pem issuer_key=rsa_pkcs1_1024_clear.pem not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
@@ -217,23 +308,74 @@
all_final += cli-rsa.key.der
test_ca_int_rsa1 = test-int-ca.crt
+test_ca_int_ec = test-int-ca2.crt
+test_ca_int_key_file_ec = test-int-ca2.key
+
+# server7*
server7.csr: server7.key
$(OPENSSL) req -new -key server7.key -subj "/C=NL/O=PolarSSL/CN=localhost" -out $@
all_intermediate += server7.csr
+
+server7.crt: server7.csr $(test_ca_int_rsa1)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key \
+ -set_serial 16 -days 3653 -sha256 -in server7.csr > $@
+all_final += server7.crt
+
server7-expired.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f -3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-expired.crt
+
server7-future.crt: server7.csr $(test_ca_int_rsa1)
$(FAKETIME) -f +3653d $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa -CA $(test_ca_int_rsa1) -CAkey test-int-ca.key -set_serial 16 -days 3653 -sha256 -in server7.csr | cat - $(test_ca_int_rsa1) > $@
all_final += server7-future.crt
+
server7-badsign.crt: server7.crt $(test_ca_int_rsa1)
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; cat $(test_ca_int_rsa1); } > $@
all_final += server7-badsign.crt
+
+server7_int-ca.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) > $@
+all_final += server7_int-ca.crt
+
+server7_pem_space.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) | sed '4s/\(.\)$$/ \1/' > $@
+all_final += server7_pem_space.crt
+
+server7_all_space.crt: server7.crt $(test_ca_int_rsa1)
+ { cat server7.crt | sed '4s/\(.\)$$/ \1/'; cat test-int-ca.crt | sed '4s/\(.\)$$/ \1/'; } > $@
+all_final += server7_all_space.crt
+
+server7_trailing_space.crt: server7.crt $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_rsa1) | sed 's/\(.\)$$/\1 /' > $@
+all_final += server7_trailing_space.crt
+
+server7_int-ca_ca2.crt: server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec)
+ cat server7.crt $(test_ca_int_rsa1) $(test_ca_crt_file_ec) > $@
+all_final += server7_int-ca_ca2.crt
+
server7_int-ca-exp.crt: server7.crt test-int-ca-exp.crt
cat server7.crt test-int-ca-exp.crt > $@
all_final += server7_int-ca-exp.crt
+server7_spurious_int-ca.crt: server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1)
+ cat server7.crt $(test_ca_int_ec) $(test_ca_int_rsa1) > $@
+all_final += server7_spurious_int-ca.crt
+
+# server8*
+
+server8.crt: server8.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL, O=PolarSSL, CN=localhost" serial=17 \
+ issuer_crt=$(test_ca_int_ec) issuer_key=$(test_ca_int_key_file_ec) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 output_file=$@
+all_final += server8.crt
+
+server8_int-ca2.crt: server8.crt $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server8_int-ca2.crt
+
cli2.req.sha256: cli2.key
$(MBEDTLS_CERT_REQ) output_file=$@ filename=$< subject_name="C=NL,O=PolarSSL,CN=PolarSSL Test Client 2" md=SHA256
@@ -270,9 +412,23 @@
# try to forge a copy of test-int-ca3 with different key
server5-ss-forgeca.crt: server5.key
- $(FAKETIME) '2015-09-01 14:08:43' $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca -days 3650 -sha256 -key $< -out $@
+ $(OPENSSL) req -x509 -new -subj "/C=UK/O=mbed TLS/CN=mbed TLS Test intermediate CA 3" \
+ -set_serial 77 -config $(test_ca_config_file) -extensions noext_ca \
+ -days 3650 -sha256 -key $< -out $@
all_final += server5-ss-forgeca.crt
+server5-selfsigned.crt: server5.key
+ openssl req -x509 -key server5.key \
+ -sha256 -days 3650 -nodes \
+ -addext basicConstraints=critical,CA:FALSE \
+ -addext keyUsage=critical,digitalSignature \
+ -addext subjectKeyIdentifier=hash \
+ -addext authorityKeyIdentifier=none \
+ -set_serial 0x53a2cb4b124ead837da894b2 \
+ -subj "/CN=selfsigned/OU=testing/O=PolarSSL/C=NL" \
+ -out $@
+all_final += server5-selfsigned.crt
+
server5-othername.crt: server5.key
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS othername SAN" -set_serial 77 -config $(test_ca_config_file) -extensions othername_san -days 3650 -sha256 -key $< -out $@
@@ -289,18 +445,114 @@
$(OPENSSL) req -x509 -new -subj "/C=UK/O=Mbed TLS/CN=Mbed TLS Tricky IP SAN" -set_serial 77 -config $(test_ca_config_file) -extensions tricky_ip_san -days 3650 -sha256 -key server5.key -out $@
all_final += server5-tricky-ip-san.crt
+server5-der0.crt: server5.crt.der
+ cp $< $@
+server5-der1a.crt: server5.crt.der
+ cp $< $@
+ echo '00' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der1b.crt: server5.crt.der
+ cp $< $@
+ echo 'c1' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der2.crt: server5.crt.der
+ cp $< $@
+ echo 'b90a' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der4.crt: server5.crt.der
+ cp $< $@
+ echo 'a710945f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der8.crt: server5.crt.der
+ cp $< $@
+ echo 'a4a7ff27267aaa0f' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+server5-der9.crt: server5.crt.der
+ cp $< $@
+ echo 'cff8303376ffa47a29' | xxd -r -p | dd of=$@ bs=1 seek=$$(wc -c <$<) conv=notrunc
+all_final += server5-der0.crt server5-der1b.crt server5-der4.crt \
+ server5-der9.crt server5-der1a.crt server5-der2.crt \
+ server5-der8.crt
+
+test-int-ca3-badsign.crt: test-int-ca3.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += test-int-ca3-badsign.crt
+
+# server9*
+
+server9.csr: server9.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+server9.crt: server9-sha1.crt
+ cp $< $@
+all_final += server9.crt
+all_intermediate += server9.csr server9-sha1.crt
+
+server9-%.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial $(SERVER9_CRT_SERIAL) -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
+ -sigopt rsa_mgf1_md:$(@:server9-%.crt=%) -$(@:server9-%.crt=%) \
+ -in $< -out $@
+server9-sha1.crt: SERVER9_CRT_SERIAL=22
+server9-sha224.crt: SERVER9_CRT_SERIAL=23
+server9-sha256.crt: SERVER9_CRT_SERIAL=24
+server9-sha384.crt: SERVER9_CRT_SERIAL=25
+server9-sha512.crt: SERVER9_CRT_SERIAL=26
+all_final += server9-sha224.crt server9-sha256.crt server9-sha384.crt server9-sha512.crt
+
+server9-defaults.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial 72 -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max -sha1 \
+ -in $< -out $@
+all_final += server9-defaults.crt
+
+server9-badsign.crt: server9.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server9-badsign.crt
+
+server9-with-ca.crt: server9.crt $(test_ca_crt)
+ cat $^ > $@
+all_final += server9-with-ca.crt
+
+# FIXME: This file needs special sequence. It should be update manually
+server9-bad-saltlen.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ false
+
+server9-bad-mgfhash.crt: server9.csr $(test_ca_crt) $(test_ca_key_file_rsa)
+ $(OPENSSL) x509 -req -extfile $(cli_crt_extensions_file) -extensions cli-rsa \
+ -passin "pass:$(test_ca_pwd_rsa)" -CA $(test_ca_crt) -CAkey $(test_ca_key_file_rsa) \
+ -set_serial 24 -days 3653 \
+ -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
+ -sigopt rsa_mgf1_md:sha224 -sha256 \
+ -in $< -out $@
+all_final += server9-bad-mgfhash.crt
+
+# server10*
+
+server10.crt: server10.key test-int-ca3.crt test-int-ca3.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="CN=localhost" serial=75 \
+ issuer_crt=test-int-ca3.crt issuer_key=test-int-ca3.key \
+ subject_identifier=0 authority_identifier=0 \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 output_file=$@
+all_final += server10.crt
server10-badsign.crt: server10.crt
{ head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
all_final += server10-badsign.crt
server10-bs_int3.pem: server10-badsign.crt test-int-ca3.crt
cat server10-badsign.crt test-int-ca3.crt > $@
all_final += server10-bs_int3.pem
-test-int-ca3-badsign.crt: test-int-ca3.crt
- { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
-all_final += test-int-ca3-badsign.crt
server10_int3-bs.pem: server10.crt test-int-ca3-badsign.crt
cat server10.crt test-int-ca3-badsign.crt > $@
all_final += server10_int3-bs.pem
+server10_int3_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server10_int3_int-ca2.crt
+server10_int3_int-ca2_ca.crt: server10.crt test-int-ca3.crt $(test_ca_int_ec) $(test_ca_crt)
+ cat $^ > $@
+all_final += server10_int3_int-ca2_ca.crt
+server10_int3_spurious_int-ca2.crt: server10.crt test-int-ca3.crt $(test_ca_int_rsa1) $(test_ca_int_ec)
+ cat $^ > $@
+all_final += server10_int3_spurious_int-ca2.crt
rsa_pkcs1_2048_public.pem: server8.key
$(OPENSSL) rsa -in $< -outform PEM -RSAPublicKey_out -out $@
@@ -318,6 +570,19 @@
$(OPENSSL) rsa -pubin -in $< -outform DER -pubout -out $@
all_final += rsa_pkcs8_2048_public.der
+# Generate crl_cat_*.pem
+# - crt_cat_*.pem: (1+2) concatenations in various orders:
+# ec = crl-ec-sha256.pem, ecfut = crl-future.pem
+# rsa = crl.pem, rsabadpem = same with pem error, rsaexp = crl_expired.pem
+
+crl_cat_ec-rsa.pem:crl-ec-sha256.pem crl.pem
+ cat $^ > $@
+
+crl_cat_rsa-ec.pem:crl.pem crl-ec-sha256.pem
+ cat $^ > $@
+
+all_final += crl_cat_ec-rsa.pem crl_cat_rsa-ec.pem
+
################################################################
#### Generate various RSA keys
################################################################
@@ -888,6 +1153,61 @@
$(OPENSSL) pkey -in $< -inform DER -out $@
all_final += ec_prv.pk8param.pem
+ec_pub.pem: ec_prv.sec1.der
+ $(OPENSSL) pkey -in $< -inform DER -outform PEM -pubout -out $@
+all_final += ec_pub.pem
+
+################################################################
+#### Convert PEM keys to DER format
+################################################################
+server1.pubkey.der: server1.pubkey
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += server1.pubkey.der
+
+rsa4096_pub.der: rsa4096_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += rsa4096_pub.der
+
+ec_pub.der: ec_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_pub.der
+
+ec_521_pub.der: ec_521_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_521_pub.der
+
+ec_bp512_pub.der: ec_bp512_pub.pem
+ $(OPENSSL) pkey -pubin -in $< -out $@ -outform DER
+all_final += ec_bp512_pub.der
+
+server1.key.der: server1.key
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += server1.key.der
+
+rsa4096_prv.der: rsa4096_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += rsa4096_prv.der
+
+ec_prv.sec1.der: ec_prv.sec1.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_prv.sec1.der
+
+ec_256_long_prv.der: ec_256_long_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_256_long_prv.der
+
+ec_521_prv.der: ec_521_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_521_prv.der
+
+ec_521_short_prv.der: ec_521_short_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_521_short_prv.der
+
+ec_bp512_prv.der: ec_bp512_prv.pem
+ $(OPENSSL) pkey -in $< -out $@ -outform DER
+all_final += ec_bp512_prv.der
+
################################################################
### Generate CSRs for X.509 write test suite
################################################################
@@ -975,11 +1295,79 @@
# server5*
+server5.csr: server5.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+all_intermediate += server5.csr
+server5.crt: server5-sha256.crt
+ cp $< $@
+all_intermediate += server5-sha256.crt
+server5-sha%.crt: server5.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec) server5.crt.openssl.v3_ext
+ $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -extfile server5.crt.openssl.v3_ext -set_serial 9 -days 3650 \
+ -sha$(@:server5-sha%.crt=%) -in $< -out $@
+all_final += server5.crt server5-sha1.crt server5-sha224.crt server5-sha384.crt server5-sha512.crt
+
+server5-badsign.crt: server5.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server5-badsign.crt
+
# The use of 'Server 1' in the DN is intentional here, as the DN is hardcoded in the x509_write test suite.'
server5.req.ku.sha1: server5.key
- $(MBEDTLS_CERT_REQ) output_file=$@ filename=$< key_usage=digital_signature,non_repudiation subject_name="C=NL,O=PolarSSL,CN=PolarSSL Server 1" md=SHA1
+ $(OPENSSL) req -key $< -out $@ -new -nodes -subj "/C=NL/O=PolarSSL/CN=PolarSSL Server 1" -sha1 -addext keyUsage=digitalSignature,nonRepudiation
all_final += server5.req.ku.sha1
+server5.ku-ds.crt: SERVER5_CRT_SERIAL=45
+server5.ku-ds.crt: SERVER5_KEY_USAGE=digital_signature
+server5.ku-ka.crt: SERVER5_CRT_SERIAL=46
+server5.ku-ka.crt: SERVER5_KEY_USAGE=key_agreement
+server5.ku-ke.crt: SERVER5_CRT_SERIAL=47
+server5.ku-ke.crt: SERVER5_KEY_USAGE=key_encipherment
+server5.eku-cs.crt: SERVER5_CRT_SERIAL=58
+server5.eku-cs.crt: SERVER5_EXT_KEY_USAGE=codeSigning
+server5.eku-cs_any.crt: SERVER5_CRT_SERIAL=59
+server5.eku-cs_any.crt: SERVER5_EXT_KEY_USAGE=codeSigning,any
+server5.eku-cli.crt: SERVER5_CRT_SERIAL=60
+server5.eku-cli.crt: SERVER5_EXT_KEY_USAGE=clientAuth
+server5.eku-srv_cli.crt: SERVER5_CRT_SERIAL=61
+server5.eku-srv_cli.crt: SERVER5_EXT_KEY_USAGE=serverAuth,clientAuth
+server5.eku-srv.crt: SERVER5_CRT_SERIAL=62
+server5.eku-srv.crt: SERVER5_EXT_KEY_USAGE=serverAuth
+server5.ku-%.crt: SERVER5_EXT_OPTS=key_usage=$(SERVER5_KEY_USAGE)
+# The commands for server5.eku-*.crt is invalid because `ext_key_usage` was not supported by
+# `cert_write` in 2.28. This would be fixed by #8083.
+server5.eku-%.crt: SERVER5_EXT_OPTS=ext_key_usage=$(SERVER5_EXT_KEY_USAGE)
+server5.%.crt: server5.key
+ $(MBEDTLS_CERT_WRITE) \
+ subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=$(SERVER5_CRT_SERIAL) \
+ issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) $(SERVER5_EXT_OPTS) \
+ not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
+all_final += server5.ku-ka.crt server5.ku-ke.crt server5.ku-ds.crt
+all_final += server5.eku-cs.crt server5.eku-cs_any.crt server5.eku-cli.crt server5.eku-srv_cli.crt server5.eku-srv.crt
+
+# server6*
+
+server6.csr: server6.key
+ $(OPENSSL) req -new -subj "/C=NL/O=PolarSSL/CN=localhost" \
+ -key $< -out $@
+all_intermediate += server6.csr
+server6.crt: server6.csr $(test_ca_crt_file_ec) $(test_ca_key_file_ec)
+ $(OPENSSL) x509 -req -CA $(test_ca_crt_file_ec) -CAkey $(test_ca_key_file_ec) \
+ -extfile server5.crt.openssl.v3_ext -set_serial 10 -days 3650 -sha256 -in $< -out $@
+all_final += server6.crt
+
+server6-ss-child.csr : server6.key
+ $(OPENSSL) req -new -subj "/CN=selfsigned-child/OU=testing/O=PolarSSL/C=NL" \
+ -key $< -out $@
+all_intermediate += server6-ss-child.csr
+server6-ss-child.crt: server6-ss-child.csr server5-selfsigned.crt server5.key server6-ss-child.crt.openssl.v3_ext
+ $(OPENSSL) x509 -req -CA server5-selfsigned.crt -CAkey server5.key \
+ -extfile server6-ss-child.crt.openssl.v3_ext \
+ -set_serial 0x53a2cb5822399474a7ec79ec \
+ -days 3650 -sha256 -in $< -out $@
+all_final += server6-ss-child.crt
+
+
################################################################
### Generate certificates for CRT write check tests
################################################################
@@ -999,7 +1387,11 @@
# server1*
server1.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
- $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) version=1 not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+ $(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) \
+ issuer_pwd=$(test_ca_pwd_rsa) version=1 \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA1 version=3 output_file=$@
server1.noauthid.crt: server1.key server1.req.sha256 $(test_ca_crt) $(test_ca_key_file_rsa)
$(MBEDTLS_CERT_WRITE) request_file=server1.req.sha256 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA1 authority_identifier=0 version=3 output_file=$@
server1.crt.der: server1.crt
@@ -1040,6 +1432,16 @@
$(OPENSSL) x509 -inform PEM -in $< -outform DER -out $@
all_final += server1.ca.crt server1.ca_noauthid.crt server1.ca.der
+server1-nospace.crt: server1.key test-ca.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial=31\
+ subject_name="C=NL,O=PolarSSL,CN=polarssl.example" \
+ issuer_crt=test-ca.crt issuer_key=$(test_ca_key_file_rsa) \
+ issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=3 authority_identifier=1 \
+ output_file=$@
+all_final += server1-nospace.crt
+
server1_ca.crt: server1.crt $(test_ca_crt)
cat server1.crt $(test_ca_crt) > $@
all_final += server1_ca.crt
@@ -1098,8 +1500,13 @@
crl.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file)
$(OPENSSL) ca -gencrl -batch -cert $(test_ca_crt) -keyfile $(test_ca_key_file_rsa) -key $(test_ca_pwd_rsa) -config $(test_ca_server1_config_file) -md sha1 -crldays 3653 -out $@
-crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) $(test_ca_config_file) test-ca.server1.future-crl.db test-ca.server1.future-crl.opensslconf
- $(FAKETIME) '2028-12-31' $(OPENSSL) ca -gencrl -config test-ca.server1.future-crl.opensslconf -crldays 365 -passin "pass:$(test_ca_pwd_rsa)" -out $@
+crl-futureRevocationDate.pem: $(test_ca_crt) $(test_ca_key_file_rsa) \
+ $(test_ca_config_file) \
+ test-ca.server1.future-crl.db \
+ test-ca.server1.future-crl.opensslconf
+ $(FAKETIME) -f '+10y' $(OPENSSL) ca -gencrl \
+ -config test-ca.server1.future-crl.opensslconf -crldays 365 \
+ -passin "pass:$(test_ca_pwd_rsa)" -out $@
server1_all: crl.pem crl-futureRevocationDate.pem server1.crt server1.noauthid.crt server1.crt.openssl server1.v1.crt server1.v1.crt.openssl server1.key_usage.crt server1.key_usage_noauthid.crt server1.key_usage.crt.openssl server1.cert_type.crt server1.cert_type_noauthid.crt server1.cert_type.crt.openssl server1.der server1.der.openssl server1.v1.der server1.v1.der.openssl server1.key_usage.der server1.key_usage.der.openssl server1.cert_type.der server1.cert_type.der.openssl
@@ -1117,6 +1524,43 @@
$(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=2 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=SHA256 version=3 output_file=$@
all_final += server2-sha256.crt
+server2.ku-ka.crt: SERVER2_CRT_SERIAL=42
+server2.ku-ka.crt: SERVER2_KEY_USAGE=key_agreement
+server2.ku-ke.crt: SERVER2_CRT_SERIAL=43
+server2.ku-ke.crt: SERVER2_KEY_USAGE=key_encipherment
+server2.ku-ds.crt: SERVER2_CRT_SERIAL=44
+server2.ku-ds.crt: SERVER2_KEY_USAGE=digital_signature
+server2.ku-ds_ke.crt: SERVER2_CRT_SERIAL=48
+server2.ku-ds_ke.crt: SERVER2_KEY_USAGE=digital_signature,key_encipherment
+server2.ku-%.crt: server2.req.sha256
+ $(MBEDTLS_CERT_WRITE) request_file=server2.req.sha256 serial=$(SERVER2_CRT_SERIAL) \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ key_usage="$(SERVER2_KEY_USAGE)" \
+ not_before=20190210144406 not_after=20290210144406 md=SHA1 version=3 output_file=$@
+all_final += server2.ku-ka.crt server2.ku-ke.crt server2.ku-ds.crt server2.ku-ds_ke.crt
+
+server2-badsign.crt: server2.crt
+ { head -n-2 $<; tail -n-2 $< | sed -e '1s/0\(=*\)$$/_\1/' -e '1s/[^_=]\(=*\)$$/0\1/' -e '1s/_/1/'; } > $@
+all_final += server2-badsign.crt
+
+# server3*
+
+server3.crt: server3.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=13 \
+ issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA1 version=3 output_file=$@
+all_final += server3.crt
+
+# server4*
+
+server4.crt: server4.key
+ $(MBEDTLS_CERT_WRITE) subject_key=$< subject_name="C=NL,O=PolarSSL,CN=localhost" serial=8 \
+ issuer_crt=$(test_ca_crt_file_ec) issuer_key=$(test_ca_key_file_ec) \
+ not_before=20190210144400 not_after=20290210144400 \
+ md=SHA256 version=3 output_file=$@
+all_final += server4.crt
+
# MD2, MD4, MD5 test certificates
cert_md_test_key = $(cli_crt_key_file_rsa)
@@ -1145,6 +1589,41 @@
$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20000101121212 not_after=20300101121212 md=MD5 version=3 output_file=$@
all_final += cert_md5.crt
+# - test-ca-v1.crt: v1 "CA", signs
+# server1-v1.crt: v1 "intermediate CA", signs
+# server2-v1*.crt: EE cert (without of with chain in same file)
+
+test-ca-v1.crt: $(test_ca_key_file_rsa) test-ca.req.sha256
+ $(MBEDTLS_CERT_WRITE) is_ca=1 serial=25883963888465069501131757029 \
+ request_file=test-ca.req.sha256 \
+ selfsign=1 issuer_name="CN=PolarSSL Test CA v1,OU=testing,O=PolarSSL,C=NL" \
+ issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144400 not_after=20290210144400 md=SHA256 version=1 \
+ output_file=$@
+all_final += test-ca-v1.crt
+
+server1-v1.crt: server1.key test-ca-v1.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial=25883964939897181595909491649 \
+ subject_name="CN=server1/int-ca-v1,OU=testing,O=PolarSSL,C=NL" \
+ issuer_crt=test-ca-v1.crt issuer_key=$(test_ca_key_file_rsa) \
+ issuer_pwd=$(test_ca_pwd_rsa) \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=1 \
+ output_file=$@
+all_final += server1-v1.crt
+
+server2-v1.crt: server2.key server1-v1.crt
+ $(MBEDTLS_CERT_WRITE) subject_key=$< serial=25883965274140956871506900844 \
+ subject_name="CN=server2,OU=testing,O=PolarSSL,C=NL" \
+ issuer_crt=server1-v1.crt issuer_key=server1.key \
+ not_before=20190210144406 not_after=20290210144406 \
+ md=SHA256 version=1 \
+ output_file=$@
+all_final += server2-v1.crt
+
+server2-v1-chain.crt: server2-v1.crt server1-v1.crt
+ cat $^ > $@
+
################################################################
#### Diffie-Hellman parameters
################################################################
@@ -1189,3 +1668,5 @@
neat: clean
rm -f $(all_final)
.PHONY: clean neat
+
+.SECONDARY: $(all_intermediate)
diff --git a/tests/data_files/Readme-x509.txt b/tests/data_files/Readme-x509.txt
index 84c775f..82f93d2 100644
--- a/tests/data_files/Readme-x509.txt
+++ b/tests/data_files/Readme-x509.txt
@@ -76,6 +76,10 @@
-badsign.crt: S5 with corrupted signature
-expired.crt: S5 with "not after" date in the past
-future.crt: S5 with "not before" date in the future
+ -non-compliant.crt: S5, RFC non-compliant
+ (with forbidden EC algorithm identifier NULL parameter)
+ generated by (before fix):
+ cert_write subject_key=server5.key subject_name="CN=Test EC RFC non-compliant" issuer_crt=test-ca2.crt issuer_key=test-ca2.key
-selfsigned.crt: Self-signed cert with S5 key
-ss-expired.crt: Self-signed cert with S5 key, expired
-ss-forgeca.crt: Copy of test-int-ca3 self-signed with S5 key
diff --git a/tests/data_files/cert_example_multi_nocn.crt b/tests/data_files/cert_example_multi_nocn.crt
index 1634846..08bf63c 100644
--- a/tests/data_files/cert_example_multi_nocn.crt
+++ b/tests/data_files/cert_example_multi_nocn.crt
@@ -1,13 +1,16 @@
-----BEGIN CERTIFICATE-----
-MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
-BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE
-BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt
-WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz
-UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ
-81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+MIICfjCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAk5MMB4XDTIzMDUxODAyMDUwMVoXDTMzMDUxODAyMDUwMVowDTELMAkGA1UE
+BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMc4ksXD9HAQCGv4EzXs
+8wEciiUPlYI2HqoelhJVGqz4e3UzC3BXM5zZlfFNTEQ3yL7EoD/kZDzT88kCQz3D
+fFuOeaoJhK6CEzcKv4VpvSo1Ymyx/uSs4EKyQXx75J0nFJssB2uOQz0/bHY6Rpoc
+cA0lnbwIx0D82AI3Yv996/wtAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3
-dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB
-ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB
-bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm
-EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3
+dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4IB
+AQAuomKlMLwSkP3zvGuA9awDdITM/uCzfd77yi60zMNtFHDMu2YZ2npQSl0czab6
+/8fX9goaU8V3cx4KXSLMx7i9AsP1r559Uo3c/4oTZd3xBsElMAn/TXiuujZ2RwdL
+RcMOJerlThOE0dtNdniJj7lPaan70CELP/CUn8KgeWgztQJj4ghfUwnLn6RnpLfl
+YyM/Xq2YbwnQWHXSe3CPTy5RCWalt3SgZf6IDcD6CNq1Q2l14iR78OWnlxGTFmjP
+ez3OzxNT2BZz0AiP0WvTbUtvfuxw9G3fHHe5ClsAopIA3tD246jHOAlqAnOEBC/x
+IABbWjY/briP9U4R6x+mg2ck
-----END CERTIFICATE-----
diff --git a/tests/data_files/crl-ec-sha1.pem b/tests/data_files/crl-ec-sha1.pem
index 8358640..f82d946 100644
--- a/tests/data_files/crl-ec-sha1.pem
+++ b/tests/data_files/crl-ec-sha1.pem
@@ -1,10 +1,10 @@
-----BEGIN X509 CRL-----
-MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
-b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
-MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
+MIIBbjCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQ
+b2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMjMwNTE3MDcx
+NDM5WhcNMzMwNTE3MDcxNDM5WjAUMBICAQoXDTIzMDUxNzA3MTQzOVqgcjBwMG4G
A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
-Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
-svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
-56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
+TDERMA8GA1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMg
+Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2gAMGUCMQCRAtXd7kXgijlMXHXr6m0B
+IzDbpAAwDwCJtgOzarF5hZKGDZeDp6vptGZK0y40NsoCMACxRrXIV+6KUBipFarI
+36yXDoBNol2xzst6p9fOg+prl6p7vO1sRYrIGg1WJGA5wQ==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha256.pem b/tests/data_files/crl-ec-sha256.pem
index adfd5f8..b9fad50 100644
--- a/tests/data_files/crl-ec-sha256.pem
+++ b/tests/data_files/crl-ec-sha256.pem
@@ -1,10 +1,10 @@
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha1-badsign.pem b/tests/data_files/crl-rsa-pss-sha1-badsign.pem
index 7e2a596..d236910 100644
--- a/tests/data_files/crl-rsa-pss-sha1-badsign.pem
+++ b/tests/data_files/crl-rsa-pss-sha1-badsign.pem
@@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
-NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
-WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
-1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
-MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
-AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
-4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
-MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
-mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
-7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
-y6li0JzWNHtkKUlCv2+SESZbD3NU8GQY
+ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
+MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
+WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
+MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
+8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
+ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
+Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
+M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
+IXSTrZJj4WeQMk289pIccMHj5DUSo4u0
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha1.pem b/tests/data_files/crl-rsa-pss-sha1.pem
index 59ca4f7..c129c0c 100644
--- a/tests/data_files/crl-rsa-pss-sha1.pem
+++ b/tests/data_files/crl-rsa-pss-sha1.pem
@@ -1,14 +1,14 @@
-----BEGIN X509 CRL-----
MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
-NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
-WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
-1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
-MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
-AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
-4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
-MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
-mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
-7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
-y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ
+ETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBFw0y
+MzA1MTcwODA3NDlaFw0zMzA1MTcwODA3NDlaMCgwEgIBChcNMjMwNTE3MDgwNzQ5
+WjASAgEWFw0yMzA1MTcwODA3NDlaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NM
+MRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQCMUepEfAXs1G3hDE7rcIPT/AFv/oLQSVwRE8O2G5r4j0CgzN6CSGNi
+8qfFVX6f7ds+QM4pxAXk5FH4QJJkev0ZBQxmA/ZDLEFmmCEfPMsA69nG//Xeq+Xz
+ZOqJpAewmXoP2UUxV5rRpAIr9g9NvDkTT012eQEpoGkJlpxOln1VW+Dk24PCZFWf
+Nf8GMUzUsXfXm7ZdCeuc8ZDYNma0nWAMR9Jw6qaEhyH4Fd/scFvXiF/i4cpVp8Rk
+M71wSrCC0pkFzw4/bYMnf0aHle/lNg5e78SAT+/6PA8pXL7Urc0IufOfxCGwqY27
+IXSTrZJj4WeQMk289pIccMHj5DUSo4uO
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha224.pem b/tests/data_files/crl-rsa-pss-sha224.pem
index a51d5d9..1108b3d 100644
--- a/tests/data_files/crl-rsa-pss-sha224.pem
+++ b/tests/data_files/crl-rsa-pss-sha224.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI
-i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v
-TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e
-Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9
-NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB
-f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D
-a6JSqCIMRCQY2JOUn0A=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4jA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
+MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgQFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA
+4gOCAQEANsElK5qMavcgBXsqgysCIIwEPj+dXdBOwXW17HWh2jcSwAssFNRxhiIc
+PoUjj2fNlbOWXLPoxXBitgkJ31UAYCteGSv3j5P3WEuriVwCG889JEoMWn9U4+f9
+f5jSVNfynyiAOiwpA0TrOhZOAs9SEj742S1pzhsb9yaOXeQXNnDv8HYe3uX9/D9w
+ynot+/EwCYEuvK8XQ6qnV6588NHEAd9x+OcV9pxWrmUE8Muz1KffBwD5+SOW+Taj
+4fKQPcKJoRXOKyLXpOz7yMl/6fCf6h3Qj/H4YI/2gsWI0iduKoXDsuQkMEdPTZvk
+7P88YK3/4MReaZS3sDyhhUrojELPXw==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha256.pem b/tests/data_files/crl-rsa-pss-sha256.pem
index f16a491..26f7935 100644
--- a/tests/data_files/crl-rsa-pss-sha256.pem
+++ b/tests/data_files/crl-rsa-pss-sha256.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4
-oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC
-FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo
-IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X
-ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB
-r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb
-XLdJyyak33CLBKu+nJc=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3jA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc0OVoXDTMzMDUxNzA4MDc0OVowKDASAgEKFw0yMzA1MTcwODA3NDla
+MBICARYXDTIzMDUxNzA4MDc0OVqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgEFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA
+3gOCAQEAHLzvRF0RVQL48ZGVFnTk1nsOHXVHS0UVMItsILurXJ4XrOgN1I7iTzu2
+wYNtgr+T15jwsPdgU+Gg3127vb2Djm0IUX0dCfYpSFRUv8BjaK962ZPjM0rkWhC6
+JUTWSLMAMy4ScqcoC7e4vuN2h4kPOzlvDBIhzWKA03+taAtuIOWjXZu2/Cyeggxs
+oXARKI8BEv4b94xwiFJMoMuzcYAkuDIH4MRYANVgOS/zncCRS9D5ZerfoBt70LKX
+nzJtT4a0XoxbUJeU8MZ0fR5aAHUQulAPA9CMmBsHkSx7pzAAhCwx/vXbnWPyhA6G
+XG6gCKcDR5PZQvQNgi29SLlhRTT5TA==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha384.pem b/tests/data_files/crl-rsa-pss-sha384.pem
index 50f7e4c..45431f0 100644
--- a/tests/data_files/crl-rsa-pss-sha384.pem
+++ b/tests/data_files/crl-rsa-pss-sha384.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco
-SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR
-a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1
-EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs
-y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k
-q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u
-KUH/xf1jEnNzbYNGiZw=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzjA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
+MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgIFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIA
+zgOCAQEAnZvMo3nmKXPV+q4m1CdMA7jUtdanJBHDAv2+LZLq4T1QpyN+nmLEB1yX
+ARN8/5Px47zm7XyZw6HI1Il34MjblAKIPBVXoswj4YLRceijwiG1bxkh1Kz3lcV0
+GCNPNo7tMPii9iATWlVzWBCzx2rLmt/ys0DtNRCMISOYGW1HkyuO28dwA6nUJwSS
+Ddjr3iilavnBdpzddH9AiN5Fm0sfrFBANx79Qyp0/r8hqrv7rT33maeRKj3S4e9G
+zpO6uHPAh9Obo93DxpKpXoMwxDiHv+bwHPO4J1YOiryy/KZmHhzUMPfvP09pGg9f
+zGO/bOyiHGH0Lf4F9JVMxpfitdbtwg==
-----END X509 CRL-----
diff --git a/tests/data_files/crl-rsa-pss-sha512.pem b/tests/data_files/crl-rsa-pss-sha512.pem
index 0f1d651..71f2b7c 100644
--- a/tests/data_files/crl-rsa-pss-sha512.pem
+++ b/tests/data_files/crl-rsa-pss-sha512.pem
@@ -1,16 +1,16 @@
-----BEGIN X509 CRL-----
-MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq
-hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
-MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
-FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
-PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
-A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
-SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F
-ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq
-1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2
-t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU
-p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0
-sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8
-enMfMvwScA5AImzu9xA=
+MIICgjCCATUCAQEwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEcMBoG
+CSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvjA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIz
+MDUxNzA4MDc1MFoXDTMzMDUxNzA4MDc1MFowKDASAgEKFw0yMzA1MTcwODA3NTBa
+MBICARYXDTIzMDUxNzA4MDc1MFqgZzBlMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnV
+ppUP6z68x/3/oT+kPTA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wx
+GTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzAN
+BglghkgBZQMEAgMFAKEcMBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIA
+vgOCAQEAtMPpQMet9BfMRLg0AW9QfL3QkktV7xk++BqYFOYynBiqxjQH4AKu3wU8
+eiGd3+2xNpQd2/sG7UUNo1Vnl9gCHRiT4bje6+CdvvqaZKSgpmsiztbgBAYORriF
+flKOKOOQTxaikqJ4t7vp727JmstADuyizTgOBE0k3V1glas8B0G122YheeHF02S4
++33Nss4hbfbTilR0RccOaqiXzF9bkFsTlD5KgyUFZbFtdy+1zHZLnRUAJA1HmDeP
+r5p2mJxKwXmZzLnw/FPa8fUH665TKYk08AuIpN+VHdPwiBoYHJ2YZJWgM+1qHq1y
+tlyoAOC6beqsh9OfxcQZaEiWbUI9yQ==
-----END X509 CRL-----
diff --git a/tests/data_files/crl.pem b/tests/data_files/crl.pem
index df7417e..5a1bdd3 100644
--- a/tests/data_files/crl.pem
+++ b/tests/data_files/crl.pem
@@ -1,11 +1,11 @@
-----BEGIN X509 CRL-----
MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
-UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTE5MDIwNjE2MzQ0
-NloXDTI5MDIwNjE2MzQ0NlowKDASAgEBFw0xMTAyMTIxMjQ0MDdaMBICAQMXDTEx
-MDIxMjEyNDQwN1owDQYJKoZIhvcNAQEFBQADggEBAGHkRHGDz2HsoiXzfJDBpkfg
-I+yK34O9zoHMyGcDZbF9fj4NVyyNA6XCgY3IgQYe3boA1edO6+8ImjqiZjYK+GWt
-4ne7YhapRFAoFbKQY5hgy8mlpSRlNfmRVVCDDKannMac4tQff1LCFHN8msk/uG1b
-WHWAsL6dzLVojhbUFY6mZTb6nqjm5YgqcsNsz37n4dyrCDftB99FQdE/aAec2RXP
-Jgy9DnY5jMotPqHLZtMyfVNEoivDb7YJA5Vv6NSyiYVTjyWyTHNRsFEXRtHqjpqs
-oZdBgLZAAQsUvuVpMbDKQ4FrZjOaOW/xLtKPlh/HNA5p7hNtwIiCAIvp7uQti0w=
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_ec-rsa.pem b/tests/data_files/crl_cat_ec-rsa.pem
index 3cda8ff..cafa1d4 100644
--- a/tests/data_files/crl_cat_ec-rsa.pem
+++ b/tests/data_files/crl_cat_ec-rsa.pem
@@ -1,21 +1,21 @@
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
diff --git a/tests/data_files/crl_cat_rsa-ec.pem b/tests/data_files/crl_cat_rsa-ec.pem
index ded369d..92ecccc 100644
--- a/tests/data_files/crl_cat_rsa-ec.pem
+++ b/tests/data_files/crl_cat_rsa-ec.pem
@@ -1,21 +1,21 @@
-----BEGIN X509 CRL-----
-MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjI1
-OVoXDTE5MTEyNTEwMjI1OVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
-MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAJYuWdKPdblMVWCnxpMnchuL
-dqWzK2BA0RelCaGjpxuwX3NmLDm+5hKja/DJxaRqTOf4RSC3kcX8CdIldsLO96dz
-//wAQdFPDhy6AFT5vKTO8ItPHDb7qFOqFqpeJi5XN1yoZGTB1ei0mgD3xBaKbp6U
-yCOZJSIFomt7piT4GcgWVHLUmpyHDDeodNhYPrN0jf2mr+ECd9fQJYdz1qm0Xx+Q
-NbKXDiPRmPX0qVleCZSeSp1JAmU4GoCO+96qQUpjgll+6xWya3UNj61f9sh0Zzr7
-5ug2LZo5uBM/LpNR1K3TLxNCcg7uUPTn9r143d7ivJhPl3tEJn4PXjv6mlLoOgU=
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EXDTIzMDUxNzA3MTQz
+OFoXDTMzMDUxNzA3MTQzOFowKDASAgEBFw0yMzA1MTcwNzE0MzhaMBICAQMXDTIz
+MDUxNzA3MTQzOFowDQYJKoZIhvcNAQEFBQADggEBAEKGf/KYnv3EpFiEsPii5f3S
+CEgD0NL44rYIU7n9oBIqgqxP93tDeqwqvv/oDYBA41fugxU63nO5qKn4xszKN/w0
+e3GDg6ihFFz2wO6NE37Wfn3lVIvMbboNyMGqH1CTqTbNcsam8DhvILCMkG60kV66
+pSVGVIJftDzE+33mUundQMYz4wN4QJFGRSfHW745iowF9ejiPsfAn4gO9eLDrRmA
+C0oedNyRLj6jfGRtaQddlCjCAGwNlIJBe/IhixafW9g8deGPHJu8RSlJ/Q77pgjx
+7WccwCz+dWP+uqi8fwgerHYdTjiAvFVu1Yd4KA5WTndzI3wzJwbdZZ08OfDLmyU=
-----END X509 CRL-----
-----BEGIN X509 CRL-----
-MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
-UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
-MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwI
+UG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTIzMDUxNzA3
+MTQ0MFoXDTMzMDUxNzA3MTQ0MFowFDASAgEKFw0yMzA1MTcwNzE0NDBaoHIwcDBu
BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
-TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
-IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
-S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
-g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAOFCq4tS7s27+KShmh4n
+zavpLBQUbqyjkH9dJk0jg862YXjirOu9oCOoWtZQz6/LhQIxAJbtOSwJNq0F/FTq
+NYhP7ibE1jad9Tbs6igtZ7Z9NN7V5upnnL4SVETU9pvy9zh+tw==
-----END X509 CRL-----
diff --git a/tests/data_files/ec_256_long_prv.der b/tests/data_files/ec_256_long_prv.der
new file mode 100644
index 0000000..96e329e
--- /dev/null
+++ b/tests/data_files/ec_256_long_prv.der
Binary files differ
diff --git a/tests/data_files/ec_521_prv.der b/tests/data_files/ec_521_prv.der
new file mode 100644
index 0000000..734714a
--- /dev/null
+++ b/tests/data_files/ec_521_prv.der
Binary files differ
diff --git a/tests/data_files/ec_521_pub.der b/tests/data_files/ec_521_pub.der
new file mode 100644
index 0000000..5b685de
--- /dev/null
+++ b/tests/data_files/ec_521_pub.der
Binary files differ
diff --git a/tests/data_files/ec_521_short_prv.der b/tests/data_files/ec_521_short_prv.der
new file mode 100644
index 0000000..0a1f18c
--- /dev/null
+++ b/tests/data_files/ec_521_short_prv.der
Binary files differ
diff --git a/tests/data_files/ec_bp512_prv.der b/tests/data_files/ec_bp512_prv.der
new file mode 100644
index 0000000..2d9a3de
--- /dev/null
+++ b/tests/data_files/ec_bp512_prv.der
Binary files differ
diff --git a/tests/data_files/ec_bp512_pub.der b/tests/data_files/ec_bp512_pub.der
new file mode 100644
index 0000000..6a8c4c7
--- /dev/null
+++ b/tests/data_files/ec_bp512_pub.der
Binary files differ
diff --git a/tests/data_files/ec_pub.der b/tests/data_files/ec_pub.der
index 74c5951..e4e5915 100644
--- a/tests/data_files/ec_pub.der
+++ b/tests/data_files/ec_pub.der
Binary files differ
diff --git a/tests/data_files/bitstring-in-dn.pem b/tests/data_files/parse_input/bitstring-in-dn.pem
similarity index 100%
rename from tests/data_files/bitstring-in-dn.pem
rename to tests/data_files/parse_input/bitstring-in-dn.pem
diff --git a/tests/data_files/parse_input/cert_example_multi.crt b/tests/data_files/parse_input/cert_example_multi.crt
new file mode 100644
index 0000000..0e3295d
--- /dev/null
+++ b/tests/data_files/parse_input/cert_example_multi.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICojCCAYqgAwIBAgIBETANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwNzEwMTEyNzUyWhcNMjkwNzEwMTEyNzUyWjA6MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGDAWBgNVBAMMD3d3dy5leGFtcGxlLmNvbTCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEAxziSxcP0cBAIa/gTNezzARyKJQ+VgjYeqh6W
+ElUarPh7dTMLcFcznNmV8U1MRDfIvsSgP+RkPNPzyQJDPcN8W455qgmEroITNwq/
+hWm9KjVibLH+5KzgQrJBfHvknScUmywHa45DPT9sdjpGmhxwDSWdvAjHQPzYAjdi
+/33r/C0CAwEAAaM2MDQwMgYDVR0RBCswKYILZXhhbXBsZS5jb22CC2V4YW1wbGUu
+bmV0gg0qLmV4YW1wbGUub3JnMA0GCSqGSIb3DQEBCwUAA4IBAQCJbFizurHz804x
+6NbsvsPPgLcESq0OcGOEXOCOe8seZqomhSYTXtHBzrFtRp2/gmtORq2oapoDDiq+
+I+xRLJYsUBut2NdkZmEIRSW4n4sXJwqb0fXTTkd7EAXBvGNWbERab5Sbf84oqd4t
+yjjz2u+Hvx8hZCHJG2V9qg3zaw5zJT1AfAsMbjXqi8CfU7U+Fcor+O3GeuUVgpJC
+QCXb2Qjj3ZmrCvGZA9x59XtnEN6m2O4pWkmqR/Z7MlQrZzQ80vcQMk9+qoKIr2EJ
+RcJhAtE+dLV19IlccwsDlGx5kT5N5zSYLK9nARV1/AjK48bUxGH353A1Y2MCfy0E
+dXDReJa1
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_example_multi_nocn.crt b/tests/data_files/parse_input/cert_example_multi_nocn.crt
new file mode 100644
index 0000000..1634846
--- /dev/null
+++ b/tests/data_files/parse_input/cert_example_multi_nocn.crt
@@ -0,0 +1,13 @@
+-----BEGIN CERTIFICATE-----
+MIIB/TCCAWagAwIBAgIJAPfGf/jpqWP5MA0GCSqGSIb3DQEBBQUAMA0xCzAJBgNV
+BAYTAk5MMB4XDTE0MDEyMjEwMDQzM1oXDTI0MDEyMjEwMDQzM1owDTELMAkGA1UE
+BhMCTkwwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2pt
+WZftTslU5A3uzqB9oB6q6A7CuxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNz
+UnlGGrqgVyt2FjGzqK/nOJsIi2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ
+81kybdHg6G3eUu1mtKkL2kCVAgMBAAGjZTBjMAkGA1UdEwQCMAAwCwYDVR0PBAQD
+AgXgMEkGA1UdEQRCMECCHHd3dy5zaG90b2thbi1icmF1bnNjaHdlaWcuZGWCFHd3
+dy5tYXNzaW1vLWFiYXRlLmV1hwTAqAEBhwTAqEWQMA0GCSqGSIb3DQEBBQUAA4GB
+ABjx1ytrqCyFC5/0cjWnbLK9vsvLny2ZikDewfRxqJ5zAxGWLqHOr1SmUmu2DrvB
+bkT9g5z19+iMhPnzJz1x7Q2m7WTIJTuUPK+hKZJATDLNhZ86h5Nkw8k9YzKcOrPm
+EIqsy55CSgLU0ntljqSBvSb4ifrF1NnIWej2lSfN6r+3
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_md2.crt b/tests/data_files/parse_input/cert_md2.crt
new file mode 100644
index 0000000..94b89af
--- /dev/null
+++ b/tests/data_files/parse_input/cert_md2.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBCTANBgkqhkiG9w0BAQIFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQyMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQIFAAOC
+AQEAXLWqy34iaZ2YV+5eE1QMV/9m9nQI2X/yumRH1MT1R3oYde/YDV7+HSOM6qLs
+qSgH1DSyXv1YnJww2OyTtAVhPalICLjVjUQCyeUCiFpAIO6Xz1VE6v4GMFLqhlV1
+Nox9dDtR5Go2zwPaH64Ze9GxuDZfW+VnPRNgYOrqqCBnuhnp2uPRfOewus2AAo50
+dx1XTooCEqElQlB9EIPWbvPdJZjRjruCUtDbz+oxG4J4Ml4KCYm+/MyXNPqxV9+H
+5A9oQltuHMWasMWSfXeimQI5PPpdjndmJOhfT4RGmvTw/uNC/Xuy1kPxXQKoocz6
+93U8RQvyJxdIPtQuARNMRZ7G+Q==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_md4.crt b/tests/data_files/parse_input/cert_md4.crt
new file mode 100644
index 0000000..7d0f7cb
--- /dev/null
+++ b/tests/data_files/parse_input/cert_md4.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBBTANBgkqhkiG9w0BAQMFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ0MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQMFAAOC
+AQEArXIW7Dy1hBXMKY8/TAfACqkFZzbGDJdD5ohQknENk6FzUHVw9SVibhi5J+nh
+/mhUhoczFg78T8ZopDcsPHKQTuy0LNcLWhZDD4S4CJCibmsf+8BWmPcSp1tsS9Zj
+etO5qNuUarL74W+rRa3qQcCXcglYTubv/PcCV+LGVqZ4XDlO5EBFJJREAREzG+iK
+Epm2y0mi1WTwjy7m7rxYHs5i5ybDHDDwU55H5wh50Vs4/vDx2kZab2K9gx6V2ggY
+CCYmRWKQHdI4XZBkpYFbbREZxMY4Y5c2PUMlr8GUq6s6eu9/GvmnIx/+EySSfxgv
+9GpN+gnyx03hjYNGO7iX8nPnXA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_md5.crt b/tests/data_files/parse_input/cert_md5.crt
new file mode 100644
index 0000000..e514fd6
--- /dev/null
+++ b/tests/data_files/parse_input/cert_md5.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBBjANBgkqhkiG9w0BAQQFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MDAwMTAxMTIxMjEyWhcNMzAwMTAxMTIxMjEyWjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIENlcnQgTUQ1MIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyHTEzLn5tXnpRdkUYLB9u5Pyax6f
+M60Nj4o8VmXl3ETZzGaFB9X4J7BKNdBjngpuG7fa8H6r7gwQk4ZJGDTzqCrSV/Uu
+1C93KYRhTYJQj6eVSHD1bk2y1RPD0hrt5kPqQhTrdOrA7R/UV06p86jt0uDBMHEw
+MjDV0/YI0FZPRo7yX/k9Z5GIMC5Cst99++UMd//sMcB4j7/Cf8qtbCHWjdmLao5v
+4Jv4EFbMs44TFeY0BGbH7vk2DmqV9gmaBmf0ZXH4yqSxJeD+PIs1BGe64E92hfx/
+/DZrtenNLQNiTrM9AM+vdqBpVoNq0qjU51Bx5rU2BXcFbXvI5MT9TNUhXwIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRxoQBzckAvVHZeM/xSj7zx3WtGITAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQQFAAOC
+AQEAF4QcMshVtVbYgvvU7f2lWakubbAISM/k+FW/f7u63m0MSSoSFeYflBOC1Wf4
+imgDEnWcWTH5V7sxsLNogxfpfTuFUaKfHeQmRhAK4UgqbDEs4dZvgo3wZ/w92G0/
+QNntJefnqaFiITXZTn6J8hxeoEq4QbucbWgeY6fTAwXtIv40BvMOSakkuIFAyIvV
+90VY1j4vnx0/xv5lIBAxah1HdtXhqtDu/sUfdCtWX5SCcVUwwM3gZ4Q1ZdWQmlvF
+737ZG7XaINxsDaI04sJxc7qvuRYhLdCwUPnZL5TGEQJ8jNa/39eEbnkvs7hbTU98
+6qG8UAYsSI7aMe1j7DZpkoPL9w==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha1.crt b/tests/data_files/parse_input/cert_sha1.crt
new file mode 100644
index 0000000..1e23585
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha1.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQDCCAiigAwIBAgIBBzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA9MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGzAZBgNVBAMMElBvbGFyU1NMIENlcnQgU0hBMTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
+v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
+Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
+XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
+65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
+cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
+AaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
+HwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQAD
+ggEBAFAHuWfjOp+GaM5dP3NBaUayXmjbrsY5fo/ysfOVV9xipzbPWvE2Bu679iU1
+Eg+5hME9VlMmQejGzG09ReXE+30gyhtO3vWA8U21YrsL3ybvS6EREHGKk238bIBh
+yDP/b0VuoNsS3xRn9WyH3TRu5re0vK68OSkLIWPd01fgvcfl6YyUY+WuuSrpYcDv
+nrgKvFZws/EE4RNldtRC1Blwy497AtmWBQWs65zj5JkNdNnm4JJqXZAArNh2GSZo
+83C/1ZSFrNo9GONsCJ0GVGEt7IK7FPqXYW7rXi30BRse33ziU7RPWGDT13bh9Rdz
+RqsoZ5h5VjtHOnMUUD99gIWinBE=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha224.crt b/tests/data_files/parse_input/cert_sha224.crt
new file mode 100644
index 0000000..c8a209d
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha224.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCDANBgkqhkiG9w0BAQ4FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjI0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ4F
+AAOCAQEATdo7p7dok8gcxS0dYGluXMOsAEALyHAgvAJSZUt0x8RxemJfpquv4XG/
+rppQmtA5aPf59Fo0z5GcS0zzYFLTQIcLHKnuuG0W6yjhx3e+5J1hjLbv///vvKGN
+jq55z+CANkragMk6XQ/t+iXkh/Fq00FS+zbf1JLaMXOLst5dfv3uPQaJHwzX/EaE
+VdognXxWudNQgIvemindk9TTQon27zBS/z6nwcBCIXMDfesAjcHuBCfxl6pofK6E
+28qs4up/JayptG2CX98LGsEyAgegwTMSYGLJoWcHhrUcbF0fNOcXPgQKGTcZO4Tg
+yPYGbkG9FjgaASc2gTrYVPRZ6mY19g==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha256.crt b/tests/data_files/parse_input/cert_sha256.crt
new file mode 100644
index 0000000..e56d428
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha256.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCTANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMjU2MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQsF
+AAOCAQEAuo8kRDdQj3+rgqbz7bS3ZfBVCqgbQfruRZncP0s3IQJ6g7k6BNfCTO+N
+tIgnCDhnhjK9DS4l1LTkQJKfcd6sfuwBxjHKWGZUqTqHWFm/O5MJwfMpxI305xXE
+evDzh8LK1W3moX5OcT4bx3QsY9I4nqXQkOzjGidxhOXYA2v+X5OhRt3IJ2dzmQQu
+BVXnDbzuchUfP5aeCwW6l7VX+RJOE2zlqO5yt0ejT02E44qtC5sBf24V9ko5LORw
+1J7Zk34QwsKrSPSGxOuoWNwH3fJpgZQImKgJIQCsksJ+A45CK6iz0km8oTiI3Hoo
+2LpE6UNx2M8jiZWVzH1L4tkg4fcCoQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha384.crt b/tests/data_files/parse_input/cert_sha384.crt
new file mode 100644
index 0000000..f8ec10b
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha384.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCjANBgkqhkiG9w0BAQwFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBMzg0MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQwF
+AAOCAQEAeyHm+emo4/QHqEVKj/MYPOsPrrcr5MupNE7WmoUA7SilVUlceIy8ApWR
+MUdwnh7UPkCa6K1yvayknEbHzD2Lv9BLEf5A1/a+F/LmFXiV0kXIFue13u+z7laV
+N/s/jphPVgjPwZiC1ZtOoD7WvSkIInB53j4Q3VCH6EpZxZuDO/u8CGBQ0g+9Eqhn
+W3+4GFnxUPYeN17u/opt16mEPx6WFbRl9hs5wUvND/FCDEJ/9uVNiVYlPYyHKzzq
+e3WXCHLYUKGESQX+85IrnmlwbAb33bM+sAM6naFafXTZEimeEpX3iYrHzhoU7aR7
+piojwAE+Yb3Ac+Hu1fY4CRO4ZHL6Zg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/cert_sha512.crt b/tests/data_files/parse_input/cert_sha512.crt
new file mode 100644
index 0000000..b2254fa
--- /dev/null
+++ b/tests/data_files/parse_input/cert_sha512.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQjCCAiqgAwIBAgIBCzANBgkqhkiG9w0BAQ0FADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA/MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHTAbBgNVBAMMFFBvbGFyU1NMIENlcnQgU0hBNTEyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVh
+Xom/uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq
+1UFDd185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPht
+gSVfCrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1l
+LGTrlZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsu
+pk9wbp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQID
+AQABo00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kC
+pjAfBgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQ0F
+AAOCAQEABnuq7gMU6EWqcmEcj2/wiqOFUBeH9ro0tni9JZzaDAKkBMwoeJ3RP/59
+wY92UZC/SoWPm0yLK25KTwxJhd645a5ZeRk+yi1SG+oXNgZFS03F1Orat0bM5u94
+RtzLRInGzTxhlVS8HPRya2+nEaPT9YNO25vORczPDjtrI82UnysaWiKx1OCPhdP3
+ZySAkX/zE1U8Te0+948C0vmg2aTWCSk5zutryFgHH5UojmmWAkBHpX3tIm8JMRG9
+tvp6fbIDan0LmSsVK8rq5OPSwAKMso6GF4Iuxou/jP2gI+NutenX26wrffSjlPiW
+KksLNj8oL6vIUap28Oh+Gwph02biSQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/cert_v1_with_ext.crt b/tests/data_files/parse_input/cert_v1_with_ext.crt
similarity index 100%
rename from tests/data_files/cert_v1_with_ext.crt
rename to tests/data_files/parse_input/cert_v1_with_ext.crt
diff --git a/tests/data_files/cli-rsa-sha256-badalg.crt.der b/tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der
similarity index 100%
rename from tests/data_files/cli-rsa-sha256-badalg.crt.der
rename to tests/data_files/parse_input/cli-rsa-sha256-badalg.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/crl-ec-sha1.pem b/tests/data_files/parse_input/crl-ec-sha1.pem
new file mode 100644
index 0000000..8358640
--- /dev/null
+++ b/tests/data_files/parse_input/crl-ec-sha1.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBbzCB9gIBATAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQ
+b2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQRcNMTMwOTI0MTYz
+MTA4WhcNMjMwOTIyMTYzMTA4WjAUMBICAQoXDTEzMDkyNDE2MjgzOFqgcjBwMG4G
+A1UdIwRnMGWAFJ1tICRJAT8ry3i1Gbx+JMnb+zZ8oUKkQDA+MQswCQYDVQQGEwJO
+TDERMA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMg
+Q0GCCQDBQ+J+YkPM6DAJBgcqhkjOPQQBA2kAMGYCMQDVG95rrSSl4dJgbJ5vR1GW
+svEuEsAh35EhF1WrcadMuCeMQVX9cUPupFfQUpHyMfoCMQCKf0yv8pN9BAoi3FVm
+56meWPhUekgLKKMAobt2oJJY6feuiFU2YFGs1aF0rV6Bj+U=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha224.pem b/tests/data_files/parse_input/crl-ec-sha224.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha224.pem
rename to tests/data_files/parse_input/crl-ec-sha224.pem
diff --git a/tests/data_files/parse_input/crl-ec-sha256.pem b/tests/data_files/parse_input/crl-ec-sha256.pem
new file mode 100644
index 0000000..adfd5f8
--- /dev/null
+++ b/tests/data_files/parse_input/crl-ec-sha256.pem
@@ -0,0 +1,10 @@
+-----BEGIN X509 CRL-----
+MIIBcTCB9wIBATAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EXDTEzMDkyNDE2
+MzEwOFoXDTIzMDkyMjE2MzEwOFowFDASAgEKFw0xMzA5MjQxNjI4MzhaoHIwcDBu
+BgNVHSMEZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMC
+TkwxETAPBgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVD
+IENBggkAwUPifmJDzOgwCgYIKoZIzj0EAwIDaQAwZgIxAKuQ684s7gyhtxKJr6Ln
+S2BQ02f1jjPHrZVdXaZvm3C5tGi2cKkoK1aMiyC3LsRCuAIxAIMhj0TmcuIZr5fX
+g5RByD7zUnZBpoEAdgxFy4JPJ2IViWOPekSGh8b/JY1VNS6Zbw==
+-----END X509 CRL-----
diff --git a/tests/data_files/crl-ec-sha384.pem b/tests/data_files/parse_input/crl-ec-sha384.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha384.pem
rename to tests/data_files/parse_input/crl-ec-sha384.pem
diff --git a/tests/data_files/crl-ec-sha512.pem b/tests/data_files/parse_input/crl-ec-sha512.pem
similarity index 100%
rename from tests/data_files/crl-ec-sha512.pem
rename to tests/data_files/parse_input/crl-ec-sha512.pem
diff --git a/tests/data_files/crl-idp.pem b/tests/data_files/parse_input/crl-idp.pem
similarity index 100%
rename from tests/data_files/crl-idp.pem
rename to tests/data_files/parse_input/crl-idp.pem
diff --git a/tests/data_files/crl-idpnc.pem b/tests/data_files/parse_input/crl-idpnc.pem
similarity index 100%
rename from tests/data_files/crl-idpnc.pem
rename to tests/data_files/parse_input/crl-idpnc.pem
diff --git a/tests/data_files/crl-malformed-trailing-spaces.pem b/tests/data_files/parse_input/crl-malformed-trailing-spaces.pem
similarity index 100%
rename from tests/data_files/crl-malformed-trailing-spaces.pem
rename to tests/data_files/parse_input/crl-malformed-trailing-spaces.pem
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha1.pem b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem
new file mode 100644
index 0000000..59ca4f7
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha1.pem
@@ -0,0 +1,14 @@
+-----BEGIN X509 CRL-----
+MIICJDCCAQYCAQEwEwYJKoZIhvcNAQEKMAaiBAICAOowOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBFw0x
+NDAxMjAxMzQ2MzVaFw0yNDAxMTgxMzQ2MzVaMCgwEgIBChcNMTMwOTI0MTYyODM4
+WjASAgEWFw0xNDAxMjAxMzQzMDVaoGcwZTBjBgNVHSMEXDBagBS0WuSls97SUva5
+1aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NM
+MRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQC
+AgDqA4IBAQB8ZBX0BEgRcx0lfk1ctELRu1AYoJ5BnsmQpq23Ca4YIP2yb2kTN1ZS
+4fR4SgYcNctgo2JJiNiUkCu1ZnRUOJUy8UlEio0+aeumTNz6CbeJEDhr5NC3oiV0
+MzvLn9rJVLPetOT9UrvvIy8iz5Pn1d8mu5rkt9BKQRq9NQx8riKnSIoTc91NLCMo
+mkCCB55DVbazODSWK19e6yQ0JS454RglOsqRtLJ/EDbi6lCsLXotFt3GEGMrob1O
+7Qck1Z59boaHxGYFEVnx90+4M3/qikVtwZdcBjLEmfuwYvszFw8J2y6Xwmg/HtUa
+y6li0JzWNHtkKUlCv2+SESZbD3NU8GQZ
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha224.pem b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem
new file mode 100644
index 0000000..a51d5d9
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha224.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgShGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIEogQCAgDiMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjA2WhcNMjQwMTE4MTM1NjA2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCBKEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBAEJI
+i9sQOzMvvOTksN48+X+kk/wkLMKRGI222lqU6y6tP1LX3OE/+KN8gPXR+lCC+e0v
+TsRTJkpKEcmHZoP/8kOtZnLb9PdITKGMQnZ+dmn5MFEzZI/zyrYWuJTuK1Q83w0e
+Mc88cAhu8i4PTk/WnsWDphK1Q2YRupmmwWSUpp1Z2rpR+YSCedC01TVrtSUJUBw9
+NSqKDhyWYJIbS6/bFaERswC8xlMRhyLHUvikjmAK36TbIdhTnEffHOPW75sEOEEB
+f0A3VtlZ7y5yt2/a6vOauJCivxKt/PutdHfBqH43QQmoVLWC2FmT9ADTJwcsZB3D
+a6JSqCIMRCQY2JOUn0A=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha256.pem b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem
new file mode 100644
index 0000000..f16a491
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha256.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgGhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIBogQCAgDeMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjE2WhcNMjQwMTE4MTM1NjE2WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCAaEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAEZ4
+oqp9i5eXrN6aCSTaU1j07MVTFW/U1jQAq6GseB6bEvoEXFMUHJsgAObqCK9flfEC
+FEqXqWSo33hhPU7AKKttbDLjUYRNnQAPRUnRIl1/a1+UjqgKchWWD9ityeW8ICxo
+IdATX9reYmPDLIMqTC7zuflYkvrvdEOuBORQP5mn4j8t84MSQF/p4qzaU0XxLo4X
+ckzZCcHpa45AApCDjJMd9onhFVCYsykiYrF9NQFO8TI4lQ5jv79GoufEzvhY1SPB
+r1xz4sMpfyaoPaa3SM2/nD65E5jzXell2u2VWNGKv4zAQP0E5yGel+1rklBltadb
+XLdJyyak33CLBKu+nJc=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha384.pem b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem
new file mode 100644
index 0000000..50f7e4c
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha384.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgKhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAICogQCAgDOMDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjI4WhcNMjQwMTE4MTM1NjI4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCAqEaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBAAco
+SntUGDLBOAu0IIZaVea5Nt1NMsMcppC0hWPuH1LKAwyUODBqpT+0+AuALK0eIdYR
+a7mAB+cv2fFwmwxnQWJ1Fvx4ft/N2AAfB83VRKpSo3xR8bxloHfTWKmyxJHmH9j1
+EYmLS86rj3Nhjf4m/YlQQ3Im5HwOgSgBOE8glq5D+0Wmsi9LsNEZXEzMw7TMUgbs
+y9o/ghYF/shKU4mewK3DeM9gQiTcH5A4ISXR87hBQ08AKJRAG1CLvTyzqWiUUY+k
+q8iZDYF17sHrPi2yn8q9c4zdxiaWDGDdL0Lh90wXGTAageoGEq25TMuL5FpX+u1u
+KUH/xf1jEnNzbYNGiZw=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl-rsa-pss-sha512.pem b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem
new file mode 100644
index 0000000..0f1d651
--- /dev/null
+++ b/tests/data_files/parse_input/crl-rsa-pss-sha512.pem
@@ -0,0 +1,16 @@
+-----BEGIN X509 CRL-----
+MIICejCCATECAQEwPgYJKoZIhvcNAQEKMDGgDTALBglghkgBZQMEAgOhGjAYBgkq
+hkiG9w0BAQgwCwYJYIZIAWUDBAIDogQCAgC+MDsxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBDQRcNMTQwMTIw
+MTM1NjM4WhcNMjQwMTE4MTM1NjM4WjAoMBICAQoXDTEzMDkyNDE2MjgzOFowEgIB
+FhcNMTQwMTIwMTM0MzA1WqBnMGUwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/r
+PrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcG
+A1UEAxMQUG9sYXJTU0wgVGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCG
+SAFlAwQCA6EaMBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBAB9F
+ywBfxOjetxNbCFhOYoPY2jvFCFVdlowMGuxEhX/LktqiBXqRc2r5naQSzuHqO8Iq
+1zACtiDLri0CvgSHlravBNeY4c2wj//ueFE89tY5pK9E6vZp7cV+RfMx2YfGPAA2
+t7tWZ2rJWzELg8cZ8hpjSwFH7JmgJzjE5gi2gADhBYO6Vv5S3SOgqNjiN1OM31AU
+p6GHK5Y1jurF5Zwzs+w3wXoXgpOxxwEC4eiS86c9kNSudwTLvDTU0bYEQE1cF+K0
+sB8QWABFJfuO5kjD2w3rWgmAiOKsZoxd1xrda+WD3JhDXnoVq3oVBIVlWVz6YID8
+enMfMvwScA5AImzu9xA=
+-----END X509 CRL-----
diff --git a/tests/data_files/parse_input/crl_expired.pem b/tests/data_files/parse_input/crl_expired.pem
new file mode 100644
index 0000000..cf60ae4
--- /dev/null
+++ b/tests/data_files/parse_input/crl_expired.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIyMDEwMjQx
+OVoXDTExMDIyMDExMjQxOVowKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQEFBQADggEBAKgP1XmCIPbfY1/UO+SVFQir
+jArZ94QnQdoan4tJ29d8DmTxJ+z9/KyWNoGeOwc9P/2GQQaZahQOBr0f6lYd67Ct
+wFVh/Q2zF8FgRcrQV7u/vJM33Q2yEsQkMGlM7rE5lC972vUKWu/NKq8bN9W/tWxZ
+SFbvTXpv024aI0IRudpOCALnIy8SFhVb2/52IN2uR6qrFizDexMEdSckgpHuJzGS
+IiANhIMn5LdQYJFjPgBzQU12tDdgzcpxtGhT10y4uQre+UbSjw+iVyml3issw59k
+OSmkWFb06LamRC215JAMok3YQO5RnxCR8EjqPcJr+7+O9a1O1++yiaitg4bUjEA=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_md2.pem b/tests/data_files/parse_input/crl_md2.pem
similarity index 100%
rename from tests/data_files/crl_md2.pem
rename to tests/data_files/parse_input/crl_md2.pem
diff --git a/tests/data_files/crl_md4.pem b/tests/data_files/parse_input/crl_md4.pem
similarity index 100%
rename from tests/data_files/crl_md4.pem
rename to tests/data_files/parse_input/crl_md4.pem
diff --git a/tests/data_files/crl_md5.pem b/tests/data_files/parse_input/crl_md5.pem
similarity index 100%
rename from tests/data_files/crl_md5.pem
rename to tests/data_files/parse_input/crl_md5.pem
diff --git a/tests/data_files/crl_sha1.pem b/tests/data_files/parse_input/crl_sha1.pem
similarity index 100%
rename from tests/data_files/crl_sha1.pem
rename to tests/data_files/parse_input/crl_sha1.pem
diff --git a/tests/data_files/crl_sha224.pem b/tests/data_files/parse_input/crl_sha224.pem
similarity index 100%
rename from tests/data_files/crl_sha224.pem
rename to tests/data_files/parse_input/crl_sha224.pem
diff --git a/tests/data_files/parse_input/crl_sha256.pem b/tests/data_files/parse_input/crl_sha256.pem
new file mode 100644
index 0000000..c3ca256
--- /dev/null
+++ b/tests/data_files/parse_input/crl_sha256.pem
@@ -0,0 +1,11 @@
+-----BEGIN X509 CRL-----
+MIIBqzCBlDANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDERMA8GA1UEChMI
+UG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EXDTExMDIxMjE0NDQw
+N1oXDTExMDQxMzE0NDQwN1owKDASAgEBFw0xMTAyMTIxNDQ0MDdaMBICAQMXDTEx
+MDIxMjE0NDQwN1owDQYJKoZIhvcNAQELBQADggEBAG4mBBgwfNynCYYL2CEnqore
+mgKpC32tB6WiUBu9figcvdN3nSX/1wrB8rpiE8R04C8oSFglwhotJCnlWsy42tjb
+0pk0Wuizln0PFMc/OypqRNNhwx31SHH42W4KzONiqvq3n/WkH3M1YniR1ZnMlyvi
+lJioQn6ZAoc6O6mMP1J9duKYYhiMAOV992PD1/iqXw+jYN31RwdIS8/mGzIs4ake
+EdviwhM3E4/sVbNOWCOnZFYV4m+yNAEe29HL1VKw6UXixBczct+brqXNVD3U6T0F
+5ovR6BTefZO17eT52Duke5RZGDUyQOGywxOYKI5W+FcOYdp+U5Idk399tAz2Mdw=
+-----END X509 CRL-----
diff --git a/tests/data_files/crl_sha384.pem b/tests/data_files/parse_input/crl_sha384.pem
similarity index 100%
rename from tests/data_files/crl_sha384.pem
rename to tests/data_files/parse_input/crl_sha384.pem
diff --git a/tests/data_files/crl_sha512.pem b/tests/data_files/parse_input/crl_sha512.pem
similarity index 100%
rename from tests/data_files/crl_sha512.pem
rename to tests/data_files/parse_input/crl_sha512.pem
diff --git a/tests/data_files/parse_input/keyUsage.decipherOnly.crt b/tests/data_files/parse_input/keyUsage.decipherOnly.crt
new file mode 100644
index 0000000..7c37978
--- /dev/null
+++ b/tests/data_files/parse_input/keyUsage.decipherOnly.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICFzCCAYCgAwIBAgIJAJsTzkylb95SMA0GCSqGSIb3DQEBBQUAMD8xCzAJBgNV
+BAYTAkdCMRIwEAYDVQQHDAlDYW1icmlkZ2UxHDAaBgNVBAoME0RlZmF1bHQgQ29t
+cGFueSBMdGQwHhcNMTUwNTEyMTAzNjU1WhcNMTgwNTExMTAzNjU1WjA/MQswCQYD
+VQQGEwJHQjESMBAGA1UEBwwJQ2FtYnJpZGdlMRwwGgYDVQQKDBNEZWZhdWx0IENv
+bXBhbnkgTHRkMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC9nxYOSbha/Ap4
+6rACrOMH7zfDD+0ZEHhbO0bgGRjc5ElvOaNuD321y9TnyAx+JrqPp/lFrAgNiVo1
+HPurPHfcJ+tNBUgBHboWGNENNaf9ovwFPawsBzEZraGnDaqVPEFcIsUQPVqO1lrQ
+CHLUjtqo1hMZDqe/Web0Mw9cZrqOaQIDAQABoxswGTAJBgNVHRMEAjAAMAwGA1Ud
+DwQFAwMH4IAwDQYJKoZIhvcNAQEFBQADgYEAJ0NS2wUbgRelK0qKxrR2Ts6jVYEH
+bmykx3GHjFyKpscDIn2vNyyB7ygfFglZPcw+2mn3xuVIwOV/mWxFvKHk+j2WrTQL
+tDqSC5BhFoR01veFu07JdEYvz+I+NCL5z0IGWXkUrk235Wl4w4WMZDnXTqncMNEk
+fLtpo9y79XD00QY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/multiple_san.crt b/tests/data_files/parse_input/multiple_san.crt
similarity index 100%
rename from tests/data_files/multiple_san.crt
rename to tests/data_files/parse_input/multiple_san.crt
diff --git a/tests/data_files/non-ascii-string-in-issuer.crt b/tests/data_files/parse_input/non-ascii-string-in-issuer.crt
similarity index 100%
rename from tests/data_files/non-ascii-string-in-issuer.crt
rename to tests/data_files/parse_input/non-ascii-string-in-issuer.crt
diff --git a/tests/data_files/server1-ms.req.sha256 b/tests/data_files/parse_input/server1-ms.req.sha256
similarity index 100%
rename from tests/data_files/server1-ms.req.sha256
rename to tests/data_files/parse_input/server1-ms.req.sha256
diff --git a/tests/data_files/parse_input/server1.cert_type.crt b/tests/data_files/parse_input/server1.cert_type.crt
new file mode 100644
index 0000000..34fe4f6
--- /dev/null
+++ b/tests/data_files/parse_input/server1.cert_type.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDUjCCAjqgAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o2AwXjAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zARBglghkgBhvhCAQEEBAMC
+BkAwDQYJKoZIhvcNAQEFBQADggEBAElJPaCG6aFHoymoCrzckPfjENxgXW2czh5t
+TsMPshkzX5p2AU89GBGdy0gQwoPuMtcznsDe4adM6Na8f30YDffATsgDECMIWtV1
+XVYKQIwFmZzEt4B+5sUmyMOLtTuuZBThOLPwOw8e4RnILKOYPHnQNRf6Eap4lFDx
+lp2pAaiXMDWH88gmWoU5XrGTppllYV0IorzJ4xV9Sg3ittNwNO40ehVQDAseFwZH
+iyh9iHz4BqtWjElmQ3hL8N/Cbqp3iN15h2pUgIj8JIt9rCsIZrsG3K42iSlPzEn2
+DCzWQSj9cQNCRVJnwgJAWnC1Hx0YYFQMgQquVxnK15THTGQAeB8=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server1.crt b/tests/data_files/parse_input/server1.crt
new file mode 100644
index 0000000..258da5e
--- /dev/null
+++ b/tests/data_files/parse_input/server1.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDPzCCAiegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zANBgkqhkiG9w0BAQUFAAOC
+AQEAf2k5OiORp60gBNqioC2mIqSXA0CU/qzllt8IvlcMv1V0PAP9f4IEm5mdkERr
+UXjnB1Tr3edrsvXLgZ9vEosbFpNMsKfsmBkpjgWG2ui8pdn8cJiws4k4h5fuueSw
+Ps1FLK5Tfpi+GJyPqk4ha9Ojp2p9opuA0aIfLuxI+0UzXH4wgrEW/Yydowv959gf
+gGSl766CRdUvJbXOeVryFjFTRfLFFNfTvrftZk1dl8tas1nim8xfWet+BZVvq2zY
+C7LeCI9nrfuAxfMJTrWFp17y72+hCDk7NEaB2ZLVuAM/ri7LWrr2V2hLFdIAhfC2
+nUaulRRpGt/ZTISw6uSIumNoNA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.crt.der b/tests/data_files/parse_input/server1.crt.der
similarity index 100%
rename from tests/data_files/server1.crt.der
rename to tests/data_files/parse_input/server1.crt.der
Binary files differ
diff --git a/tests/data_files/server1.ext_ku.crt b/tests/data_files/parse_input/server1.ext_ku.crt
similarity index 100%
rename from tests/data_files/server1.ext_ku.crt
rename to tests/data_files/parse_input/server1.ext_ku.crt
diff --git a/tests/data_files/parse_input/server1.key_usage.crt b/tests/data_files/parse_input/server1.key_usage.crt
new file mode 100644
index 0000000..9d70b00
--- /dev/null
+++ b/tests/data_files/parse_input/server1.key_usage.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDTzCCAjegAwIBAgIBATANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA8MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGjAYBgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMIIBIjAN
+BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/
+uOhFkNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFD
+d185fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVf
+CrFTxjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTr
+lZvc/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9w
+bp7OvViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQAB
+o10wWzAJBgNVHRMEAjAAMB0GA1UdDgQWBBQfdNY/KcF0dEU7BRIsPai9Q1kCpjAf
+BgNVHSMEGDAWgBS0WuSls97SUva51aaVD+s+vMf9/zAOBgNVHQ8BAf8EBAMCBeAw
+DQYJKoZIhvcNAQEFBQADggEBAHM8eESmE8CQvuCw2/w1JSWKaU9cJIvrtpJXavRC
+yMEv6SQL0hxrNZBhFPM8vAiq6zBdic2HwuiZ9N/iEXuCf92SOcK4b/2/Flos0JI5
+quu4eGkwoNrOvfZUcO7SB8JHUvmJtTP+avF3QeRfHo9bHRtnyOs9GXqq+CMZiNgO
+Bw+/tAOml3tV1Uf+yjp6XroWLRNMbvY1Sor4UW6FFMpOii/vlJ4450OlpcJdRU70
+LpHfxjmPNvc9YOPWve75/+CNF9lMi29UoEUYslxMPylZ/L0vYxi+xuvQBTaLiZeP
+CJ59Mc63LEmJNSAwnnV8s2KXL/Okm32lf6sy0fjsrvAdoCc=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.req.commas.sha256 b/tests/data_files/parse_input/server1.req.commas.sha256
similarity index 100%
rename from tests/data_files/server1.req.commas.sha256
rename to tests/data_files/parse_input/server1.req.commas.sha256
diff --git a/tests/data_files/parse_input/server1.req.md4 b/tests/data_files/parse_input/server1.req.md4
new file mode 100644
index 0000000..1558549
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.md4
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBAwUA
+A4IBAQAu8SbWDi5udXrs/lljV+jdHky2BFuVFNxZgj5QvLslffdx2/Tj4MVCsqkY
+tAcy5g/urW1WwHcnJ20PRgt60m3BSUJffdKF/kgRyTN1oBFpApHGAJEHPahR/3Mz
+hMBk4D/r6lga60iUhIfky8o8KU+ovHXROHzGfYaVySatpyJW6tkJOz/1ZKLI4s4K
+HGLFxKBd6bvyuMSCpV31J7ZHPQfSH38VEEaTLJ2QOltWDX5k4DlL/F3I5K4VFWOm
+DMndMXkb7LhL9jcaJJRzEmbX3aMdt2aXhQt2LDFMnMCeSHI014URnQd6IzRQYZPp
+qGZf2UmuJdLeIMzSNX2rZ+SVDX9o
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.md5 b/tests/data_files/parse_input/server1.req.md5
new file mode 100644
index 0000000..57714ed
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.md5
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBAUA
+A4IBAQCEiv3QM4xyKhYTsoOjyzQdXMhsXK3Kpw+Rh874Hf6pXHxUaYy7xLUZUx6K
+x5Bvem1HMHAdmOqYTzsE9ZblAMZNRwv/CKGS3pvMkx/VZwXQhFGlHLFG//fPrgl3
+j4dt20QsWP8LnL4LweYSYI1wt1rjgYRHeF6bG/VIck6BIYQhKOGlzIwWUmfAGym6
+q4SYrd+ObZullSarGGSfNKjIUEpYtfQBz31f5tRsyzSps7oG4uc7Xba4qnl2o9FN
+lWOMEER79QGwr7+T41FTHFztFddfJ06CCjoRCfEn0Tcsg11tSMS0851oLkMm8RyY
+aozIzO82R3Em7aPhZBiBDy3wZC2l
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha1 b/tests/data_files/parse_input/server1.req.sha1
new file mode 100644
index 0000000..578ec7f
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha1
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBBQUA
+A4IBAQCiYQMOv2ALPUeg8wHKn9L5SdDbNxOzuMwhYsCYTw2TJMQO7NLUq6icEzxY
+pUIIFt60JUQjZHxQSY3y9cSivwKXQA7pPfaPaFC/aMA2GxG23t2eaIWNQX8MfcWf
+XAa8bl/vmC1MTov+mP2DGoXRiKYORrEInyDS2RaTathvHckcAv25nCIx7wYO9tC9
+LUwyoE9bhiQ7fo3KFlz4dK1HukyCM/FoPbJuL7NgdzmKVPyYCLh5Ah+TTD6+sltz
+dFc4fj28w1v3jsBXz+tLrgFQidzuUI2poxt5UwU9TKY0dAJaTCtfIRcXW3h6DGG7
+EDR6rim6sbIQkGzYvGqs4TNoJOR+
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha224 b/tests/data_files/parse_input/server1.req.sha224
new file mode 100644
index 0000000..a4f2af4
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha224
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDgUA
+A4IBAQArYR2mLKU5lsHyAyGHr4PlmC/cfePmCRyC/mj1riGTjDlNC2X3J1VZDqKb
+U/uUxLudP7sbuttRksIAREATT74Pa40bMWiPUlBfA/M2mFTmKb/91uXeIISW8DL3
+xM/5BCDrhnZ/cjP23gKDgJRk+IGBNhYZDGz50TIBbDJ2e4GDkFjzANngUW64UcCQ
+7hZOYtnYLBnoRvPwtal5jZqHwsgaPPePXu+SQ8mfuAJwJ78MOCAaKw0IP1h1OnPG
+iubdl34lSIaYWwbHTdjaqUSQG3SSs4oxEvluYymrpZ6XGKXtphJXEPdTRiLu9d9l
+A5NYVgvqHFQPmuXS92zrGzB788pV
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha256 b/tests/data_files/parse_input/server1.req.sha256
new file mode 100644
index 0000000..6d21dc5
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBCwUA
+A4IBAQCVlSU7qeKri7E3u8JCZbCyjsGJTH9iHYyeDZ/nDLig7iKGYvyNmyzJ76Qu
++EntSmL2OtL95Yqooc6h1AQHzoCs+SO2wPoTUs3Ypi9r7vNNVO3ZnnxVtGgqCRVA
+W+z9W4p2mHXQhgW1HkuLa5JD1SvJViyZbx9z3ie1BQ9NVKfv++ArPIv70zBtA7O3
+PZNG1JYN30Esz7RsCDRHbz6Npvu9ggUQL/U3mvQQ+Yo+xhwu1yFV+dRH7PebBeQv
+vjcD2fXDabeofK3zztIpUIyUULX0GGClM9jslgJ/ZHUlArWKpLZph0AgF1Dzts//
+M6c/sRw7gtjXmV0zq2tf2fL4+e2b
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha384 b/tests/data_files/parse_input/server1.req.sha384
new file mode 100644
index 0000000..b857af7
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha384
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDAUA
+A4IBAQBy35zHYLiYaScq1niQkzQ/BScUbdiWd2V90isBsB5Q3NjVoJl/yCaMrla3
+2XfrutpFpdqwenl5jM0o6+enKCmfur+z2/ije69Dju2aBd6A62cx1AEvFiMq7lyF
+4DYJ32+2ty6KA8EhzE3NFs7zKXxmD5ybp+oXNEvXoeU3W8a+Ld5c1K/n+Ipa0TUy
+cFBs6dCsbYO9wI6npwWqC5Hc9r/0zziMFO+4N5VORdYUFqObq4vCYOMXETpl8ryu
+lGZorNUoJ7vV55T31CDqEtb0EE+nO+nT4agfDobncYjvc3WpQuLtUB4UwR5gpZl6
+ZI+j4uwikOgGO9gcx4IjaRP3q63F
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/parse_input/server1.req.sha512 b/tests/data_files/parse_input/server1.req.sha512
new file mode 100644
index 0000000..85d5246
--- /dev/null
+++ b/tests/data_files/parse_input/server1.req.sha512
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgTCCAWkCAQAwPDELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRow
+GAYDVQQDDBFQb2xhclNTTCBTZXJ2ZXIgMTCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6Jv7joRZDb7ogWUtPxQ1BHlhJZ
+ZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVBQ3dfOXwJBEeCsFc5cO2j7BUZ
+HqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYElXwqxU8YwfhU5rPla7n+SnqYF
+W+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk65Wb3P5BXhem2mxbacwCuhQs
+FiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZPcG6ezr1YieJTWZ5uWpJl4og/
+DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEAAaAAMA0GCSqGSIb3DQEBDQUA
+A4IBAQBb8jNpt0nkNVWstVoOCepQSF5R1R9hF0yEr7mk3HB9oO/nK07R1Oamgjw+
+CHQReTSjIKUX53o7ZwNZB5E+jBDsGz/2Yyj/vxNHJFk2exELtW30he8K2omVHE1F
+XESbftCssWLNpTSDq6ME12+llkEDtgCtkv69oRUkuuF5ESUSZRGIZN4Vledm8SM1
+uGFtaG/PXbBbtUaNwNISDeIWDKRtbuca5web+QEi1djiUH21ZWIGEpOy7mtkYmRs
+Qt1D32FoaqFNhafiaxNIXO11yd4lgpaDDlmrOSBsELcTIF9916o3DwMeVXy0GONW
+BrwaO8q8rg+C+xvMY7858Kk8kwjb
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server1_pathlen_int_max-1.crt b/tests/data_files/parse_input/server1_pathlen_int_max-1.crt
similarity index 100%
rename from tests/data_files/server1_pathlen_int_max-1.crt
rename to tests/data_files/parse_input/server1_pathlen_int_max-1.crt
diff --git a/tests/data_files/server1_pathlen_int_max.crt b/tests/data_files/parse_input/server1_pathlen_int_max.crt
similarity index 100%
rename from tests/data_files/server1_pathlen_int_max.crt
rename to tests/data_files/parse_input/server1_pathlen_int_max.crt
diff --git a/tests/data_files/parse_input/server2.crt b/tests/data_files/parse_input/server2.crt
new file mode 100644
index 0000000..0745196
--- /dev/null
+++ b/tests/data_files/parse_input/server2.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDNzCCAh+gAwIBAgIBAjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
+owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
+NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
+tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
+hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNNMEswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJKoZIhvcNAQEFBQADggEBAJklg3Q4
+cB7v7BzsxM/vLyKccO6op0/gZzM4ghuLq2Y32kl0sM6kSNUUmduuq3u/+GmUZN2A
+O/7c+Hw7hDFEIvZk98aBGjCLqn3DmgHIv8ToQ67nellQxx2Uj309PdgjNi/r9HOc
+KNAYPbBcg6MJGWWj2TI6vNaceios/DhOYx5V0j5nfqSJ/pnU0g9Ign2LAhgYpGJE
+iEM9wW7hEMkwmk0h/sqZsrJsGH5YsF/VThSq/JVO1e2mZH2vruyZKJVBq+8tDNYp
+HkK6tSyVYQhzIt3StMJWKMl/o5k2AYz6tSC164+1oG+ML3LWg8XrGKa91H4UOKap
+Awgk0+4m0T25cNs=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.crt.der b/tests/data_files/parse_input/server2.crt.der
similarity index 100%
rename from tests/data_files/server2.crt.der
rename to tests/data_files/parse_input/server2.crt.der
Binary files differ
diff --git a/tests/data_files/parse_input/server3.crt b/tests/data_files/parse_input/server3.crt
new file mode 100644
index 0000000..ed0d696
--- /dev/null
+++ b/tests/data_files/parse_input/server3.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
+CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5
+fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ
+OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/
+pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ
+b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W
+4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm
+DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx
+CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS
+qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb
+kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu
+CAQ1sXmQ
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server4.crt b/tests/data_files/parse_input/server4.crt
new file mode 100644
index 0000000..96b1aa7
--- /dev/null
+++ b/tests/data_files/parse_input/server4.crt
@@ -0,0 +1,18 @@
+-----BEGIN CERTIFICATE-----
+MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL
+vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA
+Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl
+NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5
+bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0
+d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME
+ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA
+wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/
+O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z
+3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-fan.crt b/tests/data_files/parse_input/server5-fan.crt
similarity index 100%
rename from tests/data_files/server5-fan.crt
rename to tests/data_files/parse_input/server5-fan.crt
diff --git a/tests/data_files/parse_input/server5-non-compliant.crt b/tests/data_files/parse_input/server5-non-compliant.crt
new file mode 100644
index 0000000..abea17d
--- /dev/null
+++ b/tests/data_files/parse_input/server5-non-compliant.crt
@@ -0,0 +1,12 @@
+-----BEGIN CERTIFICATE-----
+MIIBwjCCAUagAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0wMTAxMDEwMDAwMDBaFw0zMDEyMzEyMzU5NTlaMCQxIjAgBgNVBAMMGVRlc3Qg
+RUMgUkZDIG5vbi1jb21wbGlhbnQwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
+zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
+wmt3DVXNiioO+gHItO3/o00wSzAJBgNVHRMEAjAAMB0GA1UdDgQWBBRQYaWP1AfZ
+14IBDOVlf4xjRqcTvjAfBgNVHSMEGDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAM
+BggqhkjOPQQDAgUAA2gAMGUCMAJ3J/DooFSaBG2OhzyWai32q6INDZfoS2bToSKf
+gy6hbJiIX/G9eFts5+BJQ3QpjgIxALRmIgdR91BDdqpeF5JCmhgjbfbgMQ7mrMeS
+ZGfNyFyjS75QnIA6nKryQmgPXo+sCQ==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-nonprintable_othername.crt b/tests/data_files/parse_input/server5-nonprintable_othername.crt
similarity index 100%
rename from tests/data_files/server5-nonprintable_othername.crt
rename to tests/data_files/parse_input/server5-nonprintable_othername.crt
diff --git a/tests/data_files/server5-othername.crt b/tests/data_files/parse_input/server5-othername.crt
similarity index 100%
rename from tests/data_files/server5-othername.crt
rename to tests/data_files/parse_input/server5-othername.crt
diff --git a/tests/data_files/parse_input/server5-sha1.crt b/tests/data_files/parse_input/server5-sha1.crt
new file mode 100644
index 0000000..73e2d17
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha1.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHTCCAaSgAwIBAgIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
+MzA5MjQxNjIxMjdaFw0yMzA5MjIxNjIxMjdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
+KoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDY
+IxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6OBnTCBmjAJBgNVHRMEAjAAMB0G
+A1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjBuBgNVHSMEZzBlgBSdbSAkSQE/
+K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFy
+U1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
+KoZIzj0EAQNoADBlAjEAyjvzRWtxbXvkoYTYSQY9gFBpP7/wTZ2q6FbRiAuZULFt
+lc0PMPDfVZChgA6iDH+BAjBdkOb73f2pOwZpMRqrOgqSynbt2uWY87mC5lRlNEoR
+WXEv1AzIeBCv+81DN1Iuu4w=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha224.crt b/tests/data_files/parse_input/server5-sha224.crt
new file mode 100644
index 0000000..47b1168
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha224.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICIDCCAaWgAwIBAgIBEzAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMBA2kAMGYCMQCj0EyFUzDRmfokWzLVEWN0epR4/sZytfIeozp6BqWH
+qaTBdAR2vthIKC7dKuUkg34CMQD6YtB2O9Vso79gbzSen2qh7gK7VvGE+31EVPbR
+Ce/oNG/3OfhRSdn3FOvBBg2UErM=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha384.crt b/tests/data_files/parse_input/server5-sha384.crt
new file mode 100644
index 0000000..5d6a79b
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha384.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBFDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMDA2gAMGUCMQCnsd/6VB2kLIqMRsWdkJvRaQROyAg78CQExFEY3CMv
+9t0kWRXPc4nCMH69RjQVvC4CMB4lk9A7hnX2zQy3bbUhOCOvXcsQdEe8AMgJBviz
+5Nob2wThRqsm1wjCF60fyzXWuA==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server5-sha512.crt b/tests/data_files/parse_input/server5-sha512.crt
new file mode 100644
index 0000000..16112ac
--- /dev/null
+++ b/tests/data_files/parse_input/server5-sha512.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBFTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMEA2gAMGUCMFPL2OI8arcbRlKAbRb/YfGibo4Mwts8KX3fOuRCbXEn
+pDWeb82kBqfXwzPJwamFOwIxAPGzyhWrxn0qEynWV5nzFK02PYBnYFgClISyyudH
+HJGHtbEVRc5JA8ALnggaLVpuvg==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-unsupported_othername.crt b/tests/data_files/parse_input/server5-unsupported_othername.crt
similarity index 100%
rename from tests/data_files/server5-unsupported_othername.crt
rename to tests/data_files/parse_input/server5-unsupported_othername.crt
diff --git a/tests/data_files/parse_input/server5.crt b/tests/data_files/parse_input/server5.crt
new file mode 100644
index 0000000..4597428
--- /dev/null
+++ b/tests/data_files/parse_input/server5.crt
@@ -0,0 +1,14 @@
+-----BEGIN CERTIFICATE-----
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
+2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
+clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
+C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
+fGa5kHvHARBPc8YAIVIqDvHH1Q==
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.req.sha1 b/tests/data_files/parse_input/server5.req.sha1
similarity index 100%
rename from tests/data_files/server5.req.sha1
rename to tests/data_files/parse_input/server5.req.sha1
diff --git a/tests/data_files/server5.req.sha224 b/tests/data_files/parse_input/server5.req.sha224
similarity index 100%
rename from tests/data_files/server5.req.sha224
rename to tests/data_files/parse_input/server5.req.sha224
diff --git a/tests/data_files/server5.req.sha256 b/tests/data_files/parse_input/server5.req.sha256
similarity index 100%
rename from tests/data_files/server5.req.sha256
rename to tests/data_files/parse_input/server5.req.sha256
diff --git a/tests/data_files/server5.req.sha384 b/tests/data_files/parse_input/server5.req.sha384
similarity index 100%
rename from tests/data_files/server5.req.sha384
rename to tests/data_files/parse_input/server5.req.sha384
diff --git a/tests/data_files/server5.req.sha512 b/tests/data_files/parse_input/server5.req.sha512
similarity index 100%
rename from tests/data_files/server5.req.sha512
rename to tests/data_files/parse_input/server5.req.sha512
diff --git a/tests/data_files/server7_all_space.crt b/tests/data_files/parse_input/server7_all_space.crt
similarity index 100%
rename from tests/data_files/server7_all_space.crt
rename to tests/data_files/parse_input/server7_all_space.crt
diff --git a/tests/data_files/parse_input/server7_int-ca.crt b/tests/data_files/parse_input/server7_int-ca.crt
new file mode 100644
index 0000000..d3ddc46
--- /dev/null
+++ b/tests/data_files/parse_input/server7_int-ca.crt
@@ -0,0 +1,47 @@
+-----BEGIN CERTIFICATE-----
+MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
+47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
+MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
+IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
+MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
+AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
+FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
+8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
++gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
+QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
+yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
+TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
+deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
+0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
+OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
+VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
+a8Si6UK5
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
+vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
+wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
+CaBCLhhdK1Fjf8HjkT/PkctWnho8NTwivc9+nqRZjXe/eIcqm5HwjDDhu+gz+o0g
+Vz9MfZNi1JyCrOyNZcy+cr2QeNnNVGnFq8xTxtu6dLunhpmLFj2mm0Vjwa7Ypj5q
+AjpqTMtDvqbRuToyoyzajhMNcCAf7gwzIupJJFVdjdtgYAcQwzikwF5HoITJzzJ2
+qgxF7CmvGZNb7G99mLdLdhtclH3wAQKHYwEGJo7XKyNEuHPQgB+e0cg1SD1HqlAM
+uCfGGTWQ6me7Bjan3t0NzoTdDq6IpKTesbaY+/9e2xn8DCrhBKLXQMZFDZqUoLYA
+kGPOEGgvlPnIIXAawouxCaNYEh5Uw871YMSPT28rLdFr49dwYOtDg9foA8hDIW2P
+d6KXbrZteesvA1nYzEOs+3AjrbT79Md2W8Bz9bqBVNlNOESSqm4kiCJFmslm/6br
+Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
+updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
+a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
+AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
+i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
+Af5cNR8KhzegznL6amRObGGKmX1F
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_pem_space.crt b/tests/data_files/parse_input/server7_pem_space.crt
similarity index 100%
rename from tests/data_files/server7_pem_space.crt
rename to tests/data_files/parse_input/server7_pem_space.crt
diff --git a/tests/data_files/server7_trailing_space.crt b/tests/data_files/parse_input/server7_trailing_space.crt
similarity index 100%
rename from tests/data_files/server7_trailing_space.crt
rename to tests/data_files/parse_input/server7_trailing_space.crt
diff --git a/tests/data_files/parse_input/server9-sha224.crt b/tests/data_files/parse_input/server9-sha224.crt
new file mode 100644
index 0000000..1b05f31
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha224.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo
+PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm
+g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm
+uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR
+B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe
+l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha256.crt b/tests/data_files/parse_input/server9-sha256.crt
new file mode 100644
index 0000000..7d0aa39
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha256.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg
+3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9
+yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H
+V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE
+0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu
+zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha384.crt b/tests/data_files/parse_input/server9-sha384.crt
new file mode 100644
index 0000000..aaa63e6
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha384.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp
+B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI
+aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX
+TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug
+qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg
+s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9-sha512.crt b/tests/data_files/parse_input/server9-sha512.crt
new file mode 100644
index 0000000..a211b92
--- /dev/null
+++ b/tests/data_files/parse_input/server9-sha512.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea
+MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx
+ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
+DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP
+BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
+AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
+uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
+i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
+AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
+36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
+BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
+VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG
+SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR
+6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu
+6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk
+tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU
+6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/
+5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY=
+-----END CERTIFICATE-----
diff --git a/tests/data_files/parse_input/server9.crt b/tests/data_files/parse_input/server9.crt
new file mode 100644
index 0000000..a6f9fbc
--- /dev/null
+++ b/tests/data_files/parse_input/server9.crt
@@ -0,0 +1,19 @@
+-----BEGIN CERTIFICATE-----
+MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
+EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
+HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
+r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
+qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
+wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
+OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
+clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
+vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
+te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
+Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
+88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
+JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
+o4Hl/lqjwCEG
+-----END CERTIFICATE-----
diff --git a/tests/data_files/server9.req.sha1 b/tests/data_files/parse_input/server9.req.sha1
similarity index 100%
rename from tests/data_files/server9.req.sha1
rename to tests/data_files/parse_input/server9.req.sha1
diff --git a/tests/data_files/server9.req.sha224 b/tests/data_files/parse_input/server9.req.sha224
similarity index 100%
rename from tests/data_files/server9.req.sha224
rename to tests/data_files/parse_input/server9.req.sha224
diff --git a/tests/data_files/server9.req.sha256 b/tests/data_files/parse_input/server9.req.sha256
similarity index 100%
rename from tests/data_files/server9.req.sha256
rename to tests/data_files/parse_input/server9.req.sha256
diff --git a/tests/data_files/server9.req.sha384 b/tests/data_files/parse_input/server9.req.sha384
similarity index 100%
rename from tests/data_files/server9.req.sha384
rename to tests/data_files/parse_input/server9.req.sha384
diff --git a/tests/data_files/server9.req.sha512 b/tests/data_files/parse_input/server9.req.sha512
similarity index 100%
rename from tests/data_files/server9.req.sha512
rename to tests/data_files/parse_input/server9.req.sha512
diff --git a/tests/data_files/test-ca-any_policy.crt b/tests/data_files/parse_input/test-ca-any_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy.crt
rename to tests/data_files/parse_input/test-ca-any_policy.crt
diff --git a/tests/data_files/test-ca-any_policy_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-any_policy_ec.crt
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_with_qualifier.crt
rename to tests/data_files/parse_input/test-ca-any_policy_with_qualifier.crt
diff --git a/tests/data_files/test-ca-any_policy_with_qualifier_ec.crt b/tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-any_policy_with_qualifier_ec.crt
rename to tests/data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt
diff --git a/tests/data_files/test-ca-multi_policy.crt b/tests/data_files/parse_input/test-ca-multi_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-multi_policy.crt
rename to tests/data_files/parse_input/test-ca-multi_policy.crt
diff --git a/tests/data_files/test-ca-multi_policy_ec.crt b/tests/data_files/parse_input/test-ca-multi_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-multi_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-multi_policy_ec.crt
diff --git a/tests/data_files/test-ca-unsupported_policy.crt b/tests/data_files/parse_input/test-ca-unsupported_policy.crt
similarity index 100%
rename from tests/data_files/test-ca-unsupported_policy.crt
rename to tests/data_files/parse_input/test-ca-unsupported_policy.crt
diff --git a/tests/data_files/test-ca-unsupported_policy_ec.crt b/tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt
similarity index 100%
rename from tests/data_files/test-ca-unsupported_policy_ec.crt
rename to tests/data_files/parse_input/test-ca-unsupported_policy_ec.crt
diff --git a/tests/data_files/parse_input/test-ca.crt b/tests/data_files/parse_input/test-ca.crt
new file mode 100644
index 0000000..31790b5
--- /dev/null
+++ b/tests/data_files/parse_input/test-ca.crt
@@ -0,0 +1,20 @@
+-----BEGIN CERTIFICATE-----
+MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
+UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
+MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
+A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
+hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
+8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
+zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
+0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
+mtxyUALj2pQxRitopORFQdn7AOY5
+-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt.der b/tests/data_files/parse_input/test-ca.crt.der
similarity index 100%
rename from tests/data_files/test-ca.crt.der
rename to tests/data_files/parse_input/test-ca.crt.der
Binary files differ
diff --git a/tests/data_files/rsa4096_prv.der b/tests/data_files/rsa4096_prv.der
new file mode 100644
index 0000000..86ea818
--- /dev/null
+++ b/tests/data_files/rsa4096_prv.der
Binary files differ
diff --git a/tests/data_files/rsa4096_pub.der b/tests/data_files/rsa4096_pub.der
new file mode 100644
index 0000000..270bf3a
--- /dev/null
+++ b/tests/data_files/rsa4096_pub.der
Binary files differ
diff --git a/tests/data_files/server1-nospace.crt b/tests/data_files/server1-nospace.crt
index 932c236..4c3cb90 100644
--- a/tests/data_files/server1-nospace.crt
+++ b/tests/data_files/server1-nospace.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDhDCCAmygAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwMzI2MDkyMzEyWhcNMjQwMzIzMDkyMzEyWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
+MIIDPjCCAiagAwIBAgIBHzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEHBvbGFyc3NsLmV4YW1wbGUwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCpAh89QGrVVVOL/TbugmUuFWFeib+4
6EWQ2+6IFlLT8UNQR5YSWWSHa/0r4Eb5c77dz5LhkVvtZqBviSl5RYDQg2rVQUN3
Xzl8CQRHgrBXOXDto+wVGR6oMwhHwQVCqf1Mw7Tf3QYfTRBRQGdzEw9A+G2BJV8K
sVPGMH4VOaz5Wu5/kp6mBVvnE5eFtSOS2dQkBtUJJYl1B92mGo8/CRm+rWUsZOuV
m9z+QV4XptpsW2nMAroULBYknErczdD3Umdz8S2gI/1+9DHKLXDKiQsE2y6mT3Bu
ns69WIniU1meblqSZeKIPwyUGaPd5eidlRPtKdurcBLcWsprF6tSglSxAgMBAAGj
-gZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQUH3TWPynBdHRFOwUSLD2ovUNZAqYw
-YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVzdCBD
-QYIBADANBgkqhkiG9w0BAQsFAAOCAQEAXs4vQqlIlxrMbE6IwAHLcGJuz17Ru/en
-H9bUnnSh1pxa+NHMKZHBG3GT0iaxsVtXf56/tXH4+HL7ntJjrczGN1PbhMGPyt94
-556ZgDxkHT9k7KjPAIs9BrjFHvl9NyIZzcbwkiC0qGvdzjSfe3AiSYuhXI/9/Hog
-uUwReH+T2U/ICEHQ5O8aV5nvpgqL3EeEmyx3bu+YXtZMWQUYzX+ya4TnKVPdqwbf
-ebr6v1hLXrUFl6rZ3wEJ6MqUW3SGZRkCVNZUOD6Ky3+EiLwYFhuKGdFqSS0JAAD7
-ZO3yPu5hu3BhAQYavK4Yyfi9IQmubBqxopPwyzjG1HPw2lj+oapH0w==
+TTBLMAkGA1UdEwQCMAAwHQYDVR0OBBYEFB901j8pwXR0RTsFEiw9qL1DWQKmMB8G
+A1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBCwUAA4IB
+AQC8fX3ZiHu6GoYBB5Vo1l6CXXDhHB6r43Pp+BHoOCouiiy4useiPLu5S84gmNoC
+v8ZR+b9lAaysCMHAbth9vgtW+aXckBY6xKo8CsmGXcqZqujD6qrDif5q6UpXa4Oe
+fr6ITkecY4Z9oN/aN5el5zzUd5zkoyQDI5Bn1gMdvV7AwM7Haq+5gTFwM7HJnphz
+GZ8GLxWU1dWeAfsGm58ey6J28OjIkmfP3yL/kBKMhiQZydbH9Y8Yal7YwhayXxES
+i7YwhNmPcGAgDBm5Sno7BvHiIqsNX1sssC3aZUaZvldJGY+4Y9fFZHenBwTREj/S
+CnEgazC2RJ3kYg3mP/QhE0US
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1-v1.crt b/tests/data_files/server1-v1.crt
index 47f1fff..8ca9007 100644
--- a/tests/data_files/server1-v1.crt
+++ b/tests/data_files/server1-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
-MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
-BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
-v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
-Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
-XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
-65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
-cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
-WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
-WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
-G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
-IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
-krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
+MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
+dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
+kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
+fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
+xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
+/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
+vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
+TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
+lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
+Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
+aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
+egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----
diff --git a/tests/data_files/server1.key.der b/tests/data_files/server1.key.der
new file mode 100644
index 0000000..88288d1
--- /dev/null
+++ b/tests/data_files/server1.key.der
Binary files differ
diff --git a/tests/data_files/server1.pubkey.der b/tests/data_files/server1.pubkey.der
new file mode 100644
index 0000000..1a432a4
--- /dev/null
+++ b/tests/data_files/server1.pubkey.der
Binary files differ
diff --git a/tests/data_files/server10-badsign.crt b/tests/data_files/server10-badsign.crt
index eca171f..d4ac4b1 100644
--- a/tests/data_files/server10-badsign.crt
+++ b/tests/data_files/server10-badsign.crt
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX10=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS0=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10-bs_int3.pem b/tests/data_files/server10-bs_int3.pem
index b84cee7..d824c43 100644
--- a/tests/data_files/server10-bs_int3.pem
+++ b/tests/data_files/server10-bs_int3.pem
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX10=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS0=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10.crt b/tests/data_files/server10.crt
index 96a4040..52b5ea0 100644
--- a/tests/data_files/server10.crt
+++ b/tests/data_files/server10.crt
@@ -1,10 +1,10 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3-bs.pem b/tests/data_files/server10_int3-bs.pem
index a9e0615..9a82b17 100644
--- a/tests/data_files/server10_int3-bs.pem
+++ b/tests/data_files/server10_int3-bs.pem
@@ -1,22 +1,22 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWf0=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg10==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_int-ca2.crt b/tests/data_files/server10_int3_int-ca2.crt
index 0df2c65..b585292 100644
--- a/tests/data_files/server10_int3_int-ca2.crt
+++ b/tests/data_files/server10_int3_int-ca2.crt
@@ -1,40 +1,40 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_int-ca2_ca.crt b/tests/data_files/server10_int3_int-ca2_ca.crt
index c25482b..3601a20 100644
--- a/tests/data_files/server10_int3_int-ca2_ca.crt
+++ b/tests/data_files/server10_int3_int-ca2_ca.crt
@@ -1,120 +1,60 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server10_int3_spurious_int-ca2.crt b/tests/data_files/server10_int3_spurious_int-ca2.crt
index c9d6715..87cc476 100644
--- a/tests/data_files/server10_int3_spurious_int-ca2.crt
+++ b/tests/data_files/server10_int3_spurious_int-ca2.crt
@@ -1,30 +1,30 @@
-----BEGIN CERTIFICATE-----
-MIIBWjCCAQCgAwIBAgIBSzAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
-A1UEChMIbWJlZCBUTFMxKDAmBgNVBAMTH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTM0NzU1WhcNMjUwODI5MTM0NzU1WjAUMRIwEAYD
-VQQDEwlsb2NhbGhvc3QwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXq
-oZyychmoCRxzrd4Vu96m47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeY
-Bmskr22rlKjyow0wCzAJBgNVHRMEAjAAMAoGCCqGSM49BAMCA0gAMEUCIQDLc+Io
-rg8VxEbCgVv8iH+kOIEn9MjhpvKzvwUoV+6rjQIgZU/RXAyc1a+H2+soGfNEIOBQ
-AzO3pJx7WJAApZuBX1Q=
+MIIBXTCCAQKgAwIBAgIBSzAMBggqhkjOPQQDAgUAMEoxCzAJBgNVBAYTAlVLMREw
+DwYDVQQKDAhtYmVkIFRMUzEoMCYGA1UEAwwfbWJlZCBUTFMgVGVzdCBpbnRlcm1l
+ZGlhdGUgQ0EgMzAeFw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMBQxEjAQ
+BgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBxt9+na
+peqhnLJyGagJHHOt3hW73qbjs08F6G0QLjppN5eAOcF1/77OcAGsC19cFE1DPwBE
+h5gGaySvbauUqPKjDTALMAkGA1UdEwQCMAAwDAYIKoZIzj0EAwIFAANHADBEAiBw
+JW8c5xNiHIn83+Fx74JiW0IyRKe9TRN3w+MmfcFKwwIgWyjAp/xKOBaQ2ifRqXH6
+3mQUjQNFzHPFpWqjHCp0vS4=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -38,27 +38,27 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1-chain.crt b/tests/data_files/server2-v1-chain.crt
index 84bb6b2..8ac003b 100644
--- a/tests/data_files/server2-v1-chain.crt
+++ b/tests/data_files/server2-v1-chain.crt
@@ -1,38 +1,38 @@
-----BEGIN CERTIFICATE-----
-MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
-ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
-UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
-MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
-ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
-p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
-+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
-4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
-i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
-6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
-3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
-ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
-53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
-GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
-o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
+NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
+A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
+lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
+2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
+Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
+GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
+y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
+CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
+zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
+8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
+UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
+VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDITCCAgkCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA5MTFaGA8yMDI0
-MDYxODEwMDkxMVowTjEaMBgGA1UEAxMRc2VydmVyMS9pbnQtY2EtdjExEDAOBgNV
-BAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKkCHz1AatVVU4v9Nu6CZS4VYV6J
-v7joRZDb7ogWUtPxQ1BHlhJZZIdr/SvgRvlzvt3PkuGRW+1moG+JKXlFgNCDatVB
-Q3dfOXwJBEeCsFc5cO2j7BUZHqgzCEfBBUKp/UzDtN/dBh9NEFFAZ3MTD0D4bYEl
-XwqxU8YwfhU5rPla7n+SnqYFW+cTl4W1I5LZ1CQG1QkliXUH3aYajz8JGb6tZSxk
-65Wb3P5BXhem2mxbacwCuhQsFiScStzN0PdSZ3PxLaAj/X70McotcMqJCwTbLqZP
-cG6ezr1YieJTWZ5uWpJl4og/DJQZo93l6J2VE+0p26twEtxaymsXq1KCVLECAwEA
-ATANBgkqhkiG9w0BAQsFAAOCAQEAPJl3fbVeTJ6gVAvCoLYM8JY5U7ZhrCCdBghw
-WuZBS/TWwf4WLP0G/ZtTyTOENcT0gWHf0/VnXtNPw2/yBjWsLtTXxN2XQlEVf3j/
-WcQxWgSESYdx/sT/uTW6qihuONPWkTQizmx7OG6vBuGx3g54s9/oeJKXOraNqud3
-G4KBrytOazliMfoKO2hnzaeydpaDtb2tZX8apN/6KqQpTAcXsWrZRW9XEHWq2sNz
-IR1nIE1F/9gnqi9Xy0HQprteLRUvM4tEQ35m4H20eS5Y9gJlE/DqXmMQ7aiU8DgP
-krj+Z18pcrssO+Etv0BOiPjmU9TWWpDMj34ef7U/OH5qJxkSrA==
+MIIDHTCCAgUCDFOitscEzU2OvIALwTANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEw
+MTQ0NDA2WjBOMRowGAYDVQQDDBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwH
+dGVzdGluZzERMA8GA1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqQIfPUBq1VVTi/027oJlLhVhXom/uOhF
+kNvuiBZS0/FDUEeWEllkh2v9K+BG+XO+3c+S4ZFb7Wagb4kpeUWA0INq1UFDd185
+fAkER4KwVzlw7aPsFRkeqDMIR8EFQqn9TMO0390GH00QUUBncxMPQPhtgSVfCrFT
+xjB+FTms+Vruf5KepgVb5xOXhbUjktnUJAbVCSWJdQfdphqPPwkZvq1lLGTrlZvc
+/kFeF6babFtpzAK6FCwWJJxK3M3Q91Jnc/EtoCP9fvQxyi1wyokLBNsupk9wbp7O
+vViJ4lNZnm5akmXiiD8MlBmj3eXonZUT7Snbq3AS3FrKaxerUoJUsQIDAQABMA0G
+CSqGSIb3DQEBCwUAA4IBAQBrdYAEzdH6ryyYaolYvp8Fvq0wZxp6Bdcxvi0LUGmb
+TdWcNrPU9IYASc5QSrSWPj0c9vhLVbDZAONfn92thi7C2zQXok2Q3jW038ycNSXN
+lVxFkdY4GYa3E6Og1LVIySyzfyyNuHKKWbB5wZCWbzOgu2Q1MHSNvPhKjbDhyGtT
+Mq3Qy6TyzUFbXMRBixcJC/Cy4zsqvWBanVtBmwlvgE4Q50CUgybzSEIL5j+aPLuW
+aj8j2NRB2+7vPeoWd8ry5YxEKB3DRuXHHyyFnT5O8MpWuCl764qFMc8S/i7yVcmZ
+egZQw0dCmE5J4EGX0BEQEM24ll2e8SxL351hbCQ+EfvF
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2-v1.crt b/tests/data_files/server2-v1.crt
index 7ef7968..990cd4b 100644
--- a/tests/data_files/server2-v1.crt
+++ b/tests/data_files/server2-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDFTCCAf0CDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
-ExFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECxMHdGVzdGluZzERMA8GA1UEChMI
-UG9sYXJTU0wxCzAJBgNVBAYTAk5MMCIYDzIwMTQwNjE5MTAwOTI5WhgPMjAyNDA2
-MTgxMDA5MjlaMEQxEDAOBgNVBAMTB3NlcnZlcjIxEDAOBgNVBAsTB3Rlc3Rpbmcx
-ETAPBgNVBAoTCFBvbGFyU1NMMQswCQYDVQQGEwJOTDCCASIwDQYJKoZIhvcNAQEB
-BQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTNowCI
-p+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKzNtSj
-+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kMtQCQ
-4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8PhYva
-i0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjyaHT4P
-6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAATANBgkqhkiG9w0B
-AQsFAAOCAQEAivCCMBfC5YNeozwp8vAWpiRUakhtO8ysvCfQsZD4tWLlSkrjoUtG
-3RNd9gDVDGb852GswtNMKHJC1AeZuXdh3eBoDBNTXnR/9UkHgWNBy5f+JH2irYrc
-ps5ofpYJZe7K6xQjl+RLc8nfUUaVfS3dJnyLr9k5kg4in48p+hEF6oXDBu2zdufF
-53k/U98FTvFkVisEDFzLXyKX0fAZxfMk4qnEoBflH4fEXfkuuaBUVdoGGIMRLNAW
-GIyRxr+zj+OJL+ZjjAkY4JqtEuUuLjODn//DHI/MkqE0LANOvbb4akpgZsyvSSO3
-o38d1wQHw5+bO+YDqdfIdQXguU5mtS1xAw==
+MIIDETCCAfkCDFOittkjXbxFc/m3bDANBgkqhkiG9w0BAQsFADBOMRowGAYDVQQD
+DBFzZXJ2ZXIxL2ludC1jYS12MTEQMA4GA1UECwwHdGVzdGluZzERMA8GA1UECgwI
+UG9sYXJTU0wxCzAJBgNVBAYTAk5MMB4XDTE5MDIxMDE0NDQwNloXDTI5MDIxMDE0
+NDQwNlowRDEQMA4GA1UEAwwHc2VydmVyMjEQMA4GA1UECwwHdGVzdGluZzERMA8G
+A1UECgwIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAwU2j3efNHdEE10lyuJmsDnjkOjxKzzoTFtBa5M2jAIin7h5r
+lqdStJDvLXJ6PiSa/LY0rCT1d+AmZIycsCh9odrqjObJHJa8/sEEUrM21KP64bF2
+2JDBYbRmUjaiJlOqq3ReB30Zgtsq2B+g2Q0cLUlm91slc0boC4pPaQy1AJDh2oIQ
+Zn2uVCuLZXmRoeJhw81ASQjuaAzxi4bSRr/QuKoRAx5/VqgaHkQYDw+Fi9qLRF7i
+GMZiL8dmjfpd2H3zJ4kpAcWQDj8n8TDISg7v1t7HxydrxwU9esQCPJodPg/oNJhb
+y3NLUpbYEaIsgIhpOVrTD7DeWS8Rx/fqEgEwlwIDAQABMA0GCSqGSIb3DQEBCwUA
+A4IBAQBmzdRQV8c0AbT8+IlPf7EpzfdhBwBtDj7N8GPEHL+NqS1hHt7TH3L7jBN3
+CqLUgrAP1LFmQrjW5IPZYNZEA+LxMMjAehvOH71pBsFGvQOpx2CwmqM86s9FIgIa
+zob7L34+xVEZfmR09PsLiT7gF13ht0HkvVZ2haBU0k3vV97aEVvPtbqrlR6RfLrZ
+8nXBFt5CkzGxepS4wBCW4TrGXxpMJ0WnnhcLJVnExUd6YbzGP+ewXCKegD1wDX6z
+UsEVGDQV97u3tszF43kx0nu/Q5DYMCqJV0kpIsMB467xPnNqyMdGtTbZq2Is8oj6
+VA+fctBdN0CW4jo+qkOif0l/F8Az
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ds.crt b/tests/data_files/server2.ku-ds.crt
index 3bd07d0..d1e1251 100644
--- a/tests/data_files/server2.ku-ds.crt
+++ b/tests/data_files/server2.ku-ds.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDUxWhcNMjQwNDA2MDg0NDUxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBLDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAc4kubASrFXFtplkYp6FUcnUn
-Pf/6laS1htI+3y+q1UHWe2PcagZtCHTCUGBSWLeUIiaIBheaIRqv+4sSFVuXB7hV
-0PGXpO5btth4R8BHzGqCdObKvPujp5BDq3xgcAFicA3HUMNsJoTDv/RYXY7je1Q5
-ntVyVPeji0AWMUYQjcqHTQQPGBgdJrRTMaYglZh15IhJ16ICNd9rWIeBA0h/+r0y
-QuFEBz0nfe7Dvpqct7gJCv+7/5tCujx4LT17z7oK8BZN5SePAGU2ykJsUXk8ZICT
-ongaQQVQwS6/GJ6A5V8ecaUvFrTby1h9+2sOW8n2NRGiaaG5gkvxVeayemcmOQ==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgeAMA0GCSqGSIb3
+DQEBBQUAA4IBAQCcDy5VWW133eL1TesUkejziAz9QNBHvWkKNs0jF6+fRgWgFP5Y
+EE87rQX0Z1XiyTDB4LdKfivRi3TMD7EX8o6q9C3H/ilu5anrgha8WziMrtv/s9IF
+QjpyHdnXGoXmA9uDqQLtucR5yep3ux4mlwS8GG3IUkpkdysNOrVvSARm0ZagQ9tn
+YZyEjGd8wP3jKYNJAB2OdnvX9OqBmEyvSmMucSidkMkdLrUcjmOtz+AkqoRGewwc
+eClstlp8NEuP37q2KLYtbQMpio1Kzsr3PCey1UImKNjauypS2Dpzl1RnmBw+c5En
+SdLMa+ns3odRhF0IvENDhz/mKZJvwtoz/NBz
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ds_ke.crt b/tests/data_files/server2.ku-ds_ke.crt
index ebee7e1..eb23245 100644
--- a/tests/data_files/server2.ku-ds_ke.crt
+++ b/tests/data_files/server2.ku-ds_ke.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MTAwMjQ5WhcNMjQwNDA2MTAwMjQ5WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBMDANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIFoDANBgkqhkiG9w0BAQUFAAOCAQEAnW7+h85xBP2KJzFSpWfGirVe
-ApdC9bX0Z1sVMmD486N+ty9W6BP6kJRxLDX0fOuRc3x7mCy5qZg/Yj40+yQSoA0w
-bTNwJjuR8iMqWIqLw9hWR+E9T4lYLZWyGJVjlVTkO4i5wifwhoJE9Doohh/6crn5
-ImWgEkgT/wDVIHoamciO6KU36d0iAEEP2eYgxv2/sVHvjjsseTdvYh3D3VuOmQtS
-uUvFxc6H5kYoq/yodJWDaOn3RS8pEpDsiW+abcWyxNTPtHFroJV7e9aaVmhlRSzw
-sYDyD/ZyIlavoPSEiD3LTT/Tp6BIpz+zb4WHOHLEvUCsZputqxPVcNoEAi9xuA==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgWgMA0GCSqGSIb3
+DQEBBQUAA4IBAQB6u7D3tAsB75aZEcUfv2XyeLX4P99mzx2yOBSsPaIDTRyv0XoT
+vbgUA7viX/F7I8b2kc6ihRXSu/98c7Vr/uSm0LfV3VMgoAXBCWNg/5c/N3c0YnZ2
+imuv0yeXw5cJI3iYQJmllawdrGgOslfPuO7kqrFt3uGaylITpVLQ7w7iDpPbAFM8
+kPpO6CMyCFi6miQYoZchTTP9X3dpbpNdB2FlSVT55J6TIvH5x4t7XCFJuvYYJxrf
+8I3UFR3OnBR625zUHXJ6uV8yHG5ze+4K2n9CHcyX7zuZ+bB0e8wIS6Xf99M+1ApF
+ESvXwHI0Fu8s/PJ+leD28CRJQMuAOJIYBMnS
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ka.crt b/tests/data_files/server2.ku-ka.crt
index 90f7c4a..ce97e82 100644
--- a/tests/data_files/server2.ku-ka.crt
+++ b/tests/data_files/server2.ku-ka.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDIzWhcNMjQwNDA2MDg0NDIzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBKjANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIDCDANBgkqhkiG9w0BAQUFAAOCAQEAriPloIWfu7U8d1hls97C7OBI
-OiE2xFh2UmuN/9hTK2CyW6MtBf8aG3l4jQDrsutHO0gUyoR67ug4yj+s+0S/zETZ
-q6mPo7cBbVwjhGciQRiYgufFpdnbXR05HDgOVPK7qqjL6UOZnbu5caIEvIJgdwXn
-n8WB9x/Ii4/2S9ysmRdRhDBYekzgH3Ac2UnHJTMh1XaSL817MW6B9BDKHt4xa7pW
-cplDzrFKYbmxSSxzALE4Dr+zRvmDx4bcYpBkRRfOhnnR1caQBgaZzPcX/Vu+vw8e
-qs2nyBW5RBu8MBCBU1DpqOSo6jl0QTpuq3NzQZIouG9fyckqDJS5ibrxQTutPw==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgMIMA0GCSqGSIb3
+DQEBBQUAA4IBAQAxJDMtlqpFHKw5ymqzgfnm0aY51PZOXpsPfoed7Vz2PzSB2eJ0
+JQc+QuLhippy8hnPmPZg/HQ/gedbxFKPiIiYEh86GvnBFozQ+c8sE0h6tJgVOJJi
+ADUNeVJoq03WIroTMqAB0uW0rHB+OFm7uRwIDFr2gWVrKZKg/KsDrxtng2wPOgbU
+xvPRtNyaOZjV0GjuBhWxpPTxXw27e5Mq3MS5B9piZgPXmam5lZdOe0LNrbQShfmP
+4mk4drjdQaUrL3JLpLt8S4oihZU+dOHkYdZVHSAuuGikZK7qPfEdP/yrZTCgtY54
+vXxv47xT9L+pWtiTosBmsy/ewvWprVJIxLh3
-----END CERTIFICATE-----
diff --git a/tests/data_files/server2.ku-ke.crt b/tests/data_files/server2.ku-ke.crt
index 8daa0c1..21e6cf0 100644
--- a/tests/data_files/server2.ku-ke.crt
+++ b/tests/data_files/server2.ku-ke.crt
@@ -1,21 +1,20 @@
-----BEGIN CERTIFICATE-----
-MIIDijCCAnKgAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNDA5MDg0NDM5WhcNMjQwNDA2MDg0NDM5WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
+MIIDRzCCAi+gAwIBAgIBKzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
AQEBBQADggEPADCCAQoCggEBAMFNo93nzR3RBNdJcriZrA545Do8Ss86ExbQWuTN
owCIp+4ea5anUrSQ7y1yej4kmvy2NKwk9XfgJmSMnLAofaHa6ozmyRyWvP7BBFKz
NtSj+uGxdtiQwWG0ZlI2oiZTqqt0Xgd9GYLbKtgfoNkNHC1JZvdbJXNG6AuKT2kM
tQCQ4dqCEGZ9rlQri2V5kaHiYcPNQEkI7mgM8YuG0ka/0LiqEQMef1aoGh5EGA8P
hYvai0Re4hjGYi/HZo36Xdh98yeJKQHFkA4/J/EwyEoO79bex8cna8cFPXrEAjya
-HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaOBnzCBnDAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBSlBehkuNzfYA9QEk1gqGSvTYtDkzBjBgNVHSME
-XDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAsG
-A1UdDwQEAwIFIDANBgkqhkiG9w0BAQUFAAOCAQEAqreLAIuxeLGKbhoEROYRqXxO
-ndaC6uDcpxhgmEW7B2DW6ZtX8155v3ov61MuMas8fEQjD5STDP9qERxNTePnhW3m
-kDZd2jUBE3ioHhTBv47i1PYU+DRe42kY6z0jUmNPK8TsTKfdbqTGXg9THe1KYB7q
-hdljqGS08IgBl/q2lK2OOSycu27xhfb9Mo0BcLBab92WgyBu+cFPQsKiL4mD7QyJ
-+73Ndb21EuANUjsRDQ3NPklssJcyJB2v85eekwk1acZUG21no3wdTvjxhVE/Xrdz
-zUP9WkvAVfUrwGjUzG4YHE8wkHO7xKbKixNt+nQmDhe+tHVbztZjVwFJ8010gg==
+HT4P6DSYW8tzS1KW2BGiLICIaTla0w+w3lkvEcf36hIBMJcCAwEAAaNdMFswCQYD
+VR0TBAIwADAdBgNVHQ4EFgQUpQXoZLjc32APUBJNYKhkr02LQ5MwHwYDVR0jBBgw
+FoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDgYDVR0PAQH/BAQDAgUgMA0GCSqGSIb3
+DQEBBQUAA4IBAQCeNpH2eSUXpq0CPlE6P1/bJW2f0vKFWMnZ6B3eFCdMCcKJ6LYV
+BA1Dn5G5HEW4mBMJfyMwD5sklyEzQDCgIDjws+BRUflMr71AerfesHIGdW4jAw10
+aWwFMeszzZ54ZahX2GHPcwWfTccSf9tpSaRMlNBEIz8lfb2iEZ2HR9eAmAqYgtR1
+RbYcsNfC0oBYOCTRmvXi+wpGcUWn+VbIv6rHrQYnWXiPAuPJUqIpM0x9q0kT6NCi
+LfdhaVV2DPnvBYGRcXX78JK5/MQt/sv4JSefRpvxpVQCmbo0amz7hUMHGCflAbro
+FpyBlfcpj0lSRoaU9x0mCYzqwDYd+4NJZUGT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server3.crt b/tests/data_files/server3.crt
index ed0d696..46987c3 100644
--- a/tests/data_files/server3.crt
+++ b/tests/data_files/server3.crt
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICojCCAYqgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwODA5MDkxNzAzWhcNMjMwODA3MDkxNzAzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
+MIICXDCCAUSgAwIBAgIBDTANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBJMBMGByqGSM49AgEG
CCqGSM49AwEBAzIABH0AoQyUhPABS38y67uEVs4O3RXmKKrBdUR7/L2QPB8EC2p5
-fQcsej6EFasvlTdJ/6OBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTkF2s2sgaJ
-OtleQ7bgZH2Hq33eNzBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/
-pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQ
-b2xhclNTTCBUZXN0IENBggEAMA0GCSqGSIb3DQEBBQUAA4IBAQBjmSIjGKD1eH5W
-4bl2MXfNIsTwc2vv/MAAhBzBEbTXd3T37+zAGPGjKncvTB+oufUVRGkoKbfoC6Jm
-DYSEUuxtnUZOko/C//XlCEtK0TuS2aLEqF3gJjBJTCfthEdAhJCtmPAQDCzeKsdx
-CoOtH0NQx6Xl64oDt2wYSQNWUTGLPfRpdsVEvBHhHYATQijkl2ZH8BDjsYcBicrS
-qmCeN+0T1B9vrOQVEZe+fwgzVL38n8lkJZNPIbdovA9WLHwXAEzPv4la3w0qh4Tb
-kSb8HtILl4I474QxrFywylyXR/p2znPleRIRgB5HtUp9tLSWkB0bwMlqQlg2EHXu
-CAQ1sXmQ
+fQcsej6EFasvlTdJ/6NNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU5BdrNrIGiTrZ
+XkO24GR9h6t93jcwHwYDVR0jBBgwFoAUtFrkpbPe0lL2udWmlQ/rPrzH/f8wDQYJ
+KoZIhvcNAQEFBQADggEBAKSCuGCXcpDrVwRVgHVlUsxACRDUH2QirsLFAUk1CGsR
+SniBgWi+5KGK8fd3Tf+GkVeIZocaf7tnKm0YJg8W5QPDnwrMD2L1SjYFgc7r1G4f
+579FOo0qRKdJabTV0e022XFyN77JJHAm8RkjZEnzUuW7k8/RohY8NBzh+KACyHOi
+96DhGsBp9LG6QIKB1rxiNx4wq3WUygaMgImoaDRqgAFxJjwRBEhcsWtU2AmoOKdO
+hzQp+EzEjn04+ScJpMzMF4FY+kLaz9PlvEO61aQuZsC2fUmk+M6q8xcBNEdoFNvv
+0cOl5Liuewb32srAZWCMpbHFxaT9Nd3TxJwFxFCJpvc=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server4.crt b/tests/data_files/server4.crt
index 96b1aa7..2b4134d 100644
--- a/tests/data_files/server4.crt
+++ b/tests/data_files/server4.crt
@@ -1,18 +1,17 @@
-----BEGIN CERTIFICATE-----
-MIIC6jCCAnCgAwIBAgIBCDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcN
-AQEBBQADggEPADCCAQoCggEBAKvXjL5VfYc7D/truqEpYcZcvlUhnuCNDJctYDJL
-vgYYj5uxDxLHBXvnEHLgO5K+lps42p+r/dd4oE64ttRoeZZUvr+7eBnW35n0EpPA
-Ik9Gwu+vg7GfxmifgIR8hZnOQkt2OjvvpChPCxvUailtB450Izh+mEK/hYFr+7Jl
-NnxR1XQlbbyDM7Ect1HwYcuS3MBlBqq048J+0KEkQXICSjKeHFga9eDCq+Jyfqe5
-bt0K30hl1N0164B7aoh08Eomme+aSuAsz+MsJ3m7AO2DUYdrDxlrky1QrvRWWfX0
-d8djTM+uHTo1DviRM6o9+P9DfoFd53/Z0Km03sVLQWvUrhECAwEAAaOBnTCBmjAJ
-BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTBuBgNVHSME
-ZzBlgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkA
-wUPifmJDzOgwCgYIKoZIzj0EAwIDaAAwZQIxAPWlxnMcjBaxaVieQYSLBqzizS3/
-O8Na6owRGPk0/UK+j5O9NTBHk+uXW/fQblKamQIwUQl4dl6gkRDE4rBR/yGjZZ1Z
-3dEpvL2Wimt3keD7AcLpYB2FJ1mVcY1XQUeK1Vfc
+MIICnTCCAiGgAwIBAgIBCDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDBaFw0yOTAyMTAxNDQ0MDBaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIIBIjANBgkqhkiG
+9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9eMvlV9hzsP+2u6oSlhxly+VSGe4I0Mly1g
+Mku+BhiPm7EPEscFe+cQcuA7kr6Wmzjan6v913igTri21Gh5llS+v7t4GdbfmfQS
+k8AiT0bC76+DsZ/GaJ+AhHyFmc5CS3Y6O++kKE8LG9RqKW0HjnQjOH6YQr+FgWv7
+smU2fFHVdCVtvIMzsRy3UfBhy5LcwGUGqrTjwn7QoSRBcgJKMp4cWBr14MKr4nJ+
+p7lu3QrfSGXU3TXrgHtqiHTwSiaZ75pK4CzP4ywnebsA7YNRh2sPGWuTLVCu9FZZ
+9fR3x2NMz64dOjUO+JEzqj34/0N+gV3nf9nQqbTexUtBa9SuEQIDAQABo00wSzAJ
+BgNVHRMEAjAAMB0GA1UdDgQWBBTAlAm1+0L41mhqYWjFiejsRVrGeTAfBgNVHSME
+GDAWgBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDB
+ek00E3uHPwnUDBVAPRJThsj2mQr/MSCTwRMNXnNlki9Lux0qGd6uvhp5v31I7V0C
+MDiCHwEm55sU4gWrAxYVKVVV9qMTG2Moy4YnJDDlxwpyXPta5Ac2FV+0AbInBXSM
+Bg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-badsign.crt b/tests/data_files/server5-badsign.crt
index 0c65072..b641f70 100644
--- a/tests/data_files/server5-badsign.crt
+++ b/tests/data_files/server5-badsign.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICIDCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM2WhcNMzMwNTE0MDcxMDM2WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
-C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
-fGa5kHvHARBPc8YAIVIqDvHH1A==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQDg6p7PPfr2+n7nGvya3pU4ust3k7Obk4/tZX+uHHRQ
+qaccsyULeFNzkyRvWHFeT5sCMQCzDJX79Ii7hILYza/iXWJe/BjJEE8MteCRGXDN
+06jC+BLgOH1KQV9ArqEh3AhOhE0=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-der0.crt b/tests/data_files/server5-der0.crt
index 08d8dd3..1e0a008 100644
--- a/tests/data_files/server5-der0.crt
+++ b/tests/data_files/server5-der0.crt
Binary files differ
diff --git a/tests/data_files/server5-der1a.crt b/tests/data_files/server5-der1a.crt
index 015017b..c143298 100644
--- a/tests/data_files/server5-der1a.crt
+++ b/tests/data_files/server5-der1a.crt
Binary files differ
diff --git a/tests/data_files/server5-der1b.crt b/tests/data_files/server5-der1b.crt
index 6340d9e..6989679 100644
--- a/tests/data_files/server5-der1b.crt
+++ b/tests/data_files/server5-der1b.crt
Binary files differ
diff --git a/tests/data_files/server5-der2.crt b/tests/data_files/server5-der2.crt
index c6e320a..56ad14c 100644
--- a/tests/data_files/server5-der2.crt
+++ b/tests/data_files/server5-der2.crt
Binary files differ
diff --git a/tests/data_files/server5-der4.crt b/tests/data_files/server5-der4.crt
index 4af05cc..4ceed41 100644
--- a/tests/data_files/server5-der4.crt
+++ b/tests/data_files/server5-der4.crt
Binary files differ
diff --git a/tests/data_files/server5-der8.crt b/tests/data_files/server5-der8.crt
index 65be7dc..07ffd2f 100644
--- a/tests/data_files/server5-der8.crt
+++ b/tests/data_files/server5-der8.crt
Binary files differ
diff --git a/tests/data_files/server5-der9.crt b/tests/data_files/server5-der9.crt
index 4947f1f..aa8f9a1 100644
--- a/tests/data_files/server5-der9.crt
+++ b/tests/data_files/server5-der9.crt
Binary files differ
diff --git a/tests/data_files/server5-selfsigned.crt b/tests/data_files/server5-selfsigned.crt
index cb55647..0eafe70 100644
--- a/tests/data_files/server5-selfsigned.crt
+++ b/tests/data_files/server5-selfsigned.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzTCCAXKgAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
-BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
-U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY0M1oYDzIwMjQwNjE4MTEz
-NjQzWjBHMRMwEQYDVQQDEwpzZWxmc2lnbmVkMRAwDgYDVQQLEwd0ZXN0aW5nMREw
-DwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIBBggqhkjO
-PQMBBwNCAAQ3zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/q
-L9I0XV0WvYqIwmt3DVXNiioO+gHItO3/o0AwPjAMBgNVHRMBAf8EAjAAMA8GA1Ud
-DwEB/wQFAwMHgAAwHQYDVR0OBBYEFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqG
-SM49BAMCA0kAMEYCIQCf/bzFoge0pCOIrtHrABgc1+Cl9kjlsICpduXhdHUMOwIh
-AOJ+nBHfaEGyF4PRJvn/jMDeIaH1zisinVzC2v+JQOWq
+MIIBxzCCAW2gAwIBAgIMU6LLSxJOrYN9qJSyMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwMjQ5NTdaFw0zMzA1MDYwMjQ5NTda
+MEcxEzARBgNVBAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNV
+BAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqGSM49AwEH
+A0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA2CMR/+ov0jRd
+XRa9iojCa3cNVc2KKg76Aci07f+jPzA9MAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/
+BAQDAgeAMB0GA1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQD
+AgNIADBFAiAXiJxDrd5aLzGB/Uc3kYBIBuSUIMGvol2c8EvwmF3zmQIhAPFrKMgA
+s2awzo/PBB5gFTkDub88wRYwS1R9JPYCXUO0
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha1.crt b/tests/data_files/server5-sha1.crt
index 73e2d17..6c14183 100644
--- a/tests/data_files/server5-sha1.crt
+++ b/tests/data_files/server5-sha1.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHTCCAaSgAwIBAgIBEjAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0x
-MzA5MjQxNjIxMjdaFw0yMzA5MjIxNjIxMjdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
-VQQKEwhQb2xhclNTTDESMBAGA1UEAxMJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
+MIICHjCCAaSgAwIBAgIBCTAJBgcqhkjOPQQBMD4xCzAJBgNVBAYTAk5MMREwDwYD
+VQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAeFw0y
+MzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5MMREwDwYD
+VQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0CAQYI
KoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDY
IxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6OBnTCBmjAJBgNVHRMEAjAAMB0G
A1UdDgQWBBRQYaWP1AfZ14IBDOVlf4xjRqcTvjBuBgNVHSMEZzBlgBSdbSAkSQE/
-K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFy
-U1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
-KoZIzj0EAQNoADBlAjEAyjvzRWtxbXvkoYTYSQY9gFBpP7/wTZ2q6FbRiAuZULFt
-lc0PMPDfVZChgA6iDH+BAjBdkOb73f2pOwZpMRqrOgqSynbt2uWY87mC5lRlNEoR
-WXEv1AzIeBCv+81DN1Iuu4w=
+K8t4tRm8fiTJ2/s2fKFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFy
+U1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggkAwUPifmJDzOgwCQYH
+KoZIzj0EAQNpADBmAjEAnbhJ4O/x6bcBgB0FnX44q9j9pjBYHN9ZK59bHxqerhyJ
+12DlVbNoOonlkFYVUsgCAjEAmnUolKu+XUtS2is3d0M2V6cPwZxq5qI0+wBR79/p
+NRjFOlyP69OWs9CI2cyYLbGc
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha224.crt b/tests/data_files/server5-sha224.crt
index 47b1168..ad01b10 100644
--- a/tests/data_files/server5-sha224.crt
+++ b/tests/data_files/server5-sha224.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICIDCCAaWgAwIBAgIBEzAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDATA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMBA2kAMGYCMQCj0EyFUzDRmfokWzLVEWN0epR4/sZytfIeozp6BqWH
-qaTBdAR2vthIKC7dKuUkg34CMQD6YtB2O9Vso79gbzSen2qh7gK7VvGE+31EVPbR
-Ce/oNG/3OfhRSdn3FOvBBg2UErM=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMBA2gAMGUCMQDlCvtvCAgJDiGQnqOYwzmeafyyNbpSRZwcpV84FSkm
+pwKw2jTv3WaXujSNu7B62GoCME97oLBGSgiOMD5QUEdOjABkCV4E2slyvk4Gk71c
+9e92VgA3rKPRXlvwACPsbFIQJQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha384.crt b/tests/data_files/server5-sha384.crt
index 5d6a79b..7de6f8c 100644
--- a/tests/data_files/server5-sha384.crt
+++ b/tests/data_files/server5-sha384.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBFDAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAzA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMDA2gAMGUCMQCnsd/6VB2kLIqMRsWdkJvRaQROyAg78CQExFEY3CMv
-9t0kWRXPc4nCMH69RjQVvC4CMB4lk9A7hnX2zQy3bbUhOCOvXcsQdEe8AMgJBviz
-5Nob2wThRqsm1wjCF60fyzXWuA==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMDA2gAMGUCMQDPV3rbJX6rigR5SJQGNzqfreq8Y3O+mlAQkuo9sicU
+llVXjN3g41dOJmaEO2yHjMQCMCecXLQsYjQn2wPh/XyE+PL48Yp0+Y6+HEHCjLk3
+JOTQqo73a9xN+yhrud2ssT830w==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-sha512.crt b/tests/data_files/server5-sha512.crt
index 16112ac..8bea8c2 100644
--- a/tests/data_files/server5-sha512.crt
+++ b/tests/data_files/server5-sha512.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
-MIICHzCCAaWgAwIBAgIBFTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTYyMTI3WhcNMjMwOTIyMTYyMTI3WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+MIICHjCCAaWgAwIBAgIBCTAKBggqhkjOPQQDBDA+MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMEA2gAMGUCMFPL2OI8arcbRlKAbRb/YfGibo4Mwts8KX3fOuRCbXEn
-pDWeb82kBqfXwzPJwamFOwIxAPGzyhWrxn0qEynWV5nzFK02PYBnYFgClISyyudH
-HJGHtbEVRc5JA8ALnggaLVpuvg==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMEA2cAMGQCMEekbPD8GQQmK1uJ3wXgC/VdRdfmEBM/urkmXYINcHrz
+E6xLpFE/jxZ0wb5SXteLtQIwZ8ZJIDLnxGciX/mtfx0dOII3bna72yRkGfT+0b/C
+sj9KvVuQ0y1oaP9Rbg35dbcH
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5-ss-forgeca.crt b/tests/data_files/server5-ss-forgeca.crt
index 2265bf5..cf5bd6d 100644
--- a/tests/data_files/server5-ss-forgeca.crt
+++ b/tests/data_files/server5-ss-forgeca.crt
@@ -1,11 +1,11 @@
-----BEGIN CERTIFICATE-----
-MIIBlDCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
+MIIBkzCCATmgAwIBAgIBTTAKBggqhkjOPQQDAjBKMQswCQYDVQQGEwJVSzERMA8G
A1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRlc3QgaW50ZXJtZWRp
-YXRlIENBIDMwHhcNMTUwOTAxMTEwODQzWhcNMjUwODI5MTEwODQzWjBKMQswCQYD
+YXRlIENBIDMwHhcNMjMwNTE3MDkxNDIxWhcNMzMwNTE0MDkxNDIxWjBKMQswCQYD
VQQGEwJVSzERMA8GA1UECgwIbWJlZCBUTFMxKDAmBgNVBAMMH21iZWQgVExTIFRl
c3QgaW50ZXJtZWRpYXRlIENBIDMwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQ3
zFbZdgkeWnI+x1kt/yBu7nz5BpF00K0UtfdoIllikk7lANgjEf/qL9I0XV0WvYqI
-wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0kA
-MEYCIQDBFcXh+IloVYbMiHfCFhw6cYJsj7PZXuTdDMMkNbyJNAIhALz7fBVAMYz9
-/g48bLdYT47LOc9QNuaboLIxsq5RseJL
+wmt3DVXNiioO+gHItO3/oxAwDjAMBgNVHRMEBTADAQH/MAoGCCqGSM49BAMCA0gA
+MEUCIQD0f3GH9cEJ7cJWPIfwAL/1cGREqO//O/1XggWZv/clnQIgQmlMzGzuUDHq
+/mTgGQ9ceSAB9B9im9rcgY6DRFZULnY=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.crt b/tests/data_files/server5.crt
index 4597428..a95bbf4 100644
--- a/tests/data_files/server5.crt
+++ b/tests/data_files/server5.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICHzCCAaWgAwIBAgIBCTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNjE1MDMzNDE4WhcNMzMwNjEyMDMzNDE4WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2gAMGUCMQCaLFzXptui5WQN8LlO3ddh1hMxx6tzgLvT03MTVK2S
-C12r0Lz3ri/moSEpNZWqPjkCMCE2f53GXcYLqyfyJR078c/xNSUU5+Xxl7VZ414V
-fGa5kHvHARBPc8YAIVIqDvHH1Q==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2gAMGUCMAHFbGEzx8dZaUlIltT5s1QO9FvKmvFer4uRY3ntEy9S
+k7DCCozM86WWLjfzbJ78bwIxAJYRPF1CzNEiXPHb9O46ZPHKo2S5x//g/54RowAK
+uZz+hKPuMi6YY6cIm81jfeaSZQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.crt.der b/tests/data_files/server5.crt.der
index 08d8dd3..2cb2ae5 100644
--- a/tests/data_files/server5.crt.der
+++ b/tests/data_files/server5.crt.der
Binary files differ
diff --git a/tests/data_files/server5.crt.openssl.v3_ext b/tests/data_files/server5.crt.openssl.v3_ext
new file mode 100644
index 0000000..594e90a
--- /dev/null
+++ b/tests/data_files/server5.crt.openssl.v3_ext
@@ -0,0 +1,3 @@
+basicConstraints = CA:false
+subjectKeyIdentifier=hash
+authorityKeyIdentifier=keyid:always,issuer:always
diff --git a/tests/data_files/server5.eku-cli.crt b/tests/data_files/server5.eku-cli.crt
index 8aa2e44..8d04559 100644
--- a/tests/data_files/server5.eku-cli.crt
+++ b/tests/data_files/server5.eku-cli.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB5DCCAWmgAwIBAgIBPDAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTIxWhcNMjQwNDA3MTcyMTIxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMCMAoGCCqGSM49BAMCA2kA
-MGYCMQCzHyEvd56zm1AzfDBi3psz3rDL/m0RN2WnbRBQJxIJqjwEXOrKazko9m9q
-owgau88CMQDuI0fsq5tnyiHPaDSAE21/6hlrCR6deNbwzB94OuPIbx1wIas9D1jc
-//iSmKtbl8Y=
+MIIB6zCCAW6gAwIBAgIBPDAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwIwDAYIKoZIzj0E
+AwIFAANpADBmAjEAoC1Xxg8Xt3tvM2ZER4jCRv7iSYPWGgNtcYNJj3G0lb0PYi1l
+Nd0cqdGxydhm7RJLAjEApAE8koD1ccIPnSFTagT7shOSz1/lOU4wwAWswcwolzt3
+xrvFlMoTeJx3sS3Zqdr8
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-cs.crt b/tests/data_files/server5.eku-cs.crt
index db97b40..c00bc3b 100644
--- a/tests/data_files/server5.eku-cs.crt
+++ b/tests/data_files/server5.eku-cs.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB4zCCAWmgAwIBAgIBOjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMDQxWhcNMjQwNDA3MTcyMDQxWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMDMAoGCCqGSM49BAMCA2gA
-MGUCMQC294oVK6fUjH/abI1xzytTusi8dl7518L0Y19q8zi9K19OtxzPK09h7xyy
-gaJRvpUCMFS6hYhrht38yqwwhSVlnmTMVtira58mEUhL6v7Qzw1sz/Dm4aXkW3s6
-JQV1kqqbRw==
+MIIB6jCCAW6gAwIBAgIBOjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwMwDAYIKoZIzj0E
+AwIFAANoADBlAjBlMU7Fh18cel20P3rY7esvtPLDHQQKWSCO91XHHkZi1zRPq2px
+nwVHayXnOS3CPRsCMQCQDYTyVMS8oEIrm0XPI6HrbCMUq2bhPwaYpelU/asOzYI3
+gOjGCDFHtyedJHVK0rs=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-cs_any.crt b/tests/data_files/server5.eku-cs_any.crt
index 8fa8632..912d929 100644
--- a/tests/data_files/server5.eku-cs_any.crt
+++ b/tests/data_files/server5.eku-cs_any.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB6TCCAW+gAwIBAgIBOzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMDU4WhcNMjQwNDA3MTcyMDU4WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jaDBmMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBkGA1UdJQQSMBAGCCsGAQUFBwMDBgRVHSUAMAoGCCqGSM49
-BAMCA2gAMGUCMQCSYaq/9IKOTkzIrU/eOtpha/3af3JwT6vKh4N3cSX62ksMz0GT
-Uxmq4UGMBt4VmBkCMBGpYqof6hS1o92ltNRpDSHuVQ+nke1lOsoQ1plZp4SI+bY1
-bUD/WrUSLlwikZAeng==
+MIIB8DCCAXSgAwIBAgIBOzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NrMGkwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwHAYDVR0lAQH/BBIwEAYIKwYBBQUHAwMGBFUdJQAwDAYI
+KoZIzj0EAwIFAANoADBlAjEA89+l8gNC0H75Tzdz/75W6EjGSzZ3m50S4cK5jD6+
+ZZLpRcbIqPqMT2MNkCm7ImNpAjAlTkFLVCGnTNX/q7QWOrx8aPXXAeZtY5NFxd66
+EJJb+YHTQ80hZhLWX8/QaAJjniU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-srv.crt b/tests/data_files/server5.eku-srv.crt
index 64312f6..b173afc 100644
--- a/tests/data_files/server5.eku-srv.crt
+++ b/tests/data_files/server5.eku-srv.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB5DCCAWmgAwIBAgIBPjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTU0WhcNMjQwNDA3MTcyMTU0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jYjBgMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MBMGA1UdJQQMMAoGCCsGAQUFBwMBMAoGCCqGSM49BAMCA2kA
-MGYCMQDQzjWB0xZs/8IsqJb7owYYtCiT17939Uuc/1yBF69pJRy7KV/qJlHNvlVu
-qwWVTx0CMQDNW/0dlX1gU6ashrZv5Ly4sijg/g645fFpfMKCNXysEb9xiBeEj5de
-2x5sX/0OSx4=
+MIIB6jCCAW6gAwIBAgIBPjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NlMGMwCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwFgYDVR0lAQH/BAwwCgYIKwYBBQUHAwEwDAYIKoZIzj0E
+AwIFAANoADBlAjEAh+l47FmXR/nUxD8bfnS3sT+QTgc8pXUEqh/gXUs2xINVSoL+
+ZewgcNb2UanzCNheAjAnUY4b0M9YHp/eJjls5RzGX6JXtcWwn9JvO1HqMQnHthcy
+hPEQ3lW7XG0DIQS1drk=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.eku-srv_cli.crt b/tests/data_files/server5.eku-srv_cli.crt
index 9f58fed..be2531e 100644
--- a/tests/data_files/server5.eku-srv_cli.crt
+++ b/tests/data_files/server5.eku-srv_cli.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB7DCCAXOgAwIBAgIBPTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDEwMTcyMTQyWhcNMjQwNDA3MTcyMTQyWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jbDBqMAkGA1UdEwQCMAAwHQYD
-VR0OBBYEFFBhpY/UB9nXggEM5WV/jGNGpxO+MB8GA1UdIwQYMBaAFJ1tICRJAT8r
-y3i1Gbx+JMnb+zZ8MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAKBggq
-hkjOPQQDAgNnADBkAjAmQjJxxC82ZhBpH/GQkOQXDmaaV/JHRHGok1cWn3j3Xj8A
-fqRZkp8JihpGIMse208CMFCMdNAfNd1tv+oPuynoK5Oh6/YlASX/otJT68voEIAN
-SmsT1m9VPQMIyUo/3RtYjg==
+MIIB8zCCAXigAwIBAgIBPTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NvMG0wCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwIAYDVR0lAQH/BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMC
+MAwGCCqGSM49BAMCBQADZwAwZAIwHu/xjSqHK91yEM+KgEFGU8Xc3o9rEVrCBFeW
+ChIa3slZZdG4OuIm06Tsabf0pBLHAjBYKjoUwWEuDOOQKbbJZG8gKDzMAgEpe/RW
+wAjY7i6CzZ1NKfFQ9fQdwA+yjq2fnlg=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ds.crt b/tests/data_files/server5.ku-ds.crt
index 58dd071..dafff9b 100644
--- a/tests/data_files/server5.ku-ds.crt
+++ b/tests/data_files/server5.ku-ds.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICLTCCAbKgAwIBAgIBLTAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0ODM1WhcNMjQwNDA2MDg0ODM1WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEAzp4DkFMq7eDB0x5FeS9gYDaG
-Ol8rVnWlRTLQzHZBQjKp+TcBdHZaBPoi8LyXtWA4AjEA6OWhsuTcv/qXOscQT0rL
-eEh8wcCQeJK1uNd78lNvx3W0Pcxdb6cd7AhaAKgXL+r4
+MIIB4zCCAWagAwIBAgIBLTAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgeAMAwGCCqGSM49BAMCBQADaQAw
+ZgIxALHO0QR+4vz+fj4WwBQMa55oJDlp1J0PpqoJYKTf6DRx5rNuZxSbNu2wJQWz
+MJ9ekQIxAMPo/Rhu4e9KRkEf9rYU9Ynd7t9/PCsXw4JZuxZfToURDsrAI/Pnqc0H
+4+FA/EuPJA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ka.crt b/tests/data_files/server5.ku-ka.crt
index 2447326..74a4235 100644
--- a/tests/data_files/server5.ku-ka.crt
+++ b/tests/data_files/server5.ku-ka.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAbKgAwIBAgIBLjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0ODUwWhcNMjQwNDA2MDg0ODUwWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIDCDAKBggqhkjOPQQDAgNnADBkAjACzKQ88/NvngMQBFc9rC484+gO
-BRkXP28BqRcj8sBt3EfmEGH23BuhkZuB1OFZuMICMC4/pHgbOQtaY9WZPUROUVVZ
-OuO6XsVbhiE0rb/mumqmUwuOrCtC/KFdvFZol4BNGA==
+MIIB4jCCAWagAwIBAgIBLjAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgMIMAwGCCqGSM49BAMCBQADaAAw
+ZQIwCVbbPiS8MJUOz8JBmgLHojKDaJOd4lSfSak0GSl02UjT8OiNyRzA+FlFWO94
+YMjyAjEA14/ubZ1ZW3/0hkiFHzhTD2SXbTfYbhDZSq2PR+9sBlUrrx1GhzWw/cOD
+3jZd4DQO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.ku-ke.crt b/tests/data_files/server5.ku-ke.crt
index 41ae5ad..6b4e74e 100644
--- a/tests/data_files/server5.ku-ke.crt
+++ b/tests/data_files/server5.ku-ke.crt
@@ -1,14 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIICKzCCAbKgAwIBAgIBLzAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTQwNDA5MDg0OTA0WhcNMjQwNDA2MDg0OTA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
-CCqGSM49AwEHA0IABDfMVtl2CR5acj7HWS3/IG7ufPkGkXTQrRS192giWWKSTuUA
-2CMR/+ov0jRdXRa9iojCa3cNVc2KKg76Aci07f+jgaowgacwCQYDVR0TBAIwADAd
-BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAsG
-A1UdDwQEAwIFIDAKBggqhkjOPQQDAgNnADBkAjAMl0Cjv9f45bHeJTul5XpYeJeT
-52ZaOLTa/uTLy948EnEIi6sj3nFb9fvsUbsOOjECMAXAMY64KOqzixefz3y3XS/d
-9miyeArPOmXU2JJ3LGuNbqqj9IbABawB1OD8v8gRmg==
+MIIB4TCCAWagAwIBAgIBLzAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
+Fw0xOTAyMTAxNDQ0MDZaFw0yOTAyMTAxNDQ0MDZaMDQxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MFkwEwYHKoZIzj0C
+AQYIKoZIzj0DAQcDQgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO
+5QDYIxH/6i/SNF1dFr2KiMJrdw1VzYoqDvoByLTt/6NdMFswCQYDVR0TBAIwADAd
+BgNVHQ4EFgQUUGGlj9QH2deCAQzlZX+MY0anE74wHwYDVR0jBBgwFoAUnW0gJEkB
+PyvLeLUZvH4kydv7NnwwDgYDVR0PAQH/BAQDAgUgMAwGCCqGSM49BAMCBQADZwAw
+ZAIwezTY0tigIg6u1dFl90LHYcZ+lJK4BO5Y6U9pn952NFo24NsL8qnG4nxwsL3M
+VvV7AjBQ+oZyKSyNp8XRAHYC6lERH7/Gh7HrVWyTRo9iPPL6tE4x/jE7jL9ifgl+
+F6982sk=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server5.req.ku.sha1 b/tests/data_files/server5.req.ku.sha1
index 3281c94..c73a0e2 100644
--- a/tests/data_files/server5.req.ku.sha1
+++ b/tests/data_files/server5.req.ku.sha1
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE REQUEST-----
-MIIBFjCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
+MIIBFDCBvAIBADA8MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGjAY
BgNVBAMMEVBvbGFyU1NMIFNlcnZlciAxMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcD
QgAEN8xW2XYJHlpyPsdZLf8gbu58+QaRdNCtFLX3aCJZYpJO5QDYIxH/6i/SNF1d
Fr2KiMJrdw1VzYoqDvoByLTt/6AeMBwGCSqGSIb3DQEJDjEPMA0wCwYDVR0PBAQD
-AgbAMAsGByqGSM49BAEFAANIADBFAiEAnIKF+xKk0iEuN4MHd4FZWNvrznLQgkeg
-2n8ejjreTzcCIAH34z2TycuMpWQRhpV+YT988pBWR67LAg7REyZnjSAB
+AgbAMAkGByqGSM49BAEDSAAwRQIhAJyChfsSpNIhLjeDB3eBWVjb685y0IJHoNp/
+Ho463k83AiAB9+M9k8nLjKVkEYaVfmE/fPKQVkeuywIO0RMmZ40gAQ==
-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/server6-ss-child.crt b/tests/data_files/server6-ss-child.crt
index 3c6fd4d..fc28f34 100644
--- a/tests/data_files/server6-ss-child.crt
+++ b/tests/data_files/server6-ss-child.crt
@@ -1,13 +1,13 @@
-----BEGIN CERTIFICATE-----
-MIIB8jCCAZmgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
-BAMTCnNlbGZzaWduZWQxEDAOBgNVBAsTB3Rlc3RpbmcxETAPBgNVBAoTCFBvbGFy
-U1NMMQswCQYDVQQGEwJOTDAiGA8yMDE0MDYxOTExMzY1NloYDzIwMjQwNjE4MTEz
-NjU2WjBNMRkwFwYDVQQDExBzZWxmc2lnbmVkLWNoaWxkMRAwDgYDVQQLEwd0ZXN0
-aW5nMREwDwYDVQQKEwhQb2xhclNTTDELMAkGA1UEBhMCTkwwWTATBgcqhkjOPQIB
-BggqhkjOPQMBBwNCAASBWTF2SST6Fa2roDFuDu0zEfqRJVXBsMGcA3I+mLotpHI3
-iR9DN40fjjrY8FfoL0/JAKT323MPssYElNFAOzjjo2EwXzAMBgNVHRMBAf8EAjAA
-MA8GA1UdDwEB/wQFAwMHgAAwHQYDVR0OBBYEFDxZrEo+LvwCNi/afcvLnHqyiZlT
-MB8GA1UdIwQYMBaAFLZtURgXjmWq8uzV8wHkbFLCNB1bMAoGCCqGSM49BAMCA0cA
-MEQCIAMlQ59/NW7S0hP1cu5OTD2zqT087bEmnIfOTBYfj8UFAiBBrrz2dipODVYx
-vvTsQmSCzjrm+JtQQoWa+cdnAG3w5g==
+MIIB7jCCAZSgAwIBAgIMU6LLWCI5lHSn7HnsMAoGCCqGSM49BAMCMEcxEzARBgNV
+BAMMCnNlbGZzaWduZWQxEDAOBgNVBAsMB3Rlc3RpbmcxETAPBgNVBAoMCFBvbGFy
+U1NMMQswCQYDVQQGEwJOTDAeFw0yMzA1MDkwNjA2NDJaFw0zMzA1MDYwNjA2NDJa
+ME0xGTAXBgNVBAMMEHNlbGZzaWduZWQtY2hpbGQxEDAOBgNVBAsMB3Rlc3Rpbmcx
+ETAPBgNVBAoMCFBvbGFyU1NMMQswCQYDVQQGEwJOTDBZMBMGByqGSM49AgEGCCqG
+SM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJH0M3
+jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjYDBeMAwGA1UdEwEB/wQCMAAwDgYD
+VR0PAQH/BAQDAgeAMB0GA1UdDgQWBBR+ZY8+MwMU5eG+YLLghX+M52ArezAfBgNV
+HSMEGDAWgBRQYaWP1AfZ14IBDOVlf4xjRqcTvjAKBggqhkjOPQQDAgNIADBFAiAl
+Y2yXg5sZunmo+McUBzvSao1wRxw+9XBSM+Dph5gfhgIhAPlI+lSvD4mzlBzn01Mg
+0tMpKHbY34iadcMWBUgibMiA
-----END CERTIFICATE-----
diff --git a/tests/data_files/server6-ss-child.crt.openssl.v3_ext b/tests/data_files/server6-ss-child.crt.openssl.v3_ext
new file mode 100644
index 0000000..dd9cdaa
--- /dev/null
+++ b/tests/data_files/server6-ss-child.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = critical,CA:false
+keyUsage=critical,digitalSignature
+subjectKeyIdentifier=hash
+
diff --git a/tests/data_files/server6.crt b/tests/data_files/server6.crt
index 6df6716..51e4393 100644
--- a/tests/data_files/server6.crt
+++ b/tests/data_files/server6.crt
@@ -1,14 +1,14 @@
-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-badsign.crt b/tests/data_files/server7-badsign.crt
index 954b53a..e0d18b0 100644
--- a/tests/data_files/server7-badsign.crt
+++ b/tests/data_files/server7-badsign.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK0
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO0
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-expired.crt b/tests/data_files/server7-expired.crt
index a25ce4b..9c423c9 100644
--- a/tests/data_files/server7-expired.crt
+++ b/tests/data_files/server7-expired.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTA3MDYwNTA4MTQwM1oXDTE3MDYwNTA4MTQwM1owNDELMAkG
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTEzMDUxNjA3MTAzN1oXDTIzMDUxNzA3MTAzN1owNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
-d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
-bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
-MAAwDQYJKoZIhvcNAQELBQADggIBAHcG1ysT8yImc0x3Z2O0SOtSYYjCPS1Gc89j
-fWdBSoS5YhPHLgEjHQgDA6XdDNL0eUo3afhucEvSexhqLUABLu89cmi7ST+TsTEb
-/lu8qZUgpa1bcMOk1+whl0JllfcDEq2y0aclkO0/6M6JftNNJ3egq2qVBDEszTtY
-zcYZIr1o04TNp0fAtmPUH6zjpBkNB0DQyKFhgYPJNwTapj6ZDVi1zBK3wwFfZfgK
-s3QvwhWNNbHL4B0sPec/6TiF5dY3SeUM4L8oAGdT7/ELE6E74rFyS/EpjJdVzXDs
-FfQvUDPb6PJuWZbr4mNg/FANeGPa3VENcPz+4fj+Azi1vV3wD4OKT7W0zIkRZ+Wq
-1hLFuwa/JCSHsn1GWFyWd3+qHIoFJUSU3HNxWho+MZqta0Jx/PGvMdOxnJ2az1QX
-TaRwrilvN3KwvjGJ+cvGa7V9x8y9seRHZwfXXOx1ZZ0uEYquZ0jxKpBp/SdhRbA5
-zLmq088npt7tgi+LcrXydorgltBaGZA7P+/OJA2JkbIBBwdSjyfG6T07y4pgQ90h
-CeRqzu4jFcZE7mjpTdEyxAQRJa2dhHkhFB7Muq7ZTi3jlml5LZnlbUdPlR5iTgOU
-yueZsAAEb//A6EU008WmG/K+EY230JxEUzGNf2l1j1H94HcP9OwjY4bn2PJdVzcb
-B8PmaiMB
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAHX0pu54c8rk2F76lxnMKuS+C3Kiwab0KxII
+ZkpAgpk5sj2KxiGrNLDhK0ZGjVlVuUjauySVuBUfrr8GfjQ1xE7RUrxwBrEU5fVs
+FHKscBF58AaIXIPf5xIuCdc2C487Leuu+LIbGsg9EvKq/pg7avIB9hSjvwn5W3m3
+3o8eL/ahD4t5rh8r7hKptY+7dqeraBrmCnitxsRQToMV+jy2RCGD3vYUDxyJc3x+
+m3o7nWGreyLCqPCRgeEh9RKbbhygcoBtdjojZABZmlGa9BO72hK5lhy2a1QiIOiL
+OoBgDFf8gVo81MX02RtSQISZLq/hJ8smtil8oaKgJ+VyGjfCR1uZY7RpaEfP4U+R
+tX8gqt/4TJ4mIJOv4xL12XsV65rZuB7+yhZ6rqWRlZx9Aa4/GqxIbALrQPs17uRX
+41TPIdz3Pjq3w3x3bdGxbyF0TvJRaeobB60KHlrm6DWltY7k2Ucju9oTko6bJLgp
+rCRC1JkTXzWS3jZDqULTVPxDsZjVRqwEl46PPe0gSloB+h/ulq8rNIG1snWTGdNQ
+Bovbko9lFHA8md8f7ZULQ6pB8SV/LH2qufSsWb5LY9ZfHUprwH2oBQ+A9eYkk5ZR
+LJC879ZC8w8LMQfBGT22fLnOJ2qS6GyguB+y17beF8RMgFpiFTzoD1nPQAd9cyGY
+b2ta+9o9
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7-future.crt b/tests/data_files/server7-future.crt
index eeb596f..b725eb7 100644
--- a/tests/data_files/server7-future.crt
+++ b/tests/data_files/server7-future.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTI3MDYwNjA4MTQwM1oXDTM3MDYwNjA4MTQwM1owNDELMAkG
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTMzMDUxNzA3MTAzN1oXDTQzMDUxODA3MTAzN1owNDELMAkG
A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
-d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBv
-bGFyU1NMMRwwGgYDVQQDExNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
-MAAwDQYJKoZIhvcNAQELBQADggIBAHF4y9PmCUF1yOlBIUCUAAFMZmXJwOGsMNKI
-u0+At0sbs+W8J06PVyYt4UxL4TyIxHM6SOvKndFdCQxG7NQY0KU+HBdLVUM1iZy0
-Kopg7yHvEAZ0YWPptgCd10C/wmTz0b0R3cxhSb8FZjlBjNB7dJKhRQsh0za+GMx/
-LXunH/t0oP5an4yO3zTog+4+7bDGGEY7SymQJ9Z8t2gdZpn/r60j9IGhL5XI2BS/
-+cU96DMF3cMmFk24vAfduYicKc8KowhUpGCsIP0bl+TY8Vq6kepBA2lnj7/YOkDs
-/f+wIS/Id/hdw9KxRUPX+cQLUt0/C7JktDVudZ5zLt1y0A971R+23ARtJGUBJGSp
-5tkVX8+hK8sT6AVOkcvA51IOBsVxmuoWk/WcjBDdOjyIK2JFdbcJYvR8cpRbL+j8
-HdQEu+LorvGp28m3Q5mBTKZLKgyUeQWrbYDqeub1OvYYkuvZPZWFEDP2VYcS7AXN
-IoUSTcMyhLNuncQl/z0Jbkto59+il6cQ2HIqkubLBk2X8uwMw2tloROlmklweHqR
-ta6aRlLxBMgccJpK7cU5H8TMb6aR9GJGyzQJ2vET3jPBq/uEwbvK8HRVJ7Ld68k6
-ZMCwXGdTeYuDWt0ngAhf+i+GNexJRSLvzRGt18DOrpmj2X3naarNSTfRArm4EINW
-WKW7hd8h
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBAFgzS8NNGRayelUleAee5udbk9+fkkxvYA/p
+QEaD+UvuSmgJ7iEU0gx6cJ2RcEbg/NqgrMBni8ayiGptOZRTq4j8bPcrZZCrcsvO
+jFk/yXwWIv1hRofQ8wBynPOgbtPJ5J7zYkE0sqXbAPOWeNdya+R0CuSex5DW9kj/
++tiXGXdGiLKu/FOC9tedfsu67a+ZEK0Q3rbFqsWpHdQcKIEN4A18xPBXNtx/DJuq
+0+fcjtIsigpRvLbLSFuvSI5vWP1MFyuMDTLYVKN1PceRg2yxpKecKbsDpeSRX3R9
+Fs444mDSJs75i8fkdXS4GLXfJjJOft3HbRtEEznF5sITppjr40PszMvOj2njWPPn
+o3ECca7HbhuhtqIGfM5+2mCwPgmm7fEmYILVYgTihFfPKUhGUKN+4Qp75gOzMKds
+7t8NRFTKPEpFmicc1wKfEsp22UWC6azyTu6iVByWlt+fojFbdHjvxDY8iIqBFU6/
+44uLMTxu9r9gMSZK9sX7vGIgeER3RnArP0ZSxAvoxG3lu+QQXwItxnTKQnA3CDra
+MkmwSM5kMewO/Ub1bgkdQ3j/DD0uSwreEdg0fvxaAJIH2N/lOFUWPrzbg8TJR1Sb
+ohctT+uAKoPQrxsZuSdrz9QHOdgkPR6gp9bdnXkZSa9jGX7Pd5Ur5LDEXljol1ZL
+T97oaKB7
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7.crt b/tests/data_files/server7.crt
index ed087ef..c5c2cb8 100644
--- a/tests/data_files/server7.crt
+++ b/tests/data_files/server7.crt
@@ -1,23 +1,23 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca-exp.crt b/tests/data_files/server7_int-ca-exp.crt
index fc00517..a3a8f69 100644
--- a/tests/data_files/server7_int-ca-exp.crt
+++ b/tests/data_files/server7_int-ca-exp.crt
@@ -1,30 +1,30 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
-Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
-773Ap7Gxpk168id1EFhvW22YabKs
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR
+07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf
+z0BtLCVhFwQlrzCqgXC98SGfT6sZ
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca.crt b/tests/data_files/server7_int-ca.crt
index d3ddc46..cb108a4 100644
--- a/tests/data_files/server7_int-ca.crt
+++ b/tests/data_files/server7_int-ca.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,9 +39,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_int-ca_ca2.crt b/tests/data_files/server7_int-ca_ca2.crt
index c289c0a..097447f 100644
--- a/tests/data_files/server7_int-ca_ca2.crt
+++ b/tests/data_files/server7_int-ca_ca2.crt
@@ -1,31 +1,31 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -39,24 +39,22 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server7_spurious_int-ca.crt b/tests/data_files/server7_spurious_int-ca.crt
index 632c4fd..fdc1146 100644
--- a/tests/data_files/server7_spurious_int-ca.crt
+++ b/tests/data_files/server7_spurious_int-ca.crt
@@ -1,49 +1,49 @@
-----BEGIN CERTIFICATE-----
MIIDwjCCAaqgAwIBAgIBEDANBgkqhkiG9w0BAQsFADBIMQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJt
-ZWRpYXRlIENBMB4XDTEzMDkyNDE2MTIyNFoXDTIzMDkyMjE2MTIyNFowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
+MA8GA1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJt
+ZWRpYXRlIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owNDELMAkG
+A1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRIwEAYDVQQDDAlsb2NhbGhvc3Qw
WTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQcbffp2qXqoZyychmoCRxzrd4Vu96m
47NPBehtEC46aTeXgDnBdf++znABrAtfXBRNQz8ARIeYBmskr22rlKjyo4GVMIGS
-MAkGA1UdEwQCMAAwHQYDVR0OBBYEFNIK06V3H85VsFxGoo5zbL+hYCa7MGYGA1Ud
-IwRfMF2AFDh32Gt3nCh3gotO2BupHveUFrcOoUKkQDA+MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0GC
-AQ4wDQYJKoZIhvcNAQELBQADggIBADRoQ5fHKw+vkl0D3aqLX1XrZidb+25AWbhr
-FYXdaskN219PrXBL3cV8x5tK6qsPKSyyw1lue80OmhXs/w7PJkOHHUSWRnmTv7lr
-8Us3Zr/yOF/VVqzdGs7DlOTpyzEBdugI9uar/aCqHDoltN8wOduOoQB9aojYpROj
-+gjlEO0mgt/87XpjYOig1o0jv44QYDQZQzpj1zeIn6WMe6xk9YDwCLMjRIpg++c7
-QyxvcEJTn80wX1SaEBM2gau97G7bORLMwBVkMT4oSY+iKYgpPpawOnMJbqUP73Dm
-yfJExDdrW/BbWZ/vKIcSqSZIbkHdkNjUDVHczyVwQxZxzvLFw/B1k9s7jYFsi5eK
-TNAdXFa4et1H2sd+uhu24GxsjmJioDrftixcgzPVBjDCjH8QWkBEX292WJ58on0e
-deWLpZUnzPdE1B4rsiPw1Vg28mGgr2O1xgBQr/fx6A+8ItNTzAXbZfEcult9ypwM
-0b6YDNe5IvdKk8iwz3mof0VNy47K6xoCaE/fxxWkjoXK8x2wfswGeP2QgUzQE93b
-OtjdHpsG1c7gIVFQmKATyAPUz4vqmezgNRleXU0oL0PYtoCmKQ51UjNMUfmO9xCj
-VJaNa2iTQ5Dgic+CW4TYAgj5/9g9X3WfwnDNxrZ0UxxawGElczHXqbrNleTtPaKp
-a8Si6UK5
+MB0GA1UdDgQWBBTSCtOldx/OVbBcRqKOc2y/oWAmuzBmBgNVHSMEXzBdgBQ4d9hr
+d5wod4KLTtgbqR73lBa3DqFCpEAwPjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBv
+bGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0IEVDIENBggEOMAkGA1UdEwQC
+MAAwDQYJKoZIhvcNAQELBQADggIBADU9ZyZWfX1T1Pi0PRBeqpm52pehUX2wMsyi
+KudSpLeN++eS9p/R0hpNuB8WvZcsFy/qul0djPARKGpYgYTZQvOQ10VcY40jxttm
+ETScnnqKH2lMr0asOpM31kKt/ghJS0njUhI9NY6yAI2XhcDzItSpqOhn6YLC3mrW
+DIyBCksLKEu8x/KpRbvj3QK1ez3cHItoxCCe9gy8tMEwb8FE15dtDuL7G7iRb4Dh
+VyL6qzBRvJP9AcQKT4PTaOMwu8O+hClDvLllJzCkJX4qZmQr3jwO8Emi9dvQ87ZF
+cDpLbxqIgtRF8lkxn00UuhuugMgM8ldTd/aRxZrddIgFVNmEdWIWBu5ZTWmBM/FH
+aguuZr3mty7Jh4XZJ0RZ4H7XaYzoVnCK9cA5koRv/gtSQdDh8BiYlJwWx8adqygo
+fibinQnIOhZ4HcnlTDshsb5eY+GtkSLmc8735V5rtEt7zrtahFT5I7r2X6dDiPdD
+Blvb9/5gIMC3fy0NZigDueBOYF78kpxqMRknt6x86irVdbRXw1fpVux24cfTDc/u
+5Eat4YFfM1eKZnuOETumPOoa27jvcYTPMOsUN8+Q8Os6SDkJC8e2obedQoffQC06
+1Xzri3HOHzZrPHLGkwAFNYBynl1/wxGu0vPlmpzJDzc7y0e1FgKqD6YadAQM+APA
+ZKasihO3
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBABN3b1ltNlBQ9PhwJhxBWENlMNdy1vyKBGH3EdZ7w4uHJJOm
+w8JS5p/B5+9fDIIOThDr80hLq4QOQVJhxAT1/Zsb2OzsTxc1BaCNbBv2Y+FyFcpL
+I8EjMF+gnSgbs46kGKce1EJNrZrkvpCngtNj7qqg9qnPXd1en0z349xHJPmYuWEb
+9sHdVlwnebPm1n9u1NzpktAChb28UFnBYTWraZCtMBMozuMhz6mo66XOEyH06Ypa
+QPOlBmbgW/e+fuXow41QUqP2tvVL6MsmSZFWk8hr45rNRzeTok1M5bW91sZ78We5
+95m3T6IE+qpj2/RILncwy7vWBlFzbuiIA3eSJa8=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -57,9 +57,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/server8.crt b/tests/data_files/server8.crt
index b435b2d..515b17b 100644
--- a/tests/data_files/server8.crt
+++ b/tests/data_files/server8.crt
@@ -1,18 +1,17 @@
-----BEGIN CERTIFICATE-----
-MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
-quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
-ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
-AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
-u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
-J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
-J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
-2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
-2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
+MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l
+ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw
+CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4
+zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89
++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j
+LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw
+2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW
+KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw
+7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
+J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E
+AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS
+dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS
+MxG1isOdUiQTajM1TQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server8_int-ca2.crt b/tests/data_files/server8_int-ca2.crt
index 7a8da71..e99727d 100644
--- a/tests/data_files/server8_int-ca2.crt
+++ b/tests/data_files/server8_int-ca2.crt
@@ -1,36 +1,35 @@
-----BEGIN CERTIFICATE-----
-MIIC6zCCAnKgAwIBAgIBETAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTEzMDkyNDE2MTI1NloXDTIzMDkyMjE2MTI1NlowNDELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3Qw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDbHH8uC82/ztF1EKCiuM59
-quIF4HrYRGOPtb3AsBm5N7gZSg7xXXSAZ0aHBt5bfwYDvcGNXgcV1Fv03OXPPfnB
-ESyuarmKvR1nZhfqTr3bFZqCh+TweMOjhYew/Z+pmV/jM+zM6gu1YV7xSX4/oy3q
-AQzMQpp2m8TQN9OxFwFhARZZfhwXw1P90XLLTGAV2n3i6q1Q747ii9Rqd1XWcNlr
-u/HuOQQ4o73i0eBma+KcR5npKOa2/C7KZ0OE6NWD1p2YawE+gdw8esr585z31igb
-J3h8w9DVY6eBNImtJWq98urt+lf85TTGwQ9xLdIIEButREHg/nmgY5OKsV3psO5v
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
-J2F2Dx0wYwYDVR0jBFwwWoAUD4m9Y0Hry14XKP9oMD3BiNCcWDmhP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBDzAKBggqhkjOPQQDAgNnADBkAjBkP1bGlZvxnYySZjdBq4m8lkyz
-2cjfqjYs8COEkRkONaVz7888HvFdGpL98uQeFvECMHCyCrHprkGzvq/L9kUnx9Bh
-2IHbCzbbi9moYC1XcOxgfsEKmhtVF/uQdf8+3VtGqA==
+MIICqTCCAi6gAwIBAgIBETAMBggqhkjOPQQDAgUAMEsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEpMCcGA1UEAwwgUG9sYXJTU0wgVGVzdCBJbnRlcm1l
+ZGlhdGUgRUMgQ0EwHhcNMTkwMjEwMTQ0NDA2WhcNMjkwMjEwMTQ0NDA2WjA0MQsw
+CQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9z
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANscfy4Lzb/O0XUQoKK4
+zn2q4gXgethEY4+1vcCwGbk3uBlKDvFddIBnRocG3lt/BgO9wY1eBxXUW/Tc5c89
++cERLK5quYq9HWdmF+pOvdsVmoKH5PB4w6OFh7D9n6mZX+Mz7MzqC7VhXvFJfj+j
+LeoBDMxCmnabxNA307EXAWEBFll+HBfDU/3RcstMYBXafeLqrVDvjuKL1Gp3VdZw
+2Wu78e45BDijveLR4GZr4pxHmeko5rb8LspnQ4To1YPWnZhrAT6B3Dx6yvnznPfW
+KBsneHzD0NVjp4E0ia0lar3y6u36V/zlNMbBD3Et0ggQG61EQeD+eaBjk4qxXemw
+7m8CAwEAAaNNMEswCQYDVR0TBAIwADAdBgNVHQ4EFgQU4j/mLfTnuKaM3G0XpxhA
+J2F2Dx0wHwYDVR0jBBgwFoAUD4m9Y0Hry14XKP9oMD3BiNCcWDkwDAYIKoZIzj0E
+AwIFAANnADBkAjA3KJ1/SvOZnpmtqturkt+0DhQIXGMRDPnPksCuy/wqGHR8DsWS
+dEa7PQEgrbA60HoCMCpH2fYtcAfhg5gGg+QxmVsUIt/9Gd9syQlnX7wNCfweUeSS
+MxG1isOdUiQTajM1TQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-bad-mgfhash.crt b/tests/data_files/server9-bad-mgfhash.crt
index 34ef69e..ad29942 100644
--- a/tests/data_files/server9-bad-mgfhash.crt
+++ b/tests/data_files/server9-bad-mgfhash.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgSiBAICAN4DggEBAIfliohNjz4CLGbHWgWRBFQ3
-Difn027ZnULTvokT67ii1sJzESzqaIakyyu8GRwfoFRNh/rbGfe4C6e9SkwKbnDg
-WE9SWbK6ukIQbMy69C+CVqFlRUHbONw/dmcneAWyZYGx/2Sf4D5kkpIWNDBeKuaV
-H69XPZCeN3QAACmdAfo4NYW0I69a1OSaUrTyGT1nBOrzQ8Y0aJBnCJAte49bhQEW
-KJv0kMj+8ZG1X0RoSdklf3GqdLUbsfJ2txu14GGAxy4C1gl2JWzoBHN5LMLf0cZ9
-uEYui7N/5bkSv8KXdbGvSzgn6zZ0MiCJMiiGEf0L1FxBiBCVsK4C2idpiZH+e28=
+MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwODM5NDhaFw0zMzA1MTcwODM5NDhaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lfp869UTBj
+BgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkGA1UEBhMC
+TkwxETAPBgNVBAoMCFBvbGFyU1NMMRkwFwYDVQQDDBBQb2xhclNTTCBUZXN0IENB
+ggEDMAkGA1UdEwQCMAAwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA3gOCAQEAaQlf1GPhvPHp
+hFgTdIB5x5zACVb4a4ONuySVckfMpWk2nlkRSu3Kgv4j8l/jfNpfr+we4lG72xEn
+FV3em8dEzxvXd5jXCfR/hWJKYVoWh0055qWw7FpG20vRFKttU8UFclL7KvMs4InZ
+vDpbPs5EwBQXTg/manL9TD9t/zqWAUJj1yHWiIISYzfWmsaoTi8jNxSR1+lkmPPP
+ZWQwyUJrh82Mw3VwNGxXOfpGIwmjXPia8MafjjH/RtHNx7ukCk+6q1ZlH57NolZJ
+dlQTJv21+vxyYr6GZdHXzdJwWMnFSof6VGwayNzetSnVhJb0SQqTBt8Vu5xQtXGa
+QcCjGyCAIg==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-bad-saltlen.crt b/tests/data_files/server9-bad-saltlen.crt
index f4da883..45bf20e 100644
--- a/tests/data_files/server9-bad-saltlen.crt
+++ b/tests/data_files/server9-bad-saltlen.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAE7T54cyUf0ByNr34JaojFam
-hV0T9QSc4wJ17sX67rxYIorXU8MynaneJzFxD9utOD3dq2TON18VswhT2McDgefl
-XMwivCC0nWod8Pk638QaHxbaqC7XSq0QRBfOMXwV7knLNxI8smc9UJaco39VEcGD
-yCkq4By/VCWTpvJ+1hx4zZ8WoXpFJFM5m5y9oEz4lgNv/6Wu7ILztyOk2yJiSR8r
-YooC4zVeUOZuDO6At/NXZuSvmKmr+tfFrFA1AA/7yR5odQbqFVNSJ+u0x1Jv8Ra6
-JXA4cXsnaDaRe+Wm0L0p+2PtQWXE5npXYIbFHAA9EOC3Ab8oaP9M/F6yQMa/2is=
+MIIDYzCCAhagAwIBAgIBGDBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MjIwNzMwMDZaFw0zMzA1MTkwNzMwMDZaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAlQo9OnchZbLQ
+PTXs9NgXDoQb4JvUG/Fsq09/e8ivWaHkE7mKeNRrP8qMdAw914Bs1NQf9F75CWJe
+5YtmLcE5gSbVj3qa6zVuQWEcrseKz6wpAFLsHKbF6kKfUgcI56xmD2DhhIHny+5B
+9ObM0RQpCmAYXjU2CvknXeBzpX2cGOLD/Nexk1oBF6PI0rDUBqg3cexsJ5XfJwYg
+tkjkZ321s9N09BsioauH6d9x9/Ysz7Qp7Bqpb1E7dV4bDuT5vwPWwPIUAav897Vt
+s0uMZHoVasj57UwqDv8tm0db6f2VOL7r5GBMjbp6newW8Me47uXSBXKy8tFJMolj
+yKuEQkKKyA==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-badsign.crt b/tests/data_files/server9-badsign.crt
index 9e56541..8656b1a 100644
--- a/tests/data_files/server9-badsign.crt
+++ b/tests/data_files/server9-badsign.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCFG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/0
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-defaults.crt b/tests/data_files/server9-defaults.crt
index 4ce5c87..8613f52 100644
--- a/tests/data_files/server9-defaults.crt
+++ b/tests/data_files/server9-defaults.crt
@@ -1,19 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIIDBjCCAe6gAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTQwNjA1MTU1NjUzWhcNMjQwNjAyMTU1NjUzWjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
+MIIC+TCCAeGgAwIBAgIBSDANBgkqhkiG9w0BAQowADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkqhkiG9w0B
AQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2gHqroDsK7
E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOor+c4mwiL
Y5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0qQvaQJUC
-AwEAAaOBnzCBnDAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJwdMiY7Lf
-p869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0wOzELMAkG
-A1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBU
-ZXN0IENBggEAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQowAAOCAQEAGUdim4uy
-/rBDFMF8qhjH1qsv0o8ON4HgP3YXbdKdIMfd+p5KtoqHQnrkixWxaIvfORnR4mGm
-f8H5BimwIkNLxy7zS88TVDOYel8g7B2yl0nq4biki83NStNBYZJjxKT0ud5O5mGd
-jHdy9vTEc7h8q+SHzRdgpNFXyKY5OQYng1LHco8h1UR8/nmPMuDtocHMnmMXu68a
-69+TtZxx90/V4gJZOoL1iCi8HEsKoJzm/L8ji54OYt7FxgFfE3VmLsXeMaWYO8GS
-BUxh5kqZ25O8hQXK5ywfuVK83Do/SsoClbgx9mboybseGVFIJaxs9e66GFDMoI3B
-09JqWv4DoLNnwg==
+AwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEwYwYDVR0j
+BFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYTAk5MMREw
+DwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBDQYIBAzAJ
+BgNVHRMEAjAAMA0GCSqGSIb3DQEBCjAAA4IBAQASsc5y7sDP4prOLGAl2EB5d+Gg
+w/Vk9+g3KXpeIUCL6gmECNLENmmBe6zZR8/Ax6R1hUe/Cbflepxsx627Eg29NCZK
+Bo/AQoz658kwEzr4jhF8M6y9sdsf5/OauoRxDLcMEywIkgmuFvZIpyEwXix6arsK
+mNWnW0FwSr2NaXozD7OquGwTEAvAbtei+5JAeVvvGi1u32D2JPVHk3zv05LXtx8b
+8bEmzZLthFk3GbSkGHC3K5rjNgTMwY0BhNBW6qFyY5mL0bHVDbZQxD9RRwDifGty
+fTo7odJDAHU1xucWF6dOU5nAqiFKlc3eITdBKt+d10yBSr7qXciHkHpAzCvh
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha224.crt b/tests/data_files/server9-sha224.crt
index 1b05f31..ed648c8 100644
--- a/tests/data_files/server9-sha224.crt
+++ b/tests/data_files/server9-sha224.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBFzA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIwOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTczNloXDTI0MDExODEzNTczNlowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCBKEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgSiBAICAOIDggEBADJExjfWWvL28lgj+GGgviqo
-PHZLxI0pLQUnFJQ9Kpu6jxfICseBF00Z6BJE/RcYDpIie5GDt/8u/i6xB6Li29Pm
-g5nANgd/Y3fFnW7d0ydVjiSnetlPuf/jTlWQl6mQTH2xqYu8J8d3JRxQdRiDYbVm
-uywW2d6rksiqm6dPD5l4A5DcemcYo8f/1Ifj5WNDCV8/OHex+AnW2ccDvWAnVgSR
-B2VpOXJzVFuBsuf4tGVm/2TUMSB6NcvFc6TeJk1kzbZxii4QjKXtH1SfrVP59iEe
-l17NYAEWARjBpQWBiutRG+QM2et0sNiUBuWxTkvd0eSgencNysVAOsZqrqaX3CY=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCBAUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCBAUAogQCAgDiMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgQFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgQFAKIEAgIA4gOCAQEAjG73ZOe2pQn6
+jqiTHALGM0IG8BBCamo3gzbCjZPz3ZnTpZii1pQSFPGEBaKCgrtKrjvoP21ZDUnq
+3HjTUzGtGbHk3h+UJcVYgFuONidguUDaALGtXIPWUlqBBeJL+Y+01zJRnMpC2hV7
+JUOM3es02te8RM6srCdW1fP9x+Lx4G2Kjj7kEzKafEbwFesS4LbBXsWkID8xDPHO
+DLKvg66tPeksDBT4n7f7H51eNlyIwwMDKTc+N9Ri5OeW1HOqtbyo/yJlHvQqnCld
+E8gW+AVoeZmN6n/4yemnCEkFRqgbRSIGVoPmOY9d/FfGLmClcaZFPcH+w1JDhF71
+3egYnUY/9g==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha256.crt b/tests/data_files/server9-sha256.crt
index 7d0aa39..ef37b3f 100644
--- a/tests/data_files/server9-sha256.crt
+++ b/tests/data_files/server9-sha256.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGDA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc0NVoXDTI0MDExODEzNTc0NVowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAaEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgGiBAICAN4DggEBAH0+knqkcLaxeDkenBQgd4Qg
-3ZyAhtpiLU689mw+3cXB/uzFrCIxEL5aGh1eSj+DszB+FtsZ06ux7JVQqVOA2Wm9
-yLxC6wF8OOYj0nBa91BWLhRAHLhmIdWsVk7Hl9KojZd4TwV2N+ZEV/BLxyoRvK4H
-V4xCpzgDSiTPe8Etk4r+0akbr6bsOUBayPb7MGLHubZKq8NsFAmmynp+fPmHd3SE
-0ooJdiZ1MmKPKLE5Og/hXCI8qeiXQUR6oQ7b2XONsrI2HIj2SA9dA5qmHwE5PbMu
-zqxQ3R83boqLXbkFORn+UiYLmffqdoWuNy00BHMCrxRA9DUv+WyN4npLMF8rOJw=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAQUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAQUAogQCAgDeMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgEFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgEFAKIEAgIA3gOCAQEAXcWlfbIjRJX3
+eCkj03eKLvhawFndN6mWMOTVvr20Vdhhn57wngSKYgtsbOZhpT+pIXTTpxhku7uS
+Pg6NDU0W13xbrcIsYxkZRcN6AYcnV0NxnhdfkmxwDjLyohgm8IdgvHb04r73OP0j
+KmnZfJJpnxkVGD8NFGj2hBCR7ynbVBAfJegl0Lruxc4AlrniG6MW9xfkmE3EfOQg
+dwZv3UuhxzEhLmR933BCijwfhBVfyzarGjDtZjQYNwWKhRl+OXM+L14Ofq7htSxz
+kSM5KJfCAzLFNd6N2YU84IhqwTS4CZ/bE1HchEYPtXm97bj8Vldrfv2up/4Rc0kF
+a8P+xLLmug==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha384.crt b/tests/data_files/server9-sha384.crt
index aaa63e6..2ea0108 100644
--- a/tests/data_files/server9-sha384.crt
+++ b/tests/data_files/server9-sha384.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGTA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEa
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTc1OFoXDTI0MDExODEzNTc1OFowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCAqEaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgKiBAICAM4DggEBABf8Gyq2VYuN1EBW1nOapDQp
-B/KuafNW2GEJ7FmQKNyA7MIj1Yqo2MtJ6/OQojRQ3F5rnO4yjmvIPsXeQaMxJBiI
-aaoAlLpH++F+oXMq/0aS0WSZrSLrsh2Fpay9cBDGwek2rDOX9kM+ZcPzGitVwWKX
-TnOW22hpcl7u95CpZH+JZTcto5nL3tTyV9pIy+tSKQQfjPB+G0TAZCsOkbCGPLug
-qdjvqFQwOf15VxQMj7NRiXjlqJvsx+I7B2AIhrs4DzQMEyiWq9S/PzpQuFU5v/Kg
-s2iMLJ5ygv5aN3PYqGlE1ZmvgyRp5h/LaTGI2L6lzRTnecOhtPv30N2tyaDAEfo=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAgUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAgUAogQCAgDOMDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgIFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgIFAKIEAgIAzgOCAQEAmTU2HqAA7gbB
+tJlDAve8nGbdCim4YjRXWceHGCpoFIWrs6onlHCvnZ2Wr8iPk+wnd7ShIpp8vGb/
+476y8pfaA2n8vYWhQKDCTTUXJN4tUc7i8Uz4RGdK48vHVvZCtCT/8MmPPouOIZcU
+/Kkenw2jv5R/CpiirVUsjNx6BYcdu1zzEU+uoBLom6sZ6LGRlIB0prFWcxrVjfzx
+2C8ZxMW8NWj6EQipQJ2U+CCycA2HkbCmt3FnEXmN5OWThvnKdshoPkMn2HwhAOzn
+cjZQhQT3WSufvZ9bYe7HZ5e1e7k6aMXBvW89ECxc12mZfSjlYmlvfHZuO8D2sP2i
+RidkcXFMxQ==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-sha512.crt b/tests/data_files/server9-sha512.crt
index a211b92..4abdf68 100644
--- a/tests/data_files/server9-sha512.crt
+++ b/tests/data_files/server9-sha512.crt
@@ -1,20 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDWzCCAhKgAwIBAgIBGjA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6Ea
-MBgGCSqGSIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4wOzELMAkGA1UEBhMCTkwx
-ETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xhclNTTCBUZXN0IENBMB4X
-DTE0MDEyMDEzNTgxMloXDTI0MDExODEzNTgxMlowNDELMAkGA1UEBhMCTkwxETAP
-BgNVBAoTCFBvbGFyU1NMMRIwEAYDVQQDEwlsb2NhbGhvc3QwgZ8wDQYJKoZIhvcN
-AQEBBQADgY0AMIGJAoGBAN0Rip+ZurBoyirqO2ptWZftTslU5A3uzqB9oB6q6A7C
-uxNA24oSjokTJKXF9frY9ZDXyMrLxf6THa/aEiNzUnlGGrqgVyt2FjGzqK/nOJsI
-i2OZOgol7kXSGFi6uZMa7dRYmmMbN/z3FAifhWVJ81kybdHg6G3eUu1mtKkL2kCV
-AgMBAAGjgZIwgY8wCQYDVR0TBAIwADAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy
-36fOvVEwYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJ
-BgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wg
-VGVzdCBDQYIBADA+BgkqhkiG9w0BAQowMaANMAsGCWCGSAFlAwQCA6EaMBgGCSqG
-SIb3DQEBCDALBglghkgBZQMEAgOiBAICAL4DggEBACdVozFq6rUiXo+ib5Y2oPsR
-6xxl4Ydn3LpUoYrPpTOrhcXJWW/tOLHGuCF/mSRfUzKaMIfL418cZHYnvumvuttu
-6z3tp5E1VsiZCU2MWJnzjKSxFBOss43AmpJHHoapGFZu2pxObBPqegAKHYkKWOLk
-tJDj47PurWgEek9j1nL7Pc1tVf59fm/ySp4fWkXLLvQiKid1516VioLyacUvK3zU
-6Egz8jMt7D5c9KpaExLRTANVsThqO5/dmR36bOwm3Hpbde7DNdgxru41tiLMqJs/
-5pX3ceaJ1XQ/l0idj5/9ipvqHHUguyk7H22HwQHQdSD9oIha8kEM3P6CjpfE7yY=
+MIIDYzCCAhagAwIBAgIBFzBCBgkqhkiG9w0BAQowNaAPMA0GCWCGSAFlAwQCAwUA
+oRwwGgYJKoZIhvcNAQEIMA0GCWCGSAFlAwQCAwUAogQCAgC+MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QTAeFw0yMzA1MTcwNzEwMzdaFw0zMzA1MTQwNzEwMzdaMDQxCzAJBgNVBAYTAk5M
+MREwDwYDVQQKDAhQb2xhclNTTDESMBAGA1UEAwwJbG9jYWxob3N0MIGfMA0GCSqG
+SIb3DQEBAQUAA4GNADCBiQKBgQDdEYqfmbqwaMoq6jtqbVmX7U7JVOQN7s6gfaAe
+qugOwrsTQNuKEo6JEySlxfX62PWQ18jKy8X+kx2v2hIjc1J5Rhq6oFcrdhYxs6iv
+5zibCItjmToKJe5F0hhYurmTGu3UWJpjGzf89xQIn4VlSfNZMm3R4Oht3lLtZrSp
+C9pAlQIDAQABo4GSMIGPMAkGA1UdEwQCMAAwHQYDVR0OBBYEFO7zx/UfFaVNR4nB
+0yJjst+nzr1RMGMGA1UdIwRcMFqAFLRa5KWz3tJS9rnVppUP6z68x/3/oT+kPTA7
+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFy
+U1NMIFRlc3QgQ0GCAQMwQgYJKoZIhvcNAQEKMDWgDzANBglghkgBZQMEAgMFAKEc
+MBoGCSqGSIb3DQEBCDANBglghkgBZQMEAgMFAKIEAgIAvgOCAQEAVut9oL/0V/vo
+f9VKxAZfyy0zFy+LOHzV1H5qQaPKJnXIAUp/sDtvOjugqHKjamg6dCIVy292Yxcx
+rW8WcMR1Bj9MQ5Qrv++TZ0a1e0qet1GYxj4MQkU30XlJq/Jh7ede9Vh/yBxKTQq7
+oaJ6fOTFWcz1JZDrZrKffBOqIp5jQWPARilUDN6FiRNYV3/14aWVGnNbqGfoY8CC
+WvpC0iAvrQxjdQQf6nIYrzcGNzvrpRbhpzBPUyUIrM1o+nyiNAJPlyncjFwmfw9g
+80FP1XnRIIKmlTTG7ivkjHKzE6WXZSQPjArg0jxQAX1uLKJGFhu+ueKyoPOHQXS0
+O1z3OQn3+w==
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9-with-ca.crt b/tests/data_files/server9-with-ca.crt
index 0478cff..51c0ada 100644
--- a/tests/data_files/server9-with-ca.crt
+++ b/tests/data_files/server9-with-ca.crt
@@ -1,99 +1,39 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCEG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/7
-----END CERTIFICATE-----
-Certificate:
- Data:
- Version: 3 (0x2)
- Serial Number: 0 (0x0)
- Signature Algorithm: sha1WithRSAEncryption
- Issuer: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Validity
- Not Before: Feb 12 14:44:00 2011 GMT
- Not After : Feb 12 14:44:00 2021 GMT
- Subject: C=NL, O=PolarSSL, CN=PolarSSL Test CA
- Subject Public Key Info:
- Public Key Algorithm: rsaEncryption
- RSA Public Key: (2048 bit)
- Modulus (2048 bit):
- 00:c0:df:37:fc:17:bb:e0:96:9d:3f:86:de:96:32:
- 7d:44:a5:16:a0:cd:21:f1:99:d4:ec:ea:cb:7c:18:
- 58:08:94:a5:ec:9b:c5:8b:df:1a:1e:99:38:99:87:
- 1e:7b:c0:8d:39:df:38:5d:70:78:07:d3:9e:d9:93:
- e8:b9:72:51:c5:ce:a3:30:52:a9:f2:e7:40:70:14:
- cb:44:a2:72:0b:c2:e5:40:f9:3e:e5:a6:0e:b3:f9:
- ec:4a:63:c0:b8:29:00:74:9c:57:3b:a8:a5:04:90:
- 71:f1:bd:83:d9:3f:d6:a5:e2:3c:2a:8f:ef:27:60:
- c3:c6:9f:cb:ba:ec:60:7d:b7:e6:84:32:be:4f:fb:
- 58:26:22:03:5b:d4:b4:d5:fb:f5:e3:96:2e:70:c0:
- e4:2e:bd:fc:2e:ee:e2:41:55:c0:34:2e:7d:24:72:
- 69:cb:47:b1:14:40:83:7d:67:f4:86:f6:31:ab:f1:
- 79:a4:b2:b5:2e:12:f9:84:17:f0:62:6f:27:3e:13:
- 58:b1:54:0d:21:9a:73:37:a1:30:cf:6f:92:dc:f6:
- e9:fc:ac:db:2e:28:d1:7e:02:4b:23:a0:15:f2:38:
- 65:64:09:ea:0c:6e:8e:1b:17:a0:71:c8:b3:9b:c9:
- ab:e9:c3:f2:cf:87:96:8f:80:02:32:9e:99:58:6f:
- a2:d5
- Exponent: 65537 (0x10001)
- X509v3 extensions:
- X509v3 Basic Constraints:
- CA:TRUE
- X509v3 Subject Key Identifier:
- B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- X509v3 Authority Key Identifier:
- keyid:B4:5A:E4:A5:B3:DE:D2:52:F6:B9:D5:A6:95:0F:EB:3E:BC:C7:FD:FF
- DirName:/C=NL/O=PolarSSL/CN=PolarSSL Test CA
- serial:00
-
- Signature Algorithm: sha1WithRSAEncryption
- b8:fd:54:d8:00:54:90:8b:25:b0:27:dd:95:cd:a2:f7:84:07:
- 1d:87:89:4a:c4:78:11:d8:07:b5:d7:22:50:8e:48:eb:62:7a:
- 32:89:be:63:47:53:ff:b6:be:f1:2e:8c:54:c0:99:3f:a0:b9:
- 37:23:72:5f:0d:46:59:8f:d8:47:cd:97:4c:9f:07:0c:12:62:
- 09:3a:24:e4:36:d9:e9:2c:da:38:d0:73:75:61:d7:c1:6c:26:
- 8b:9b:e0:d5:dc:67:ed:8c:6b:33:d7:74:22:3c:4c:db:b5:8d:
- 2a:ce:2c:0d:08:59:05:09:05:a6:39:9f:b3:67:1b:e2:83:e5:
- e1:8f:53:f6:67:93:c7:f9:6f:76:44:58:12:e8:3a:d4:97:e7:
- e9:c0:3e:a8:7a:72:3d:87:53:1f:e5:2c:84:84:e7:9a:9e:7f:
- 66:d9:1f:9b:f5:13:48:b0:4d:14:d1:de:b2:24:d9:78:7d:f5:
- 35:cc:58:19:d1:d2:99:ef:4d:73:f8:1f:89:d4:5a:d0:52:ce:
- 09:f5:b1:46:51:6a:00:8e:3b:cc:6f:63:01:00:99:ed:9d:a6:
- 08:60:cd:32:18:d0:73:e0:58:71:d9:e5:d2:53:d7:8d:d0:ca:
- e9:5d:2a:0a:0d:5d:55:ec:21:50:17:16:e6:06:4a:cd:5e:de:
- f7:e0:e9:54
-----BEGIN CERTIFICATE-----
-MIIDhzCCAm+gAwIBAgIBADANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTEwMjEyMTQ0NDAwWhcNMjEwMjEyMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-gZUwgZIwDAYDVR0TBAUwAwEB/zAdBgNVHQ4EFgQUtFrkpbPe0lL2udWmlQ/rPrzH
-/f8wYwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNV
-BAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEZMBcGA1UEAxMQUG9sYXJTU0wgVGVz
-dCBDQYIBADANBgkqhkiG9w0BAQUFAAOCAQEAuP1U2ABUkIslsCfdlc2i94QHHYeJ
-SsR4EdgHtdciUI5I62J6Mom+Y0dT/7a+8S6MVMCZP6C5NyNyXw1GWY/YR82XTJ8H
-DBJiCTok5DbZ6SzaONBzdWHXwWwmi5vg1dxn7YxrM9d0IjxM27WNKs4sDQhZBQkF
-pjmfs2cb4oPl4Y9T9meTx/lvdkRYEug61Jfn6cA+qHpyPYdTH+UshITnmp5/Ztkf
-m/UTSLBNFNHesiTZeH31NcxYGdHSme9Nc/gfidRa0FLOCfWxRlFqAI47zG9jAQCZ
-7Z2mCGDNMhjQc+BYcdnl0lPXjdDK6V0qCg1dVewhUBcW5gZKzV7e9+DpVA==
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/server9.crt b/tests/data_files/server9.crt
index a6f9fbc..26567ae 100644
--- a/tests/data_files/server9.crt
+++ b/tests/data_files/server9.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDBTCCAeegAwIBAgIBFjATBgkqhkiG9w0BAQowBqIEAgIA6jA7MQswCQYDVQQG
-EwJOTDERMA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3Qg
-Q0EwHhcNMTQwMTIwMTMzODE2WhcNMjQwMTE4MTMzODE2WjA0MQswCQYDVQQGEwJO
-TDERMA8GA1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDCBnzANBgkq
+EwJOTDERMA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3Qg
+Q0EwHhcNMjMwNTE3MDgwNDAwWhcNMzMwNTE3MDgwNDAwWjA0MQswCQYDVQQGEwJO
+TDERMA8GA1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA3RGKn5m6sGjKKuo7am1Zl+1OyVTkDe7OoH2g
HqroDsK7E0DbihKOiRMkpcX1+tj1kNfIysvF/pMdr9oSI3NSeUYauqBXK3YWMbOo
r+c4mwiLY5k6CiXuRdIYWLq5kxrt1FiaYxs3/PcUCJ+FZUnzWTJt0eDobd5S7Wa0
-qQvaQJUCAwEAAaOBkjCBjzAJBgNVHRMEAjAAMB0GA1UdDgQWBBTu88f1HxWlTUeJ
-wdMiY7Lfp869UTBjBgNVHSMEXDBagBS0WuSls97SUva51aaVD+s+vMf9/6E/pD0w
-OzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkwFwYDVQQDExBQb2xh
-clNTTCBUZXN0IENBggEAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQDAog/jXydR
-vDIugTzBXtfVK0CEX8iyQ4cVzQmXWSne8204v943K5D2hktSBkjdQUdcnVvVgLR6
-te50jV89ptN/NofX+fo9fhSRN9vGgQVWzOOFiO0zcThy749pirJu1Kq5OJdthIyW
-Pu0UCz5G0k3kTp0JPevGlsNc8S9Ak1tFuB0IPJjrbfODWHS2LDuO+dB6gpkNTdrj
-88ogYtBsN4D5gsXBRUfobXokUwejBwLrD6XwyQx+0bMwSCxgHEhxvuUkx1vdlXGw
-JG3aF92u8mIxoKSAPaPdqy930mQvmpUWcN5Y1IMbtEGoQCKMYgosFcazJpJcjnX1
-o4Hl/lqjwCEG
+qQvaQJUCAwEAAaOBkjCBjzAdBgNVHQ4EFgQU7vPH9R8VpU1HicHTImOy36fOvVEw
+YwYDVR0jBFwwWoAUtFrkpbPe0lL2udWmlQ/rPrzH/f+hP6Q9MDsxCzAJBgNVBAYT
+Ak5MMREwDwYDVQQKDAhQb2xhclNTTDEZMBcGA1UEAwwQUG9sYXJTU0wgVGVzdCBD
+QYIBAzAJBgNVHRMEAjAAMBMGCSqGSIb3DQEBCjAGogQCAgDqA4IBAQC2DLHQ05x6
+imJNztE/Tnk/lPQ01Pw6Girdbk4bgxcGwGj+1u5wAIHNpJ50TOggg3HxTyb7p344
+/tVMxz7nrHZQ5ASdn2kDCyCmEqhmj48isWAIml+7J9cBeImJoEfYqjtqtoVkGxFy
+SuoZAQWkkqDpyFhKhIjLQ8JuSE6wWMX/kc6TFSSxepnZU1SFOXfCiaVr5tFQzBP7
+loppIANLjKeMjpOdU86PmRQ2LyzaCH1OMnjVndeqNmZt0NyzZ18cFPvm6+DVVVuP
+Q+6nReShCdAlU+dJqsqj8JsQneNMTxjv4OBoXVmE/kZTj/DBTtwmxkVi7K4aYMFi
+UYUZ4RiwG1/7
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca-v1.crt b/tests/data_files/test-ca-v1.crt
index e5a3b1c..2f10f6d 100644
--- a/tests/data_files/test-ca-v1.crt
+++ b/tests/data_files/test-ca-v1.crt
@@ -1,19 +1,19 @@
-----BEGIN CERTIFICATE-----
-MIIDIzCCAgsCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
-ExNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLEwd0ZXN0aW5nMREwDwYDVQQK
-EwhQb2xhclNTTDELMAkGA1UEBhMCTkwwIhgPMjAxNDA2MTkxMDA4MTRaGA8yMDI0
-MDYxODEwMDgxNFowUDEcMBoGA1UEAxMTUG9sYXJTU0wgVGVzdCBDQSB2MTEQMA4G
-A1UECxMHdGVzdGluZzERMA8GA1UEChMIUG9sYXJTU0wxCzAJBgNVBAYTAk5MMIIB
-IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUW
-oM0h8ZnU7OrLfBhYCJSl7JvFi98aHpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6j
-MFKp8udAcBTLRKJyC8LlQPk+5aYOs/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8
-Ko/vJ2DDxp/LuuxgfbfmhDK+T/tYJiIDW9S01fv145YucMDkLr38Lu7iQVXANC59
-JHJpy0exFECDfWf0hvYxq/F5pLK1LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp
-/KzbLijRfgJLI6AV8jhlZAnqDG6OGxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QID
-AQABMA0GCSqGSIb3DQEBCwUAA4IBAQBoXC5AlXI5azyOPvmNse2qHhO7BrXOEjH+
-9g5P/VsrVADhsUGv6x0A2oLoWXtOjGDIWWH53BWHkCUCu4T5D5C6+I47rXWl4pAr
-J+h+tQVZo6J0AJxfPse/NnrjsboUSWhunmo/iTrU6S4KJBguIKP6T1DZoD/8EYgU
-x+fXDmvRO+MTesWDiY+p+FHEzsu3b9EBtG9dUiR/zzXi/ktFCfrgstKGSuW6+j7m
-lcduTxsogi6Uc3tWKtn6qpSGR0uBoCz6emFO7Smmy/tIyVA88lH0+3UnxOvu4TAK
-uvjYkOcZqhprDiMfhxBB7pxbfiviEANTbgSfCtZewSNz2RUJ9ocy
+MIIDHzCCAgcCDFOito4FQA5VXJOV5TANBgkqhkiG9w0BAQsFADBQMRwwGgYDVQQD
+DBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQLDAd0ZXN0aW5nMREwDwYDVQQK
+DAhQb2xhclNTTDELMAkGA1UEBhMCTkwwHhcNMTkwMjEwMTQ0NDAwWhcNMjkwMjEw
+MTQ0NDAwWjBQMRwwGgYDVQQDDBNQb2xhclNTTCBUZXN0IENBIHYxMRAwDgYDVQQL
+DAd0ZXN0aW5nMREwDwYDVQQKDAhQb2xhclNTTDELMAkGA1UEBhMCTkwwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA3zf8F7vglp0/ht6WMn1EpRagzSHx
+mdTs6st8GFgIlKXsm8WL3xoemTiZhx57wI053zhdcHgH057Zk+i5clHFzqMwUqny
+50BwFMtEonILwuVA+T7lpg6z+exKY8C4KQB0nFc7qKUEkHHxvYPZP9al4jwqj+8n
+YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
+R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
+KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAEw
+DQYJKoZIhvcNAQELBQADggEBAAtVAWmbymwKDj9v8m7SVLHF0mw4i3gBFVPJqYRQ
+y9CnUD68kUr4qK7wyQIv/gDRYuqZVNnBq4Jwzm+tPEBHpYAF5H/7Mynpb4h+uZ3a
+6kaWURXKzx53ZuFHLu1FuRov+SZU3ZtXClTYFKeyDb+fcth/8thR9V59v7ZE7zlb
+8zbyL+dqfyxvmxZCUzHbNKVrliiUUFXfW53T+B7Ysxner5mnqM1aPxckhXVHEJ47
+TBoIhpBoJ/HmHCiWz8BeoowSpG7u+QOezIKk8l5Pd2f8MeqwyaqIeAy0lh2nP7pB
+UtWET/0bsdiPn8SR9B3hWpKUDRvnHDDZuZiKtrdDEqsD04M=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.crt b/tests/data_files/test-ca.crt
index 31790b5..ef7e4c7 100644
--- a/tests/data_files/test-ca.crt
+++ b/tests/data_files/test-ca.crt
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -9,12 +9,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca.key b/tests/data_files/test-ca.key
index 1614e22..de8be1d 100644
--- a/tests/data_files/test-ca.key
+++ b/tests/data_files/test-ca.key
@@ -1,30 +1,30 @@
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
-DEK-Info: DES-EDE3-CBC,A8A95B05D5B7206B
+DEK-Info: AES-128-CBC,781840E6B804AE83D2AF71127C4CE314
-9Qd9GeArejl1GDVh2lLV1bHt0cPtfbh5h/5zVpAVaFpqtSPMrElp50Rntn9et+JA
-7VOyboR+Iy2t/HU4WvA687k3Bppe9GwKHjHhtl//8xFKwZr3Xb5yO5JUP8AUctQq
-Nb8CLlZyuUC+52REAAthdWgsX+7dJO4yabzUcQ22Tp9JSD0hiL43BlkWYUNK3dAo
-PZlmiptjnzVTjg1MxsBSydZinWOLBV8/JQgxSPo2yD4uEfig28qbvQ2wNIn0pnAb
-GxnSAOazkongEGfvcjIIs+LZN9gXFhxcOh6kc4Q/c99B7QWETwLLkYgZ+z1a9VY9
-gEU7CwCxYCD+h9hY6FPmsK0/lC4O7aeRKpYq00rPPxs6i7phiexg6ax6yTMmArQq
-QmK3TAsJm8V/J5AWpLEV6jAFgRGymGGHnof0DXzVWZidrcZJWTNuGEX90nB3ee2w
-PXJEFWKoD3K3aFcSLdHYr3mLGxP7H9ThQai9VsycxZKS5kwvBKQ//YMrmFfwPk8x
-vTeY4KZMaUrveEel5tWZC94RSMKgxR6cyE1nBXyTQnDOGbfpNNgBKxyKbINWoOJU
-WJZAwlsQn+QzCDwpri7+sV1mS3gBE6UY7aQmnmiiaC2V3Hbphxct/en5QsfDOt1X
-JczSfpRWLlbPznZg8OQh/VgCMA58N5DjOzTIK7sJJ5r+94ZBTCpgAMbF588f0NTR
-KCe4yrxGJR7X02M4nvD4IwOlpsQ8xQxZtOSgXv4LkxvdU9XJJKWZ/XNKJeWztxSe
-Z1vdTc2YfsDBA2SEv33vxHx2g1vqtw8SjDRT2RaQSS0QuSaMJimdOX6mTOCBKk1J
-9Q5mXTrER+/LnK0jEmXsBXWA5bqqVZIyahXSx4VYZ7l7w/PHiUDtDgyRhMMKi4n2
-iQvQcWSQTjrpnlJbca1/DkpRt3YwrvJwdqb8asZU2VrNETh5x0QVefDRLFiVpif/
-tUaeAe/P1F8OkS7OIZDs1SUbv/sD2vMbhNkUoCms3/PvNtdnvgL4F0zhaDpKCmlT
-P8vx49E7v5CyRNmED9zZg4o3wmMqrQO93PtTug3Eu9oVx1zPQM1NVMyBa2+f29DL
-1nuTCeXdo9+ni45xx+jAI4DCwrRdhJ9uzZyC6962H37H6D+5naNvClFR1s6li1Gb
-nqPoiy/OBsEx9CaDGcqQBp5Wme/3XW+6z1ISOx+igwNTVCT14mHdBMbya0eIKft5
-X+GnwtgEMyCYyyWuUct8g4RzErcY9+yW9Om5Hzpx4zOuW4NPZgPDTgK+t2RSL/Yq
-rE1njrgeGYcVeG3f+OftH4s6fPbq7t1A5ZgUscbLMBqr9tK+OqygR4EgKBPsH6Cz
-L6zlv/2RV0qAHvVuDJcIDIgwY5rJtINEm32rhOeFNJwZS5MNIC1czXZx5//ugX7l
-I4sy5nbVhwSjtAk8Xg5dZbdTZ6mIrb7xqH+fdakZor1khG7bC2uIwibD3cSl2XkR
-wN48lslbHnqqagr6Xm1nNOSVl8C/6kbJEsMpLhAezfRtGwvOucoaE+WbeUNolGde
-P/eQiddSf0brnpiLJRh7qZrl9XuqYdpUqnoEdMAfotDOID8OtV7gt8a48ad8VPW2
+etQ3xgGLbuYF9vR1km03TH5fwfly1hOlix0PtfQ+t9HG065vTtSEHYc/OyHwdy79
+NCLX5RUrPh06E/XlKzMNVHAXqkwFnIwNzRLsOozeP1L7iZEZb9QMeiN5Org+btCO
+bylXPB4YirfuE7GSJalWY/pq3FQtD33zTIKmNhXfVj3sbwGI/8D9XjaKUb8PODOB
+skOalmx6RvYRvg0lmRxB3+T3wejIsrrDPweYqte9B6dVHIVG1ZmvoA6/wnKZZZeV
+sjj8OpL3OwUBrjuGSknE9Rs6kCuSCbHOYVK8VzcZmCYpie0TFnb3Sk8M6vjfW+45
+U7WUMlSAPxKH6lJDzWdwHqLvsVJwuNnaAaBXg9/8U/rzQEWuq8Ar3s8fw2Jg3F1G
+L6N5ZAEfCz3Sa0N9WKafR/RSQj+rq8Z3w4POAafhbzk249uo5K8B1Z3cQwLxeXIl
+UbRQz1TZy4oNTfQzCahYruPNyvwgTkfwAFFvbLAdaiJd2ZtLBoqYE64TYakYnvcC
+itim1bmySIKoxlMfBGFmMuF03epT0pSx701jlGzGi0l0m16NEjoVxDwo5j93SmiM
+sQdjC1lOGk2iCLkphIQqHFjFJYWjvh1UUIqWZf+ZWOOxlf4x9a1pUVj6FvtECxNB
+/mA/m4Iq4LAuVXHE1MpHeq067lJ6wWlrsb2WVmiNGfQ2AC7fMtpcPuunBVT9NV1m
+1rbDzIgLIWAzqz/cy3N8Q8vfxnrFtmNUyM191Zyq+YF14hIKWX9J1qR4LXwWAzVV
+UrC8IL4pA2mtRkW4qFsB0EmHAxO/cedDTPjVFty5WSzhNuvYZxX45HAkGIfK6d21
+7WHPhHG+zaaUTWMUVixB0IcKp6RecjYPFzBHS0YeX88Ue2cyT/90jMiQ9ssOgRrG
+ZJRJvZAc3TSCnY9sNPYoGrJPiZuCnlUj3ENNurYVy12ai0WFxwnNUZjRUhDS6hjm
+cDHD5TlI9MZ6M+Mb/Bw4Ig8HuTHOtQBYD9vhtXsG+B7H/j6cS+1umaKjrnG/kK4W
+R6YXwM2faAi+DwgjjoMXSzRqSTF8PdTIWbAXo3bc2qsXPTMBA8PEp4nb5scHZ4Ts
+EcBNp2jv0j4gBkRmGIab17cWMrlagjFy89DhqZUFwKdeZs+yJ92A5xstWxOUfpEP
+90T/bsp1G5d7WW5fl2TRJvYJNDM+djkKIh0zCkduiZ36oVM6nDdbjmXqjQXopeSD
+gtOourBRF8g99W0fW8QT+yPhP0Pkyz6EG8eQO6Zwh439xdoVwu9jUzQAPmZ0uNeR
+xTXXihYyv72z27rInjLiIPXL25K9eDVLlcSR3RyG7YYgjdQAL2VJDLcBz5jox1uQ
+0guoD5wmfu2FWLqYE7HeTYntdY53lCflwq0GHRMjrrsVpx+5VDQ6Yi47Ny9SWLcp
+fPI3iBkXuGRWupzs6N4pQdSO0dU28KfpMM5QvFoLIn67brCHEQij4dgFrCTYEyBX
+9+jiNImUFYUhAFuxvUbfZt4O/ABLIElvHLfJs1oYCmI/nWpvLFqXB5rnzPNfEi0H
+PGGe1Hj/t+CJIp/6ios3yNy2QtXO754TZH2UVu51Ykyig5PFjZVoUkbRvHQYcWfU
-----END RSA PRIVATE KEY-----
diff --git a/tests/data_files/test-ca.opensslconf b/tests/data_files/test-ca.opensslconf
index b2c2fa1..f03f5fd 100644
--- a/tests/data_files/test-ca.opensslconf
+++ b/tests/data_files/test-ca.opensslconf
@@ -12,6 +12,11 @@
authorityKeyIdentifier=keyid:always,issuer:always
basicConstraints = CA:true
+[no_subj_auth_id]
+subjectKeyIdentifier=none
+authorityKeyIdentifier=none
+basicConstraints = CA:true
+
[othername_san]
subjectAltName=otherName:1.3.6.1.5.5.7.8.4;SEQ:hw_module_name
@@ -33,6 +38,11 @@
[multiple_san]
subjectAltName=@alt_names
+[ext_multi_nocn]
+basicConstraints = CA:false
+keyUsage = digitalSignature, nonRepudiation, keyEncipherment
+subjectAltName = DNS:www.shotokan-braunschweig.de,DNS:www.massimo-abate.eu,IP:192.168.1.1,IP:192.168.69.144
+
[hw_module_name]
hwtype = OID:1.3.6.1.4.1.17.3
hwserial = OCT:123456
diff --git a/tests/data_files/test-ca.req.sha256 b/tests/data_files/test-ca.req.sha256
new file mode 100644
index 0000000..1114338
--- /dev/null
+++ b/tests/data_files/test-ca.req.sha256
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIICgDCCAWgCAQAwOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAwN83/Be74JadP4beljJ9RKUWoM0h8ZnU7OrLfBhYCJSl7JvFi98a
+Hpk4mYcee8CNOd84XXB4B9Oe2ZPouXJRxc6jMFKp8udAcBTLRKJyC8LlQPk+5aYO
+s/nsSmPAuCkAdJxXO6ilBJBx8b2D2T/WpeI8Ko/vJ2DDxp/LuuxgfbfmhDK+T/tY
+JiIDW9S01fv145YucMDkLr38Lu7iQVXANC59JHJpy0exFECDfWf0hvYxq/F5pLK1
+LhL5hBfwYm8nPhNYsVQNIZpzN6Ewz2+S3Pbp/KzbLijRfgJLI6AV8jhlZAnqDG6O
+Gxegccizm8mr6cPyz4eWj4ACMp6ZWG+i1QIDAQABoAAwDQYJKoZIhvcNAQELBQAD
+ggEBAKI+q840+CyPj6DJDJr9mP/aE8U+VyxbarQuZHxbiyS2HDuNQNFvP2TmCDRx
+juERTU8yDOj3F2p7JhFF4QkCP2TP4JFYjLlOE7ISxYegGdJNNO6W00btMHG1s0aW
+uPcPIIy9HxGiOFFmjYz7Jo8mcFl+bl4ET7zPoj21R4dOl7E3oYLtEZqTuiWnfW2H
++whurU13PYyog3jvJex99VIL8ZRliUSKgdmQ7A4GMvE6kf6Uk+441ynZ7RQr4jF9
+xsVIrR7cyt/SsVEYF+2SfJi0dO9pf6yV3PdwtpU2URTyZoitlneqEINXKi7Qx6E+
++f5fAI8FbCJtgKEKf2TfqiH6sCI=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca.req_ec.sha256 b/tests/data_files/test-ca.req_ec.sha256
new file mode 100644
index 0000000..6d46b2a
--- /dev/null
+++ b/tests/data_files/test-ca.req_ec.sha256
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa
+BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO
+LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg
+Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E
+8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l
+pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca2.ku-crl.crt b/tests/data_files/test-ca2.ku-crl.crt
index 4fb4083..303a2c0 100644
--- a/tests/data_files/test-ca2.ku-crl.crt
+++ b/tests/data_files/test-ca2.ku-crl.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAP6mZLzh0IPSMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIzMzhaFw0yNDA0MDYxMTIzMzhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAQIwCgYIKoZIzj0EAwIDZwAwZAIwZOCKY0EHXYzI4cQsFnfOrxm1
-ufvNeZ4ZcSZWrkTBazW2OBCuCP9SLznec3SFOUvvAjAKe/qycfxkHivjieCEG1Kt
-m2D4QKSJELUhTHr4zdkeqbzgui0y3iouaoyWsKvetNg=
+MIIB2DCCAV6gAwIBAgIUN3DAVq0Kn9k3FPUPZGW2d3rZn28wCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIBAjAKBggqhkjOPQQDAgNoADBlAjAxoq/Q4PEA
+8SDd3cQaVIwx8oJVEzfJo1BB2w1LnjvUXZrQydjNXMU4Jgorm/2/uLgCMQCyI6cZ
+EAIgKPYlT6/zJHBj45qejs527OfI4Xn+kQ7OvHQtHaCAzQw4h7Jfx+gXaUo=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext
new file mode 100644
index 0000000..4bc5d3c
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crl.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = cRLSign
+
diff --git a/tests/data_files/test-ca2.ku-crt.crt b/tests/data_files/test-ca2.ku-crt.crt
index edacc64..5cad7b2 100644
--- a/tests/data_files/test-ca2.ku-crt.crt
+++ b/tests/data_files/test-ca2.ku-crt.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzTCCAVOgAwIBAgIJAODh6PAeD9/vMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIzNTRaFw0yNDA0MDYxMTIzNTRaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAgQwCgYIKoZIzj0EAwIDaAAwZQIwGGlbynd1jU3WkUx6Irhk9Lob
-z2B+1eIO6+eu3En8B3rh8Ipfxo0e0hpfaRFYP1MUAjEAjxxBchRWJAzZ6/47Wg/7
-UoasRINgP5B/uJhTnftS1bqyuWHastb4LW5/YLOvPbMQ
+MIIB2DCCAV6gAwIBAgIUYDcYIJ6EBbKafKeXLgPLE+RsJZowCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxMjEwMzEwNVoXDTMzMDUxMjEwMzEwNVow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwICBDAKBggqhkjOPQQDAgNoADBlAjBwsfyYiZB6
+PpDgIbYRbZ4VT9GGFNE3L4C1IH8RNwzvywLvQfVp3ocRAkzEoRpmKAsCMQDOGm48
+d7zKl7IzmBuOWXYlukWDDWwpNI67z7g0JawfypKIxcPTZFiQXVtDdTdkrGY=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext
new file mode 100644
index 0000000..997c893
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crt.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = keyCertSign
+
diff --git a/tests/data_files/test-ca2.ku-crt_crl.crt b/tests/data_files/test-ca2.ku-crt_crl.crt
index ac74e40..4c69582 100644
--- a/tests/data_files/test-ca2.ku-crt_crl.crt
+++ b/tests/data_files/test-ca2.ku-crt_crl.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAPejOupCJS65MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTIyMjVaFw0yNDA0MDYxMTIyMjVaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCAQYwCgYIKoZIzj0EAwIDZwAwZAIwMKLVXB4YBQ0Ha4dEvFPcJtau
-TS5Vd4UqG3xQ10YcJogweuqaGHSFgdnEUfoX+4p5AjApMnYXFfUjSmlyfJmTaswO
-gaR5sUnnw33NA9j1ercem3asCYz6a8T0zo8/rR33XVU=
+MIIB2TCCAV6gAwIBAgIUd5f42F4ahjkx9AIN035pcF4WFikwCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIBBjAKBggqhkjOPQQDAgNpADBmAjEA6IUvQwSw
+vEkHjU9YNsPcUsJf0UTHUW1T8mNbgk+zCl6fzeU73oCXH6zoi5q6vLgjAjEAv63C
+xknmJJ4H3Zlc+O5GlcX9VQNZDn1xV7hf2yW1Gf7wLTnSWTf5bXATaIQ6QLO1
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext
new file mode 100644
index 0000000..0fd73a2
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-crt_crl.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = keyCertSign, cRLSign
+
diff --git a/tests/data_files/test-ca2.ku-ds.crt b/tests/data_files/test-ca2.ku-ds.crt
index c28e17b..2907aa7 100644
--- a/tests/data_files/test-ca2.ku-ds.crt
+++ b/tests/data_files/test-ca2.ku-ds.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBzDCCAVOgAwIBAgIJAPOkPR3wsvm5MAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xNDA0MDkxMTI0MTNaFw0yNDA0MDYxMTI0MTNaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqMdMBswDAYDVR0TBAUwAwEB/zAL
-BgNVHQ8EBAMCB4AwCgYIKoZIzj0EAwIDZwAwZAIwGRCmU/rWNjW13g8ITuq3pMXb
-jgwTFJHVlbMDiFJwUrRvytPV9doJOfzJ8nAQ0cZ1AjAbJ8QAV2e+DmYZpWc/p6Ug
-nQdac59ev+lH+ju6wET3jNDjUthUPrdgqa54+UWQ5r4=
+MIIB2TCCAV6gAwIBAgIUb5xsO6FEmAz+XpGFHpW7ODFvup0wCgYIKoZIzj0EAwIw
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1ow
+PjELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xh
+cnNzbCBUZXN0IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+H
+Vv78ibopQ0tO4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqr
+Id240xxuWLjK6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeox0wGzAMBgNV
+HRMEBTADAQH/MAsGA1UdDwQEAwIHgDAKBggqhkjOPQQDAgNpADBmAjEA44HVvGYv
+meA3SpaNJmubLKjsQlGNnEUUo1IO0NBP5yWG0dRFkX8NQ0bzH/1n6FJcAjEAm9wj
+xdmEPUr6PY54c0IQJNeeF76L1/+EszXrSDQ7TLv1YC4d4uMNmqwR9EGuUX+/
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext b/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext
new file mode 100644
index 0000000..08e49d4
--- /dev/null
+++ b/tests/data_files/test-ca2.ku-ds.crt.openssl.v3_ext
@@ -0,0 +1,4 @@
+basicConstraints = CA:true
+subjectKeyIdentifier=none
+keyUsage = digitalSignature
+
diff --git a/tests/data_files/test-ca2.req.sha256 b/tests/data_files/test-ca2.req.sha256
new file mode 100644
index 0000000..6d46b2a
--- /dev/null
+++ b/tests/data_files/test-ca2.req.sha256
@@ -0,0 +1,9 @@
+-----BEGIN CERTIFICATE REQUEST-----
+MIIBOTCBvQIBADA+MQswCQYDVQQGEwJOTDERMA8GA1UECgwIUG9sYXJTU0wxHDAa
+BgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwdjAQBgcqhkjOPQIBBgUrgQQAIgNi
+AATD2is0QTdYL4dW/vyJuilDS07gbsMOV1MzOVjUUrSRlTkLI99fFyRiSPwalSnO
+LC2HwohSgK/Waqsh3bjTHG5YuMrosmmO80GtKcO0X3WnR2/VGSlVaZpTOyC0ZhZg
+Mx6gADAMBggqhkjOPQQDAgUAA2kAMGYCMQDElef9+KfRbZOA29ZyU750fB3ob82E
+8R711+hk9HOsk0G9Uccp3tT+1nhCcMNhnWsCMQD6Y8e9jcEaKSPiWWfgCZ5NaQ5l
+pvPDUdcPV8sZt2cgNS8fcRIIHblQKvr6miHXl9Y=
+-----END CERTIFICATE REQUEST-----
diff --git a/tests/data_files/test-ca2_cat-future-invalid.crt b/tests/data_files/test-ca2_cat-future-invalid.crt
index b1cfbf0..833e497 100644
--- a/tests/data_files/test-ca2_cat-future-invalid.crt
+++ b/tests/data_files/test-ca2_cat-future-invalid.crt
@@ -1,27 +1,27 @@
-----BEGIN CERTIFICATE-----
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
------END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-future-present.crt b/tests/data_files/test-ca2_cat-future-present.crt
index 776e725..649cca0 100644
--- a/tests/data_files/test-ca2_cat-future-present.crt
+++ b/tests/data_files/test-ca2_cat-future-present.crt
@@ -1,28 +1,26 @@
-----BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-past-invalid.crt b/tests/data_files/test-ca2_cat-past-invalid.crt
index febad74..a0b0a2f 100644
--- a/tests/data_files/test-ca2_cat-past-invalid.crt
+++ b/tests/data_files/test-ca2_cat-past-invalid.crt
@@ -13,15 +13,15 @@
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIICIDCCAaWgAwIBAgIBCjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1MjA0WhcNMjMwOTIyMTU1MjA0WjA0MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxEjAQBgNVBAMTCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE0MDcxMDM3WjA0MQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxEjAQBgNVBAMMCWxvY2FsaG9zdDBZMBMGByqGSM49AgEG
CCqGSM49AwEHA0IABIFZMXZJJPoVraugMW4O7TMR+pElVcGwwZwDcj6Yui2kcjeJ
H0M3jR+OOtjwV+gvT8kApPfbcw+yxgSU0UA7OOOjgZ0wgZowCQYDVR0TBAIwADAd
BgNVHQ4EFgQUfmWPPjMDFOXhvmCy4IV/jOdgK3swbgYDVR0jBGcwZYAUnW0gJEkB
-PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xh
-clNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
-CCqGSM49BAMCA2kAMGYCMQCsYTyleBFuI4nizuxo/ie5dxJnD0ynwCnRJ+84PZP4
-AQA3HdUz0qNYs4CZ2am9Gz0CMQDr2TNLFA3C3S3pmgXMT0eKzR1Ca1/Nulf0llQZ
-Xj09kLboxuemP40IIqhQnpYptMg=
+PyvLeLUZvH4kydv7NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xh
+clNTTDEcMBoGA1UEAwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAoG
+CCqGSM49BAMCA2kAMGYCMQC7mlP+bq/c4hKB3zfJgPdwSnzzQOkXwdA2O6QumC2o
+ZuHyjUYV5/ZyU8QQ7cNnKnYCMQD9ByA7ddpVE2Gk+OVuBPGfwV4O2COgFrasfrTn
+KgfuCEF96BhSjLDXWKB4IFWaXUQ=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-past-present.crt b/tests/data_files/test-ca2_cat-past-present.crt
index bc1ba9a..24e05c6 100644
--- a/tests/data_files/test-ca2_cat-past-present.crt
+++ b/tests/data_files/test-ca2_cat-past-present.crt
@@ -12,17 +12,15 @@
l7tz0Sw/RW6AHFtaIauGkhHqeKIaKIi6WSgHu6x97uyg
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-present-future.crt b/tests/data_files/test-ca2_cat-present-future.crt
index d62ed09..6539479 100644
--- a/tests/data_files/test-ca2_cat-present-future.crt
+++ b/tests/data_files/test-ca2_cat-present-future.crt
@@ -1,28 +1,26 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIB+zCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTAe
-Fw0yMzA5MjIxNTQ5NDlaFw0zMDEyMzEyMzU5NTlaMD4xCzAJBgNVBAYTAk5MMREw
-DwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBFQyBDQTB2
-MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBuww5XUzM5
-WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiyaY7zQa0p
-w7RfdadHb9UZKVVpmlM7ILRmFmAzHqNQME4wDAYDVR0TBAUwAwEB/zAdBgNVHQ4E
-FgQUnW0gJEkBPyvLeLUZvH4kydv7NnwwHwYDVR0jBBgwFoAUnW0gJEkBPyvLeLUZ
-vH4kydv7NnwwDAYIKoZIzj0EAwIFAANnADBkAjB1ZNdOM7KRJiPo45hP17A1sJSH
-qHFPEJbml6KdNevoVZ1HqvP8AoFGcPJRpQVtzC0CMDa7JEqn0dOss8EmW9pVF/N2
-+XvzNczj89mWMgPhJJlT+MONQx3LFQO+TMSI9hLdkw==
+MIICBjCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTI5MDIxMDE0NDQwMFoXDTM5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2cAMGQCMCDwxpvV0mzZ
+5nyr3tpLILyaERGyVuSGHAJqd88fsWEiV6/xmiOTeIGlN8WLVL03FQIwJYnSIeCj
+vwuQaWzeIypEnGIT2A2eJ2IIrJrFr9xpafqN1vRDSK5VZuM1B4RtW2OU
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca2_cat-present-past.crt b/tests/data_files/test-ca2_cat-present-past.crt
index a321d5d..08aeeea 100644
--- a/tests/data_files/test-ca2_cat-present-past.crt
+++ b/tests/data_files/test-ca2_cat-present-past.crt
@@ -1,17 +1,15 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIB/TCCAYCgAwIBAgIBATAMBggqhkjOPQQDAgUAMD4xCzAJBgNVBAYTAk5MMREw
diff --git a/tests/data_files/test-ca_cat12.crt b/tests/data_files/test-ca_cat12.crt
index 8928144..c54bcc1 100644
--- a/tests/data_files/test-ca_cat12.crt
+++ b/tests/data_files/test-ca_cat12.crt
@@ -1,5 +1,5 @@
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -9,27 +9,25 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-ca_cat21.crt b/tests/data_files/test-ca_cat21.crt
index 7234863..b090dc6 100644
--- a/tests/data_files/test-ca_cat21.crt
+++ b/tests/data_files/test-ca_cat21.crt
@@ -1,20 +1,18 @@
-----BEGIN CERTIFICATE-----
-MIICUjCCAdegAwIBAgIJAMFD4n5iQ8zoMAoGCCqGSM49BAMCMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTAeFw0xMzA5MjQxNTQ5NDhaFw0yMzA5MjIxNTQ5NDhaMD4xCzAJBgNVBAYT
-Ak5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UEAxMTUG9sYXJzc2wgVGVzdCBF
-QyBDQTB2MBAGByqGSM49AgEGBSuBBAAiA2IABMPaKzRBN1gvh1b+/Im6KUNLTuBu
-ww5XUzM5WNRStJGVOQsj318XJGJI/BqVKc4sLYfCiFKAr9ZqqyHduNMcbli4yuiy
-aY7zQa0pw7RfdadHb9UZKVVpmlM7ILRmFmAzHqOBoDCBnTAdBgNVHQ4EFgQUnW0g
-JEkBPyvLeLUZvH4kydv7NnwwbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaQAwZgIxAMO0YnNWKJUAfXgSJtJxexn4ipg+kv4znuR50v56
-t4d0PCu412mUC6Nnd7izvtE2MgIxAP1nnJQjZ8BWukszFQDG48wxCCyci9qpdSMv
-uCjn8pwUOkABXK8Mss90fzCfCEOtIA==
+MIICBzCCAYugAwIBAgIJAMFD4n5iQ8zoMAwGCCqGSM49BAMCBQAwPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMB4XDTE5MDIxMDE0NDQwMFoXDTI5MDIxMDE0NDQwMFowPjELMAkGA1UE
+BhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRwwGgYDVQQDDBNQb2xhcnNzbCBUZXN0
+IEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEw9orNEE3WC+HVv78ibopQ0tO
+4G7DDldTMzlY1FK0kZU5CyPfXxckYkj8GpUpziwth8KIUoCv1mqrId240xxuWLjK
+6LJpjvNBrSnDtF91p0dv1RkpVWmaUzsgtGYWYDMeo1MwUTAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBSdbSAkSQE/K8t4tRm8fiTJ2/s2fDAfBgNVHSMEGDAWgBSd
+bSAkSQE/K8t4tRm8fiTJ2/s2fDAMBggqhkjOPQQDAgUAA2gAMGUCMQDpNWfBIlzq
+6xV2UwQD/1YGz9fQUM7AfNKzVa2PVBpf/QD1TAylTYTF4GI6qlb6EPYCMF/YVa29
+N5yC1mFAir19jb9Pl9iiIkRm17dM4y6m5VIMepEPm/VlWAa8H5p1+BPbGw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
+MIIDRDCCAiygAwIBAgIBAzANBgkqhkiG9w0BAQUFADA7MQswCQYDVQQGEwJOTDER
MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
MTkwMjEwMTQ0NDAwWhcNMjkwMjEwMTQ0NDAwWjA7MQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwggEiMA0G
@@ -24,12 +22,12 @@
YMPGn8u67GB9t+aEMr5P+1gmIgNb1LTV+/Xjli5wwOQuvfwu7uJBVcA0Ln0kcmnL
R7EUQIN9Z/SG9jGr8XmksrUuEvmEF/Bibyc+E1ixVA0hmnM3oTDPb5Lc9un8rNsu
KNF+AksjoBXyOGVkCeoMbo4bF6BxyLObyavpw/LPh5aPgAIynplYb6LVAgMBAAGj
-UDBOMAwGA1UdEwQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68x/3/
-MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEBBQUA
-A4IBAQB0ZiNRFdia6kskaPnhrqejIRq8YMEGAf2oIPnyZ78xoyERgc35lHGyMtsL
-hWicNjP4d/hS9As4j5KA2gdNGi5ETA1X7SowWOGsryivSpMSHVy1+HdfWlsYQOzm
-8o+faQNUm8XzPVmttfAVspxeHSxJZ36Oo+QWZ5wZlCIEyjEdLUId+Tm4Bz3B5jRD
-zZa/SaqDokq66N2zpbgKKAl3GU2O++fBqP2dSkdQykmTxhLLWRN8FJqhYATyQntZ
-0QSi3W9HfSZPnFTcPIXeoiPd2pLlxt1hZu8dws2LTXE63uP6MM4LHvWxiuJaWkP/
-mtxyUALj2pQxRitopORFQdn7AOY5
+UzBRMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFLRa5KWz3tJS9rnVppUP6z68
+x/3/MB8GA1UdIwQYMBaAFLRa5KWz3tJS9rnVppUP6z68x/3/MA0GCSqGSIb3DQEB
+BQUAA4IBAQCz557ZZmWv5UTTHebzTyVzku5ldpcicJPqKHP3xZ4tPPY52JQyJg/T
+hsRB44yTyNo3/jo9or2KgVnc+/nCmnlvTq22a/j26DtKZ7wD9MWxunpkqRwExtA/
+G816msrl6X6m50WwdLXTvaVJGXCYp8TPVLx5YY3WPIVoX0CPN7Hs9iNJNiEWo4Qf
+7dAqjWBB/QpusmWhjaDSc4+cFhT24Yo9HuS1yrkUTrBtJaj0AykTsiyFm6SBVDNH
+9XIxCgYy9QrYbDKNtJXhuevpN0yUMV/aUnIkU2wTTouhOzZisjNk0sS1guqmSHzf
+hlf8qotOhNvFXpEsCGwZUywayo7c4DtO
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca-exp.crt b/tests/data_files/test-int-ca-exp.crt
index c549654..835c7db 100644
--- a/tests/data_files/test-int-ca-exp.crt
+++ b/tests/data_files/test-int-ca-exp.crt
@@ -1,7 +1,7 @@
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MDcwNjI3MTAzODM3WhcNMTcwNjI3MTAzODM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MTMwNTE2MDcxMDM3WhcNMjMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
@@ -16,9 +16,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPu/FDEPvIC/BnzPQDAr1bQakGiwBsE9zGKRgXgX
-Y3Q+XJKhMEKZ8h1m+S5c6taO0gIwNB14zmJ1gJ9X3+tPDfriWrVaNMG54Kr57/Ep
-773Ap7Gxpk168id1EFhvW22YabKs
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAJH0e4fySJI2nJt1Knd+yU7zn1jTFDAABJMbndhR
+07OSM6vwUaGSMVatSzr8ah+UDgIwaI/MBcorSxT92jAQb1W5dJkEudoYSg49fjAf
+z0BtLCVhFwQlrzCqgXC98SGfT6sZ
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca.crt b/tests/data_files/test-int-ca.crt
index cbe99e0..8b2846d 100644
--- a/tests/data_files/test-int-ca.crt
+++ b/tests/data_files/test-int-ca.crt
@@ -1,8 +1,8 @@
-----BEGIN CERTIFICATE-----
MIIEATCCA4egAwIBAgIBDjAKBggqhkjOPQQDAjA+MQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxHDAaBgNVBAMTE1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
-MTMwOTI0MTU1NTE0WhcNMjMwOTIyMTU1NTE0WjBIMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxJjAkBgNVBAMTHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+A1UECgwIUG9sYXJTU0wxHDAaBgNVBAMME1BvbGFyc3NsIFRlc3QgRUMgQ0EwHhcN
+MjMwNTE3MDcxMDM3WhcNMzMwNTE3MDcxMDM3WjBIMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxJjAkBgNVBAMMHVBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAo1Oc8nr6fMTq
vowV+CpC55i5BZGFGc50Eb4RLBSRTH1e7JepdFjAVbBtyQRJSiY1ja0tgLQDDKZR
wfEI+b4azse460InPHv7C1TN0upXlxuj6m9B1IlP+sBaM7WBC6dVfPO+jVMIxgkF
@@ -16,9 +16,9 @@
Np0MSQd+o22PQ4xRtmP6UsTfU0ueiMpYc8TYYhMbfnfFyo4m707ebcflPbBEN2dg
updQ66cvfCJB0QJt9upafY0lpdV1qUkCAwEAAaOBoDCBnTAdBgNVHQ4EFgQUOHfY
a3ecKHeCi07YG6ke95QWtw4wbgYDVR0jBGcwZYAUnW0gJEkBPyvLeLUZvH4kydv7
-NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKEwhQb2xhclNTTDEcMBoGA1UE
-AxMTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
-CgYIKoZIzj0EAwIDaAAwZQIxAPyE+u+eP7gRrSFjQicmpYg8jiFUCYEowWY2zuOG
-i1HXYwmpDHfasQ3rNSuf/gHvjwIwbSSjumDk+uYNci/KMELDsD0MFHxZhhBc9Hp9
-Af5cNR8KhzegznL6amRObGGKmX1F
+NnyhQqRAMD4xCzAJBgNVBAYTAk5MMREwDwYDVQQKDAhQb2xhclNTTDEcMBoGA1UE
+AwwTUG9sYXJzc2wgVGVzdCBFQyBDQYIJAMFD4n5iQ8zoMAwGA1UdEwQFMAMBAf8w
+CgYIKoZIzj0EAwIDaAAwZQIxAOAch+gz4rHfI/pm8MIDssMtJCqzS6xtOvQHJZ9l
+fdgWfJV5cSHJpOIWGXeFKKR18wIwODTRnTIioy+bYacNq8TQPjzdVlT9XbYkWIYN
+JAuV9fLJJdB5nZUG3l85Dt27VNkT
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca2.crt b/tests/data_files/test-int-ca2.crt
index 9ce44c2..80f39b9 100644
--- a/tests/data_files/test-int-ca2.crt
+++ b/tests/data_files/test-int-ca2.crt
@@ -1,18 +1,18 @@
-----BEGIN CERTIFICATE-----
MIIC6TCCAdGgAwIBAgIBDzANBgkqhkiG9w0BAQsFADA7MQswCQYDVQQGEwJOTDER
-MA8GA1UEChMIUG9sYXJTU0wxGTAXBgNVBAMTEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
-MTMwOTI0MTYwODQyWhcNMjMwOTIyMTYwODQyWjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+MA8GA1UECgwIUG9sYXJTU0wxGTAXBgNVBAMMEFBvbGFyU1NMIFRlc3QgQ0EwHhcN
+MjMwNTE3MDkyNzAyWhcNMzMwNTE3MDkyNzAyWjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
YXRlIEVDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8Oih3fX5SLeN1dmFncQl
WMw9+Y6sXblhlrXBxhXxjwdwpCHENn+foUVdrqYVYa7Suv3QVeO6nJ19H3QNixW8
ik1P+hxsbaq8bta78vAyHmC4EmXQLg1w7oxb9Q82qX1Yo4GVMIGSMB0GA1UdDgQW
BBQPib1jQevLXhco/2gwPcGI0JxYOTBjBgNVHSMEXDBagBS0WuSls97SUva51aaV
-D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoTCFBvbGFyU1NMMRkw
-FwYDVQQDExBQb2xhclNTTCBUZXN0IENBggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAAjeaTUaCBiXT1CYLVr6UFSeRNZBrDPnj6PwqUQTvgB5I5n6
-yXqoE4RYDaEL0Lg24juFxI26itBuypto6vscgGq77cfrP/avSdxU+xeZ4bCWvh3M
-ddj9lmko2U8I8GhBcHpSuIiTvgKDB8eKkjeq3AsLGchHDvip8pB3IhcNfL7W94Zf
-7/lH9VQiE3/px7amD32cidoPvWLA9U3f1FsPmJESUz0wwNfINpDjmPr8dGbkCN+M
-CFhxo6sCfK8KLYG4nYX8FwxVR86kpSrO9e84AX0YYbdzxprbc2XOaebJ8+BDmzut
-ARkD7DTXrodN1wV7jQJkrUuEwPj9Rhvk+MFRkaw=
+D+s+vMf9/6E/pD0wOzELMAkGA1UEBhMCTkwxETAPBgNVBAoMCFBvbGFyU1NMMRkw
+FwYDVQQDDBBQb2xhclNTTCBUZXN0IENBggEDMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAHTN0URrP2MpwD8vODymjjq7iaB7WFZ4CWUjx9LWu3PPZbX2
+12MxzkyFaVR7rnPKZSFHJJEmNaPDJWwYhGQRXLCoD6NiJy6De4fa5gSYoXthRGFf
+GnFXZu3e37GDKoKP87TZ+VXcyx6PHvPxJB3/9N94Vj2Yh3hCs7F72GmwfDww6ooj
+whIqhxBYOhPleANs70FZ7Y7tjZV1RtQ1/9sRcbyv9OvdPuWvukBVq1KM6nqVHBZ3
+/4kHBWaFaWMq/AAxMxaTGFAOA8S2yU56jkB65viQrpQQWffBJWK+WfrcgxRWqR33
+hqG3yT1IWbJ5E11XL9TCKD+DReqeXHyYawx8fBU=
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca3-badsign.crt b/tests/data_files/test-int-ca3-badsign.crt
index 2087056..8c36315 100644
--- a/tests/data_files/test-int-ca3-badsign.crt
+++ b/tests/data_files/test-int-ca3-badsign.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWf0=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg10==
-----END CERTIFICATE-----
diff --git a/tests/data_files/test-int-ca3.crt b/tests/data_files/test-int-ca3.crt
index 7e724b2..3aa64b1 100644
--- a/tests/data_files/test-int-ca3.crt
+++ b/tests/data_files/test-int-ca3.crt
@@ -1,12 +1,12 @@
-----BEGIN CERTIFICATE-----
-MIIBtDCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
-A1UEChMIUG9sYXJTU0wxKTAnBgNVBAMTIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
-YXRlIEVDIENBMB4XDTE1MDkwMTE0MDg0M1oXDTI1MDgyOTE0MDg0M1owSjELMAkG
-A1UEBhMCVUsxETAPBgNVBAoTCG1iZWQgVExTMSgwJgYDVQQDEx9tYmVkIFRMUyBU
+MIIBszCCATqgAwIBAgIBTTAKBggqhkjOPQQDAjBLMQswCQYDVQQGEwJOTDERMA8G
+A1UECgwIUG9sYXJTU0wxKTAnBgNVBAMMIFBvbGFyU1NMIFRlc3QgSW50ZXJtZWRp
+YXRlIEVDIENBMB4XDTIzMDUxNzA3MTAzN1oXDTMzMDUxNzA3MTAzN1owSjELMAkG
+A1UEBhMCVUsxETAPBgNVBAoMCG1iZWQgVExTMSgwJgYDVQQDDB9tYmVkIFRMUyBU
ZXN0IGludGVybWVkaWF0ZSBDQSAzMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE
732fWHLNPMPsP1U1ibXvb55erlEVMlpXBGsj+KYwVqU1XCmW9Z9hhP7X/5js/DX9
-2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNo
-ADBlAjAJRxbGRas3NBmk9MnGWXg7PT1xnRELHRWWIvfLdVQt06l1/xFg3ZuPdQdt
-Qh7CK80CMQD7wa1o1a8qyDKBfLN636uKmKGga0E+vYXBeFCy9oARBangGCB0B2vt
-pz590JvGWfM=
+2J/utoHyjUtVpQOzdTrbsaMQMA4wDAYDVR0TBAUwAwEB/zAKBggqhkjOPQQDAgNn
+ADBkAjAZx8k0q+DtT/LJd1FjPcG/peoQDfMBL2jS/6PwxW+3+ZPMpHZn0r+JpCaF
++V/sM9kCMGqcxQwx/bsMaK0y9zqshC7/S5hVlA+WRVyMfEGJmXnfbdwh6CByKIwv
+1GRe86dg1A==
-----END CERTIFICATE-----
diff --git a/tests/include/spe/crypto_spe.h b/tests/include/spe/crypto_spe.h
index a79ce17..de84264 100644
--- a/tests/include/spe/crypto_spe.h
+++ b/tests/include/spe/crypto_spe.h
@@ -19,13 +19,13 @@
/**
* \file crypto_spe.h
*
- * \brief When Mbed Crypto is built with the MBEDTLS_PSA_CRYPTO_SPM option
- * enabled, this header is included by all .c files in Mbed Crypto that
+ * \brief When Mbed TLS is built with the MBEDTLS_PSA_CRYPTO_SPM option
+ * enabled, this header is included by all .c files in Mbed TLS that
* use PSA Crypto function names. This avoids duplication of symbols
- * between TF-M and Mbed Crypto.
+ * between TF-M and Mbed TLS.
*
* \note This file should be included before including any PSA Crypto headers
- * from Mbed Crypto.
+ * from Mbed TLS.
*/
#ifndef CRYPTO_SPE_H
diff --git a/tests/include/test/arguments.h b/tests/include/test/arguments.h
new file mode 100644
index 0000000..a975bfa
--- /dev/null
+++ b/tests/include/test/arguments.h
@@ -0,0 +1,43 @@
+/**
+ * \file arguments.h
+ *
+ * \brief Manipulation of test arguments.
+ *
+ * Much of the code is in host_test.function, to be migrated here later.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_ARGUMENTS_H
+#define TEST_ARGUMENTS_H
+
+#if !defined(MBEDTLS_CONFIG_FILE)
+#include "mbedtls/config.h"
+#else
+#include MBEDTLS_CONFIG_FILE
+#endif
+
+#include <stdint.h>
+#include <stdlib.h>
+
+typedef union {
+ size_t len;
+ intmax_t sint;
+} mbedtls_test_argument_t;
+
+#endif /* TEST_ARGUMENTS_H */
diff --git a/tests/include/test/drivers/crypto_config_test_driver_extension.h b/tests/include/test/drivers/crypto_config_test_driver_extension.h
index 91ee320..a285bc7 100644
--- a/tests/include/test/drivers/crypto_config_test_driver_extension.h
+++ b/tests/include/test/drivers/crypto_config_test_driver_extension.h
@@ -198,6 +198,14 @@
#endif
#endif
+#if defined(PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY
+#else
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
+#endif
+#endif
+
#if defined(PSA_WANT_KEY_TYPE_RSA_KEY_PAIR)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_KEY_PAIR
@@ -206,6 +214,14 @@
#endif
#endif
+#if defined(PSA_WANT_KEY_TYPE_RSA_PUBLIC_KEY)
+#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY)
+#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY
+#else
+#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1
+#endif
+#endif
+
#if defined(PSA_WANT_KEY_TYPE_CHACHA20)
#if defined(MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20)
#undef MBEDTLS_PSA_ACCEL_KEY_TYPE_CHACHA20
@@ -248,6 +264,4 @@
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_HMAC 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ARC4 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_DES 1
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_ECC_PUBLIC_KEY 1
#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RAW_DATA 1
-#define MBEDTLS_PSA_ACCEL_KEY_TYPE_RSA_PUBLIC_KEY 1
diff --git a/tests/include/test/macros.h b/tests/include/test/macros.h
index 95bca23..f942889 100644
--- a/tests/include/test/macros.h
+++ b/tests/include/test/macros.h
@@ -71,6 +71,16 @@
} \
} while (0)
+/** This macro asserts fails the test with given output message.
+ *
+ * \param MESSAGE The message to be outputed on assertion
+ */
+#define TEST_FAIL(MESSAGE) \
+ do { \
+ mbedtls_test_fail(MESSAGE, __LINE__, __FILE__); \
+ goto exit; \
+ } while (0)
+
/** Evaluate two integer expressions and fail the test case if they have
* different values.
*
@@ -117,52 +127,52 @@
* The allocated memory will be filled with zeros.
*
* You must set \p pointer to \c NULL before calling this macro and
- * put `mbedtls_free( pointer )` in the test's cleanup code.
+ * put `mbedtls_free(pointer)` in the test's cleanup code.
*
- * If \p length is zero, the resulting \p pointer will be \c NULL.
+ * If \p item_count is zero, the resulting \p pointer will be \c NULL.
* This is usually what we want in tests since API functions are
* supposed to accept null pointers when a buffer size is zero.
*
* This macro expands to an instruction, not an expression.
* It may jump to the \c exit label.
*
- * \param pointer An lvalue where the address of the allocated buffer
- * will be stored.
- * This expression may be evaluated multiple times.
- * \param length Number of elements to allocate.
- * This expression may be evaluated multiple times.
+ * \param pointer An lvalue where the address of the allocated buffer
+ * will be stored.
+ * This expression may be evaluated multiple times.
+ * \param item_count Number of elements to allocate.
+ * This expression may be evaluated multiple times.
*
*/
-#define ASSERT_ALLOC(pointer, length) \
- do \
- { \
- TEST_ASSERT((pointer) == NULL); \
- if ((length) != 0) \
- { \
- (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
- (length)); \
- TEST_ASSERT((pointer) != NULL); \
- } \
- } \
- while (0)
+#define TEST_CALLOC(pointer, item_count) \
+ do { \
+ TEST_ASSERT((pointer) == NULL); \
+ if ((item_count) != 0) { \
+ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
+ (item_count)); \
+ TEST_ASSERT((pointer) != NULL); \
+ } \
+ } while (0)
+
+/* For backwards compatibility */
+#define ASSERT_ALLOC(pointer, item_count) TEST_CALLOC(pointer, item_count)
/** Allocate memory dynamically. If the allocation fails, skip the test case.
*
- * This macro behaves like #ASSERT_ALLOC, except that if the allocation
+ * This macro behaves like #TEST_CALLOC, except that if the allocation
* fails, it marks the test as skipped rather than failed.
*/
-#define ASSERT_ALLOC_WEAK(pointer, length) \
- do \
- { \
- TEST_ASSERT((pointer) == NULL); \
- if ((length) != 0) \
- { \
- (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
- (length)); \
- TEST_ASSUME((pointer) != NULL); \
- } \
- } \
- while (0)
+#define TEST_CALLOC_OR_SKIP(pointer, item_count) \
+ do { \
+ TEST_ASSERT((pointer) == NULL); \
+ if ((item_count) != 0) { \
+ (pointer) = mbedtls_calloc(sizeof(*(pointer)), \
+ (item_count)); \
+ TEST_ASSUME((pointer) != NULL); \
+ } \
+ } while (0)
+
+/* For backwards compatibility */
+#define ASSERT_ALLOC_WEAK(pointer, item_count) TEST_CALLOC_OR_SKIP(pointer, item_count)
/** Compare two buffers and fail the test case if they differ.
*
@@ -176,14 +186,16 @@
* \param size2 Size of the second buffer in bytes.
* This expression may be evaluated multiple times.
*/
-#define ASSERT_COMPARE(p1, size1, p2, size2) \
- do \
- { \
+#define TEST_MEMORY_COMPARE(p1, size1, p2, size2) \
+ do { \
TEST_EQUAL((size1), (size2)); \
- if ((size1) != 0) \
- TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
- } \
- while (0)
+ if ((size1) != 0) { \
+ TEST_ASSERT(memcmp((p1), (p2), (size1)) == 0); \
+ } \
+ } while (0)
+
+/* For backwards compatibility */
+#define ASSERT_COMPARE(p1, size1, p2, size2) TEST_MEMORY_COMPARE(p1, size1, p2, size2)
/**
* \brief This macro tests the expression passed to it and skips the
diff --git a/tests/include/test/psa_crypto_helpers.h b/tests/include/test/psa_crypto_helpers.h
index 08179e2..8ac09c8 100644
--- a/tests/include/test/psa_crypto_helpers.h
+++ b/tests/include/test/psa_crypto_helpers.h
@@ -104,11 +104,11 @@
* `TEST_ASSERT( ! mbedtls_test_helper_is_psa_leaking( ) )`
* but with a more informative message.
*/
-#define ASSERT_PSA_PRISTINE() \
+#define ASSERT_PSA_PRISTINE() \
do \
{ \
- if (test_fail_if_psa_leaking(__LINE__, __FILE__)) \
- goto exit; \
+ if (mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__)) \
+ goto exit; \
} \
while (0)
@@ -122,12 +122,12 @@
* \note Persistent keys must be recorded with #TEST_USES_KEY_ID before
* creating them.
*/
-#define PSA_DONE() \
+#define PSA_DONE() \
do \
{ \
- test_fail_if_psa_leaking(__LINE__, __FILE__); \
- mbedtls_test_psa_purge_key_storage(); \
- mbedtls_psa_crypto_free(); \
+ mbedtls_test_fail_if_psa_leaking(__LINE__, __FILE__); \
+ mbedtls_test_psa_purge_key_storage(); \
+ mbedtls_psa_crypto_free(); \
} \
while (0)
@@ -193,6 +193,49 @@
*/
psa_key_usage_t mbedtls_test_update_key_usage_flags(psa_key_usage_t usage_flags);
+/** Check that no PSA Crypto key slots are in use.
+ *
+ * If any slots are in use, mark the current test as failed.
+ *
+ * \return 0 if the key store is empty, 1 otherwise.
+ */
+int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename);
+
+
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+/* The #MBEDTLS_PSA_INJECT_ENTROPY feature requires two extra platform
+ * functions, which must be configured as #MBEDTLS_PLATFORM_NV_SEED_READ_MACRO
+ * and #MBEDTLS_PLATFORM_NV_SEED_WRITE_MACRO. The job of these functions
+ * is to read and write from the entropy seed file, which is located
+ * in the PSA ITS file whose uid is #PSA_CRYPTO_ITS_RANDOM_SEED_UID.
+ * (These could have been provided as library functions, but for historical
+ * reasons, they weren't, and so each integrator has to provide a copy
+ * of these functions.)
+ *
+ * Provide implementations of these functions for testing. */
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len);
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len);
+
+
+/** Make sure that the injected entropy is present.
+ *
+ * When MBEDTLS_PSA_INJECT_ENTROPY is enabled, psa_crypto_init()
+ * will fail if the PSA entropy seed is not present.
+ * This function must be called at least once in a test suite or other
+ * program before any call to psa_crypto_init().
+ * It does not need to be called in each test case.
+ *
+ * The test framework calls this function before running any test case.
+ *
+ * The few tests that might remove the entropy file must call this function
+ * in their cleanup.
+ */
+int mbedtls_test_inject_entropy_restore(void);
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
+
+
/** Skip a test case if the given key is a 192 bits AES key and the AES
* implementation is at least partially provided by an accelerator or
* alternative implementation.
diff --git a/tests/include/test/ssl_helpers.h b/tests/include/test/ssl_helpers.h
new file mode 100644
index 0000000..6b51950
--- /dev/null
+++ b/tests/include/test/ssl_helpers.h
@@ -0,0 +1,517 @@
+/** \file ssl_helpers.h
+ *
+ * \brief This file contains helper functions to set up a TLS connection.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef SSL_HELPERS_H
+#define SSL_HELPERS_H
+
+#include <string.h>
+
+#include <test/helpers.h>
+#include <test/macros.h>
+#include <test/random.h>
+#include <test/psa_crypto_helpers.h>
+
+#if defined(MBEDTLS_SSL_TLS_C)
+#include <mbedtls/ssl_internal.h>
+#include <mbedtls/ctr_drbg.h>
+#include <mbedtls/entropy.h>
+#include <mbedtls/certs.h>
+#include <mbedtls/timing.h>
+#include <mbedtls/debug.h>
+#include <ssl_tls13_keys.h>
+
+#if defined(MBEDTLS_SSL_CACHE_C)
+#include "mbedtls/ssl_cache.h"
+#endif
+
+#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
+ defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
+#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
+#endif
+
+enum {
+#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
+ tls1_3_label_ ## name,
+ MBEDTLS_SSL_TLS1_3_LABEL_LIST
+#undef MBEDTLS_SSL_TLS1_3_LABEL
+};
+
+typedef struct mbedtls_test_ssl_log_pattern {
+ const char *pattern;
+ size_t counter;
+} mbedtls_test_ssl_log_pattern;
+
+/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
+#define TEST_SSL_MINOR_VERSION_NONE -1
+
+typedef struct mbedtls_test_handshake_test_options {
+ const char *cipher;
+ int client_min_version;
+ int client_max_version;
+ int server_min_version;
+ int server_max_version;
+ int expected_negotiated_version;
+ int pk_alg;
+ data_t *psk_str;
+ int dtls;
+ int srv_auth_mode;
+ int serialize;
+ int mfl;
+ int cli_msg_len;
+ int srv_msg_len;
+ int expected_cli_fragments;
+ int expected_srv_fragments;
+ int renegotiate;
+ int legacy_renegotiation;
+ void *srv_log_obj;
+ void *cli_log_obj;
+ void (*srv_log_fun)(void *, int, const char *, int, const char *);
+ void (*cli_log_fun)(void *, int, const char *, int, const char *);
+ int resize_buffers;
+} mbedtls_test_handshake_test_options;
+
+/*
+ * Buffer structure for custom I/O callbacks.
+ */
+typedef struct mbedtls_test_ssl_buffer {
+ size_t start;
+ size_t content_length;
+ size_t capacity;
+ unsigned char *buffer;
+} mbedtls_test_ssl_buffer;
+
+/*
+ * Context for a message metadata queue (fifo) that is on top of the ring buffer.
+ */
+typedef struct mbedtls_test_ssl_message_queue {
+ size_t *messages;
+ int pos;
+ int num;
+ int capacity;
+} mbedtls_test_ssl_message_queue;
+
+/*
+ * Context for the I/O callbacks simulating network connection.
+ */
+
+#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
+
+typedef struct mbedtls_test_mock_socket {
+ int status;
+ mbedtls_test_ssl_buffer *input;
+ mbedtls_test_ssl_buffer *output;
+ struct mbedtls_test_mock_socket *peer;
+} mbedtls_test_mock_socket;
+
+/* Errors used in the message socket mocks */
+
+#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
+#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
+#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
+
+/*
+ * Structure used as an addon, or a wrapper, around the mocked sockets.
+ * Contains an input queue, to which the other socket pushes metadata,
+ * and an output queue, to which this one pushes metadata. This context is
+ * considered as an owner of the input queue only, which is initialized and
+ * freed in the respective setup and free calls.
+ */
+typedef struct mbedtls_test_message_socket_context {
+ mbedtls_test_ssl_message_queue *queue_input;
+ mbedtls_test_ssl_message_queue *queue_output;
+ mbedtls_test_mock_socket *socket;
+} mbedtls_test_message_socket_context;
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+
+/*
+ * Structure with endpoint's certificates for SSL communication tests.
+ */
+typedef struct mbedtls_test_ssl_endpoint_certificate {
+ mbedtls_x509_crt *ca_cert;
+ mbedtls_x509_crt *cert;
+ mbedtls_pk_context *pkey;
+} mbedtls_test_ssl_endpoint_certificate;
+
+/*
+ * Endpoint structure for SSL communication tests.
+ */
+typedef struct mbedtls_test_ssl_endpoint {
+ const char *name;
+ mbedtls_ssl_context ssl;
+ mbedtls_ssl_config conf;
+ mbedtls_ctr_drbg_context ctr_drbg;
+ mbedtls_entropy_context entropy;
+ mbedtls_test_mock_socket socket;
+ mbedtls_test_ssl_endpoint_certificate cert;
+} mbedtls_test_ssl_endpoint;
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+/*
+ * This function can be passed to mbedtls to receive output logs from it. In
+ * this case, it will count the instances of a mbedtls_test_ssl_log_pattern
+ * in the received logged messages.
+ */
+void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
+ const char *file, int line,
+ const char *str);
+
+void mbedtls_test_init_handshake_options(
+ mbedtls_test_handshake_test_options *opts);
+
+/*
+ * Initialises \p buf. After calling this function it is safe to call
+ * `mbedtls_test_ssl_buffer_free()` on \p buf.
+ */
+void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf);
+
+/*
+ * Sets up \p buf. After calling this function it is safe to call
+ * `mbedtls_test_ssl_buffer_put()` and `mbedtls_test_ssl_buffer_get()`
+ * on \p buf.
+ */
+int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf,
+ size_t capacity);
+
+void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf);
+
+/*
+ * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
+ *
+ * \p buf must have been initialized and set up by calling
+ * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`.
+ *
+ * \retval \p input_len, if the data fits.
+ * \retval 0 <= value < \p input_len, if the data does not fit.
+ * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
+ * zero and \p input is NULL.
+ */
+int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf,
+ const unsigned char *input, size_t input_len);
+
+/*
+ * Gets \p output_len bytes from the ring buffer \p buf into the
+ * \p output buffer. The output buffer can be NULL, in this case a part of the
+ * ring buffer will be dropped, if the requested length is available.
+ *
+ * \p buf must have been initialized and set up by calling
+ * `mbedtls_test_ssl_buffer_init()` and `mbedtls_test_ssl_buffer_setup()`.
+ *
+ * \retval \p output_len, if the data is available.
+ * \retval 0 <= value < \p output_len, if the data is not available.
+ * \retval -1, if \buf is NULL or it hasn't been set up.
+ */
+int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf,
+ unsigned char *output, size_t output_len);
+
+/*
+ * Errors used in the message transport mock tests
+ */
+ #define MBEDTLS_TEST_ERROR_ARG_NULL -11
+ #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
+
+/*
+ * Setup and free functions for the message metadata queue.
+ *
+ * \p capacity describes the number of message metadata chunks that can be held
+ * within the queue.
+ *
+ * \retval 0, if a metadata queue of a given length can be allocated.
+ * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
+ */
+int mbedtls_test_ssl_message_queue_setup(
+ mbedtls_test_ssl_message_queue *queue, size_t capacity);
+
+void mbedtls_test_ssl_message_queue_free(
+ mbedtls_test_ssl_message_queue *queue);
+
+/*
+ * Push message length information onto the message metadata queue.
+ * This will become the last element to leave it (fifo).
+ *
+ * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
+ * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
+ * \retval \p len, if the push was successful.
+ */
+int mbedtls_test_ssl_message_queue_push_info(
+ mbedtls_test_ssl_message_queue *queue, size_t len);
+
+/*
+ * Pop information about the next message length from the queue. This will be
+ * the oldest inserted message length(fifo). \p msg_len can be null, in which
+ * case the data will be popped from the queue but not copied anywhere.
+ *
+ * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
+ * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
+ * \retval message length, if the pop was successful, up to the given
+ \p buf_len.
+ */
+int mbedtls_test_ssl_message_queue_pop_info(
+ mbedtls_test_ssl_message_queue *queue, size_t buf_len);
+
+/*
+ * Setup and teardown functions for mock sockets.
+ */
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket);
+
+/*
+ * Closes the socket \p socket.
+ *
+ * \p socket must have been previously initialized by calling
+ * mbedtls_test_mock_socket_init().
+ *
+ * This function frees all allocated resources and both sockets are aware of the
+ * new connection state.
+ *
+ * That is, this function does not simulate half-open TCP connections and the
+ * phenomenon that when closing a UDP connection the peer is not aware of the
+ * connection having been closed.
+ */
+void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket);
+
+/*
+ * Establishes a connection between \p peer1 and \p peer2.
+ *
+ * \p peer1 and \p peer2 must have been previously initialized by calling
+ * mbedtls_test_mock_socket_init().
+ *
+ * The capacities of the internal buffers are set to \p bufsize. Setting this to
+ * the correct value allows for simulation of MTU, sanity testing the mock
+ * implementation and mocking TCP connections with lower memory cost.
+ */
+int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1,
+ mbedtls_test_mock_socket *peer2,
+ size_t bufsize);
+
+/*
+ * Callbacks for simulating blocking I/O over connection-oriented transport.
+ */
+int mbedtls_test_mock_tcp_send_b(void *ctx,
+ const unsigned char *buf, size_t len);
+
+int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len);
+
+/*
+ * Callbacks for simulating non-blocking I/O over connection-oriented transport.
+ */
+int mbedtls_test_mock_tcp_send_nb(void *ctx,
+ const unsigned char *buf, size_t len);
+
+int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len);
+
+void mbedtls_test_message_socket_init(
+ mbedtls_test_message_socket_context *ctx);
+
+/*
+ * Setup a given message socket context including initialization of
+ * input/output queues to a chosen capacity of messages. Also set the
+ * corresponding mock socket.
+ *
+ * \retval 0, if everything succeeds.
+ * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
+ * queue failed.
+ */
+int mbedtls_test_message_socket_setup(
+ mbedtls_test_ssl_message_queue *queue_input,
+ mbedtls_test_ssl_message_queue *queue_output,
+ size_t queue_capacity,
+ mbedtls_test_mock_socket *socket,
+ mbedtls_test_message_socket_context *ctx);
+
+/*
+ * Close a given message socket context, along with the socket itself. Free the
+ * memory allocated by the input queue.
+ */
+void mbedtls_test_message_socket_close(
+ mbedtls_test_message_socket_context *ctx);
+
+/*
+ * Send one message through a given message socket context.
+ *
+ * \retval \p len, if everything succeeds.
+ * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
+ * elements or the context itself is null.
+ * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if
+ * mbedtls_test_mock_tcp_send_b failed.
+ * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
+ *
+ * This function will also return any error from
+ * mbedtls_test_ssl_message_queue_push_info.
+ */
+int mbedtls_test_mock_tcp_send_msg(void *ctx,
+ const unsigned char *buf, size_t len);
+
+/*
+ * Receive one message from a given message socket context and return message
+ * length or an error.
+ *
+ * \retval message length, if everything succeeds.
+ * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
+ * elements or the context itself is null.
+ * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if
+ * mbedtls_test_mock_tcp_recv_b failed.
+ *
+ * This function will also return any error other than
+ * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from test_ssl_message_queue_peek_info.
+ */
+int mbedtls_test_mock_tcp_recv_msg(void *ctx,
+ unsigned char *buf, size_t buf_len);
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+
+/*
+ * Initializes \p ep_cert structure and assigns it to endpoint
+ * represented by \p ep.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
+ int pk_alg);
+
+/*
+ * Initializes \p ep structure. It is important to call
+ * `mbedtls_test_ssl_endpoint_free()` after calling this function
+ * even if it fails.
+ *
+ * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
+ * MBEDTLS_SSL_IS_CLIENT.
+ * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
+ * MBEDTLS_PK_ECDSA are supported.
+ * \p dtls_context - in case of DTLS - this is the context handling metadata.
+ * \p input_queue - used only in case of DTLS.
+ * \p output_queue - used only in case of DTLS.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_endpoint_init(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg,
+ mbedtls_test_message_socket_context *dtls_context,
+ mbedtls_test_ssl_message_queue *input_queue,
+ mbedtls_test_ssl_message_queue *output_queue,
+ const mbedtls_ecp_group_id *curves);
+
+/*
+ * Deinitializes endpoint represented by \p ep.
+ */
+void mbedtls_test_ssl_endpoint_free(
+ mbedtls_test_ssl_endpoint *ep,
+ mbedtls_test_message_socket_context *context);
+
+/*
+ * This function moves ssl handshake from \p ssl to prescribed \p state.
+ * /p second_ssl is used as second endpoint and their sockets have to be
+ * connected before calling this function.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_context *second_ssl,
+ int state);
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+/*
+ * Helper function setting up inverse record transformations
+ * using given cipher, hash, EtM mode, authentication tag length,
+ * and version.
+ */
+
+#define CHK(x) \
+ do \
+ { \
+ if (!(x)) \
+ { \
+ ret = -1; \
+ goto cleanup; \
+ } \
+ } while (0)
+
+#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
+#else
+#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
+#endif
+
+int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
+ mbedtls_ssl_transform *t_out,
+ int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ size_t cid0_len,
+ size_t cid1_len);
+
+/*
+ * Populate a session structure for serialization tests.
+ * Choose dummy values, mostly non-0 to distinguish from the init default.
+ */
+int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session,
+ int ticket_len,
+ const char *crt_file);
+
+/*
+ * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
+ * message was sent in the correct number of fragments.
+ *
+ * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
+ * of them must be initialized and connected
+ * beforehand.
+ * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
+ * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
+ * fragments the message should be sent.
+ * expected_fragments is 0: can be used for DTLS testing while the message
+ * size is larger than MFL. In that case the message
+ * cannot be fragmented and sent to the second
+ * endpoint.
+ * This value can be used for negative tests.
+ * expected_fragments is 1: can be used for TLS/DTLS testing while the
+ * message size is below MFL
+ * expected_fragments > 1: can be used for TLS testing while the message
+ * size is larger than MFL
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2);
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+void mbedtls_test_ssl_perform_handshake(
+ mbedtls_test_handshake_test_options *options);
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#endif /* MBEDTLS_SSL_TLS_C */
+
+#endif /* SSL_HELPERS_H */
diff --git a/tests/scripts/all.sh b/tests/scripts/all.sh
index 2da9fe2..19c9cc5 100755
--- a/tests/scripts/all.sh
+++ b/tests/scripts/all.sh
@@ -125,7 +125,7 @@
pre_check_environment () {
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
}
@@ -175,6 +175,10 @@
: ${ARMC6_BIN_DIR:=/usr/bin}
: ${ARM_NONE_EABI_GCC_PREFIX:=arm-none-eabi-}
: ${ARM_LINUX_GNUEABI_GCC_PREFIX:=arm-linux-gnueabi-}
+ : ${CLANG_LATEST:="clang-latest"}
+ : ${CLANG_EARLIEST:="clang-earliest"}
+ : ${GCC_LATEST:="gcc-latest"}
+ : ${GCC_EARLIEST:="gcc-earliest"}
# if MAKEFLAGS is not set add the -j option to speed up invocations of make
if [ -z "${MAKEFLAGS+set}" ]; then
@@ -188,11 +192,13 @@
# default to -O2, use -Ox _after_ this if you want another level
ASAN_CFLAGS='-O2 -Werror -fsanitize=address,undefined -fno-sanitize-recover=all'
+ # Platform tests have an allocation that returns null
+ export ASAN_OPTIONS="allocator_may_return_null=1"
+ export MSAN_OPTIONS="allocator_may_return_null=1"
+
# Gather the list of available components. These are the functions
# defined in this script whose name starts with "component_".
- # Parse the script with sed. This way we get the functions in the order
- # they are defined.
- ALL_COMPONENTS=$(sed -n 's/^ *component_\([0-9A-Z_a-z]*\) *().*/\1/p' <"$0")
+ ALL_COMPONENTS=$(compgen -A function component_ | sed 's/component_//')
# Exclude components that are not supported on this platform.
SUPPORTED_COMPONENTS=
@@ -274,6 +280,10 @@
Tool path options:
--armc5-bin-dir=<ARMC5_bin_dir_path> ARM Compiler 5 bin directory.
--armc6-bin-dir=<ARMC6_bin_dir_path> ARM Compiler 6 bin directory.
+ --clang-earliest=<Clang_earliest_path> Earliest version of clang available
+ --clang-latest=<Clang_latest_path> Latest version of clang available
+ --gcc-earliest=<GCC_earliest_path> Earliest version of GCC available
+ --gcc-latest=<GCC_latest_path> Latest version of GCC available
--gnutls-cli=<GnuTLS_cli_path> GnuTLS client executable to use for most tests.
--gnutls-serv=<GnuTLS_serv_path> GnuTLS server executable to use for most tests.
--gnutls-legacy-cli=<GnuTLS_cli_path> GnuTLS client executable to use for legacy tests.
@@ -417,9 +427,13 @@
--armcc) no_armcc=;;
--armc5-bin-dir) shift; ARMC5_BIN_DIR="$1";;
--armc6-bin-dir) shift; ARMC6_BIN_DIR="$1";;
+ --clang-earliest) shift; CLANG_EARLIEST="$1";;
+ --clang-latest) shift; CLANG_LATEST="$1";;
--error-test) error_test=$((error_test + 1));;
--except) all_except=1;;
--force|-f) FORCE=1;;
+ --gcc-earliest) shift; GCC_EARLIEST="$1";;
+ --gcc-latest) shift; GCC_LATEST="$1";;
--gnutls-cli) shift; GNUTLS_CLI="$1";;
--gnutls-legacy-cli) shift; GNUTLS_LEGACY_CLI="$1";;
--gnutls-legacy-serv) shift; GNUTLS_LEGACY_SERV="$1";;
@@ -1244,6 +1258,21 @@
tests/ssl-opt.sh -f 'Default\|opaque'
}
+component_test_psa_inject_entropy () {
+ msg "build: full + MBEDTLS_PSA_INJECT_ENTROPY"
+ scripts/config.py full
+ scripts/config.py set MBEDTLS_PSA_INJECT_ENTROPY
+ scripts/config.py set MBEDTLS_ENTROPY_NV_SEED
+ scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
+ scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_READ
+ scripts/config.py unset MBEDTLS_PLATFORM_STD_NV_SEED_WRITE
+ make CFLAGS="$ASAN_CFLAGS '-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-for-test.h\"'" LDFLAGS="$ASAN_CFLAGS"
+
+ msg "test: full + MBEDTLS_PSA_INJECT_ENTROPY"
+ make test
+}
+
component_test_ecp_no_internal_rng () {
msg "build: Default plus ECP_NO_INTERNAL_RNG minus DRBG modules"
scripts/config.py set MBEDTLS_ECP_NO_INTERNAL_RNG
@@ -2496,6 +2525,43 @@
make CC=gcc CFLAGS='-Werror -O1' all test
}
+component_build_aes_variations() { # ~45s
+ msg "build: aes.o for all combinations of relevant config options"
+
+ for a in set unset; do
+ for b in set unset; do
+ for c in set unset; do
+ for d in set unset; do
+ for e in set unset; do
+ for f in set unset; do
+ for g in set unset; do
+ echo ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
+ echo ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
+ echo ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
+ echo ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
+ echo ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
+ echo ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
+ echo ./scripts/config.py $g MBEDTLS_PADLOCK_C
+
+ ./scripts/config.py $a MBEDTLS_AES_SETKEY_ENC_ALT
+ ./scripts/config.py $b MBEDTLS_AES_DECRYPT_ALT
+ ./scripts/config.py $c MBEDTLS_AES_ROM_TABLES
+ ./scripts/config.py $d MBEDTLS_AES_ENCRYPT_ALT
+ ./scripts/config.py $e MBEDTLS_AES_SETKEY_DEC_ALT
+ ./scripts/config.py $f MBEDTLS_AES_FEWER_TABLES
+ ./scripts/config.py $g MBEDTLS_PADLOCK_C
+
+ rm -f library/aes.o
+ make -C library aes.o CC="clang" CFLAGS="-O0 -std=c99 -Werror -Wall -Wextra -Wwrite-strings -Wpointer-arith -Wimplicit-fallthrough -Wshadow -Wvla -Wformat=2 -Wno-format-nonliteral -Wshadow -Wasm-operand-widths -Wunused"
+ done
+ done
+ done
+ done
+ done
+ done
+ done
+}
+
component_test_no_platform () {
# Full configuration build, without platform support, file IO and net sockets.
# This should catch missing mbedtls_printf definitions, and by disabling file
@@ -2894,6 +2960,7 @@
test_build_opt () {
info=$1 cc=$2; shift 2
+ $cc --version
for opt in "$@"; do
msg "build/test: $cc $opt, $info" # ~ 30s
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
@@ -2906,14 +2973,45 @@
done
}
-component_test_clang_opt () {
+# For FreeBSD we invoke the function by name so this condition is added
+# to disable the existing test_clang_opt function for linux.
+if [[ $(uname) != "Linux" ]]; then
+ component_test_clang_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' clang -O0 -Os -O2
+ }
+fi
+
+component_test_clang_latest_opt () {
scripts/config.py full
- test_build_opt 'full config' clang -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_LATEST" -O0 -Os -O2
+}
+support_test_clang_latest_opt () {
+ type "$CLANG_LATEST" >/dev/null 2>/dev/null
}
-component_test_gcc_opt () {
+component_test_clang_earliest_opt () {
scripts/config.py full
- test_build_opt 'full config' gcc -O0 -Os -O2
+ test_build_opt 'full config' "$CLANG_EARLIEST" -O0
+}
+support_test_clang_earliest_opt () {
+ type "$CLANG_EARLIEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_latest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_LATEST" -O0 -Os -O2
+}
+support_test_gcc_latest_opt () {
+ type "$GCC_LATEST" >/dev/null 2>/dev/null
+}
+
+component_test_gcc_earliest_opt () {
+ scripts/config.py full
+ test_build_opt 'full config' "$GCC_EARLIEST" -O0
+}
+support_test_gcc_earliest_opt () {
+ type "$GCC_EARLIEST" >/dev/null 2>/dev/null
}
component_build_mbedtls_config_file () {
@@ -3156,6 +3254,25 @@
not grep __aeabi_lmul library/*.o
}
+component_build_arm_clang_thumb () {
+ # ~ 30s
+
+ scripts/config.py baremetal
+
+ msg "build: clang thumb 2, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -march=armv7-m -mthumb' lib
+
+ # Some Thumb 1 asm is sensitive to optimisation level, so test both -O0 and -Os
+ msg "build: clang thumb 1 -O0, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -O0 --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
+
+ msg "build: clang thumb 1 -Os, make"
+ make clean
+ make CC="clang" CFLAGS='-std=c99 -Werror -Os --target=arm-linux-gnueabihf -mcpu=arm1136j-s -mthumb' lib
+}
+
component_build_armcc () {
msg "build: ARM Compiler 5"
scripts/config.py baremetal
@@ -3166,6 +3283,8 @@
make clean
+ # Compile mostly with -O1 since some Arm inline assembly is disabled for -O0.
+
# ARM Compiler 6 - Target ARMv7-A
armc6_build_test "--target=arm-arm-none-eabi -march=armv7-a"
@@ -3180,6 +3299,18 @@
# ARM Compiler 6 - Target ARMv8-A - AArch64
armc6_build_test "--target=aarch64-arm-none-eabi -march=armv8.2-a"
+
+ # ARM Compiler 6 - Target Cortex-M0 - no optimisation
+ armc6_build_test "-O0 --target=arm-arm-none-eabi -mcpu=cortex-m0"
+
+ # ARM Compiler 6 - Target Cortex-M0
+ armc6_build_test "-Os --target=arm-arm-none-eabi -mcpu=cortex-m0"
+}
+
+support_build_armcc () {
+ armc5_cc="$ARMC5_BIN_DIR/armcc"
+ armc6_cc="$ARMC6_BIN_DIR/armclang"
+ (check_tools "$armc5_cc" "$armc6_cc" > /dev/null 2>&1)
}
component_build_ssl_hw_record_accel() {
@@ -3211,8 +3342,8 @@
make WINDOWS_BUILD=1 clean
}
support_build_mingw() {
- case $(i686-w64-mingw32-gcc -dumpversion) in
- [0-5]*) false;;
+ case $(i686-w64-mingw32-gcc -dumpversion 2>/dev/null) in
+ [0-5]*|"") false;;
*) true;;
esac
}
@@ -3342,6 +3473,79 @@
support_test_cmake_out_of_source
}
+component_build_cmake_custom_config_file () {
+ # Make a copy of config file to use for the in-tree test
+ cp "$CONFIG_H" include/mbedtls_config_in_tree_copy.h
+
+ MBEDTLS_ROOT_DIR="$PWD"
+ mkdir "$OUT_OF_SOURCE_DIR"
+ cd "$OUT_OF_SOURCE_DIR"
+
+ # Build once to get the generated files (which need an intact config file)
+ cmake "$MBEDTLS_ROOT_DIR"
+ make
+
+ msg "build: cmake with -DMBEDTLS_CONFIG_FILE"
+ scripts/config.py -w full_config.h full
+ echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
+ cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h "$MBEDTLS_ROOT_DIR"
+ make
+
+ msg "build: cmake with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
+ # In the user config, disable one feature (for simplicity, pick a feature
+ # that nothing else depends on).
+ echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
+
+ cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h "$MBEDTLS_ROOT_DIR"
+ make
+ not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
+
+ rm -f user_config.h full_config.h
+
+ cd "$MBEDTLS_ROOT_DIR"
+ rm -rf "$OUT_OF_SOURCE_DIR"
+
+ # Now repeat the test for an in-tree build:
+
+ # Restore config for the in-tree test
+ mv include/mbedtls_config_in_tree_copy.h "$CONFIG_H"
+
+ # Build once to get the generated files (which need an intact config)
+ cmake .
+ make
+
+ msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE"
+ scripts/config.py -w full_config.h full
+ echo '#error "cmake -DMBEDTLS_CONFIG_FILE is not working."' > "$MBEDTLS_ROOT_DIR/$CONFIG_H"
+ cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h .
+ make
+
+ msg "build: cmake (in-tree) with -DMBEDTLS_CONFIG_FILE + -DMBEDTLS_USER_CONFIG_FILE"
+ # In the user config, disable one feature (for simplicity, pick a feature
+ # that nothing else depends on).
+ echo '#undef MBEDTLS_NIST_KW_C' >user_config.h
+
+ cmake -DGEN_FILES=OFF -DMBEDTLS_CONFIG_FILE=full_config.h -DMBEDTLS_USER_CONFIG_FILE=user_config.h .
+ make
+ not programs/test/query_compile_time_config MBEDTLS_NIST_KW_C
+
+ rm -f user_config.h full_config.h
+}
+support_build_cmake_custom_config_file () {
+ support_test_cmake_out_of_source
+}
+
+
+component_build_zeroize_checks () {
+ msg "build: check for obviously wrong calls to mbedtls_platform_zeroize()"
+
+ scripts/config.py full
+
+ # Only compile - we're looking for sizeof-pointer-memaccess warnings
+ make CC=gcc CFLAGS="'-DMBEDTLS_USER_CONFIG_FILE=\"../tests/configs/user-config-zeroize-memset.h\"' -DMBEDTLS_TEST_DEFINES_ZEROIZE -Werror -Wsizeof-pointer-memaccess"
+}
+
+
component_test_zeroize () {
# Test that the function mbedtls_platform_zeroize() is not optimized away by
# different combinations of compilers and optimization flags by using an
diff --git a/tests/scripts/analyze_outcomes.py b/tests/scripts/analyze_outcomes.py
index d06a059..d50a04e 100755
--- a/tests/scripts/analyze_outcomes.py
+++ b/tests/scripts/analyze_outcomes.py
@@ -9,6 +9,7 @@
import argparse
import sys
import traceback
+import re
import check_test_cases
@@ -50,20 +51,28 @@
"""
return len(self.successes) + len(self.failures)
-def analyze_coverage(results, outcomes):
+def analyze_coverage(results, outcomes, allow_list, full_coverage):
"""Check that all available test cases are executed at least once."""
available = check_test_cases.collect_available_test_cases()
for key in available:
hits = outcomes[key].hits() if key in outcomes else 0
- if hits == 0:
- # Make this a warning, not an error, as long as we haven't
- # fixed this branch to have full coverage of test cases.
- results.warning('Test case not executed: {}', key)
+ if hits == 0 and key not in allow_list:
+ if full_coverage:
+ results.error('Test case not executed: {}', key)
+ else:
+ results.warning('Test case not executed: {}', key)
+ elif hits != 0 and key in allow_list:
+ # Test Case should be removed from the allow list.
+ if full_coverage:
+ results.error('Allow listed test case was executed: {}', key)
+ else:
+ results.warning('Allow listed test case was executed: {}', key)
-def analyze_outcomes(outcomes):
+def analyze_outcomes(outcomes, args):
"""Run all analyses on the given outcome collection."""
results = Results()
- analyze_coverage(results, outcomes)
+ analyze_coverage(results, outcomes, args['allow_list'],
+ args['full_coverage'])
return results
def read_outcome_file(outcome_file):
@@ -87,20 +96,76 @@
outcomes[key].failures.append(setup)
return outcomes
-def analyze_outcome_file(outcome_file):
- """Analyze the given outcome file."""
+def do_analyze_coverage(outcome_file, args):
+ """Perform coverage analysis."""
outcomes = read_outcome_file(outcome_file)
- return analyze_outcomes(outcomes)
+ Results.log("\n*** Analyze coverage ***\n")
+ results = analyze_outcomes(outcomes, args)
+ return results.error_count == 0
+
+# List of tasks with a function that can handle this task and additional arguments if required
+TASKS = {
+ 'analyze_coverage': {
+ 'test_function': do_analyze_coverage,
+ 'args': {
+ 'allow_list': [
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Asymmetric signature: pure EdDSA',
+ # Algorithm not supported yet
+ 'test_suite_psa_crypto_metadata;Cipher: XTS',
+ ],
+ 'full_coverage': False,
+ }
+ },
+}
def main():
try:
parser = argparse.ArgumentParser(description=__doc__)
parser.add_argument('outcomes', metavar='OUTCOMES.CSV',
help='Outcome file to analyze')
+ parser.add_argument('task', default='all', nargs='?',
+ help='Analysis to be done. By default, run all tasks. '
+ 'With one or more TASK, run only those. '
+ 'TASK can be the name of a single task or '
+ 'comma/space-separated list of tasks. ')
+ parser.add_argument('--list', action='store_true',
+ help='List all available tasks and exit.')
+ parser.add_argument('--require-full-coverage', action='store_true',
+ dest='full_coverage', help="Require all available "
+ "test cases to be executed and issue an error "
+ "otherwise. This flag is ignored if 'task' is "
+ "neither 'all' nor 'analyze_coverage'")
options = parser.parse_args()
- results = analyze_outcome_file(options.outcomes)
- if results.error_count > 0:
+
+ if options.list:
+ for task in TASKS:
+ Results.log(task)
+ sys.exit(0)
+
+ result = True
+
+ if options.task == 'all':
+ tasks = TASKS.keys()
+ else:
+ tasks = re.split(r'[, ]+', options.task)
+
+ for task in tasks:
+ if task not in TASKS:
+ Results.log('Error: invalid task: {}'.format(task))
+ sys.exit(1)
+
+ TASKS['analyze_coverage']['args']['full_coverage'] = \
+ options.full_coverage
+
+ for task in TASKS:
+ if task in tasks:
+ if not TASKS[task]['test_function'](options.outcomes, TASKS[task]['args']):
+ result = False
+
+ if result is False:
sys.exit(1)
+ Results.log("SUCCESS :-)")
except Exception: # pylint: disable=broad-except
# Print the backtrace and exit explicitly with our chosen status.
traceback.print_exc()
diff --git a/tests/scripts/basic-build-test.sh b/tests/scripts/basic-build-test.sh
index abc4a2f..196ce45 100755
--- a/tests/scripts/basic-build-test.sh
+++ b/tests/scripts/basic-build-test.sh
@@ -43,7 +43,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check-doxy-blocks.pl b/tests/scripts/check-doxy-blocks.pl
index 3ed7069..dd95530 100755
--- a/tests/scripts/check-doxy-blocks.pl
+++ b/tests/scripts/check-doxy-blocks.pl
@@ -68,7 +68,7 @@
# Check that the script is being run from the project's root directory.
for my $dir (@directories) {
if (! -d $dir) {
- die "This script must be run from the mbed TLS root directory";
+ die "This script must be run from the Mbed TLS root directory";
} else {
check_dir($dir)
}
diff --git a/tests/scripts/check-generated-files.sh b/tests/scripts/check-generated-files.sh
index f8a2449..ac0a08d 100755
--- a/tests/scripts/check-generated-files.sh
+++ b/tests/scripts/check-generated-files.sh
@@ -34,7 +34,7 @@
fi
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/check_test_cases.py b/tests/scripts/check_test_cases.py
index c9f5e11..213708b 100755
--- a/tests/scripts/check_test_cases.py
+++ b/tests/scripts/check_test_cases.py
@@ -25,6 +25,7 @@
import glob
import os
import re
+import subprocess
import sys
class Results:
@@ -111,6 +112,19 @@
self.process_test_case(descriptions,
file_name, line_number, description)
+ def walk_compat_sh(self, file_name):
+ """Iterate over the test cases compat.sh with a similar format."""
+ descriptions = self.new_per_file_state() # pylint: disable=assignment-from-none
+ compat_cmd = ['sh', file_name, '--list-test-case']
+ compat_output = subprocess.check_output(compat_cmd)
+ # Assume compat.sh is responsible for printing identical format of
+ # test case description between --list-test-case and its OUTCOME.CSV
+ description = compat_output.strip().split(b'\n')
+ # idx indicates the number of test case since there is no line number
+ # in `compat.sh` for each test case.
+ for idx, descrip in enumerate(description):
+ self.process_test_case(descriptions, file_name, idx, descrip)
+
@staticmethod
def collect_test_directories():
"""Get the relative path for the TLS and Crypto test directories."""
@@ -133,6 +147,9 @@
ssl_opt_sh = os.path.join(directory, 'ssl-opt.sh')
if os.path.exists(ssl_opt_sh):
self.walk_ssl_opt_sh(ssl_opt_sh)
+ compat_sh = os.path.join(directory, 'compat.sh')
+ if os.path.exists(compat_sh):
+ self.walk_compat_sh(compat_sh)
class TestDescriptions(TestDescriptionExplorer):
"""Collect the available test cases."""
diff --git a/tests/scripts/doxygen.sh b/tests/scripts/doxygen.sh
index 2bc8dc9..cb87829 100755
--- a/tests/scripts/doxygen.sh
+++ b/tests/scripts/doxygen.sh
@@ -21,7 +21,7 @@
set -eu
if [ -d library -a -d include -a -d tests ]; then :; else
- echo "Must be run from mbed TLS root" >&2
+ echo "Must be run from Mbed TLS root" >&2
exit 1
fi
diff --git a/tests/scripts/generate-afl-tests.sh b/tests/scripts/generate-afl-tests.sh
index a640b56..a51fbc9 100755
--- a/tests/scripts/generate-afl-tests.sh
+++ b/tests/scripts/generate-afl-tests.sh
@@ -41,7 +41,7 @@
if [ -d ../library -a -d ../include -a -d ../tests -a $THIS_DIR == "tests" ];
then :;
else
- echo " [!] Must be run from mbed TLS tests directory" >&2
+ echo " [!] Must be run from Mbed TLS tests directory" >&2
exit 1
fi
diff --git a/tests/scripts/generate_bignum_tests.py b/tests/scripts/generate_bignum_tests.py
index c76294c..fd677ae 100755
--- a/tests/scripts/generate_bignum_tests.py
+++ b/tests/scripts/generate_bignum_tests.py
@@ -196,7 +196,7 @@
class BignumCmp(BignumOperation):
"""Test cases for bignum value comparison."""
count = 0
- test_function = "mbedtls_mpi_cmp_mpi"
+ test_function = "mpi_cmp_mpi"
test_name = "MPI compare"
input_cases = [
("-2", "-3"),
@@ -217,7 +217,7 @@
class BignumCmpAbs(BignumCmp):
"""Test cases for absolute bignum value comparison."""
count = 0
- test_function = "mbedtls_mpi_cmp_abs"
+ test_function = "mpi_cmp_abs"
test_name = "MPI compare (abs)"
def __init__(self, val_a, val_b) -> None:
@@ -228,7 +228,7 @@
"""Test cases for bignum value addition."""
count = 0
symbol = "+"
- test_function = "mbedtls_mpi_add_mpi"
+ test_function = "mpi_add_mpi"
test_name = "MPI add"
input_cases = combination_pairs(
[
diff --git a/tests/scripts/generate_test_code.py b/tests/scripts/generate_test_code.py
index f19d30b..ed78449 100755
--- a/tests/scripts/generate_test_code.py
+++ b/tests/scripts/generate_test_code.py
@@ -171,6 +171,28 @@
import argparse
+# Types recognized as signed integer arguments in test functions.
+SIGNED_INTEGER_TYPES = frozenset([
+ 'char',
+ 'short',
+ 'short int',
+ 'int',
+ 'int8_t',
+ 'int16_t',
+ 'int32_t',
+ 'int64_t',
+ 'intmax_t',
+ 'long',
+ 'long int',
+ 'long long int',
+ 'mbedtls_mpi_sint',
+ 'psa_status_t',
+])
+# Types recognized as string arguments in test functions.
+STRING_TYPES = frozenset(['char*', 'const char*', 'char const*'])
+# Types recognized as hex data arguments in test functions.
+DATA_TYPES = frozenset(['data_t*', 'const data_t*', 'data_t const*'])
+
BEGIN_HEADER_REGEX = r'/\*\s*BEGIN_HEADER\s*\*/'
END_HEADER_REGEX = r'/\*\s*END_HEADER\s*\*/'
@@ -192,9 +214,6 @@
CONDITION_OPERATOR_REGEX,
CONDITION_VALUE_REGEX)
TEST_FUNCTION_VALIDATION_REGEX = r'\s*void\s+(?P<func_name>\w+)\s*\('
-INT_CHECK_REGEX = r'int\s+.*'
-CHAR_CHECK_REGEX = r'char\s*\*\s*.*'
-DATA_T_CHECK_REGEX = r'data_t\s*\*\s*.*'
FUNCTION_ARG_LIST_END_REGEX = r'.*\)'
EXIT_LABEL_REGEX = r'^exit:'
@@ -303,7 +322,7 @@
:param name: Test function name
:param local_vars: Local variables declaration code
:param args_dispatch: List of dispatch arguments.
- Ex: ['(char *)params[0]', '*((int *)params[1])']
+ Ex: ['(char *) params[0]', '*((int *) params[1])']
:return: Test function wrapper.
"""
# Then create the wrapper
@@ -444,6 +463,49 @@
return dependencies
+ARGUMENT_DECLARATION_REGEX = re.compile(r'(.+?) ?(?:\bconst\b)? ?(\w+)\Z', re.S)
+def parse_function_argument(arg, arg_idx, args, local_vars, args_dispatch):
+ """
+ Parses one test function's argument declaration.
+
+ :param arg: argument declaration.
+ :param arg_idx: current wrapper argument index.
+ :param args: accumulator of arguments' internal types.
+ :param local_vars: accumulator of internal variable declarations.
+ :param args_dispatch: accumulator of argument usage expressions.
+ :return: the number of new wrapper arguments,
+ or None if the argument declaration is invalid.
+ """
+ # Normalize whitespace
+ arg = arg.strip()
+ arg = re.sub(r'\s*\*\s*', r'*', arg)
+ arg = re.sub(r'\s+', r' ', arg)
+ # Extract name and type
+ m = ARGUMENT_DECLARATION_REGEX.search(arg)
+ if not m:
+ # E.g. "int x[42]"
+ return None
+ typ, _ = m.groups()
+ if typ in SIGNED_INTEGER_TYPES:
+ args.append('int')
+ args_dispatch.append('((mbedtls_test_argument_t *) params[%d])->sint' % arg_idx)
+ return 1
+ if typ in STRING_TYPES:
+ args.append('char*')
+ args_dispatch.append('(char *) params[%d]' % arg_idx)
+ return 1
+ if typ in DATA_TYPES:
+ args.append('hex')
+ # create a structure
+ pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
+ len_initializer = '((mbedtls_test_argument_t *) params[%d])->len' % (arg_idx+1)
+ local_vars.append(' data_t data%d = {%s, %s};\n' %
+ (arg_idx, pointer_initializer, len_initializer))
+ args_dispatch.append('&data%d' % arg_idx)
+ return 2
+ return None
+
+ARGUMENT_LIST_REGEX = re.compile(r'\((.*?)\)', re.S)
def parse_function_arguments(line):
"""
Parses test function signature for validation and generates
@@ -455,42 +517,27 @@
:return: argument list, local variables for
wrapper function and argument dispatch code.
"""
- args = []
- local_vars = ''
- args_dispatch = []
- arg_idx = 0
- # Remove characters before arguments
- line = line[line.find('(') + 1:]
# Process arguments, ex: <type> arg1, <type> arg2 )
# This script assumes that the argument list is terminated by ')'
# i.e. the test functions will not have a function pointer
# argument.
- for arg in line[:line.find(')')].split(','):
- arg = arg.strip()
- if arg == '':
- continue
- if re.search(INT_CHECK_REGEX, arg.strip()):
- args.append('int')
- args_dispatch.append('*( (int *) params[%d] )' % arg_idx)
- elif re.search(CHAR_CHECK_REGEX, arg.strip()):
- args.append('char*')
- args_dispatch.append('(char *) params[%d]' % arg_idx)
- elif re.search(DATA_T_CHECK_REGEX, arg.strip()):
- args.append('hex')
- # create a structure
- pointer_initializer = '(uint8_t *) params[%d]' % arg_idx
- len_initializer = '*( (uint32_t *) params[%d] )' % (arg_idx+1)
- local_vars += """ data_t data%d = {%s, %s};
-""" % (arg_idx, pointer_initializer, len_initializer)
-
- args_dispatch.append('&data%d' % arg_idx)
- arg_idx += 1
- else:
+ m = ARGUMENT_LIST_REGEX.search(line)
+ arg_list = m.group(1).strip()
+ if arg_list in ['', 'void']:
+ return [], '', []
+ args = []
+ local_vars = []
+ args_dispatch = []
+ arg_idx = 0
+ for arg in arg_list.split(','):
+ indexes = parse_function_argument(arg, arg_idx,
+ args, local_vars, args_dispatch)
+ if indexes is None:
raise ValueError("Test function arguments can only be 'int', "
"'char *' or 'data_t'\n%s" % line)
- arg_idx += 1
+ arg_idx += indexes
- return args, local_vars, args_dispatch
+ return args, ''.join(local_vars), args_dispatch
def generate_function_code(name, code, local_vars, args_dispatch,
@@ -607,6 +654,11 @@
code = code.replace(name, 'test_' + name, 1)
name = 'test_' + name
+ # If a test function has no arguments then add 'void' argument to
+ # avoid "-Wstrict-prototypes" warnings from clang
+ if len(args) == 0:
+ code = code.replace('()', '(void)', 1)
+
for line in funcs_f:
if re.search(END_CASE_REGEX, line):
break
@@ -705,7 +757,7 @@
execution.
:param data_f: file object of the data file.
- :return: Generator that yields test name, function name,
+ :return: Generator that yields line number, test name, function name,
dependency list and function argument list.
"""
__state_read_name = 0
@@ -748,7 +800,7 @@
parts = escaped_split(line, ':')
test_function = parts[0]
args = parts[1:]
- yield name, test_function, dependencies, args
+ yield data_f.line_no, name, test_function, dependencies, args
dependencies = []
state = __state_read_name
if state == __state_read_args:
@@ -846,6 +898,14 @@
return dep_check_code
+INT_VAL_REGEX = re.compile(r'-?(\d+|0x[0-9a-f]+)$', re.I)
+def val_is_int(val: str) -> bool:
+ """Whether val is suitable as an 'int' parameter in the .datax file."""
+ if not INT_VAL_REGEX.match(val):
+ return False
+ # Limit the range to what is guaranteed to get through strtol()
+ return abs(int(val, 0)) <= 0x7fffffff
+
def write_parameters(out_data_f, test_args, func_args, unique_expressions):
"""
Writes test parameters to the intermediate data file, replacing
@@ -864,9 +924,9 @@
typ = func_args[i]
val = test_args[i]
- # check if val is a non literal int val (i.e. an expression)
- if typ == 'int' and not re.match(r'(\d+|0x[0-9a-f]+)$',
- val, re.I):
+ # Pass small integer constants literally. This reduces the size of
+ # the C code. Register anything else as an expression.
+ if typ == 'int' and not val_is_int(val):
typ = 'exp'
if val not in unique_expressions:
unique_expressions.append(val)
@@ -909,6 +969,24 @@
return dep_check_code, expression_code
+def get_function_info(func_info, function_name, line_no):
+ """Look up information about a test function by name.
+
+ Raise an informative expression if function_name is not found.
+
+ :param func_info: dictionary mapping function names to their information.
+ :param function_name: the function name as written in the .function and
+ .data files.
+ :param line_no: line number for error messages.
+ :return Function information (id, args).
+ """
+ test_function_name = 'test_' + function_name
+ if test_function_name not in func_info:
+ raise GeneratorInputError("%d: Function %s not found!" %
+ (line_no, test_function_name))
+ return func_info[test_function_name]
+
+
def gen_from_test_data(data_f, out_data_f, func_info, suite_dependencies):
"""
This function reads test case name, dependencies and test vectors
@@ -931,7 +1009,7 @@
unique_expressions = []
dep_check_code = ''
expression_code = ''
- for test_name, function_name, test_dependencies, test_args in \
+ for line_no, test_name, function_name, test_dependencies, test_args in \
parse_test_data(data_f):
out_data_f.write(test_name + '\n')
@@ -940,18 +1018,15 @@
unique_dependencies)
# Write test function name
- test_function_name = 'test_' + function_name
- if test_function_name not in func_info:
- raise GeneratorInputError("Function %s not found!" %
- test_function_name)
- func_id, func_args = func_info[test_function_name]
+ func_id, func_args = \
+ get_function_info(func_info, function_name, line_no)
out_data_f.write(str(func_id))
# Write parameters
if len(test_args) != len(func_args):
- raise GeneratorInputError("Invalid number of arguments in test "
+ raise GeneratorInputError("%d: Invalid number of arguments in test "
"%s. See function %s signature." %
- (test_name, function_name))
+ (line_no, test_name, function_name))
expression_code += write_parameters(out_data_f, test_args, func_args,
unique_expressions)
diff --git a/tests/scripts/psa_collect_statuses.py b/tests/scripts/psa_collect_statuses.py
index b086793..f685bab 100755
--- a/tests/scripts/psa_collect_statuses.py
+++ b/tests/scripts/psa_collect_statuses.py
@@ -1,13 +1,13 @@
#!/usr/bin/env python3
"""Describe the test coverage of PSA functions in terms of return statuses.
-1. Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG
+1. Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG
2. Run psa_collect_statuses.py
The output is a series of line of the form "psa_foo PSA_ERROR_XXX". Each
function/status combination appears only once.
-This script must be run from the top of an Mbed Crypto source tree.
+This script must be run from the top of an Mbed TLS source tree.
The build command is "make -DRECORD_PSA_STATUS_COVERAGE_LOG", which is
only supported with make (as opposed to CMake or other build methods).
"""
@@ -46,7 +46,7 @@
def collect_log(self, log_file_name):
"""Read logs from RECORD_PSA_STATUS_COVERAGE_LOG.
- Read logs produced by running Mbed Crypto test suites built with
+ Read logs produced by running Mbed TLS test suites built with
-DRECORD_PSA_STATUS_COVERAGE_LOG.
"""
with open(log_file_name) as log:
@@ -82,7 +82,7 @@
def collect_status_logs(options):
"""Build and run unit tests and report observed function return statuses.
- Build Mbed Crypto with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
+ Build Mbed TLS with -DRECORD_PSA_STATUS_COVERAGE_LOG, run the
test suites and display information about observed return statuses.
"""
rebuilt = False
diff --git a/tests/scripts/test_generate_test_code.py b/tests/scripts/test_generate_test_code.py
index d23d742..b32d184 100755
--- a/tests/scripts/test_generate_test_code.py
+++ b/tests/scripts/test_generate_test_code.py
@@ -485,9 +485,10 @@
args, local, arg_dispatch = parse_function_arguments(line)
self.assertEqual(args, ['char*', 'int', 'int'])
self.assertEqual(local, '')
- self.assertEqual(arg_dispatch, ['(char *) params[0]',
- '*( (int *) params[1] )',
- '*( (int *) params[2] )'])
+ self.assertEqual(arg_dispatch,
+ ['(char *) params[0]',
+ '((mbedtls_test_argument_t *) params[1])->sint',
+ '((mbedtls_test_argument_t *) params[2])->sint'])
def test_hex_params(self):
"""
@@ -499,22 +500,22 @@
self.assertEqual(args, ['char*', 'hex', 'int'])
self.assertEqual(local,
' data_t data1 = {(uint8_t *) params[1], '
- '*( (uint32_t *) params[2] )};\n')
+ '((mbedtls_test_argument_t *) params[2])->len};\n')
self.assertEqual(arg_dispatch, ['(char *) params[0]',
'&data1',
- '*( (int *) params[3] )'])
+ '((mbedtls_test_argument_t *) params[3])->sint'])
def test_unsupported_arg(self):
"""
- Test unsupported arguments (not among int, char * and data_t)
+ Test unsupported argument type
:return:
"""
- line = 'void entropy_threshold( char * a, data_t * h, char result )'
+ line = 'void entropy_threshold( char * a, data_t * h, unknown_t result )'
self.assertRaises(ValueError, parse_function_arguments, line)
- def test_no_params(self):
+ def test_empty_params(self):
"""
- Test no parameters.
+ Test no parameters (nothing between parentheses).
:return:
"""
line = 'void entropy_threshold()'
@@ -523,6 +524,39 @@
self.assertEqual(local, '')
self.assertEqual(arg_dispatch, [])
+ def test_blank_params(self):
+ """
+ Test no parameters (space between parentheses).
+ :return:
+ """
+ line = 'void entropy_threshold( )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
+ def test_void_params(self):
+ """
+ Test no parameters (void keyword).
+ :return:
+ """
+ line = 'void entropy_threshold(void)'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
+ def test_void_space_params(self):
+ """
+ Test no parameters (void with spaces).
+ :return:
+ """
+ line = 'void entropy_threshold( void )'
+ args, local, arg_dispatch = parse_function_arguments(line)
+ self.assertEqual(args, [])
+ self.assertEqual(local, '')
+ self.assertEqual(arg_dispatch, [])
+
class ParseFunctionCode(TestCase):
"""
@@ -613,7 +647,7 @@
self.assertEqual(arg, [])
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -656,7 +690,7 @@
expected = '''#line 1 "test_suite_ut.function"
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -716,7 +750,7 @@
void
-test_func()
+test_func(void)
{
ba ba black sheep
have you any wool
@@ -769,7 +803,7 @@
-void test_func()
+void test_func(void)
{
ba ba black sheep
have you any wool
@@ -1105,7 +1139,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 13 "test_suite_ut.function"
-void test_func1()
+void test_func1(void)
{
exit:
;
@@ -1122,7 +1156,7 @@
#if defined(MBEDTLS_ENTROPY_NV_SEED)
#if defined(MBEDTLS_FS_IO)
#line 19 "test_suite_ut.function"
-void test_func2()
+void test_func2(void)
{
exit:
;
@@ -1264,29 +1298,33 @@
# List of (name, function_name, dependencies, args)
tests = list(parse_test_data(stream))
test1, test2, test3, test4 = tests
- self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[1], 'dhm_do_dhm')
- self.assertEqual(test1[2], [])
- self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+ self.assertEqual(test1[0], 3)
+ self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[2], 'dhm_do_dhm')
+ self.assertEqual(test1[3], [])
+ self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
- self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[1], 'dhm_do_dhm')
- self.assertEqual(test2[2], [])
- self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ self.assertEqual(test2[0], 6)
+ self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[2], 'dhm_do_dhm')
+ self.assertEqual(test2[3], [])
+ self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
'10', '"9345098304850938450983409622"'])
- self.assertEqual(test3[0], 'Diffie-Hellman full exchange #3')
- self.assertEqual(test3[1], 'dhm_do_dhm')
- self.assertEqual(test3[2], [])
- self.assertEqual(test3[3], ['10',
+ self.assertEqual(test3[0], 9)
+ self.assertEqual(test3[1], 'Diffie-Hellman full exchange #3')
+ self.assertEqual(test3[2], 'dhm_do_dhm')
+ self.assertEqual(test3[3], [])
+ self.assertEqual(test3[4], ['10',
'"9345098382739712938719287391879381271"',
'10',
'"9345098792137312973297123912791271"'])
- self.assertEqual(test4[0], 'Diffie-Hellman selftest')
- self.assertEqual(test4[1], 'dhm_selftest')
- self.assertEqual(test4[2], [])
+ self.assertEqual(test4[0], 12)
+ self.assertEqual(test4[1], 'Diffie-Hellman selftest')
+ self.assertEqual(test4[2], 'dhm_selftest')
self.assertEqual(test4[3], [])
+ self.assertEqual(test4[4], [])
def test_with_dependencies(self):
"""
@@ -1306,15 +1344,17 @@
# List of (name, function_name, dependencies, args)
tests = list(parse_test_data(stream))
test1, test2 = tests
- self.assertEqual(test1[0], 'Diffie-Hellman full exchange #1')
- self.assertEqual(test1[1], 'dhm_do_dhm')
- self.assertEqual(test1[2], ['YAHOO'])
- self.assertEqual(test1[3], ['10', '"23"', '10', '"5"'])
+ self.assertEqual(test1[0], 4)
+ self.assertEqual(test1[1], 'Diffie-Hellman full exchange #1')
+ self.assertEqual(test1[2], 'dhm_do_dhm')
+ self.assertEqual(test1[3], ['YAHOO'])
+ self.assertEqual(test1[4], ['10', '"23"', '10', '"5"'])
- self.assertEqual(test2[0], 'Diffie-Hellman full exchange #2')
- self.assertEqual(test2[1], 'dhm_do_dhm')
- self.assertEqual(test2[2], [])
- self.assertEqual(test2[3], ['10', '"93450983094850938450983409623"',
+ self.assertEqual(test2[0], 7)
+ self.assertEqual(test2[1], 'Diffie-Hellman full exchange #2')
+ self.assertEqual(test2[2], 'dhm_do_dhm')
+ self.assertEqual(test2[3], [])
+ self.assertEqual(test2[4], ['10', '"93450983094850938450983409623"',
'10', '"9345098304850938450983409622"'])
def test_no_args(self):
@@ -1335,7 +1375,7 @@
stream = StringIOWrapper('test_suite_ut.function', data)
err = None
try:
- for _, _, _, _ in parse_test_data(stream):
+ for _, _, _, _, _ in parse_test_data(stream):
pass
except GeneratorInputError as err:
self.assertEqual(type(err), GeneratorInputError)
@@ -1353,7 +1393,7 @@
stream = StringIOWrapper('test_suite_ut.function', data)
err = None
try:
- for _, _, _, _ in parse_test_data(stream):
+ for _, _, _, _, _ in parse_test_data(stream):
pass
except GeneratorInputError as err:
self.assertEqual(type(err), GeneratorInputError)
diff --git a/tests/src/helpers.c b/tests/src/helpers.c
index 6c215d1..198a9c0 100644
--- a/tests/src/helpers.c
+++ b/tests/src/helpers.c
@@ -24,6 +24,11 @@
#include <setjmp.h>
#endif
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa/crypto.h>
+#include <test/psa_crypto_helpers.h>
+#endif
+
/*----------------------------------------------------------------------------*/
/* Static global variables */
@@ -52,9 +57,22 @@
int mbedtls_test_platform_setup(void)
{
int ret = 0;
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+ /* Make sure that injected entropy is present. Otherwise
+ * psa_crypto_init() will fail. This is not necessary for test suites
+ * that don't use PSA, but it's harmless (except for leaving a file
+ * behind). */
+ ret = mbedtls_test_inject_entropy_restore();
+ if (ret != 0) {
+ return ret;
+ }
+#endif
+
#if defined(MBEDTLS_PLATFORM_C)
ret = mbedtls_platform_setup(&platform_ctx);
#endif /* MBEDTLS_PLATFORM_C */
+
return ret;
}
diff --git a/tests/src/psa_crypto_helpers.c b/tests/src/psa_crypto_helpers.c
index 06274d3..cab96ab 100644
--- a/tests/src/psa_crypto_helpers.c
+++ b/tests/src/psa_crypto_helpers.c
@@ -138,4 +138,60 @@
return updated_usage;
}
+int mbedtls_test_fail_if_psa_leaking(int line_no, const char *filename)
+{
+ const char *msg = mbedtls_test_helper_is_psa_leaking();
+ if (msg == NULL) {
+ return 0;
+ } else {
+ mbedtls_test_fail(msg, line_no, filename);
+ return 1;
+ }
+}
+
+#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+
+#include <mbedtls/entropy.h>
+#include <psa_crypto_its.h>
+
+int mbedtls_test_inject_entropy_seed_read(unsigned char *buf, size_t len)
+{
+ size_t actual_len = 0;
+ psa_status_t status = psa_its_get(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ 0, len, buf, &actual_len);
+ if (status != 0) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
+ if (actual_len != len) {
+ return MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
+ }
+ return 0;
+}
+
+int mbedtls_test_inject_entropy_seed_write(unsigned char *buf, size_t len)
+{
+ psa_status_t status = psa_its_set(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ len, buf, 0);
+ if (status != 0) {
+ return MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
+ }
+ return 0;
+}
+
+int mbedtls_test_inject_entropy_restore(void)
+{
+ unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
+ for (size_t i = 0; i < sizeof(buf); i++) {
+ buf[i] = (unsigned char) i;
+ }
+ psa_status_t status = mbedtls_psa_inject_entropy(buf, sizeof(buf));
+ /* It's ok if the file was just created, or if it already exists. */
+ if (status != PSA_SUCCESS && status != PSA_ERROR_NOT_PERMITTED) {
+ return status;
+ }
+ return PSA_SUCCESS;
+}
+
+#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
+
#endif /* MBEDTLS_PSA_CRYPTO_C */
diff --git a/tests/src/psa_exercise_key.c b/tests/src/psa_exercise_key.c
index 0843e24..7c70fa8 100644
--- a/tests/src/psa_exercise_key.c
+++ b/tests/src/psa_exercise_key.c
@@ -72,7 +72,7 @@
psa_key_slot_number_t slot_number = 0xec94d4a5058a1a21;
psa_status_t status = psa_get_key_slot_number(&attributes, &slot_number);
if (lifetime_is_dynamic_secure_element(lifetime)) {
- /* Mbed Crypto currently always exposes the slot number to
+ /* Mbed TLS currently always exposes the slot number to
* applications. This is not mandated by the PSA specification
* and may change in future versions. */
TEST_EQUAL(status, 0);
@@ -308,7 +308,7 @@
hash_alg = KNOWN_MBEDTLS_SUPPORTED_HASH_ALG;
alg ^= PSA_ALG_ANY_HASH ^ hash_alg;
#else
- TEST_ASSERT(!"No hash algorithm for hash-and-sign testing");
+ TEST_FAIL("No hash algorithm for hash-and-sign testing");
#endif
}
@@ -437,7 +437,7 @@
PSA_KEY_DERIVATION_INPUT_LABEL,
input2, input2_length));
} else {
- TEST_ASSERT(!"Key derivation algorithm not supported");
+ TEST_FAIL("Key derivation algorithm not supported");
}
if (capacity != SIZE_MAX) {
@@ -505,7 +505,7 @@
key_bits = psa_get_key_bits(&attributes);
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- ASSERT_ALLOC(public_key, public_key_length);
+ TEST_CALLOC(public_key, public_key_length);
PSA_ASSERT(psa_export_public_key(key, public_key, public_key_length,
&public_key_length));
@@ -547,7 +547,7 @@
key_bits = psa_get_key_bits(&attributes);
public_key_type = PSA_KEY_TYPE_PUBLIC_KEY_OF_KEY_PAIR(private_key_type);
public_key_length = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_key_type, key_bits);
- ASSERT_ALLOC(public_key, public_key_length);
+ TEST_CALLOC(public_key, public_key_length);
PSA_ASSERT(psa_export_public_key(key,
public_key, public_key_length,
&public_key_length));
@@ -767,7 +767,7 @@
{
(void) exported;
- TEST_ASSERT(!"Sanity check not implemented for this key type");
+ TEST_FAIL("Sanity check not implemented for this key type");
}
#if defined(MBEDTLS_DES_C)
@@ -807,7 +807,7 @@
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
psa_get_key_type(&attributes),
psa_get_key_bits(&attributes));
- ASSERT_ALLOC(exported, exported_size);
+ TEST_CALLOC(exported, exported_size);
if ((usage & PSA_KEY_USAGE_EXPORT) == 0 &&
!PSA_KEY_TYPE_IS_PUBLIC_KEY(psa_get_key_type(&attributes))) {
@@ -850,7 +850,7 @@
exported_size = PSA_EXPORT_KEY_OUTPUT_SIZE(
psa_get_key_type(&attributes),
psa_get_key_bits(&attributes));
- ASSERT_ALLOC(exported, exported_size);
+ TEST_CALLOC(exported, exported_size);
TEST_EQUAL(psa_export_public_key(key, exported,
exported_size, &exported_length),
@@ -863,7 +863,7 @@
psa_get_key_type(&attributes));
exported_size = PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type,
psa_get_key_bits(&attributes));
- ASSERT_ALLOC(exported, exported_size);
+ TEST_CALLOC(exported, exported_size);
PSA_ASSERT(psa_export_public_key(key,
exported, exported_size,
@@ -912,7 +912,7 @@
} else if (PSA_ALG_IS_KEY_AGREEMENT(alg)) {
ok = exercise_key_agreement_key(key, usage, alg);
} else {
- TEST_ASSERT(!"No code to exercise this category of algorithm");
+ TEST_FAIL("No code to exercise this category of algorithm");
}
ok = ok && exercise_export_key(key, usage);
diff --git a/tests/src/test_helpers/ssl_helpers.c b/tests/src/test_helpers/ssl_helpers.c
new file mode 100644
index 0000000..2fea014
--- /dev/null
+++ b/tests/src/test_helpers/ssl_helpers.c
@@ -0,0 +1,1783 @@
+/** \file ssl_helpers.c
+ *
+ * \brief Helper functions to set up a TLS connection.
+ */
+
+/*
+ * Copyright The Mbed TLS Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License"); you may
+ * not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <test/ssl_helpers.h>
+
+#if defined(MBEDTLS_SSL_TLS_C)
+
+void mbedtls_test_ssl_log_analyzer(void *ctx, int level,
+ const char *file, int line,
+ const char *str)
+{
+ mbedtls_test_ssl_log_pattern *p = (mbedtls_test_ssl_log_pattern *) ctx;
+
+ (void) level;
+ (void) line;
+ (void) file;
+
+ if (NULL != p &&
+ NULL != p->pattern &&
+ NULL != strstr(str, p->pattern)) {
+ p->counter++;
+ }
+}
+
+void mbedtls_test_init_handshake_options(
+ mbedtls_test_handshake_test_options *opts)
+{
+ opts->cipher = "";
+ opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
+ opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
+ opts->pk_alg = MBEDTLS_PK_RSA;
+ opts->psk_str = NULL;
+ opts->dtls = 0;
+ opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
+ opts->serialize = 0;
+ opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
+ opts->cli_msg_len = 100;
+ opts->srv_msg_len = 100;
+ opts->expected_cli_fragments = 1;
+ opts->expected_srv_fragments = 1;
+ opts->renegotiate = 0;
+ opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
+ opts->srv_log_obj = NULL;
+ opts->srv_log_obj = NULL;
+ opts->srv_log_fun = NULL;
+ opts->cli_log_fun = NULL;
+ opts->resize_buffers = 1;
+}
+
+void mbedtls_test_ssl_buffer_init(mbedtls_test_ssl_buffer *buf)
+{
+ memset(buf, 0, sizeof(*buf));
+}
+
+int mbedtls_test_ssl_buffer_setup(mbedtls_test_ssl_buffer *buf,
+ size_t capacity)
+{
+ buf->buffer = (unsigned char *) mbedtls_calloc(capacity,
+ sizeof(unsigned char));
+ if (NULL == buf->buffer) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
+ buf->capacity = capacity;
+
+ return 0;
+}
+
+void mbedtls_test_ssl_buffer_free(mbedtls_test_ssl_buffer *buf)
+{
+ if (buf->buffer != NULL) {
+ mbedtls_free(buf->buffer);
+ }
+
+ memset(buf, 0, sizeof(*buf));
+}
+
+int mbedtls_test_ssl_buffer_put(mbedtls_test_ssl_buffer *buf,
+ const unsigned char *input, size_t input_len)
+{
+ size_t overflow = 0;
+
+ if ((buf == NULL) || (buf->buffer == NULL)) {
+ return -1;
+ }
+
+ /* Reduce input_len to a number that fits in the buffer. */
+ if ((buf->content_length + input_len) > buf->capacity) {
+ input_len = buf->capacity - buf->content_length;
+ }
+
+ if (input == NULL) {
+ return (input_len == 0) ? 0 : -1;
+ }
+
+ /* Check if the buffer has not come full circle and free space is not in
+ * the middle */
+ if (buf->start + buf->content_length < buf->capacity) {
+
+ /* Calculate the number of bytes that need to be placed at lower memory
+ * address */
+ if (buf->start + buf->content_length + input_len
+ > buf->capacity) {
+ overflow = (buf->start + buf->content_length + input_len)
+ % buf->capacity;
+ }
+
+ memcpy(buf->buffer + buf->start + buf->content_length, input,
+ input_len - overflow);
+ memcpy(buf->buffer, input + input_len - overflow, overflow);
+
+ } else {
+ /* The buffer has come full circle and free space is in the middle */
+ memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity,
+ input, input_len);
+ }
+
+ buf->content_length += input_len;
+ return (input_len > INT_MAX) ? INT_MAX : (int) input_len;
+}
+
+int mbedtls_test_ssl_buffer_get(mbedtls_test_ssl_buffer *buf,
+ unsigned char *output, size_t output_len)
+{
+ size_t overflow = 0;
+
+ if ((buf == NULL) || (buf->buffer == NULL)) {
+ return -1;
+ }
+
+ if (output == NULL && output_len == 0) {
+ return 0;
+ }
+
+ if (buf->content_length < output_len) {
+ output_len = buf->content_length;
+ }
+
+ /* Calculate the number of bytes that need to be drawn from lower memory
+ * address */
+ if (buf->start + output_len > buf->capacity) {
+ overflow = (buf->start + output_len) % buf->capacity;
+ }
+
+ if (output != NULL) {
+ memcpy(output, buf->buffer + buf->start, output_len - overflow);
+ memcpy(output + output_len - overflow, buf->buffer, overflow);
+ }
+
+ buf->content_length -= output_len;
+ buf->start = (buf->start + output_len) % buf->capacity;
+
+ return (output_len > INT_MAX) ? INT_MAX : (int) output_len;
+}
+
+int mbedtls_test_ssl_message_queue_setup(
+ mbedtls_test_ssl_message_queue *queue, size_t capacity)
+{
+ queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
+ if (NULL == queue->messages) {
+ return MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ }
+
+ queue->capacity = (capacity > INT_MAX) ? INT_MAX : (int) capacity;
+ queue->pos = 0;
+ queue->num = 0;
+
+ return 0;
+}
+
+void mbedtls_test_ssl_message_queue_free(
+ mbedtls_test_ssl_message_queue *queue)
+{
+ if (queue == NULL) {
+ return;
+ }
+
+ if (queue->messages != NULL) {
+ mbedtls_free(queue->messages);
+ }
+
+ memset(queue, 0, sizeof(*queue));
+}
+
+int mbedtls_test_ssl_message_queue_push_info(
+ mbedtls_test_ssl_message_queue *queue, size_t len)
+{
+ int place;
+ if (queue == NULL) {
+ return MBEDTLS_TEST_ERROR_ARG_NULL;
+ }
+
+ if (queue->num >= queue->capacity) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+
+ place = (queue->pos + queue->num) % queue->capacity;
+ queue->messages[place] = len;
+ queue->num++;
+ return (len > INT_MAX) ? INT_MAX : (int) len;
+}
+
+int mbedtls_test_ssl_message_queue_pop_info(
+ mbedtls_test_ssl_message_queue *queue, size_t buf_len)
+{
+ size_t message_length;
+ if (queue == NULL) {
+ return MBEDTLS_TEST_ERROR_ARG_NULL;
+ }
+ if (queue->num == 0) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+
+ message_length = queue->messages[queue->pos];
+ queue->messages[queue->pos] = 0;
+ queue->num--;
+ queue->pos++;
+ queue->pos %= queue->capacity;
+ if (queue->pos < 0) {
+ queue->pos += queue->capacity;
+ }
+
+ return (message_length > INT_MAX && buf_len > INT_MAX) ? INT_MAX :
+ (message_length > buf_len) ? (int) buf_len : (int) message_length;
+}
+
+/*
+ * Take a peek on the info about the next message length from the queue.
+ * This will be the oldest inserted message length(fifo).
+ *
+ * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
+ * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
+ * \retval 0, if the peek was successful.
+ * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
+ * too small to fit the message. In this case the \p msg_len will be
+ * set to the full message length so that the
+ * caller knows what portion of the message can be dropped.
+ */
+static int test_ssl_message_queue_peek_info(
+ mbedtls_test_ssl_message_queue *queue,
+ size_t buf_len, size_t *msg_len)
+{
+ if (queue == NULL || msg_len == NULL) {
+ return MBEDTLS_TEST_ERROR_ARG_NULL;
+ }
+ if (queue->num == 0) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+
+ *msg_len = queue->messages[queue->pos];
+ return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
+}
+
+void mbedtls_test_mock_socket_init(mbedtls_test_mock_socket *socket)
+{
+ memset(socket, 0, sizeof(*socket));
+}
+
+void mbedtls_test_mock_socket_close(mbedtls_test_mock_socket *socket)
+{
+ if (socket == NULL) {
+ return;
+ }
+
+ if (socket->input != NULL) {
+ mbedtls_test_ssl_buffer_free(socket->input);
+ mbedtls_free(socket->input);
+ }
+
+ if (socket->output != NULL) {
+ mbedtls_test_ssl_buffer_free(socket->output);
+ mbedtls_free(socket->output);
+ }
+
+ if (socket->peer != NULL) {
+ memset(socket->peer, 0, sizeof(*socket->peer));
+ }
+
+ memset(socket, 0, sizeof(*socket));
+}
+
+int mbedtls_test_mock_socket_connect(mbedtls_test_mock_socket *peer1,
+ mbedtls_test_mock_socket *peer2,
+ size_t bufsize)
+{
+ int ret = -1;
+
+ peer1->output =
+ (mbedtls_test_ssl_buffer *) mbedtls_calloc(
+ 1, sizeof(mbedtls_test_ssl_buffer));
+ if (peer1->output == NULL) {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+ mbedtls_test_ssl_buffer_init(peer1->output);
+ if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer1->output, bufsize))) {
+ goto exit;
+ }
+
+ peer2->output =
+ (mbedtls_test_ssl_buffer *) mbedtls_calloc(
+ 1, sizeof(mbedtls_test_ssl_buffer));
+ if (peer2->output == NULL) {
+ ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
+ goto exit;
+ }
+ mbedtls_test_ssl_buffer_init(peer2->output);
+ if (0 != (ret = mbedtls_test_ssl_buffer_setup(peer2->output, bufsize))) {
+ goto exit;
+ }
+
+ peer1->peer = peer2;
+ peer2->peer = peer1;
+ peer1->input = peer2->output;
+ peer2->input = peer1->output;
+
+ peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
+ ret = 0;
+
+exit:
+
+ if (ret != 0) {
+ mbedtls_test_mock_socket_close(peer1);
+ mbedtls_test_mock_socket_close(peer2);
+ }
+
+ return ret;
+}
+
+int mbedtls_test_mock_tcp_send_b(void *ctx,
+ const unsigned char *buf, size_t len)
+{
+ mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
+
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
+ return -1;
+ }
+
+ return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
+}
+
+int mbedtls_test_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len)
+{
+ mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
+
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
+ return -1;
+ }
+
+ return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
+}
+
+int mbedtls_test_mock_tcp_send_nb(void *ctx,
+ const unsigned char *buf, size_t len)
+{
+ mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
+
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
+ return -1;
+ }
+
+ if (socket->output->capacity == socket->output->content_length) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+
+ return mbedtls_test_ssl_buffer_put(socket->output, buf, len);
+}
+
+int mbedtls_test_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len)
+{
+ mbedtls_test_mock_socket *socket = (mbedtls_test_mock_socket *) ctx;
+
+ if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
+ return -1;
+ }
+
+ if (socket->input->content_length == 0) {
+ return MBEDTLS_ERR_SSL_WANT_READ;
+ }
+
+ return mbedtls_test_ssl_buffer_get(socket->input, buf, len);
+}
+
+void mbedtls_test_message_socket_init(
+ mbedtls_test_message_socket_context *ctx)
+{
+ ctx->queue_input = NULL;
+ ctx->queue_output = NULL;
+ ctx->socket = NULL;
+}
+
+int mbedtls_test_message_socket_setup(
+ mbedtls_test_ssl_message_queue *queue_input,
+ mbedtls_test_ssl_message_queue *queue_output,
+ size_t queue_capacity,
+ mbedtls_test_mock_socket *socket,
+ mbedtls_test_message_socket_context *ctx)
+{
+ int ret = mbedtls_test_ssl_message_queue_setup(queue_input, queue_capacity);
+ if (ret != 0) {
+ return ret;
+ }
+ ctx->queue_input = queue_input;
+ ctx->queue_output = queue_output;
+ ctx->socket = socket;
+ mbedtls_test_mock_socket_init(socket);
+
+ return 0;
+}
+
+void mbedtls_test_message_socket_close(
+ mbedtls_test_message_socket_context *ctx)
+{
+ if (ctx == NULL) {
+ return;
+ }
+
+ mbedtls_test_ssl_message_queue_free(ctx->queue_input);
+ mbedtls_test_mock_socket_close(ctx->socket);
+ memset(ctx, 0, sizeof(*ctx));
+}
+
+int mbedtls_test_mock_tcp_send_msg(void *ctx,
+ const unsigned char *buf, size_t len)
+{
+ mbedtls_test_ssl_message_queue *queue;
+ mbedtls_test_mock_socket *socket;
+ mbedtls_test_message_socket_context *context =
+ (mbedtls_test_message_socket_context *) ctx;
+
+ if (context == NULL || context->socket == NULL
+ || context->queue_output == NULL) {
+ return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
+ }
+
+ queue = context->queue_output;
+ socket = context->socket;
+
+ if (queue->num >= queue->capacity) {
+ return MBEDTLS_ERR_SSL_WANT_WRITE;
+ }
+
+ if (mbedtls_test_mock_tcp_send_b(socket, buf, len) != (int) len) {
+ return MBEDTLS_TEST_ERROR_SEND_FAILED;
+ }
+
+ return mbedtls_test_ssl_message_queue_push_info(queue, len);
+}
+
+int mbedtls_test_mock_tcp_recv_msg(void *ctx,
+ unsigned char *buf, size_t buf_len)
+{
+ mbedtls_test_ssl_message_queue *queue;
+ mbedtls_test_mock_socket *socket;
+ mbedtls_test_message_socket_context *context =
+ (mbedtls_test_message_socket_context *) ctx;
+ size_t drop_len = 0;
+ size_t msg_len;
+ int ret;
+
+ if (context == NULL || context->socket == NULL
+ || context->queue_input == NULL) {
+ return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
+ }
+
+ queue = context->queue_input;
+ socket = context->socket;
+
+ /* Peek first, so that in case of a socket error the data remains in
+ * the queue. */
+ ret = test_ssl_message_queue_peek_info(queue, buf_len, &msg_len);
+ if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
+ /* Calculate how much to drop */
+ drop_len = msg_len - buf_len;
+
+ /* Set the requested message len to be buffer length */
+ msg_len = buf_len;
+ } else if (ret != 0) {
+ return ret;
+ }
+
+ if (mbedtls_test_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) {
+ return MBEDTLS_TEST_ERROR_RECV_FAILED;
+ }
+
+ if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
+ /* Drop the remaining part of the message */
+ if (mbedtls_test_mock_tcp_recv_b(socket, NULL, drop_len) !=
+ (int) drop_len) {
+ /* Inconsistent state - part of the message was read,
+ * and a part couldn't. Not much we can do here, but it should not
+ * happen in test environment, unless forced manually. */
+ }
+ }
+ mbedtls_test_ssl_message_queue_pop_info(queue, buf_len);
+
+ return (msg_len > INT_MAX) ? INT_MAX : (int) msg_len;
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+
+/*
+ * Deinitializes certificates from endpoint represented by \p ep.
+ */
+static void test_ssl_endpoint_certificate_free(mbedtls_test_ssl_endpoint *ep)
+{
+ mbedtls_test_ssl_endpoint_certificate *cert = &(ep->cert);
+ if (cert != NULL) {
+ if (cert->ca_cert != NULL) {
+ mbedtls_x509_crt_free(cert->ca_cert);
+ mbedtls_free(cert->ca_cert);
+ cert->ca_cert = NULL;
+ }
+ if (cert->cert != NULL) {
+ mbedtls_x509_crt_free(cert->cert);
+ mbedtls_free(cert->cert);
+ cert->cert = NULL;
+ }
+ if (cert->pkey != NULL) {
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
+ mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
+ psa_destroy_key(*key_slot);
+ }
+#endif
+ mbedtls_pk_free(cert->pkey);
+ mbedtls_free(cert->pkey);
+ cert->pkey = NULL;
+ }
+ }
+}
+
+int mbedtls_test_ssl_endpoint_certificate_init(mbedtls_test_ssl_endpoint *ep,
+ int pk_alg)
+{
+ int i = 0;
+ int ret = -1;
+ mbedtls_test_ssl_endpoint_certificate *cert = NULL;
+
+ if (ep == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ cert = &(ep->cert);
+ TEST_CALLOC(cert->ca_cert, 1);
+ TEST_CALLOC(cert->cert, 1);
+ TEST_CALLOC(cert->pkey, 1);
+
+ mbedtls_x509_crt_init(cert->ca_cert);
+ mbedtls_x509_crt_init(cert->cert);
+ mbedtls_pk_init(cert->pkey);
+
+ /* Load the trusted CA */
+
+ for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
+ ret = mbedtls_x509_crt_parse_der(
+ cert->ca_cert,
+ (const unsigned char *) mbedtls_test_cas_der[i],
+ mbedtls_test_cas_der_len[i]);
+ TEST_ASSERT(ret == 0);
+ }
+
+ /* Load own certificate and private key */
+
+ if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ ret = mbedtls_x509_crt_parse(
+ cert->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
+ mbedtls_test_srv_crt_rsa_sha256_der_len);
+ TEST_ASSERT(ret == 0);
+
+ ret = mbedtls_pk_parse_key(
+ cert->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_rsa_der,
+ mbedtls_test_srv_key_rsa_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(
+ cert->cert,
+ (const unsigned char *) mbedtls_test_srv_crt_ec_der,
+ mbedtls_test_srv_crt_ec_der_len);
+ TEST_ASSERT(ret == 0);
+
+ ret = mbedtls_pk_parse_key(
+ cert->pkey,
+ (const unsigned char *) mbedtls_test_srv_key_ec_der,
+ mbedtls_test_srv_key_ec_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ }
+ } else {
+ if (pk_alg == MBEDTLS_PK_RSA) {
+ ret = mbedtls_x509_crt_parse(
+ cert->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
+ mbedtls_test_cli_crt_rsa_der_len);
+ TEST_ASSERT(ret == 0);
+
+ ret = mbedtls_pk_parse_key(
+ cert->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_rsa_der,
+ mbedtls_test_cli_key_rsa_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ } else {
+ ret = mbedtls_x509_crt_parse(
+ cert->cert,
+ (const unsigned char *) mbedtls_test_cli_crt_ec_der,
+ mbedtls_test_cli_crt_ec_len);
+ TEST_ASSERT(ret == 0);
+
+ ret = mbedtls_pk_parse_key(
+ cert->pkey,
+ (const unsigned char *) mbedtls_test_cli_key_ec_der,
+ mbedtls_test_cli_key_ec_der_len, NULL, 0);
+ TEST_ASSERT(ret == 0);
+ }
+ }
+
+ mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
+
+ ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
+ cert->pkey);
+ TEST_ASSERT(ret == 0);
+
+exit:
+ if (ret != 0) {
+ test_ssl_endpoint_certificate_free(ep);
+ }
+
+ return ret;
+}
+
+int mbedtls_test_ssl_endpoint_init(
+ mbedtls_test_ssl_endpoint *ep, int endpoint_type, int pk_alg,
+ mbedtls_test_message_socket_context *dtls_context,
+ mbedtls_test_ssl_message_queue *input_queue,
+ mbedtls_test_ssl_message_queue *output_queue,
+ const mbedtls_ecp_group_id *curves)
+{
+ int ret = -1;
+
+ if (dtls_context != NULL &&
+ (input_queue == NULL || output_queue == NULL)) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ if (ep == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ memset(ep, 0, sizeof(*ep));
+
+ ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client";
+
+ mbedtls_ssl_init(&(ep->ssl));
+ mbedtls_ssl_config_init(&(ep->conf));
+ mbedtls_ctr_drbg_init(&(ep->ctr_drbg));
+ mbedtls_ssl_conf_rng(&(ep->conf),
+ mbedtls_ctr_drbg_random,
+ &(ep->ctr_drbg));
+ mbedtls_entropy_init(&(ep->entropy));
+ if (dtls_context != NULL) {
+ TEST_ASSERT(mbedtls_test_message_socket_setup(input_queue, output_queue,
+ 100, &(ep->socket),
+ dtls_context) == 0);
+ } else {
+ mbedtls_test_mock_socket_init(&(ep->socket));
+ }
+
+ ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func,
+ &(ep->entropy),
+ (const unsigned char *) (ep->name),
+ strlen(ep->name));
+ TEST_ASSERT(ret == 0);
+
+ /* Non-blocking callbacks without timeout */
+ if (dtls_context != NULL) {
+ mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
+ mbedtls_test_mock_tcp_send_msg,
+ mbedtls_test_mock_tcp_recv_msg,
+ NULL);
+ } else {
+ mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
+ mbedtls_test_mock_tcp_send_nb,
+ mbedtls_test_mock_tcp_recv_nb,
+ NULL);
+ }
+
+ ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
+ (dtls_context != NULL) ?
+ MBEDTLS_SSL_TRANSPORT_DATAGRAM :
+ MBEDTLS_SSL_TRANSPORT_STREAM,
+ MBEDTLS_SSL_PRESET_DEFAULT);
+ TEST_ASSERT(ret == 0);
+
+#if defined(MBEDTLS_ECP_C)
+ if (curves != NULL) {
+ mbedtls_ssl_conf_curves(&(ep->conf), curves);
+ }
+#else
+ (void) curves;
+#endif
+
+ ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
+ TEST_ASSERT(ret == 0);
+
+#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
+ if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
+ mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
+ }
+#endif
+
+ ret = mbedtls_test_ssl_endpoint_certificate_init(ep, pk_alg);
+ TEST_ASSERT(ret == 0);
+
+exit:
+ return ret;
+}
+
+void mbedtls_test_ssl_endpoint_free(
+ mbedtls_test_ssl_endpoint *ep,
+ mbedtls_test_message_socket_context *context)
+{
+ test_ssl_endpoint_certificate_free(ep);
+
+ mbedtls_ssl_free(&(ep->ssl));
+ mbedtls_ssl_config_free(&(ep->conf));
+ mbedtls_ctr_drbg_free(&(ep->ctr_drbg));
+ mbedtls_entropy_free(&(ep->entropy));
+
+ if (context != NULL) {
+ mbedtls_test_message_socket_close(context);
+ } else {
+ mbedtls_test_mock_socket_close(&(ep->socket));
+ }
+}
+
+int mbedtls_test_move_handshake_to_state(mbedtls_ssl_context *ssl,
+ mbedtls_ssl_context *second_ssl,
+ int state)
+{
+ enum { BUFFSIZE = 1024 };
+ int max_steps = 1000;
+ int ret = 0;
+
+ if (ssl == NULL || second_ssl == NULL) {
+ return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
+ }
+
+ /* Perform communication via connected sockets */
+ while ((ssl->state != state) && (--max_steps >= 0)) {
+ /* If /p second_ssl ends the handshake procedure before /p ssl then
+ * there is no need to call the next step */
+ if (second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
+ ret = mbedtls_ssl_handshake_step(second_ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ return ret;
+ }
+ }
+
+ /* We only care about the \p ssl state and returns, so we call it last,
+ * to leave the iteration as soon as the state is as expected. */
+ ret = mbedtls_ssl_handshake_step(ssl);
+ if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
+ ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
+ return ret;
+ }
+ }
+
+ return (max_steps >= 0) ? ret : -1;
+}
+
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+/*
+ * Write application data. Increase write counter if necessary.
+ */
+int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl,
+ unsigned char *buf, int buf_len,
+ int *written,
+ const int expected_fragments)
+{
+ int ret;
+
+ /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
+ * a valid no-op for TLS connections. */
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ TEST_ASSERT(mbedtls_ssl_write(ssl, NULL, 0) == 0);
+ }
+
+ ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
+ if (ret > 0) {
+ *written += ret;
+ }
+
+ if (expected_fragments == 0) {
+ /* Used for DTLS and the message size larger than MFL. In that case
+ * the message can not be fragmented and the library should return
+ * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
+ * to prevent a dead loop inside mbedtls_test_ssl_exchange_data(). */
+ return ret;
+ } else if (expected_fragments == 1) {
+ /* Used for TLS/DTLS and the message size lower than MFL */
+ TEST_ASSERT(ret == buf_len ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ } else {
+ /* Used for TLS and the message size larger than MFL */
+ TEST_ASSERT(expected_fragments > 1);
+ TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ }
+
+ return 0;
+
+exit:
+ /* Some of the tests failed */
+ return -1;
+}
+
+/*
+ * Read application data and increase read counter and fragments counter
+ * if necessary.
+ */
+int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl,
+ unsigned char *buf, int buf_len,
+ int *read, int *fragments,
+ const int expected_fragments)
+{
+ int ret;
+
+ /* Verify that calling mbedtls_ssl_write with a NULL buffer and zero length is
+ * a valid no-op for TLS connections. */
+ if (ssl->conf->transport != MBEDTLS_SSL_TRANSPORT_DATAGRAM) {
+ TEST_ASSERT(mbedtls_ssl_read(ssl, NULL, 0) == 0);
+ }
+
+ ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
+ if (ret > 0) {
+ (*fragments)++;
+ *read += ret;
+ }
+
+ if (expected_fragments == 0) {
+ TEST_ASSERT(ret == 0);
+ } else if (expected_fragments == 1) {
+ TEST_ASSERT(ret == buf_len ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ } else {
+ TEST_ASSERT(expected_fragments > 1);
+ TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ }
+
+ return 0;
+
+exit:
+ /* Some of the tests failed */
+ return -1;
+}
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+static void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
+ int *forced_ciphersuite)
+{
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
+ forced_ciphersuite[1] = 0;
+
+ ciphersuite_info =
+ mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
+
+ TEST_ASSERT(ciphersuite_info != NULL);
+ TEST_ASSERT(ciphersuite_info->min_minor_ver <= conf->max_minor_ver);
+ TEST_ASSERT(ciphersuite_info->max_minor_ver >= conf->min_minor_ver);
+
+ if (conf->max_minor_ver > ciphersuite_info->max_minor_ver) {
+ conf->max_minor_ver = ciphersuite_info->max_minor_ver;
+ }
+ if (conf->min_minor_ver < ciphersuite_info->min_minor_ver) {
+ conf->min_minor_ver = ciphersuite_info->min_minor_ver;
+ }
+
+ mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
+
+exit:
+ return;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+static int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
+ const unsigned char *name, size_t name_len)
+{
+ (void) p_info;
+ (void) ssl;
+ (void) name;
+ (void) name_len;
+
+ return 0;
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
+int mbedtls_test_ssl_build_transforms(mbedtls_ssl_transform *t_in,
+ mbedtls_ssl_transform *t_out,
+ int cipher_type, int hash_id,
+ int etm, int tag_mode, int ver,
+ size_t cid0_len,
+ size_t cid1_len)
+{
+ mbedtls_cipher_info_t const *cipher_info;
+ int ret = 0;
+
+ size_t keylen, maclen, ivlen;
+ unsigned char *key0 = NULL, *key1 = NULL;
+ unsigned char *md0 = NULL, *md1 = NULL;
+ unsigned char iv_enc[16], iv_dec[16];
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ unsigned char cid0[SSL_CID_LEN_MIN];
+ unsigned char cid1[SSL_CID_LEN_MIN];
+
+ mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0));
+ mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1));
+#else
+ ((void) cid0_len);
+ ((void) cid1_len);
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+ maclen = 0;
+
+ /* Pick cipher */
+ cipher_info = mbedtls_cipher_info_from_type(cipher_type);
+ CHK(cipher_info != NULL);
+ CHK(cipher_info->iv_size <= 16);
+ CHK(cipher_info->key_bitlen % 8 == 0);
+
+ /* Pick keys */
+ keylen = cipher_info->key_bitlen / 8;
+ /* Allocate `keylen + 1` bytes to ensure that we get
+ * a non-NULL pointers from `mbedtls_calloc` even if
+ * `keylen == 0` in the case of the NULL cipher. */
+ CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL);
+ CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL);
+ memset(key0, 0x1, keylen);
+ memset(key1, 0x2, keylen);
+
+ /* Setup cipher contexts */
+ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
+ CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
+
+#if defined(MBEDTLS_CIPHER_MODE_CBC)
+ if (cipher_info->mode == MBEDTLS_MODE_CBC) {
+ CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
+ MBEDTLS_PADDING_NONE) == 0);
+ CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
+ MBEDTLS_PADDING_NONE) == 0);
+ }
+#endif /* MBEDTLS_CIPHER_MODE_CBC */
+
+ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
+ (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
+ MBEDTLS_ENCRYPT)
+ == 0);
+ CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
+ (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
+ MBEDTLS_DECRYPT)
+ == 0);
+ CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
+ (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
+ MBEDTLS_ENCRYPT)
+ == 0);
+ CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
+ (keylen << 3 > INT_MAX) ? INT_MAX : (int) keylen << 3,
+ MBEDTLS_DECRYPT)
+ == 0);
+
+ /* Setup MAC contexts */
+#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ if (cipher_info->mode == MBEDTLS_MODE_CBC ||
+ cipher_info->mode == MBEDTLS_MODE_STREAM) {
+ mbedtls_md_info_t const *md_info;
+
+ /* Pick hash */
+ md_info = mbedtls_md_info_from_type(hash_id);
+ CHK(md_info != NULL);
+
+ /* Pick hash keys */
+ maclen = mbedtls_md_get_size(md_info);
+ CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
+ CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
+ memset(md0, 0x5, maclen);
+ memset(md1, 0x6, maclen);
+
+ CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
+ CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
+
+ if (ver > MBEDTLS_SSL_MINOR_VERSION_0) {
+ CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
+ md0, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
+ md1, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
+ md1, maclen) == 0);
+ CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
+ md0, maclen) == 0);
+ }
+#if defined(MBEDTLS_SSL_PROTO_SSL3)
+ else {
+ memcpy(&t_in->mac_enc, md0, maclen);
+ memcpy(&t_in->mac_dec, md1, maclen);
+ memcpy(&t_out->mac_enc, md1, maclen);
+ memcpy(&t_out->mac_dec, md0, maclen);
+ }
+#endif
+ }
+#else
+ ((void) hash_id);
+#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
+
+
+ /* Pick IV's (regardless of whether they
+ * are being used by the transform). */
+ ivlen = cipher_info->iv_size;
+ memset(iv_enc, 0x3, sizeof(iv_enc));
+ memset(iv_dec, 0x4, sizeof(iv_dec));
+
+ /*
+ * Setup transforms
+ */
+
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
+ defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
+ t_out->encrypt_then_mac = etm;
+ t_in->encrypt_then_mac = etm;
+#else
+ ((void) etm);
+#endif
+
+ t_out->minor_ver = ver;
+ t_in->minor_ver = ver;
+ t_out->ivlen = ivlen;
+ t_in->ivlen = ivlen;
+
+ switch (cipher_info->mode) {
+ case MBEDTLS_MODE_GCM:
+ case MBEDTLS_MODE_CCM:
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
+ if (ver == MBEDTLS_SSL_MINOR_VERSION_4) {
+ t_out->fixed_ivlen = 12;
+ t_in->fixed_ivlen = 12;
+ } else
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
+ {
+ t_out->fixed_ivlen = 4;
+ t_in->fixed_ivlen = 4;
+ }
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch (tag_mode) {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ ret = 1;
+ goto cleanup;
+ }
+ break;
+
+ case MBEDTLS_MODE_CHACHAPOLY:
+ t_out->fixed_ivlen = 12;
+ t_in->fixed_ivlen = 12;
+ t_out->maclen = 0;
+ t_in->maclen = 0;
+ switch (tag_mode) {
+ case 0: /* Full tag */
+ t_out->taglen = 16;
+ t_in->taglen = 16;
+ break;
+ case 1: /* Partial tag */
+ t_out->taglen = 8;
+ t_in->taglen = 8;
+ break;
+ default:
+ ret = 1;
+ goto cleanup;
+ }
+ break;
+
+ case MBEDTLS_MODE_STREAM:
+ case MBEDTLS_MODE_CBC:
+ t_out->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_in->fixed_ivlen = 0; /* redundant, must be 0 */
+ t_out->taglen = 0;
+ t_in->taglen = 0;
+ switch (tag_mode) {
+ case 0: /* Full tag */
+ t_out->maclen = maclen;
+ t_in->maclen = maclen;
+ break;
+ case 1: /* Partial tag */
+ t_out->maclen = 10;
+ t_in->maclen = 10;
+ break;
+ default:
+ ret = 1;
+ goto cleanup;
+ }
+ break;
+ default:
+ ret = 1;
+ goto cleanup;
+ break;
+ }
+
+ /* Setup IV's */
+
+ memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec));
+ memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc));
+ memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc));
+ memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec));
+
+#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
+ /* Add CID */
+ memcpy(&t_in->in_cid, cid0, cid0_len);
+ memcpy(&t_in->out_cid, cid1, cid1_len);
+ t_in->in_cid_len = (uint8_t) cid0_len;
+ t_in->out_cid_len = (uint8_t) cid1_len;
+ memcpy(&t_out->in_cid, cid1, cid1_len);
+ memcpy(&t_out->out_cid, cid0, cid0_len);
+ t_out->in_cid_len = (uint8_t) cid1_len;
+ t_out->out_cid_len = (uint8_t) cid0_len;
+#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
+
+cleanup:
+
+ mbedtls_free(key0);
+ mbedtls_free(key1);
+
+ mbedtls_free(md0);
+ mbedtls_free(md1);
+
+ return ret;
+}
+
+int mbedtls_test_ssl_populate_session(mbedtls_ssl_session *session,
+ int ticket_len,
+ const char *crt_file)
+{
+#if defined(MBEDTLS_HAVE_TIME)
+ session->start = mbedtls_time(NULL) - 42;
+#endif
+ session->ciphersuite = 0xabcd;
+ session->compression = 1;
+ session->id_len = sizeof(session->id);
+ memset(session->id, 66, session->id_len);
+ memset(session->master, 17, sizeof(session->master));
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_FS_IO)
+ if (strlen(crt_file) != 0) {
+ mbedtls_x509_crt tmp_crt;
+ int ret;
+
+ mbedtls_x509_crt_init(&tmp_crt);
+ ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file);
+ if (ret != 0) {
+ return ret;
+ }
+
+#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
+ /* Move temporary CRT. */
+ session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert));
+ if (session->peer_cert == NULL) {
+ return -1;
+ }
+ *session->peer_cert = tmp_crt;
+ memset(&tmp_crt, 0, sizeof(tmp_crt));
+#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+ /* Calculate digest of temporary CRT. */
+ session->peer_cert_digest =
+ mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
+ if (session->peer_cert_digest == NULL) {
+ return -1;
+ }
+ ret = mbedtls_md(mbedtls_md_info_from_type(
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
+ tmp_crt.raw.p, tmp_crt.raw.len,
+ session->peer_cert_digest);
+ if (ret != 0) {
+ return ret;
+ }
+ session->peer_cert_digest_type =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
+ session->peer_cert_digest_len =
+ MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
+#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
+
+ mbedtls_x509_crt_free(&tmp_crt);
+ }
+#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
+ (void) crt_file;
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
+ session->verify_result = 0xdeadbeef;
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ if (ticket_len != 0) {
+ session->ticket = mbedtls_calloc(1, ticket_len);
+ if (session->ticket == NULL) {
+ return -1;
+ }
+ memset(session->ticket, 33, ticket_len);
+ }
+ session->ticket_len = ticket_len;
+ session->ticket_lifetime = 86401;
+#else
+ (void) ticket_len;
+#endif
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ session->mfl_code = 1;
+#endif
+#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
+ session->trunc_hmac = 1;
+#endif
+#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
+ session->encrypt_then_mac = 1;
+#endif
+
+ return 0;
+}
+
+int mbedtls_test_ssl_exchange_data(
+ mbedtls_ssl_context *ssl_1,
+ int msg_len_1, const int expected_fragments_1,
+ mbedtls_ssl_context *ssl_2,
+ int msg_len_2, const int expected_fragments_2)
+{
+ unsigned char *msg_buf_1 = malloc(msg_len_1);
+ unsigned char *msg_buf_2 = malloc(msg_len_2);
+ unsigned char *in_buf_1 = malloc(msg_len_2);
+ unsigned char *in_buf_2 = malloc(msg_len_1);
+ int msg_type, ret = -1;
+
+ /* Perform this test with two message types. At first use a message
+ * consisting of only 0x00 for the client and only 0xFF for the server.
+ * At the second time use message with generated data */
+ for (msg_type = 0; msg_type < 2; msg_type++) {
+ int written_1 = 0;
+ int written_2 = 0;
+ int read_1 = 0;
+ int read_2 = 0;
+ int fragments_1 = 0;
+ int fragments_2 = 0;
+
+ if (msg_type == 0) {
+ memset(msg_buf_1, 0x00, msg_len_1);
+ memset(msg_buf_2, 0xff, msg_len_2);
+ } else {
+ int i, j = 0;
+ for (i = 0; i < msg_len_1; i++) {
+ msg_buf_1[i] = j++ & 0xFF;
+ }
+ for (i = 0; i < msg_len_2; i++) {
+ msg_buf_2[i] = (j -= 5) & 0xFF;
+ }
+ }
+
+ while (read_1 < msg_len_2 || read_2 < msg_len_1) {
+ /* ssl_1 sending */
+ if (msg_len_1 > written_1) {
+ ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1,
+ msg_len_1, &written_1,
+ expected_fragments_1);
+ if (expected_fragments_1 == 0) {
+ /* This error is expected when the message is too large and
+ * cannot be fragmented */
+ TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ msg_len_1 = 0;
+ } else {
+ TEST_ASSERT(ret == 0);
+ }
+ }
+
+ /* ssl_2 sending */
+ if (msg_len_2 > written_2) {
+ ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2,
+ msg_len_2, &written_2,
+ expected_fragments_2);
+ if (expected_fragments_2 == 0) {
+ /* This error is expected when the message is too large and
+ * cannot be fragmented */
+ TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
+ msg_len_2 = 0;
+ } else {
+ TEST_ASSERT(ret == 0);
+ }
+ }
+
+ /* ssl_1 reading */
+ if (read_1 < msg_len_2) {
+ ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1,
+ msg_len_2, &read_1,
+ &fragments_2,
+ expected_fragments_2);
+ TEST_ASSERT(ret == 0);
+ }
+
+ /* ssl_2 reading */
+ if (read_2 < msg_len_1) {
+ ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2,
+ msg_len_1, &read_2,
+ &fragments_1,
+ expected_fragments_1);
+ TEST_ASSERT(ret == 0);
+ }
+ }
+
+ ret = -1;
+ TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
+ TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
+ TEST_ASSERT(fragments_1 == expected_fragments_1);
+ TEST_ASSERT(fragments_2 == expected_fragments_2);
+ }
+
+ ret = 0;
+
+exit:
+ free(msg_buf_1);
+ free(in_buf_1);
+ free(msg_buf_2);
+ free(in_buf_2);
+
+ return ret;
+}
+
+/*
+ * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
+ * must be initialized and connected beforehand.
+ *
+ * \retval 0 on success, otherwise error code.
+ */
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C) && \
+ (defined(MBEDTLS_SSL_RENEGOTIATION) || \
+ defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH))
+static int exchange_data(mbedtls_ssl_context *ssl_1,
+ mbedtls_ssl_context *ssl_2)
+{
+ return mbedtls_test_ssl_exchange_data(ssl_1, 256, 1,
+ ssl_2, 256, 1);
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C &&
+ (MBEDTLS_SSL_RENEGOTIATION ||
+ MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH) */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
+ defined(MBEDTLS_CERTS_C) && \
+ defined(MBEDTLS_ENTROPY_C) && \
+ defined(MBEDTLS_CTR_DRBG_C)
+void mbedtls_test_ssl_perform_handshake(
+ mbedtls_test_handshake_test_options *options)
+{
+ /* forced_ciphersuite needs to last until the end of the handshake */
+ int forced_ciphersuite[2];
+ enum { BUFFSIZE = 17000 };
+ mbedtls_test_ssl_endpoint client, server;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ const char *psk_identity = "foo";
+#endif
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_timing_delay_context timer_client, timer_server;
+#endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ unsigned char *context_buf = NULL;
+ size_t context_buf_len;
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ int ret = -1;
+#endif
+ int expected_handshake_result = 0;
+
+ USE_PSA_INIT();
+ mbedtls_platform_zeroize(&client, sizeof(client));
+ mbedtls_platform_zeroize(&server, sizeof(server));
+
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
+ mbedtls_test_message_socket_context server_context, client_context;
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+
+ /* Client side */
+ if (options->dtls != 0) {
+ TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
+ MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg,
+ &client_context,
+ &client_queue,
+ &server_queue, NULL) == 0);
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+ } else {
+ TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&client,
+ MBEDTLS_SSL_IS_CLIENT,
+ options->pk_alg, NULL, NULL,
+ NULL, NULL) == 0);
+ }
+
+ if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_min_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->client_min_version);
+ }
+
+ if (options->client_max_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_max_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->client_max_version);
+ }
+
+ if (strlen(options->cipher) > 0) {
+ set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
+ }
+
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->cli_log_fun) {
+ mbedtls_debug_set_threshold(4);
+ mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
+ options->cli_log_obj);
+ }
+#endif
+
+ /* Server side */
+ if (options->dtls != 0) {
+ TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
+ MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg,
+ &server_context,
+ &server_queue,
+ &client_queue, NULL) == 0);
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+ } else {
+ TEST_ASSERT(mbedtls_test_ssl_endpoint_init(&server,
+ MBEDTLS_SSL_IS_SERVER,
+ options->pk_alg, NULL, NULL,
+ NULL, NULL) == 0);
+ }
+
+ mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
+
+ if (options->server_min_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_min_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->server_min_version);
+ }
+
+ if (options->server_max_version != TEST_SSL_MINOR_VERSION_NONE) {
+ mbedtls_ssl_conf_max_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
+ options->server_max_version);
+ }
+
+#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
+ TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
+ (unsigned char) options->mfl)
+ == 0);
+ TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
+ (unsigned char) options->mfl)
+ == 0);
+#else
+ TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
+#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
+
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ if (options->psk_str != NULL && options->psk_str->len > 0) {
+ TEST_ASSERT(mbedtls_ssl_conf_psk(
+ &client.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen(psk_identity)) == 0);
+
+ TEST_ASSERT(mbedtls_ssl_conf_psk(
+ &server.conf, options->psk_str->x,
+ options->psk_str->len,
+ (const unsigned char *) psk_identity,
+ strlen(psk_identity)) == 0);
+
+ mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
+ }
+#endif
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (options->renegotiate) {
+ mbedtls_ssl_conf_renegotiation(&(server.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+ mbedtls_ssl_conf_renegotiation(&(client.conf),
+ MBEDTLS_SSL_RENEGOTIATION_ENABLED);
+
+ mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
+ options->legacy_renegotiation);
+ mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
+ options->legacy_renegotiation);
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->srv_log_fun) {
+ mbedtls_debug_set_threshold(4);
+ mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
+ options->srv_log_obj);
+ }
+#endif
+
+ TEST_ASSERT(mbedtls_test_mock_socket_connect(&(client.socket),
+ &(server.socket),
+ BUFFSIZE) == 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
+#endif
+
+ if (options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE) {
+ expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
+ }
+
+ TEST_ASSERT(mbedtls_test_move_handshake_to_state(
+ &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER)
+ == expected_handshake_result);
+
+ if (expected_handshake_result != 0) {
+ /* Connection will have failed by this point, skip to cleanup */
+ goto exit;
+ }
+
+ TEST_ASSERT(client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
+ TEST_ASSERT(server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
+
+ /* Check that we agree on the version... */
+ TEST_ASSERT(client.ssl.minor_ver == server.ssl.minor_ver);
+
+ /* And check that the version negotiated is the expected one. */
+ TEST_EQUAL(client.ssl.minor_ver, options->expected_negotiated_version);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ if (options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
+ options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1) {
+ /* A server, when using DTLS, might delay a buffer resize to happen
+ * after it receives a message, so we force it. */
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
+
+ TEST_ASSERT(client.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&client.ssl));
+ TEST_ASSERT(client.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&client.ssl));
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
+ }
+ }
+#endif
+
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+ /* Start data exchanging test */
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments)
+ == 0);
+ }
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (options->serialize == 1) {
+ TEST_ASSERT(options->dtls == 1);
+
+ TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
+ 0, &context_buf_len)
+ == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
+
+ context_buf = mbedtls_calloc(1, context_buf_len);
+ TEST_ASSERT(context_buf != NULL);
+
+ TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
+ context_buf_len,
+ &context_buf_len)
+ == 0);
+
+ mbedtls_ssl_free(&(server.ssl));
+ mbedtls_ssl_init(&(server.ssl));
+
+ TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
+
+ mbedtls_ssl_set_bio(&(server.ssl), &server_context,
+ mbedtls_test_mock_tcp_send_msg,
+ mbedtls_test_mock_tcp_recv_msg,
+ NULL);
+
+#if defined(MBEDTLS_TIMING_C)
+ mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
+ mbedtls_timing_set_delay,
+ mbedtls_timing_get_delay);
+#endif
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
+#endif
+ TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
+ context_buf_len) == 0);
+
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* Validate buffer sizes after context deserialization */
+ if (options->resize_buffers != 0) {
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
+ }
+#endif
+ /* Retest writing/reading */
+ if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
+ TEST_ASSERT(mbedtls_test_ssl_exchange_data(
+ &(client.ssl), options->cli_msg_len,
+ options->expected_cli_fragments,
+ &(server.ssl), options->srv_msg_len,
+ options->expected_srv_fragments)
+ == 0);
+ }
+ }
+#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
+
+#if defined(MBEDTLS_SSL_RENEGOTIATION)
+ if (options->renegotiate) {
+ /* Start test with renegotiation */
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+ /* After calling this function for the server, it only sends a handshake
+ * request. All renegotiation should happen during data exchanging */
+ TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_PENDING);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_INITIAL_HANDSHAKE);
+
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+
+ /* After calling mbedtls_ssl_renegotiate for the client,
+ * all renegotiation should happen inside this function.
+ * However in this test, we cannot perform simultaneous communication
+ * between client and server so this function will return waiting error
+ * on the socket. All rest of renegotiation should happen
+ * during data exchanging */
+ ret = mbedtls_ssl_renegotiate(&(client.ssl));
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ if (options->resize_buffers != 0) {
+ /* Ensure that the buffer sizes are appropriate before resizes */
+ TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
+ TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
+ }
+#endif
+ TEST_ASSERT(ret == 0 ||
+ ret == MBEDTLS_ERR_SSL_WANT_READ ||
+ ret == MBEDTLS_ERR_SSL_WANT_WRITE);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
+
+ TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
+ TEST_ASSERT(server.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+ TEST_ASSERT(client.ssl.renego_status ==
+ MBEDTLS_SSL_RENEGOTIATION_DONE);
+#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
+ /* Validate buffer sizes after renegotiation */
+ if (options->resize_buffers != 0) {
+ TEST_ASSERT(client.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&client.ssl));
+ TEST_ASSERT(client.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&client.ssl));
+ TEST_ASSERT(server.ssl.out_buf_len ==
+ mbedtls_ssl_get_output_buflen(&server.ssl));
+ TEST_ASSERT(server.ssl.in_buf_len ==
+ mbedtls_ssl_get_input_buflen(&server.ssl));
+ }
+#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
+ }
+#endif /* MBEDTLS_SSL_RENEGOTIATION */
+
+exit:
+ mbedtls_test_ssl_endpoint_free(&client,
+ options->dtls != 0 ? &client_context : NULL);
+ mbedtls_test_ssl_endpoint_free(&server,
+ options->dtls != 0 ? &server_context : NULL);
+#if defined(MBEDTLS_DEBUG_C)
+ if (options->cli_log_fun || options->srv_log_fun) {
+ mbedtls_debug_set_threshold(0);
+ }
+#endif
+#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
+ if (context_buf != NULL) {
+ mbedtls_free(context_buf);
+ }
+#endif
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C &&
+ MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+
+#endif /* MBEDTLS_SSL_TLS_C */
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 5a563ab..3a27aac 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -167,6 +167,9 @@
-p|--preserve-logs)
PRESERVE_LOGS=1
;;
+ --outcome-file)
+ shift; MBEDTLS_TEST_OUTCOME_FILE=$1
+ ;;
--port)
shift; SRV_PORT=$1
;;
@@ -190,14 +193,6 @@
done
}
-# Make the outcome file path relative to the original directory, not
-# to .../tests
-case "$MBEDTLS_TEST_OUTCOME_FILE" in
- [!/]*)
- MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE"
- ;;
-esac
-
# Read boolean configuration options from config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
@@ -1392,6 +1387,14 @@
get_options "$@"
+# Make the outcome file path relative to the original directory, not
+# to .../tests
+case "$MBEDTLS_TEST_OUTCOME_FILE" in
+ [!/]*)
+ MBEDTLS_TEST_OUTCOME_FILE="$ORIGINAL_PWD/$MBEDTLS_TEST_OUTCOME_FILE"
+ ;;
+esac
+
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
# patterns rather than regular expressions, use a case statement instead
# of calling grep. To keep the optimizer simple, it is incomplete and only
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index eb0dc03..12828f5 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -2,12 +2,17 @@
/*----------------------------------------------------------------------------*/
/* Headers */
-#include <test/macros.h>
+#include <test/arguments.h>
#include <test/helpers.h>
+#include <test/macros.h>
#include <test/random.h>
#include <test/psa_crypto_helpers.h>
+#include <errno.h>
+#include <limits.h>
+#include <stdint.h>
#include <stdlib.h>
+#include <string.h>
#include "mbedtls/platform.h"
@@ -20,22 +25,8 @@
#include <setjmp.h>
#endif
-#ifdef _MSC_VER
-#include <basetsd.h>
-typedef UINT8 uint8_t;
-typedef INT32 int32_t;
-typedef UINT32 uint32_t;
-#define strncasecmp _strnicmp
-#define strcasecmp _stricmp
-#else
-#include <stdint.h>
-#endif
-
-#include <string.h>
-
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
#include <unistd.h>
-#include <strings.h>
#endif
/*----------------------------------------------------------------------------*/
@@ -80,25 +71,6 @@
/*----------------------------------------------------------------------------*/
/* Helper Functions */
-#if defined(MBEDTLS_PSA_CRYPTO_C)
-/** Check that no PSA Crypto key slots are in use.
- *
- * If any slots are in use, mark the current test as failed.
- *
- * \return 0 if the key store is empty, 1 otherwise.
- */
-int test_fail_if_psa_leaking(int line_no, const char *filename)
-{
- const char *msg = mbedtls_test_helper_is_psa_leaking();
- if (msg == NULL) {
- return 0;
- } else {
- mbedtls_test_fail(msg, line_no, filename);
- return 1;
- }
-}
-#endif /* defined(MBEDTLS_PSA_CRYPTO_C) */
-
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
static int redirect_output(FILE *out_stream, const char *path)
{
diff --git a/tests/suites/host_test.function b/tests/suites/host_test.function
index 475a9c8..06f391f 100644
--- a/tests/suites/host_test.function
+++ b/tests/suites/host_test.function
@@ -28,50 +28,28 @@
* integer value.
*
* \param str Input string.
- * \param value Pointer to int for output value.
+ * \param p_value Pointer to output value.
*
* \return 0 if success else 1
*/
-int verify_int(char *str, int32_t *value)
+int verify_int(char *str, intmax_t *p_value)
{
- size_t i;
- int minus = 0;
- int digits = 1;
- int hex = 0;
-
- for (i = 0; i < strlen(str); i++) {
- if (i == 0 && str[i] == '-') {
- minus = 1;
- continue;
- }
-
- if (((minus && i == 2) || (!minus && i == 1)) &&
- str[i - 1] == '0' && (str[i] == 'x' || str[i] == 'X')) {
- hex = 1;
- continue;
- }
-
- if (!((str[i] >= '0' && str[i] <= '9') ||
- (hex && ((str[i] >= 'a' && str[i] <= 'f') ||
- (str[i] >= 'A' && str[i] <= 'F'))))) {
- digits = 0;
- break;
- }
+ char *end = NULL;
+ errno = 0;
+ /* Limit the range to long: for large integers, the test framework will
+ * use expressions anyway. */
+ long value = strtol(str, &end, 0);
+ if (errno == EINVAL || *end != '\0') {
+ mbedtls_fprintf(stderr,
+ "Expected integer for parameter and got: %s\n", str);
+ return KEY_VALUE_MAPPING_NOT_FOUND;
}
-
- if (digits) {
- if (hex) {
- *value = strtol(str, NULL, 16);
- } else {
- *value = strtol(str, NULL, 10);
- }
-
- return 0;
+ if (errno == ERANGE) {
+ mbedtls_fprintf(stderr, "Integer out of range: %s\n", str);
+ return KEY_VALUE_MAPPING_NOT_FOUND;
}
-
- mbedtls_fprintf(stderr,
- "Expected integer for parameter and got: %s\n", str);
- return KEY_VALUE_MAPPING_NOT_FOUND;
+ *p_value = value;
+ return 0;
}
@@ -180,24 +158,24 @@
p++;
}
- /* Replace newlines, question marks and colons in strings */
+ /* Replace backslash escapes in strings */
for (i = 0; i < cnt; i++) {
p = params[i];
q = params[i];
while (*p != '\0') {
- if (*p == '\\' && *(p + 1) == 'n') {
- p += 2;
- *(q++) = '\n';
- } else if (*p == '\\' && *(p + 1) == ':') {
- p += 2;
- *(q++) = ':';
- } else if (*p == '\\' && *(p + 1) == '?') {
- p += 2;
- *(q++) = '?';
- } else {
- *(q++) = *(p++);
+ if (*p == '\\') {
+ ++p;
+ switch (*p) {
+ case 'n':
+ *p = '\n';
+ break;
+ default:
+ // Fall through to copying *p
+ break;
+ }
}
+ *(q++) = *(p++);
}
*q = '\0';
}
@@ -223,7 +201,8 @@
*
* \return 0 for success else 1
*/
-static int convert_params(size_t cnt, char **params, int32_t *int_params_store)
+static int convert_params(size_t cnt, char **params,
+ mbedtls_test_argument_t *int_params_store)
{
char **cur = params;
char **out = params;
@@ -241,7 +220,7 @@
break;
}
} else if (strcmp(type, "int") == 0) {
- if (verify_int(val, int_params_store) == 0) {
+ if (verify_int(val, &int_params_store->sint) == 0) {
*out++ = (char *) int_params_store++;
} else {
ret = (DISPATCH_INVALID_TEST_DATA);
@@ -255,7 +234,7 @@
mbedtls_test_unhexify((unsigned char *) val, strlen(val),
val, &len) == 0);
- *int_params_store = len;
+ int_params_store->len = len;
*out++ = val;
*out++ = (char *) (int_params_store++);
} else {
@@ -264,7 +243,7 @@
}
} else if (strcmp(type, "exp") == 0) {
int exp_id = strtol(val, NULL, 10);
- if (get_expression(exp_id, int_params_store) == 0) {
+ if (get_expression(exp_id, &int_params_store->sint) == 0) {
*out++ = (char *) int_params_store++;
} else {
ret = (DISPATCH_INVALID_TEST_DATA);
@@ -483,7 +462,7 @@
char buf[5000];
char *params[50];
/* Store for processed integer params. */
- int32_t int_params[50];
+ mbedtls_test_argument_t int_params[50];
void *pointer;
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
int stdout_fd = -1;
diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function
index 1e5c666..335ce84 100644
--- a/tests/suites/main_test.function
+++ b/tests/suites/main_test.function
@@ -81,7 +81,7 @@
*
* \return 0 if exp_id is found. 1 otherwise.
*/
-int get_expression(int32_t exp_id, int32_t *out_value)
+int get_expression(int32_t exp_id, intmax_t *out_value)
{
int ret = KEY_VALUE_MAPPING_FOUND;
diff --git a/tests/suites/test_suite_aes.ecb.data b/tests/suites/test_suite_aes.ecb.data
index 6349034..faf69c0 100644
--- a/tests/suites/test_suite_aes.ecb.data
+++ b/tests/suites/test_suite_aes.ecb.data
@@ -228,3 +228,12 @@
AES-256-ECB Decrypt NIST KAT #12
aes_decrypt_ecb:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0
+
+AES-128-ECB context alignment
+aes_ecb_context_alignment:"000102030405060708090a0b0c0d0e0f"
+
+AES-192-ECB context alignment
+aes_ecb_context_alignment:"000102030405060708090a0b0c0d0e0f1011121314151617"
+
+AES-256-ECB context alignment
+aes_ecb_context_alignment:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f"
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 6b92b87..b159e1a 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -1,5 +1,52 @@
/* BEGIN_HEADER */
#include "mbedtls/aes.h"
+
+/* Test AES with a copied context.
+ *
+ * enc and dec must be AES context objects. They don't need to
+ * be initialized, and are left freed.
+ */
+static int test_ctx_alignment(const data_t *key,
+ mbedtls_aes_context *enc,
+ mbedtls_aes_context *dec)
+{
+ unsigned char plaintext[16] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f,
+ };
+ unsigned char ciphertext[16];
+ unsigned char output[16];
+
+ // Set key and encrypt with original context
+ mbedtls_aes_init(enc);
+ TEST_ASSERT(mbedtls_aes_setkey_enc(enc, key->x, key->len * 8) == 0);
+ TEST_ASSERT(mbedtls_aes_crypt_ecb(enc, MBEDTLS_AES_ENCRYPT,
+ plaintext, ciphertext) == 0);
+
+ // Set key for decryption with original context
+ mbedtls_aes_init(dec);
+ TEST_ASSERT(mbedtls_aes_setkey_dec(dec, key->x, key->len * 8) == 0);
+
+ // Wipe the original context to make sure nothing from it is used
+ memset(enc, 0, sizeof(*enc));
+ mbedtls_aes_free(enc);
+
+ // Decrypt
+ TEST_ASSERT(mbedtls_aes_crypt_ecb(dec, MBEDTLS_AES_DECRYPT,
+ ciphertext, output) == 0);
+ TEST_MEMORY_COMPARE(plaintext, 16, output, 16);
+
+ mbedtls_aes_free(dec);
+
+ return 1;
+
+exit:
+ /* Bug: we may be leaving something unfreed. This is harmless
+ * in our built-in implementations, but might cause a memory leak
+ * with alternative implementations. */
+ return 0;
+}
+
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -621,6 +668,77 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void aes_ecb_context_alignment(data_t *key)
+{
+ /* We test alignment multiple times, with different alignments
+ * of the context and of the plaintext/ciphertext. */
+
+ struct align0 {
+ mbedtls_aes_context ctx;
+ };
+ struct align0 *enc0 = NULL;
+ struct align0 *dec0 = NULL;
+
+ struct align1 {
+ char bump;
+ mbedtls_aes_context ctx;
+ };
+ struct align1 *enc1 = NULL;
+ struct align1 *dec1 = NULL;
+
+ /* All peak alignment */
+ TEST_CALLOC(enc0, 1);
+ TEST_CALLOC(dec0, 1);
+ if (!test_ctx_alignment(key, &enc0->ctx, &dec0->ctx)) {
+ goto exit;
+ }
+ mbedtls_free(enc0);
+ enc0 = NULL;
+ mbedtls_free(dec0);
+ dec0 = NULL;
+
+ /* Enc aligned, dec not */
+ TEST_CALLOC(enc0, 1);
+ TEST_CALLOC(dec1, 1);
+ if (!test_ctx_alignment(key, &enc0->ctx, &dec1->ctx)) {
+ goto exit;
+ }
+ mbedtls_free(enc0);
+ enc0 = NULL;
+ mbedtls_free(dec1);
+ dec1 = NULL;
+
+ /* Dec aligned, enc not */
+ TEST_CALLOC(enc1, 1);
+ TEST_CALLOC(dec0, 1);
+ if (!test_ctx_alignment(key, &enc1->ctx, &dec0->ctx)) {
+ goto exit;
+ }
+ mbedtls_free(enc1);
+ enc1 = NULL;
+ mbedtls_free(dec0);
+ dec0 = NULL;
+
+ /* Both shifted */
+ TEST_CALLOC(enc1, 1);
+ TEST_CALLOC(dec1, 1);
+ if (!test_ctx_alignment(key, &enc1->ctx, &dec1->ctx)) {
+ goto exit;
+ }
+ mbedtls_free(enc1);
+ enc1 = NULL;
+ mbedtls_free(dec1);
+ dec1 = NULL;
+
+exit:
+ mbedtls_free(enc0);
+ mbedtls_free(dec0);
+ mbedtls_free(enc1);
+ mbedtls_free(dec1);
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void aes_selftest()
{
diff --git a/tests/suites/test_suite_aria.function b/tests/suites/test_suite_aria.function
index ed33389..10c51a3 100644
--- a/tests/suites/test_suite_aria.function
+++ b/tests/suites/test_suite_aria.function
@@ -224,8 +224,8 @@
output + i) == 0);
}
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
@@ -252,8 +252,8 @@
output + i) == 0);
}
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
@@ -277,8 +277,8 @@
src_str->len, iv_str->x, src_str->x,
output) == cbc_result);
if (cbc_result == 0) {
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
@@ -302,8 +302,8 @@
src_str->len, iv_str->x, src_str->x,
output) == cbc_result);
if (cbc_result == 0) {
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
}
exit:
@@ -329,8 +329,8 @@
iv_str->x, src_str->x, output)
== result);
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@@ -355,8 +355,8 @@
iv_str->x, src_str->x, output)
== result);
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@@ -381,8 +381,8 @@
iv_str->x, blk, src_str->x, output)
== result);
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
@@ -407,8 +407,8 @@
iv_str->x, blk, src_str->x, output)
== result);
- ASSERT_COMPARE(output, expected_output->len,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, expected_output->len,
+ expected_output->x, expected_output->len);
exit:
mbedtls_aria_free(&ctx);
diff --git a/tests/suites/test_suite_asn1parse.function b/tests/suites/test_suite_asn1parse.function
index 7c546c1..77f268c 100644
--- a/tests/suites/test_suite_asn1parse.function
+++ b/tests/suites/test_suite_asn1parse.function
@@ -135,11 +135,11 @@
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
if (buffer_size == 0) {
- ASSERT_ALLOC(buf, 1);
+ TEST_CALLOC(buf, 1);
end = buf + 1;
p = end;
} else {
- ASSERT_ALLOC_WEAK(buf, buffer_size);
+ TEST_CALLOC_OR_SKIP(buf, buffer_size);
if (buffer_size > input->len) {
memcpy(buf, input->x, input->len);
memset(buf + input->len, 'A', buffer_size - input->len);
@@ -247,7 +247,7 @@
mbedtls_test_set_step(buffer_size);
/* Allocate a new buffer of exactly the length to parse each time.
* This gives memory sanitizers a chance to catch buffer overreads. */
- ASSERT_ALLOC(buf, buffer_size);
+ TEST_CALLOC(buf, buffer_size);
memcpy(buf, input->x, buffer_size);
p = buf;
ret = nested_parse(&p, buf + buffer_size);
@@ -506,7 +506,7 @@
mbedtls_mpi_init(&actual_mpi);
- ASSERT_ALLOC(buf, size);
+ TEST_CALLOC(buf, size);
buf[0] = 0x02; /* tag: INTEGER */
buf[1] = 0x84; /* 4-octet length */
buf[2] = (too_many_octets >> 24) & 0xff;
@@ -729,10 +729,10 @@
{ { 0x06, 0, NULL }, { 0, 0, NULL }, NULL, 0 };
if (with_oid) {
- ASSERT_ALLOC(head.oid.p, 1);
+ TEST_CALLOC(head.oid.p, 1);
}
if (with_val) {
- ASSERT_ALLOC(head.val.p, 1);
+ TEST_CALLOC(head.val.p, 1);
}
if (with_next) {
head.next = &next;
@@ -758,7 +758,7 @@
for (i = 0; i < length; i++) {
mbedtls_asn1_named_data *new = NULL;
- ASSERT_ALLOC(new, 1);
+ TEST_CALLOC(new, 1);
new->next = head;
head = new;
}
diff --git a/tests/suites/test_suite_asn1write.function b/tests/suites/test_suite_asn1write.function
index 06b9edf..77bf4ef 100644
--- a/tests/suites/test_suite_asn1write.function
+++ b/tests/suites/test_suite_asn1write.function
@@ -17,7 +17,7 @@
mbedtls_test_set_step(data->size);
mbedtls_free(data->output);
data->output = NULL;
- ASSERT_ALLOC(data->output, data->size == 0 ? 1 : data->size);
+ TEST_CALLOC(data->output, data->size == 0 ? 1 : data->size);
data->end = data->output + data->size;
data->p = data->end;
data->start = data->end - data->size;
@@ -37,8 +37,8 @@
TEST_EQUAL(ret, data->end - data->p);
TEST_ASSERT(data->p >= data->start);
TEST_ASSERT(data->p <= data->end);
- ASSERT_COMPARE(data->p, (size_t) (data->end - data->p),
- expected->x, expected->len);
+ TEST_MEMORY_COMPARE(data->p, (size_t) (data->end - data->p),
+ expected->x, expected->len);
}
ok = 1;
@@ -296,7 +296,7 @@
size_t len_complete = data_len + par_len;
unsigned char expected_params_tag;
size_t expected_params_len;
- ASSERT_ALLOC(buf_complete, len_complete);
+ TEST_CALLOC(buf_complete, len_complete);
unsigned char *end_complete = buf_complete + len_complete;
memcpy(buf_complete, data.p, data_len);
if (par_len == 0) {
@@ -316,13 +316,13 @@
buf_complete[data_len + 2] = (unsigned char) (expected_params_len >> 8);
buf_complete[data_len + 3] = (unsigned char) (expected_params_len);
} else {
- TEST_ASSERT(!"Bad test data: invalid length of ASN.1 element");
+ TEST_FAIL("Bad test data: invalid length of ASN.1 element");
}
unsigned char *p = buf_complete;
TEST_EQUAL(mbedtls_asn1_get_alg(&p, end_complete,
&alg, ¶ms), 0);
TEST_EQUAL(alg.tag, MBEDTLS_ASN1_OID);
- ASSERT_COMPARE(alg.p, alg.len, oid->x, oid->len);
+ TEST_MEMORY_COMPARE(alg.p, alg.len, oid->x, oid->len);
TEST_EQUAL(params.tag, expected_params_tag);
TEST_EQUAL(params.len, expected_params_len);
mbedtls_free(buf_complete);
@@ -404,7 +404,7 @@
TEST_ASSERT(bitstring->len >= byte_length);
#if defined(MBEDTLS_ASN1_PARSE_C)
- ASSERT_ALLOC(masked_bitstring, byte_length);
+ TEST_CALLOC(masked_bitstring, byte_length);
if (byte_length != 0) {
memcpy(masked_bitstring, bitstring->x, byte_length);
if (bits % 8 != 0) {
@@ -440,8 +440,8 @@
mbedtls_asn1_bitstring read = { 0, 0, NULL };
TEST_EQUAL(mbedtls_asn1_get_bitstring(&data.p, data.end,
&read), 0);
- ASSERT_COMPARE(read.p, read.len,
- masked_bitstring, byte_length);
+ TEST_MEMORY_COMPARE(read.p, read.len,
+ masked_bitstring, byte_length);
TEST_EQUAL(read.unused_bits, 8 * byte_length - value_bits);
}
#endif /* MBEDTLS_ASN1_PARSE_C */
@@ -477,7 +477,7 @@
}
pointers[ARRAY_LENGTH(nd)] = NULL;
for (i = 0; i < ARRAY_LENGTH(nd); i++) {
- ASSERT_ALLOC(nd[i].oid.p, oid[i]->len);
+ TEST_CALLOC(nd[i].oid.p, oid[i]->len);
memcpy(nd[i].oid.p, oid[i]->x, oid[i]->len);
nd[i].oid.len = oid[i]->len;
nd[i].next = pointers[i+1];
@@ -529,7 +529,7 @@
unsigned char *new_val = (unsigned char *) "new value";
if (old_len != 0) {
- ASSERT_ALLOC(nd.val.p, (size_t) old_len);
+ TEST_CALLOC(nd.val.p, (size_t) old_len);
old_val = nd.val.p;
nd.val.len = old_len;
memset(old_val, 'x', old_len);
@@ -545,8 +545,8 @@
TEST_ASSERT(found == head);
if (new_val != NULL) {
- ASSERT_COMPARE(found->val.p, found->val.len,
- new_val, (size_t) new_len);
+ TEST_MEMORY_COMPARE(found->val.p, found->val.len,
+ new_val, (size_t) new_len);
}
if (new_len == 0) {
TEST_ASSERT(found->val.p == NULL);
@@ -580,15 +580,15 @@
TEST_ASSERT(found != NULL);
TEST_ASSERT(found == head);
TEST_ASSERT(found->oid.p != oid);
- ASSERT_COMPARE(found->oid.p, found->oid.len, oid, oid_len);
+ TEST_MEMORY_COMPARE(found->oid.p, found->oid.len, oid, oid_len);
if (new_len == 0) {
TEST_ASSERT(found->val.p == NULL);
} else if (new_val == NULL) {
TEST_ASSERT(found->val.p != NULL);
} else {
TEST_ASSERT(found->val.p != new_val);
- ASSERT_COMPARE(found->val.p, found->val.len,
- new_val, (size_t) new_len);
+ TEST_MEMORY_COMPARE(found->val.p, found->val.len,
+ new_val, (size_t) new_len);
}
exit:
diff --git a/tests/suites/test_suite_bignum.function b/tests/suites/test_suite_bignum.function
index 9afebba..a65a489 100644
--- a/tests/suites/test_suite_bignum.function
+++ b/tests/suites/test_suite_bignum.function
@@ -391,7 +391,7 @@
TEST_ASSERT(sign_is_valid(&X));
TEST_ASSERT(mbedtls_mpi_write_string(&X, radix_A, str, output_size, &len) == result_write);
if (result_write == 0) {
- TEST_ASSERT(strcasecmp(str, input_A) == 0);
+ TEST_ASSERT(strcmp(str, input_A) == 0);
TEST_ASSERT(str[len] == '!');
}
}
@@ -402,7 +402,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_read_binary(data_t *buf, char *input_A)
+void mpi_read_binary(data_t *buf, char *input_A)
{
mbedtls_mpi X;
char str[1000];
@@ -422,7 +422,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_read_binary_le(data_t *buf, char *input_A)
+void mpi_read_binary_le(data_t *buf, char *input_A)
{
mbedtls_mpi X;
char str[1000];
@@ -442,8 +442,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_write_binary(char *input_X, data_t *input_A,
- int output_size, int result)
+void mpi_write_binary(char *input_X, data_t *input_A,
+ int output_size, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
@@ -473,8 +473,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_write_binary_le(char *input_X, data_t *input_A,
- int output_size, int result)
+void mpi_write_binary_le(char *input_X, data_t *input_A,
+ int output_size, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
@@ -504,7 +504,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_read_file(char *input_file, data_t *input_A, int result)
+void mpi_read_file(char *input_file, data_t *input_A, int result)
{
mbedtls_mpi X;
unsigned char buf[1000];
@@ -538,7 +538,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_FS_IO */
-void mbedtls_mpi_write_file(char *input_X, char *output_file)
+void mpi_write_file(char *input_X, char *output_file)
{
mbedtls_mpi X, Y;
FILE *file_out, *file_in;
@@ -568,7 +568,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_get_bit(char *input_X, int pos, int val)
+void mpi_get_bit(char *input_X, int pos, int val)
{
mbedtls_mpi X;
mbedtls_mpi_init(&X);
@@ -581,8 +581,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_set_bit(char *input_X, int pos, int val,
- char *output_Y, int result)
+void mpi_set_bit(char *input_X, int pos, int val,
+ char *output_Y, int result)
{
mbedtls_mpi X, Y;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
@@ -602,7 +602,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_lsb(char *input_X, int nr_bits)
+void mpi_lsb(char *input_X, int nr_bits)
{
mbedtls_mpi X;
mbedtls_mpi_init(&X);
@@ -616,7 +616,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_bitlen(char *input_X, int nr_bits)
+void mpi_bitlen(char *input_X, int nr_bits)
{
mbedtls_mpi X;
mbedtls_mpi_init(&X);
@@ -630,8 +630,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_gcd(char *input_X, char *input_Y,
- char *input_A)
+void mpi_gcd(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi A, X, Y, Z;
mbedtls_mpi_init(&A); mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z);
@@ -649,7 +649,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_int(int input_X, int input_A, int result_CMP)
+void mpi_cmp_int(int input_X, int input_A, int result_CMP)
{
mbedtls_mpi X;
mbedtls_mpi_init(&X);
@@ -663,8 +663,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_mpi(char *input_X, char *input_Y,
- int input_A)
+void mpi_cmp_mpi(char *input_X, char *input_Y,
+ int input_A)
{
mbedtls_mpi X, Y;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
@@ -679,9 +679,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_lt_mpi_ct(int size_X, char *input_X,
- int size_Y, char *input_Y,
- int input_ret, int input_err)
+void mpi_lt_mpi_ct(int size_X, char *input_X,
+ int size_Y, char *input_Y,
+ int input_ret, int input_err)
{
unsigned ret = -1;
unsigned input_uret = input_ret;
@@ -705,8 +705,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_cmp_abs(char *input_X, char *input_Y,
- int input_A)
+void mpi_cmp_abs(char *input_X, char *input_Y,
+ int input_A)
{
mbedtls_mpi X, Y;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
@@ -721,7 +721,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_copy(char *src_hex, char *dst_hex)
+void mpi_copy(char *src_hex, char *dst_hex)
{
mbedtls_mpi src, dst, ref;
mbedtls_mpi_init(&src);
@@ -779,7 +779,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_swap(char *X_hex, char *Y_hex)
+void mpi_swap(char *X_hex, char *Y_hex)
{
mbedtls_mpi X, Y, X0, Y0;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y);
@@ -844,7 +844,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shrink(int before, int used, int min, int after)
+void mpi_shrink(int before, int used, int min, int after)
{
mbedtls_mpi X;
mbedtls_mpi_init(&X);
@@ -864,8 +864,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi(char *input_X, char *input_Y,
- char *input_A)
+void mpi_add_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -894,7 +894,7 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_mpi_inplace(char *input_X, char *input_A)
+void mpi_add_mpi_inplace(char *input_X, char *input_A)
{
mbedtls_mpi X, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
@@ -923,8 +923,8 @@
/* BEGIN_CASE */
-void mbedtls_mpi_add_abs(char *input_X, char *input_Y,
- char *input_A)
+void mpi_add_abs(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -953,8 +953,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_add_int(char *input_X, int input_Y,
- char *input_A)
+void mpi_add_int(char *input_X, int input_Y,
+ char *input_A)
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -971,8 +971,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_mpi(char *input_X, char *input_Y,
- char *input_A)
+void mpi_sub_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -1001,8 +1001,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_abs(char *input_X, char *input_Y,
- char *input_A, int sub_result)
+void mpi_sub_abs(char *input_X, char *input_Y,
+ char *input_A, int sub_result)
{
mbedtls_mpi X, Y, Z, A;
int res;
@@ -1040,8 +1040,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_sub_int(char *input_X, int input_Y,
- char *input_A)
+void mpi_sub_int(char *input_X, int input_Y,
+ char *input_A)
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -1058,8 +1058,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_mpi(char *input_X, char *input_Y,
- char *input_A)
+void mpi_mul_mpi(char *input_X, char *input_Y,
+ char *input_A)
{
mbedtls_mpi X, Y, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Y); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -1077,8 +1077,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mul_int(char *input_X, int input_Y,
- char *input_A, char *result_comparison)
+void mpi_mul_int(char *input_X, int input_Y,
+ char *input_A, char *result_comparison)
{
mbedtls_mpi X, Z, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&Z); mbedtls_mpi_init(&A);
@@ -1101,9 +1101,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_mpi(char *input_X, char *input_Y,
- char *input_A, char *input_B,
- int div_result)
+void mpi_div_mpi(char *input_X, char *input_Y,
+ char *input_A, char *input_B,
+ int div_result)
{
mbedtls_mpi X, Y, Q, R, A, B;
int res;
@@ -1130,9 +1130,9 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_div_int(char *input_X, int input_Y,
- char *input_A, char *input_B,
- int div_result)
+void mpi_div_int(char *input_X, int input_Y,
+ char *input_A, char *input_B,
+ int div_result)
{
mbedtls_mpi X, Q, R, A, B;
int res;
@@ -1158,8 +1158,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_mpi(char *input_X, char *input_Y,
- char *input_A, int div_result)
+void mpi_mod_mpi(char *input_X, char *input_Y,
+ char *input_A, int div_result)
{
mbedtls_mpi X, Y, A;
int res;
@@ -1181,47 +1181,16 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_mod_int(char *input_X, char *input_Y,
- char *input_A, int mod_result)
+void mpi_mod_int(char *input_X, mbedtls_mpi_sint y,
+ mbedtls_mpi_sint a, int mod_result)
{
mbedtls_mpi X;
- mbedtls_mpi Y;
- mbedtls_mpi A;
int res;
mbedtls_mpi_uint r;
mbedtls_mpi_init(&X);
- mbedtls_mpi_init(&Y);
- mbedtls_mpi_init(&A);
- /* We use MPIs to read Y and A since the test framework limits us to
- * ints, so we can't have 64-bit values */
TEST_EQUAL(mbedtls_test_read_mpi(&X, input_X), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&Y, input_Y), 0);
- TEST_EQUAL(mbedtls_test_read_mpi(&A, input_A), 0);
-
- TEST_EQUAL(Y.n, 1);
- TEST_EQUAL(A.n, 1);
-
- /* Convert the MPIs for Y and A to (signed) mbedtls_mpi_sints */
-
- /* Since we're converting sign+magnitude to two's complement, we lose one
- * bit of value in the output. This means there are some values we can't
- * represent, e.g. (hex) -A0000000 on 32-bit systems. These are technically
- * invalid test cases, so could be considered "won't happen", but they are
- * easy to test for, and this helps guard against human error. */
-
- mbedtls_mpi_sint y = (mbedtls_mpi_sint) Y.p[0];
- TEST_ASSERT(y >= 0); /* If y < 0 here, we can't make negative y */
- if (Y.s == -1) {
- y = -y;
- }
-
- mbedtls_mpi_sint a = (mbedtls_mpi_sint) A.p[0];
- TEST_ASSERT(a >= 0); /* Same goes for a */
- if (A.s == -1) {
- a = -a;
- }
res = mbedtls_mpi_mod_int(&r, &X, y);
TEST_EQUAL(res, mod_result);
@@ -1231,15 +1200,13 @@
exit:
mbedtls_mpi_free(&X);
- mbedtls_mpi_free(&Y);
- mbedtls_mpi_free(&A);
}
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_exp_mod(char *input_A, char *input_E,
- char *input_N, char *input_X,
- int exp_result)
+void mpi_exp_mod(char *input_A, char *input_E,
+ char *input_N, char *input_X,
+ int exp_result)
{
mbedtls_mpi A, E, N, RR, Z, X;
int res;
@@ -1281,8 +1248,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes,
- char *input_RR, int exp_result)
+void mpi_exp_mod_size(int A_bytes, int E_bytes, int N_bytes,
+ char *input_RR, int exp_result)
{
mbedtls_mpi A, E, N, RR, Z;
mbedtls_mpi_init(&A); mbedtls_mpi_init(&E); mbedtls_mpi_init(&N);
@@ -1316,8 +1283,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_inv_mod(char *input_X, char *input_Y,
- char *input_A, int div_result)
+void mpi_inv_mod(char *input_X, char *input_Y,
+ char *input_A, int div_result)
{
mbedtls_mpi X, Y, Z, A;
int res;
@@ -1339,7 +1306,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime(char *input_X, int div_result)
+void mpi_is_prime(char *input_X, int div_result)
{
mbedtls_mpi X;
int res;
@@ -1355,8 +1322,8 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_is_prime_det(data_t *input_X, data_t *witnesses,
- int chunk_len, int rounds)
+void mpi_is_prime_det(data_t *input_X, data_t *witnesses,
+ int chunk_len, int rounds)
{
mbedtls_mpi X;
int res;
@@ -1388,7 +1355,7 @@
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_GENPRIME */
-void mbedtls_mpi_gen_prime(int bits, int flags, int ref_ret)
+void mpi_gen_prime(int bits, int flags, int ref_ret)
{
mbedtls_mpi X;
int my_ret;
@@ -1424,8 +1391,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_l(char *input_X, int shift_X,
- char *input_A)
+void mpi_shift_l(char *input_X, int shift_X,
+ char *input_A)
{
mbedtls_mpi X, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
@@ -1442,8 +1409,8 @@
/* END_CASE */
/* BEGIN_CASE */
-void mbedtls_mpi_shift_r(char *input_X, int shift_X,
- char *input_A)
+void mpi_shift_r(char *input_X, int shift_X,
+ char *input_A)
{
mbedtls_mpi X, A;
mbedtls_mpi_init(&X); mbedtls_mpi_init(&A);
@@ -1540,7 +1507,7 @@
full_stats = 0;
stats_len = n_bits;
}
- ASSERT_ALLOC(stats, stats_len);
+ TEST_CALLOC(stats, stats_len);
for (i = 0; i < (size_t) iterations; i++) {
mbedtls_test_set_step(i);
diff --git a/tests/suites/test_suite_bignum.generated.data b/tests/suites/test_suite_bignum.generated.data
index 00379ef..6badd0b 100644
--- a/tests/suites/test_suite_bignum.generated.data
+++ b/tests/suites/test_suite_bignum.generated.data
@@ -1,975 +1,975 @@
# Automatically generated by generate_bignum_tests.py. Do not edit!
MPI add #1 0 (null) + 0 (null)
-mbedtls_mpi_add_mpi:"":"":"0"
+mpi_add_mpi:"":"":"0"
MPI add #2 0 (null) + 0 (1 limb)
-mbedtls_mpi_add_mpi:"":"0":"0"
+mpi_add_mpi:"":"0":"0"
MPI add #3 0 (null) + negative 0 (null)
-mbedtls_mpi_add_mpi:"":"-":"0"
+mpi_add_mpi:"":"-":"0"
MPI add #4 0 (null) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"":"-0":"0"
+mpi_add_mpi:"":"-0":"0"
MPI add #5 0 (null) + positive
-mbedtls_mpi_add_mpi:"":"7b":"7b"
+mpi_add_mpi:"":"7b":"7b"
MPI add #6 0 (null) + negative
-mbedtls_mpi_add_mpi:"":"-7b":"-7b"
+mpi_add_mpi:"":"-7b":"-7b"
MPI add #7 0 (null) + positive with leading zero limb
-mbedtls_mpi_add_mpi:"":"0000000000000000123":"123"
+mpi_add_mpi:"":"0000000000000000123":"123"
MPI add #8 0 (null) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"":"-0000000000000000123":"-123"
+mpi_add_mpi:"":"-0000000000000000123":"-123"
MPI add #9 0 (null) + large positive
-mbedtls_mpi_add_mpi:"":"1230000000000000000":"1230000000000000000"
+mpi_add_mpi:"":"1230000000000000000":"1230000000000000000"
MPI add #10 0 (null) + large negative
-mbedtls_mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000"
+mpi_add_mpi:"":"-1230000000000000000":"-1230000000000000000"
MPI add #11 0 (1 limb) + 0 (null)
-mbedtls_mpi_add_mpi:"0":"":"0"
+mpi_add_mpi:"0":"":"0"
MPI add #12 0 (1 limb) + 0 (1 limb)
-mbedtls_mpi_add_mpi:"0":"0":"0"
+mpi_add_mpi:"0":"0":"0"
MPI add #13 0 (1 limb) + negative 0 (null)
-mbedtls_mpi_add_mpi:"0":"-":"0"
+mpi_add_mpi:"0":"-":"0"
MPI add #14 0 (1 limb) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"0":"-0":"0"
+mpi_add_mpi:"0":"-0":"0"
MPI add #15 0 (1 limb) + positive
-mbedtls_mpi_add_mpi:"0":"7b":"7b"
+mpi_add_mpi:"0":"7b":"7b"
MPI add #16 0 (1 limb) + negative
-mbedtls_mpi_add_mpi:"0":"-7b":"-7b"
+mpi_add_mpi:"0":"-7b":"-7b"
MPI add #17 0 (1 limb) + positive with leading zero limb
-mbedtls_mpi_add_mpi:"0":"0000000000000000123":"123"
+mpi_add_mpi:"0":"0000000000000000123":"123"
MPI add #18 0 (1 limb) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"0":"-0000000000000000123":"-123"
+mpi_add_mpi:"0":"-0000000000000000123":"-123"
MPI add #19 0 (1 limb) + large positive
-mbedtls_mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000"
+mpi_add_mpi:"0":"1230000000000000000":"1230000000000000000"
MPI add #20 0 (1 limb) + large negative
-mbedtls_mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000"
+mpi_add_mpi:"0":"-1230000000000000000":"-1230000000000000000"
MPI add #21 negative 0 (null) + 0 (null)
-mbedtls_mpi_add_mpi:"-":"":"0"
+mpi_add_mpi:"-":"":"0"
MPI add #22 negative 0 (null) + 0 (1 limb)
-mbedtls_mpi_add_mpi:"-":"0":"0"
+mpi_add_mpi:"-":"0":"0"
MPI add #23 negative 0 (null) + negative 0 (null)
-mbedtls_mpi_add_mpi:"-":"-":"0"
+mpi_add_mpi:"-":"-":"0"
MPI add #24 negative 0 (null) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-":"-0":"0"
+mpi_add_mpi:"-":"-0":"0"
MPI add #25 negative 0 (null) + positive
-mbedtls_mpi_add_mpi:"-":"7b":"7b"
+mpi_add_mpi:"-":"7b":"7b"
MPI add #26 negative 0 (null) + negative
-mbedtls_mpi_add_mpi:"-":"-7b":"-7b"
+mpi_add_mpi:"-":"-7b":"-7b"
MPI add #27 negative 0 (null) + positive with leading zero limb
-mbedtls_mpi_add_mpi:"-":"0000000000000000123":"123"
+mpi_add_mpi:"-":"0000000000000000123":"123"
MPI add #28 negative 0 (null) + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-":"-0000000000000000123":"-123"
+mpi_add_mpi:"-":"-0000000000000000123":"-123"
MPI add #29 negative 0 (null) + large positive
-mbedtls_mpi_add_mpi:"-":"1230000000000000000":"1230000000000000000"
+mpi_add_mpi:"-":"1230000000000000000":"1230000000000000000"
MPI add #30 negative 0 (null) + large negative
-mbedtls_mpi_add_mpi:"-":"-1230000000000000000":"-1230000000000000000"
+mpi_add_mpi:"-":"-1230000000000000000":"-1230000000000000000"
MPI add #31 negative with leading zero limb + 0 (null)
-mbedtls_mpi_add_mpi:"-0":"":"0"
+mpi_add_mpi:"-0":"":"0"
MPI add #32 negative with leading zero limb + 0 (1 limb)
-mbedtls_mpi_add_mpi:"-0":"0":"0"
+mpi_add_mpi:"-0":"0":"0"
MPI add #33 negative with leading zero limb + negative 0 (null)
-mbedtls_mpi_add_mpi:"-0":"-":"0"
+mpi_add_mpi:"-0":"-":"0"
MPI add #34 negative with leading zero limb + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-0":"-0":"0"
+mpi_add_mpi:"-0":"-0":"0"
MPI add #35 negative with leading zero limb + positive
-mbedtls_mpi_add_mpi:"-0":"7b":"7b"
+mpi_add_mpi:"-0":"7b":"7b"
MPI add #36 negative with leading zero limb + negative
-mbedtls_mpi_add_mpi:"-0":"-7b":"-7b"
+mpi_add_mpi:"-0":"-7b":"-7b"
MPI add #37 negative with leading zero limb + positive with leading zero limb
-mbedtls_mpi_add_mpi:"-0":"0000000000000000123":"123"
+mpi_add_mpi:"-0":"0000000000000000123":"123"
MPI add #38 negative with leading zero limb + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-0":"-0000000000000000123":"-123"
+mpi_add_mpi:"-0":"-0000000000000000123":"-123"
MPI add #39 negative with leading zero limb + large positive
-mbedtls_mpi_add_mpi:"-0":"1230000000000000000":"1230000000000000000"
+mpi_add_mpi:"-0":"1230000000000000000":"1230000000000000000"
MPI add #40 negative with leading zero limb + large negative
-mbedtls_mpi_add_mpi:"-0":"-1230000000000000000":"-1230000000000000000"
+mpi_add_mpi:"-0":"-1230000000000000000":"-1230000000000000000"
MPI add #41 positive + 0 (null)
-mbedtls_mpi_add_mpi:"7b":"":"7b"
+mpi_add_mpi:"7b":"":"7b"
MPI add #42 positive + 0 (1 limb)
-mbedtls_mpi_add_mpi:"7b":"0":"7b"
+mpi_add_mpi:"7b":"0":"7b"
MPI add #43 positive + negative 0 (null)
-mbedtls_mpi_add_mpi:"7b":"-":"7b"
+mpi_add_mpi:"7b":"-":"7b"
MPI add #44 positive + negative with leading zero limb
-mbedtls_mpi_add_mpi:"7b":"-0":"7b"
+mpi_add_mpi:"7b":"-0":"7b"
MPI add #45 positive + positive
-mbedtls_mpi_add_mpi:"7b":"7b":"f6"
+mpi_add_mpi:"7b":"7b":"f6"
MPI add #46 positive + negative , result=0
-mbedtls_mpi_add_mpi:"7b":"-7b":"0"
+mpi_add_mpi:"7b":"-7b":"0"
MPI add #47 positive + positive with leading zero limb
-mbedtls_mpi_add_mpi:"7b":"0000000000000000123":"19e"
+mpi_add_mpi:"7b":"0000000000000000123":"19e"
MPI add #48 positive + negative with leading zero limb , result<0
-mbedtls_mpi_add_mpi:"7b":"-0000000000000000123":"-a8"
+mpi_add_mpi:"7b":"-0000000000000000123":"-a8"
MPI add #49 positive + large positive
-mbedtls_mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b"
+mpi_add_mpi:"7b":"1230000000000000000":"123000000000000007b"
MPI add #50 positive + large negative , result<0
-mbedtls_mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85"
+mpi_add_mpi:"7b":"-1230000000000000000":"-122ffffffffffffff85"
MPI add #51 negative + 0 (null)
-mbedtls_mpi_add_mpi:"-7b":"":"-7b"
+mpi_add_mpi:"-7b":"":"-7b"
MPI add #52 negative + 0 (1 limb)
-mbedtls_mpi_add_mpi:"-7b":"0":"-7b"
+mpi_add_mpi:"-7b":"0":"-7b"
MPI add #53 negative + negative 0 (null)
-mbedtls_mpi_add_mpi:"-7b":"-":"-7b"
+mpi_add_mpi:"-7b":"-":"-7b"
MPI add #54 negative + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-7b":"-0":"-7b"
+mpi_add_mpi:"-7b":"-0":"-7b"
MPI add #55 negative + positive , result=0
-mbedtls_mpi_add_mpi:"-7b":"7b":"0"
+mpi_add_mpi:"-7b":"7b":"0"
MPI add #56 negative + negative
-mbedtls_mpi_add_mpi:"-7b":"-7b":"-f6"
+mpi_add_mpi:"-7b":"-7b":"-f6"
MPI add #57 negative + positive with leading zero limb , result>0
-mbedtls_mpi_add_mpi:"-7b":"0000000000000000123":"a8"
+mpi_add_mpi:"-7b":"0000000000000000123":"a8"
MPI add #58 negative + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-7b":"-0000000000000000123":"-19e"
+mpi_add_mpi:"-7b":"-0000000000000000123":"-19e"
MPI add #59 negative + large positive , result>0
-mbedtls_mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85"
+mpi_add_mpi:"-7b":"1230000000000000000":"122ffffffffffffff85"
MPI add #60 negative + large negative
-mbedtls_mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b"
+mpi_add_mpi:"-7b":"-1230000000000000000":"-123000000000000007b"
MPI add #61 positive with leading zero limb + 0 (null)
-mbedtls_mpi_add_mpi:"0000000000000000123":"":"123"
+mpi_add_mpi:"0000000000000000123":"":"123"
MPI add #62 positive with leading zero limb + 0 (1 limb)
-mbedtls_mpi_add_mpi:"0000000000000000123":"0":"123"
+mpi_add_mpi:"0000000000000000123":"0":"123"
MPI add #63 positive with leading zero limb + negative 0 (null)
-mbedtls_mpi_add_mpi:"0000000000000000123":"-":"123"
+mpi_add_mpi:"0000000000000000123":"-":"123"
MPI add #64 positive with leading zero limb + negative with leading zero limb
-mbedtls_mpi_add_mpi:"0000000000000000123":"-0":"123"
+mpi_add_mpi:"0000000000000000123":"-0":"123"
MPI add #65 positive with leading zero limb + positive
-mbedtls_mpi_add_mpi:"0000000000000000123":"7b":"19e"
+mpi_add_mpi:"0000000000000000123":"7b":"19e"
MPI add #66 positive with leading zero limb + negative , result>0
-mbedtls_mpi_add_mpi:"0000000000000000123":"-7b":"a8"
+mpi_add_mpi:"0000000000000000123":"-7b":"a8"
MPI add #67 positive with leading zero limb + positive with leading zero limb
-mbedtls_mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246"
+mpi_add_mpi:"0000000000000000123":"0000000000000000123":"246"
MPI add #68 positive with leading zero limb + negative with leading zero limb , result=0
-mbedtls_mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0"
+mpi_add_mpi:"0000000000000000123":"-0000000000000000123":"0"
MPI add #69 positive with leading zero limb + large positive
-mbedtls_mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123"
+mpi_add_mpi:"0000000000000000123":"1230000000000000000":"1230000000000000123"
MPI add #70 positive with leading zero limb + large negative , result<0
-mbedtls_mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd"
+mpi_add_mpi:"0000000000000000123":"-1230000000000000000":"-122fffffffffffffedd"
MPI add #71 negative with leading zero limb + 0 (null)
-mbedtls_mpi_add_mpi:"-0000000000000000123":"":"-123"
+mpi_add_mpi:"-0000000000000000123":"":"-123"
MPI add #72 negative with leading zero limb + 0 (1 limb)
-mbedtls_mpi_add_mpi:"-0000000000000000123":"0":"-123"
+mpi_add_mpi:"-0000000000000000123":"0":"-123"
MPI add #73 negative with leading zero limb + negative 0 (null)
-mbedtls_mpi_add_mpi:"-0000000000000000123":"-":"-123"
+mpi_add_mpi:"-0000000000000000123":"-":"-123"
MPI add #74 negative with leading zero limb + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-0000000000000000123":"-0":"-123"
+mpi_add_mpi:"-0000000000000000123":"-0":"-123"
MPI add #75 negative with leading zero limb + positive , result<0
-mbedtls_mpi_add_mpi:"-0000000000000000123":"7b":"-a8"
+mpi_add_mpi:"-0000000000000000123":"7b":"-a8"
MPI add #76 negative with leading zero limb + negative
-mbedtls_mpi_add_mpi:"-0000000000000000123":"-7b":"-19e"
+mpi_add_mpi:"-0000000000000000123":"-7b":"-19e"
MPI add #77 negative with leading zero limb + positive with leading zero limb , result=0
-mbedtls_mpi_add_mpi:"-0000000000000000123":"0000000000000000123":"0"
+mpi_add_mpi:"-0000000000000000123":"0000000000000000123":"0"
MPI add #78 negative with leading zero limb + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246"
+mpi_add_mpi:"-0000000000000000123":"-0000000000000000123":"-246"
MPI add #79 negative with leading zero limb + large positive , result>0
-mbedtls_mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd"
+mpi_add_mpi:"-0000000000000000123":"1230000000000000000":"122fffffffffffffedd"
MPI add #80 negative with leading zero limb + large negative
-mbedtls_mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123"
+mpi_add_mpi:"-0000000000000000123":"-1230000000000000000":"-1230000000000000123"
MPI add #81 large positive + 0 (null)
-mbedtls_mpi_add_mpi:"1230000000000000000":"":"1230000000000000000"
+mpi_add_mpi:"1230000000000000000":"":"1230000000000000000"
MPI add #82 large positive + 0 (1 limb)
-mbedtls_mpi_add_mpi:"1230000000000000000":"0":"1230000000000000000"
+mpi_add_mpi:"1230000000000000000":"0":"1230000000000000000"
MPI add #83 large positive + negative 0 (null)
-mbedtls_mpi_add_mpi:"1230000000000000000":"-":"1230000000000000000"
+mpi_add_mpi:"1230000000000000000":"-":"1230000000000000000"
MPI add #84 large positive + negative with leading zero limb
-mbedtls_mpi_add_mpi:"1230000000000000000":"-0":"1230000000000000000"
+mpi_add_mpi:"1230000000000000000":"-0":"1230000000000000000"
MPI add #85 large positive + positive
-mbedtls_mpi_add_mpi:"1230000000000000000":"7b":"123000000000000007b"
+mpi_add_mpi:"1230000000000000000":"7b":"123000000000000007b"
MPI add #86 large positive + negative , result>0
-mbedtls_mpi_add_mpi:"1230000000000000000":"-7b":"122ffffffffffffff85"
+mpi_add_mpi:"1230000000000000000":"-7b":"122ffffffffffffff85"
MPI add #87 large positive + positive with leading zero limb
-mbedtls_mpi_add_mpi:"1230000000000000000":"0000000000000000123":"1230000000000000123"
+mpi_add_mpi:"1230000000000000000":"0000000000000000123":"1230000000000000123"
MPI add #88 large positive + negative with leading zero limb , result>0
-mbedtls_mpi_add_mpi:"1230000000000000000":"-0000000000000000123":"122fffffffffffffedd"
+mpi_add_mpi:"1230000000000000000":"-0000000000000000123":"122fffffffffffffedd"
MPI add #89 large positive + large positive
-mbedtls_mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000"
+mpi_add_mpi:"1230000000000000000":"1230000000000000000":"2460000000000000000"
MPI add #90 large positive + large negative , result=0
-mbedtls_mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0"
+mpi_add_mpi:"1230000000000000000":"-1230000000000000000":"0"
MPI add #91 large negative + 0 (null)
-mbedtls_mpi_add_mpi:"-1230000000000000000":"":"-1230000000000000000"
+mpi_add_mpi:"-1230000000000000000":"":"-1230000000000000000"
MPI add #92 large negative + 0 (1 limb)
-mbedtls_mpi_add_mpi:"-1230000000000000000":"0":"-1230000000000000000"
+mpi_add_mpi:"-1230000000000000000":"0":"-1230000000000000000"
MPI add #93 large negative + negative 0 (null)
-mbedtls_mpi_add_mpi:"-1230000000000000000":"-":"-1230000000000000000"
+mpi_add_mpi:"-1230000000000000000":"-":"-1230000000000000000"
MPI add #94 large negative + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-1230000000000000000":"-0":"-1230000000000000000"
+mpi_add_mpi:"-1230000000000000000":"-0":"-1230000000000000000"
MPI add #95 large negative + positive , result<0
-mbedtls_mpi_add_mpi:"-1230000000000000000":"7b":"-122ffffffffffffff85"
+mpi_add_mpi:"-1230000000000000000":"7b":"-122ffffffffffffff85"
MPI add #96 large negative + negative
-mbedtls_mpi_add_mpi:"-1230000000000000000":"-7b":"-123000000000000007b"
+mpi_add_mpi:"-1230000000000000000":"-7b":"-123000000000000007b"
MPI add #97 large negative + positive with leading zero limb , result<0
-mbedtls_mpi_add_mpi:"-1230000000000000000":"0000000000000000123":"-122fffffffffffffedd"
+mpi_add_mpi:"-1230000000000000000":"0000000000000000123":"-122fffffffffffffedd"
MPI add #98 large negative + negative with leading zero limb
-mbedtls_mpi_add_mpi:"-1230000000000000000":"-0000000000000000123":"-1230000000000000123"
+mpi_add_mpi:"-1230000000000000000":"-0000000000000000123":"-1230000000000000123"
MPI add #99 large negative + large positive , result=0
-mbedtls_mpi_add_mpi:"-1230000000000000000":"1230000000000000000":"0"
+mpi_add_mpi:"-1230000000000000000":"1230000000000000000":"0"
MPI add #100 large negative + large negative
-mbedtls_mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000"
+mpi_add_mpi:"-1230000000000000000":"-1230000000000000000":"-2460000000000000000"
MPI add #101 large positive + large positive
-mbedtls_mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c"
+mpi_add_mpi:"1c67967269c6":"1c67967269c6":"38cf2ce4d38c"
MPI add #102 large positive + positive
-mbedtls_mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9"
+mpi_add_mpi:"1c67967269c6":"9cde3":"1c67967c37a9"
MPI add #103 large positive + large negative , result=0
-mbedtls_mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0"
+mpi_add_mpi:"1c67967269c6":"-1c67967269c6":"0"
MPI add #104 large positive + negative , result>0
-mbedtls_mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3"
+mpi_add_mpi:"1c67967269c6":"-9cde3":"1c6796689be3"
MPI add #105 positive + large positive
-mbedtls_mpi_add_mpi:"9cde3":"1c67967269c6":"1c67967c37a9"
+mpi_add_mpi:"9cde3":"1c67967269c6":"1c67967c37a9"
MPI add #106 positive + positive
-mbedtls_mpi_add_mpi:"9cde3":"9cde3":"139bc6"
+mpi_add_mpi:"9cde3":"9cde3":"139bc6"
MPI add #107 positive + large negative , result<0
-mbedtls_mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3"
+mpi_add_mpi:"9cde3":"-1c67967269c6":"-1c6796689be3"
MPI add #108 positive + negative , result=0
-mbedtls_mpi_add_mpi:"9cde3":"-9cde3":"0"
+mpi_add_mpi:"9cde3":"-9cde3":"0"
MPI add #109 large negative + large positive , result=0
-mbedtls_mpi_add_mpi:"-1c67967269c6":"1c67967269c6":"0"
+mpi_add_mpi:"-1c67967269c6":"1c67967269c6":"0"
MPI add #110 large negative + positive , result<0
-mbedtls_mpi_add_mpi:"-1c67967269c6":"9cde3":"-1c6796689be3"
+mpi_add_mpi:"-1c67967269c6":"9cde3":"-1c6796689be3"
MPI add #111 large negative + large negative
-mbedtls_mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c"
+mpi_add_mpi:"-1c67967269c6":"-1c67967269c6":"-38cf2ce4d38c"
MPI add #112 large negative + negative
-mbedtls_mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9"
+mpi_add_mpi:"-1c67967269c6":"-9cde3":"-1c67967c37a9"
MPI add #113 negative + large positive , result>0
-mbedtls_mpi_add_mpi:"-9cde3":"1c67967269c6":"1c6796689be3"
+mpi_add_mpi:"-9cde3":"1c67967269c6":"1c6796689be3"
MPI add #114 negative + positive , result=0
-mbedtls_mpi_add_mpi:"-9cde3":"9cde3":"0"
+mpi_add_mpi:"-9cde3":"9cde3":"0"
MPI add #115 negative + large negative
-mbedtls_mpi_add_mpi:"-9cde3":"-1c67967269c6":"-1c67967c37a9"
+mpi_add_mpi:"-9cde3":"-1c67967269c6":"-1c67967c37a9"
MPI add #116 negative + negative
-mbedtls_mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6"
+mpi_add_mpi:"-9cde3":"-9cde3":"-139bc6"
MPI compare #1 0 (null) == 0 (null)
-mbedtls_mpi_cmp_mpi:"":"":0
+mpi_cmp_mpi:"":"":0
MPI compare #2 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"":"0":0
+mpi_cmp_mpi:"":"0":0
MPI compare #3 0 (null) == negative 0 (null)
-mbedtls_mpi_cmp_mpi:"":"-":0
+mpi_cmp_mpi:"":"-":0
MPI compare #4 0 (null) == negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"":"-0":0
+mpi_cmp_mpi:"":"-0":0
MPI compare #5 0 (null) < positive
-mbedtls_mpi_cmp_mpi:"":"7b":-1
+mpi_cmp_mpi:"":"7b":-1
MPI compare #6 0 (null) > negative
-mbedtls_mpi_cmp_mpi:"":"-7b":1
+mpi_cmp_mpi:"":"-7b":1
MPI compare #7 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"":"0000000000000000123":-1
+mpi_cmp_mpi:"":"0000000000000000123":-1
MPI compare #8 0 (null) > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"":"-0000000000000000123":1
+mpi_cmp_mpi:"":"-0000000000000000123":1
MPI compare #9 0 (null) < large positive
-mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1
+mpi_cmp_mpi:"":"1230000000000000000":-1
MPI compare #10 0 (null) > large negative
-mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1
+mpi_cmp_mpi:"":"-1230000000000000000":1
MPI compare #11 0 (1 limb) == 0 (null)
-mbedtls_mpi_cmp_mpi:"0":"":0
+mpi_cmp_mpi:"0":"":0
MPI compare #12 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"0":"0":0
+mpi_cmp_mpi:"0":"0":0
MPI compare #13 0 (1 limb) == negative 0 (null)
-mbedtls_mpi_cmp_mpi:"0":"-":0
+mpi_cmp_mpi:"0":"-":0
MPI compare #14 0 (1 limb) == negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"0":"-0":0
+mpi_cmp_mpi:"0":"-0":0
MPI compare #15 0 (1 limb) < positive
-mbedtls_mpi_cmp_mpi:"0":"7b":-1
+mpi_cmp_mpi:"0":"7b":-1
MPI compare #16 0 (1 limb) > negative
-mbedtls_mpi_cmp_mpi:"0":"-7b":1
+mpi_cmp_mpi:"0":"-7b":1
MPI compare #17 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1
+mpi_cmp_mpi:"0":"0000000000000000123":-1
MPI compare #18 0 (1 limb) > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1
+mpi_cmp_mpi:"0":"-0000000000000000123":1
MPI compare #19 0 (1 limb) < large positive
-mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1
+mpi_cmp_mpi:"0":"1230000000000000000":-1
MPI compare #20 0 (1 limb) > large negative
-mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1
+mpi_cmp_mpi:"0":"-1230000000000000000":1
MPI compare #21 negative 0 (null) == 0 (null)
-mbedtls_mpi_cmp_mpi:"-":"":0
+mpi_cmp_mpi:"-":"":0
MPI compare #22 negative 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-":"0":0
+mpi_cmp_mpi:"-":"0":0
MPI compare #23 negative 0 (null) == negative 0 (null)
-mbedtls_mpi_cmp_mpi:"-":"-":0
+mpi_cmp_mpi:"-":"-":0
MPI compare #24 negative 0 (null) == negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-":"-0":0
+mpi_cmp_mpi:"-":"-0":0
MPI compare #25 negative 0 (null) < positive
-mbedtls_mpi_cmp_mpi:"-":"7b":-1
+mpi_cmp_mpi:"-":"7b":-1
MPI compare #26 negative 0 (null) > negative
-mbedtls_mpi_cmp_mpi:"-":"-7b":1
+mpi_cmp_mpi:"-":"-7b":1
MPI compare #27 negative 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"-":"0000000000000000123":-1
+mpi_cmp_mpi:"-":"0000000000000000123":-1
MPI compare #28 negative 0 (null) > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-":"-0000000000000000123":1
+mpi_cmp_mpi:"-":"-0000000000000000123":1
MPI compare #29 negative 0 (null) < large positive
-mbedtls_mpi_cmp_mpi:"-":"1230000000000000000":-1
+mpi_cmp_mpi:"-":"1230000000000000000":-1
MPI compare #30 negative 0 (null) > large negative
-mbedtls_mpi_cmp_mpi:"-":"-1230000000000000000":1
+mpi_cmp_mpi:"-":"-1230000000000000000":1
MPI compare #31 negative with leading zero limb == 0 (null)
-mbedtls_mpi_cmp_mpi:"-0":"":0
+mpi_cmp_mpi:"-0":"":0
MPI compare #32 negative with leading zero limb == 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-0":"0":0
+mpi_cmp_mpi:"-0":"0":0
MPI compare #33 negative with leading zero limb == negative 0 (null)
-mbedtls_mpi_cmp_mpi:"-0":"-":0
+mpi_cmp_mpi:"-0":"-":0
MPI compare #34 negative with leading zero limb == negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0":"-0":0
+mpi_cmp_mpi:"-0":"-0":0
MPI compare #35 negative with leading zero limb < positive
-mbedtls_mpi_cmp_mpi:"-0":"7b":-1
+mpi_cmp_mpi:"-0":"7b":-1
MPI compare #36 negative with leading zero limb > negative
-mbedtls_mpi_cmp_mpi:"-0":"-7b":1
+mpi_cmp_mpi:"-0":"-7b":1
MPI compare #37 negative with leading zero limb < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0":"0000000000000000123":-1
+mpi_cmp_mpi:"-0":"0000000000000000123":-1
MPI compare #38 negative with leading zero limb > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0":"-0000000000000000123":1
+mpi_cmp_mpi:"-0":"-0000000000000000123":1
MPI compare #39 negative with leading zero limb < large positive
-mbedtls_mpi_cmp_mpi:"-0":"1230000000000000000":-1
+mpi_cmp_mpi:"-0":"1230000000000000000":-1
MPI compare #40 negative with leading zero limb > large negative
-mbedtls_mpi_cmp_mpi:"-0":"-1230000000000000000":1
+mpi_cmp_mpi:"-0":"-1230000000000000000":1
MPI compare #41 positive > 0 (null)
-mbedtls_mpi_cmp_mpi:"7b":"":1
+mpi_cmp_mpi:"7b":"":1
MPI compare #42 positive > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"7b":"0":1
+mpi_cmp_mpi:"7b":"0":1
MPI compare #43 positive > negative 0 (null)
-mbedtls_mpi_cmp_mpi:"7b":"-":1
+mpi_cmp_mpi:"7b":"-":1
MPI compare #44 positive > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"7b":"-0":1
+mpi_cmp_mpi:"7b":"-0":1
MPI compare #45 positive == positive
-mbedtls_mpi_cmp_mpi:"7b":"7b":0
+mpi_cmp_mpi:"7b":"7b":0
MPI compare #46 positive > negative
-mbedtls_mpi_cmp_mpi:"7b":"-7b":1
+mpi_cmp_mpi:"7b":"-7b":1
MPI compare #47 positive < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"7b":"0000000000000000123":-1
+mpi_cmp_mpi:"7b":"0000000000000000123":-1
MPI compare #48 positive > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"7b":"-0000000000000000123":1
+mpi_cmp_mpi:"7b":"-0000000000000000123":1
MPI compare #49 positive < large positive
-mbedtls_mpi_cmp_mpi:"7b":"1230000000000000000":-1
+mpi_cmp_mpi:"7b":"1230000000000000000":-1
MPI compare #50 positive > large negative
-mbedtls_mpi_cmp_mpi:"7b":"-1230000000000000000":1
+mpi_cmp_mpi:"7b":"-1230000000000000000":1
MPI compare #51 negative < 0 (null)
-mbedtls_mpi_cmp_mpi:"-7b":"":-1
+mpi_cmp_mpi:"-7b":"":-1
MPI compare #52 negative < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-7b":"0":-1
+mpi_cmp_mpi:"-7b":"0":-1
MPI compare #53 negative < negative 0 (null)
-mbedtls_mpi_cmp_mpi:"-7b":"-":-1
+mpi_cmp_mpi:"-7b":"-":-1
MPI compare #54 negative < negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-7b":"-0":-1
+mpi_cmp_mpi:"-7b":"-0":-1
MPI compare #55 negative < positive
-mbedtls_mpi_cmp_mpi:"-7b":"7b":-1
+mpi_cmp_mpi:"-7b":"7b":-1
MPI compare #56 negative == negative
-mbedtls_mpi_cmp_mpi:"-7b":"-7b":0
+mpi_cmp_mpi:"-7b":"-7b":0
MPI compare #57 negative < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"-7b":"0000000000000000123":-1
+mpi_cmp_mpi:"-7b":"0000000000000000123":-1
MPI compare #58 negative > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-7b":"-0000000000000000123":1
+mpi_cmp_mpi:"-7b":"-0000000000000000123":1
MPI compare #59 negative < large positive
-mbedtls_mpi_cmp_mpi:"-7b":"1230000000000000000":-1
+mpi_cmp_mpi:"-7b":"1230000000000000000":-1
MPI compare #60 negative > large negative
-mbedtls_mpi_cmp_mpi:"-7b":"-1230000000000000000":1
+mpi_cmp_mpi:"-7b":"-1230000000000000000":1
MPI compare #61 positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"":1
+mpi_cmp_mpi:"0000000000000000123":"":1
MPI compare #62 positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"0":1
+mpi_cmp_mpi:"0000000000000000123":"0":1
MPI compare #63 positive with leading zero limb > negative 0 (null)
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"-":1
+mpi_cmp_mpi:"0000000000000000123":"-":1
MPI compare #64 positive with leading zero limb > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0":1
+mpi_cmp_mpi:"0000000000000000123":"-0":1
MPI compare #65 positive with leading zero limb > positive
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"7b":1
+mpi_cmp_mpi:"0000000000000000123":"7b":1
MPI compare #66 positive with leading zero limb > negative
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"-7b":1
+mpi_cmp_mpi:"0000000000000000123":"-7b":1
MPI compare #67 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0
+mpi_cmp_mpi:"0000000000000000123":"0000000000000000123":0
MPI compare #68 positive with leading zero limb > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1
+mpi_cmp_mpi:"0000000000000000123":"-0000000000000000123":1
MPI compare #69 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1
+mpi_cmp_mpi:"0000000000000000123":"1230000000000000000":-1
MPI compare #70 positive with leading zero limb > large negative
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1
+mpi_cmp_mpi:"0000000000000000123":"-1230000000000000000":1
MPI compare #71 negative with leading zero limb < 0 (null)
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"":-1
+mpi_cmp_mpi:"-0000000000000000123":"":-1
MPI compare #72 negative with leading zero limb < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0":-1
+mpi_cmp_mpi:"-0000000000000000123":"0":-1
MPI compare #73 negative with leading zero limb < negative 0 (null)
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-":-1
+mpi_cmp_mpi:"-0000000000000000123":"-":-1
MPI compare #74 negative with leading zero limb < negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0":-1
+mpi_cmp_mpi:"-0000000000000000123":"-0":-1
MPI compare #75 negative with leading zero limb < positive
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"7b":-1
+mpi_cmp_mpi:"-0000000000000000123":"7b":-1
MPI compare #76 negative with leading zero limb < negative
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-7b":-1
+mpi_cmp_mpi:"-0000000000000000123":"-7b":-1
MPI compare #77 negative with leading zero limb < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0000000000000000123":-1
+mpi_cmp_mpi:"-0000000000000000123":"0000000000000000123":-1
MPI compare #78 negative with leading zero limb == negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0
+mpi_cmp_mpi:"-0000000000000000123":"-0000000000000000123":0
MPI compare #79 negative with leading zero limb < large positive
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1
+mpi_cmp_mpi:"-0000000000000000123":"1230000000000000000":-1
MPI compare #80 negative with leading zero limb > large negative
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1
+mpi_cmp_mpi:"-0000000000000000123":"-1230000000000000000":1
MPI compare #81 large positive > 0 (null)
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"":1
+mpi_cmp_mpi:"1230000000000000000":"":1
MPI compare #82 large positive > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"0":1
+mpi_cmp_mpi:"1230000000000000000":"0":1
MPI compare #83 large positive > negative 0 (null)
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"-":1
+mpi_cmp_mpi:"1230000000000000000":"-":1
MPI compare #84 large positive > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0":1
+mpi_cmp_mpi:"1230000000000000000":"-0":1
MPI compare #85 large positive > positive
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"7b":1
+mpi_cmp_mpi:"1230000000000000000":"7b":1
MPI compare #86 large positive > negative
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"-7b":1
+mpi_cmp_mpi:"1230000000000000000":"-7b":1
MPI compare #87 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"0000000000000000123":1
+mpi_cmp_mpi:"1230000000000000000":"0000000000000000123":1
MPI compare #88 large positive > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"-0000000000000000123":1
+mpi_cmp_mpi:"1230000000000000000":"-0000000000000000123":1
MPI compare #89 large positive == large positive
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0
+mpi_cmp_mpi:"1230000000000000000":"1230000000000000000":0
MPI compare #90 large positive > large negative
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1
+mpi_cmp_mpi:"1230000000000000000":"-1230000000000000000":1
MPI compare #91 large negative < 0 (null)
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1
+mpi_cmp_mpi:"-1230000000000000000":"":-1
MPI compare #92 large negative < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1
+mpi_cmp_mpi:"-1230000000000000000":"0":-1
MPI compare #93 large negative < negative 0 (null)
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-":-1
+mpi_cmp_mpi:"-1230000000000000000":"-":-1
MPI compare #94 large negative < negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0":-1
+mpi_cmp_mpi:"-1230000000000000000":"-0":-1
MPI compare #95 large negative < positive
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"7b":-1
+mpi_cmp_mpi:"-1230000000000000000":"7b":-1
MPI compare #96 large negative < negative
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-7b":-1
+mpi_cmp_mpi:"-1230000000000000000":"-7b":-1
MPI compare #97 large negative < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0000000000000000123":-1
+mpi_cmp_mpi:"-1230000000000000000":"0000000000000000123":-1
MPI compare #98 large negative < negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-0000000000000000123":-1
+mpi_cmp_mpi:"-1230000000000000000":"-0000000000000000123":-1
MPI compare #99 large negative < large positive
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"1230000000000000000":-1
+mpi_cmp_mpi:"-1230000000000000000":"1230000000000000000":-1
MPI compare #100 large negative == large negative
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0
+mpi_cmp_mpi:"-1230000000000000000":"-1230000000000000000":0
MPI compare #101 negative > negative
-mbedtls_mpi_cmp_mpi:"-2":"-3":1
+mpi_cmp_mpi:"-2":"-3":1
MPI compare #102 negative == negative
-mbedtls_mpi_cmp_mpi:"-2":"-2":0
+mpi_cmp_mpi:"-2":"-2":0
MPI compare #103 positive < positive
-mbedtls_mpi_cmp_mpi:"2b4":"2b5":-1
+mpi_cmp_mpi:"2b4":"2b5":-1
MPI compare #104 positive < positive
-mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1
+mpi_cmp_mpi:"2b5":"2b6":-1
MPI compare (abs) #1 0 (null) == 0 (null)
-mbedtls_mpi_cmp_abs:"":"":0
+mpi_cmp_abs:"":"":0
MPI compare (abs) #2 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"":"0":0
+mpi_cmp_abs:"":"0":0
MPI compare (abs) #3 0 (null) == 0 (null)
-mbedtls_mpi_cmp_abs:"":"":0
+mpi_cmp_abs:"":"":0
MPI compare (abs) #4 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"":"0":0
+mpi_cmp_abs:"":"0":0
MPI compare (abs) #5 0 (null) < positive
-mbedtls_mpi_cmp_abs:"":"7b":-1
+mpi_cmp_abs:"":"7b":-1
MPI compare (abs) #6 0 (null) < positive
-mbedtls_mpi_cmp_abs:"":"7b":-1
+mpi_cmp_abs:"":"7b":-1
MPI compare (abs) #7 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+mpi_cmp_abs:"":"0000000000000000123":-1
MPI compare (abs) #8 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+mpi_cmp_abs:"":"0000000000000000123":-1
MPI compare (abs) #9 0 (null) < large positive
-mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+mpi_cmp_abs:"":"1230000000000000000":-1
MPI compare (abs) #10 0 (null) < large positive
-mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+mpi_cmp_abs:"":"1230000000000000000":-1
MPI compare (abs) #11 0 (1 limb) == 0 (null)
-mbedtls_mpi_cmp_abs:"0":"":0
+mpi_cmp_abs:"0":"":0
MPI compare (abs) #12 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+mpi_cmp_abs:"0":"0":0
MPI compare (abs) #13 0 (1 limb) == 0 (null)
-mbedtls_mpi_cmp_abs:"0":"":0
+mpi_cmp_abs:"0":"":0
MPI compare (abs) #14 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+mpi_cmp_abs:"0":"0":0
MPI compare (abs) #15 0 (1 limb) < positive
-mbedtls_mpi_cmp_abs:"0":"7b":-1
+mpi_cmp_abs:"0":"7b":-1
MPI compare (abs) #16 0 (1 limb) < positive
-mbedtls_mpi_cmp_abs:"0":"7b":-1
+mpi_cmp_abs:"0":"7b":-1
MPI compare (abs) #17 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+mpi_cmp_abs:"0":"0000000000000000123":-1
MPI compare (abs) #18 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+mpi_cmp_abs:"0":"0000000000000000123":-1
MPI compare (abs) #19 0 (1 limb) < large positive
-mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+mpi_cmp_abs:"0":"1230000000000000000":-1
MPI compare (abs) #20 0 (1 limb) < large positive
-mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+mpi_cmp_abs:"0":"1230000000000000000":-1
MPI compare (abs) #21 0 (null) == 0 (null)
-mbedtls_mpi_cmp_abs:"":"":0
+mpi_cmp_abs:"":"":0
MPI compare (abs) #22 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"":"0":0
+mpi_cmp_abs:"":"0":0
MPI compare (abs) #23 0 (null) == 0 (null)
-mbedtls_mpi_cmp_abs:"":"":0
+mpi_cmp_abs:"":"":0
MPI compare (abs) #24 0 (null) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"":"0":0
+mpi_cmp_abs:"":"0":0
MPI compare (abs) #25 0 (null) < positive
-mbedtls_mpi_cmp_abs:"":"7b":-1
+mpi_cmp_abs:"":"7b":-1
MPI compare (abs) #26 0 (null) < positive
-mbedtls_mpi_cmp_abs:"":"7b":-1
+mpi_cmp_abs:"":"7b":-1
MPI compare (abs) #27 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+mpi_cmp_abs:"":"0000000000000000123":-1
MPI compare (abs) #28 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"":"0000000000000000123":-1
+mpi_cmp_abs:"":"0000000000000000123":-1
MPI compare (abs) #29 0 (null) < large positive
-mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+mpi_cmp_abs:"":"1230000000000000000":-1
MPI compare (abs) #30 0 (null) < large positive
-mbedtls_mpi_cmp_abs:"":"1230000000000000000":-1
+mpi_cmp_abs:"":"1230000000000000000":-1
MPI compare (abs) #31 0 (1 limb) == 0 (null)
-mbedtls_mpi_cmp_abs:"0":"":0
+mpi_cmp_abs:"0":"":0
MPI compare (abs) #32 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+mpi_cmp_abs:"0":"0":0
MPI compare (abs) #33 0 (1 limb) == 0 (null)
-mbedtls_mpi_cmp_abs:"0":"":0
+mpi_cmp_abs:"0":"":0
MPI compare (abs) #34 0 (1 limb) == 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+mpi_cmp_abs:"0":"0":0
MPI compare (abs) #35 0 (1 limb) < positive
-mbedtls_mpi_cmp_abs:"0":"7b":-1
+mpi_cmp_abs:"0":"7b":-1
MPI compare (abs) #36 0 (1 limb) < positive
-mbedtls_mpi_cmp_abs:"0":"7b":-1
+mpi_cmp_abs:"0":"7b":-1
MPI compare (abs) #37 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+mpi_cmp_abs:"0":"0000000000000000123":-1
MPI compare (abs) #38 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0":"0000000000000000123":-1
+mpi_cmp_abs:"0":"0000000000000000123":-1
MPI compare (abs) #39 0 (1 limb) < large positive
-mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+mpi_cmp_abs:"0":"1230000000000000000":-1
MPI compare (abs) #40 0 (1 limb) < large positive
-mbedtls_mpi_cmp_abs:"0":"1230000000000000000":-1
+mpi_cmp_abs:"0":"1230000000000000000":-1
MPI compare (abs) #41 positive > 0 (null)
-mbedtls_mpi_cmp_abs:"7b":"":1
+mpi_cmp_abs:"7b":"":1
MPI compare (abs) #42 positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"7b":"0":1
+mpi_cmp_abs:"7b":"0":1
MPI compare (abs) #43 positive > 0 (null)
-mbedtls_mpi_cmp_abs:"7b":"":1
+mpi_cmp_abs:"7b":"":1
MPI compare (abs) #44 positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"7b":"0":1
+mpi_cmp_abs:"7b":"0":1
MPI compare (abs) #45 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
+mpi_cmp_abs:"7b":"7b":0
MPI compare (abs) #46 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
+mpi_cmp_abs:"7b":"7b":0
MPI compare (abs) #47 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+mpi_cmp_abs:"7b":"0000000000000000123":-1
MPI compare (abs) #48 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+mpi_cmp_abs:"7b":"0000000000000000123":-1
MPI compare (abs) #49 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+mpi_cmp_abs:"7b":"1230000000000000000":-1
MPI compare (abs) #50 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+mpi_cmp_abs:"7b":"1230000000000000000":-1
MPI compare (abs) #51 positive > 0 (null)
-mbedtls_mpi_cmp_abs:"7b":"":1
+mpi_cmp_abs:"7b":"":1
MPI compare (abs) #52 positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"7b":"0":1
+mpi_cmp_abs:"7b":"0":1
MPI compare (abs) #53 positive > 0 (null)
-mbedtls_mpi_cmp_abs:"7b":"":1
+mpi_cmp_abs:"7b":"":1
MPI compare (abs) #54 positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"7b":"0":1
+mpi_cmp_abs:"7b":"0":1
MPI compare (abs) #55 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
+mpi_cmp_abs:"7b":"7b":0
MPI compare (abs) #56 positive == positive
-mbedtls_mpi_cmp_abs:"7b":"7b":0
+mpi_cmp_abs:"7b":"7b":0
MPI compare (abs) #57 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+mpi_cmp_abs:"7b":"0000000000000000123":-1
MPI compare (abs) #58 positive < positive with leading zero limb
-mbedtls_mpi_cmp_abs:"7b":"0000000000000000123":-1
+mpi_cmp_abs:"7b":"0000000000000000123":-1
MPI compare (abs) #59 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+mpi_cmp_abs:"7b":"1230000000000000000":-1
MPI compare (abs) #60 positive < large positive
-mbedtls_mpi_cmp_abs:"7b":"1230000000000000000":-1
+mpi_cmp_abs:"7b":"1230000000000000000":-1
MPI compare (abs) #61 positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+mpi_cmp_abs:"0000000000000000123":"":1
MPI compare (abs) #62 positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+mpi_cmp_abs:"0000000000000000123":"0":1
MPI compare (abs) #63 positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+mpi_cmp_abs:"0000000000000000123":"":1
MPI compare (abs) #64 positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+mpi_cmp_abs:"0000000000000000123":"0":1
MPI compare (abs) #65 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+mpi_cmp_abs:"0000000000000000123":"7b":1
MPI compare (abs) #66 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+mpi_cmp_abs:"0000000000000000123":"7b":1
MPI compare (abs) #67 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
MPI compare (abs) #68 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
MPI compare (abs) #69 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
MPI compare (abs) #70 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
MPI compare (abs) #71 positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+mpi_cmp_abs:"0000000000000000123":"":1
MPI compare (abs) #72 positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+mpi_cmp_abs:"0000000000000000123":"0":1
MPI compare (abs) #73 positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"":1
+mpi_cmp_abs:"0000000000000000123":"":1
MPI compare (abs) #74 positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0":1
+mpi_cmp_abs:"0000000000000000123":"0":1
MPI compare (abs) #75 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+mpi_cmp_abs:"0000000000000000123":"7b":1
MPI compare (abs) #76 positive with leading zero limb > positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"7b":1
+mpi_cmp_abs:"0000000000000000123":"7b":1
MPI compare (abs) #77 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
MPI compare (abs) #78 positive with leading zero limb == positive with leading zero limb
-mbedtls_mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
+mpi_cmp_abs:"0000000000000000123":"0000000000000000123":0
MPI compare (abs) #79 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
MPI compare (abs) #80 positive with leading zero limb < large positive
-mbedtls_mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
+mpi_cmp_abs:"0000000000000000123":"1230000000000000000":-1
MPI compare (abs) #81 large positive > 0 (null)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+mpi_cmp_abs:"1230000000000000000":"":1
MPI compare (abs) #82 large positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+mpi_cmp_abs:"1230000000000000000":"0":1
MPI compare (abs) #83 large positive > 0 (null)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+mpi_cmp_abs:"1230000000000000000":"":1
MPI compare (abs) #84 large positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+mpi_cmp_abs:"1230000000000000000":"0":1
MPI compare (abs) #85 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+mpi_cmp_abs:"1230000000000000000":"7b":1
MPI compare (abs) #86 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+mpi_cmp_abs:"1230000000000000000":"7b":1
MPI compare (abs) #87 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
MPI compare (abs) #88 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
MPI compare (abs) #89 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
MPI compare (abs) #90 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
MPI compare (abs) #91 large positive > 0 (null)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+mpi_cmp_abs:"1230000000000000000":"":1
MPI compare (abs) #92 large positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+mpi_cmp_abs:"1230000000000000000":"0":1
MPI compare (abs) #93 large positive > 0 (null)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"":1
+mpi_cmp_abs:"1230000000000000000":"":1
MPI compare (abs) #94 large positive > 0 (1 limb)
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0":1
+mpi_cmp_abs:"1230000000000000000":"0":1
MPI compare (abs) #95 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+mpi_cmp_abs:"1230000000000000000":"7b":1
MPI compare (abs) #96 large positive > positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"7b":1
+mpi_cmp_abs:"1230000000000000000":"7b":1
MPI compare (abs) #97 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
MPI compare (abs) #98 large positive > positive with leading zero limb
-mbedtls_mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
+mpi_cmp_abs:"1230000000000000000":"0000000000000000123":1
MPI compare (abs) #99 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
MPI compare (abs) #100 large positive == large positive
-mbedtls_mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
+mpi_cmp_abs:"1230000000000000000":"1230000000000000000":0
MPI compare (abs) #101 positive < positive
-mbedtls_mpi_cmp_abs:"2":"3":-1
+mpi_cmp_abs:"2":"3":-1
MPI compare (abs) #102 positive == positive
-mbedtls_mpi_cmp_abs:"2":"2":0
+mpi_cmp_abs:"2":"2":0
MPI compare (abs) #103 positive < positive
-mbedtls_mpi_cmp_abs:"2b4":"2b5":-1
+mpi_cmp_abs:"2b4":"2b5":-1
MPI compare (abs) #104 positive < positive
-mbedtls_mpi_cmp_abs:"2b5":"2b6":-1
+mpi_cmp_abs:"2b5":"2b6":-1
# End of automatically generated file.
diff --git a/tests/suites/test_suite_bignum.misc.data b/tests/suites/test_suite_bignum.misc.data
index 9da54ff..2df3ad3 100644
--- a/tests/suites/test_suite_bignum.misc.data
+++ b/tests/suites/test_suite_bignum.misc.data
@@ -62,10 +62,10 @@
mpi_read_write_string:16:"-23":17:"-23":4:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mpi_read_write_string #6 (Output radix of 15)
-mpi_read_write_string:10:"29":15:"1e":100:0:0
+mpi_read_write_string:10:"29":15:"1E":100:0:0
Test mpi_read_write_string #7
-mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
+mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424":200:0:0
Test mpi_read_write_string #8 (Empty MPI hex -> hex)
mpi_read_write_string:16:"":16:"":4:0:0
@@ -89,451 +89,451 @@
mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_read_binary #1
-mbedtls_mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424"
+mpi_read_binary:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379D00FED1491FE15DF284DFDE4A142F68AA8D412023195CEE66883E6290FFE703F4EA5963BF212713CEE46B107C09182B5EDCD955ADAC418BF4918E2889AF48E1099D513830CEC85C26AC1E158B52620E33BA8692F893EFBB2F958B4424"
Base test mbedtls_mpi_read_binary_le #1
-mbedtls_mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448B952FBBEF93F89286BA330E62528B151EAC265CC8CE3038519D09E148AF89288E91F48B41ACAD55D9DC5E2B18097C106BE4CE132721BF6359EAF403E7FF90623E8866EE5C192320418DAA682F144ADEDF84F25DE11F49D1FE009D374109"
+mpi_read_binary_le:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448B952FBBEF93F89286BA330E62528B151EAC265CC8CE3038519D09E148AF89288E91F48B41ACAD55D9DC5E2B18097C106BE4CE132721BF6359EAF403E7FF90623E8866EE5C192320418DAA682F144ADEDF84F25DE11F49D1FE009D374109"
Base test mbedtls_mpi_write_binary #1
-mbedtls_mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
+mpi_write_binary:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0
Test mbedtls_mpi_write_binary #1 (Buffer just fits)
-mbedtls_mpi_write_binary:"123123123123123123123123123":"0123123123123123123123123123":14:0
+mpi_write_binary:"123123123123123123123123123":"0123123123123123123123123123":14:0
Test mbedtls_mpi_write_binary #2 (Buffer too small)
-mbedtls_mpi_write_binary:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+mpi_write_binary:"123123123123123123123123123":"23123123123123123123123123":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_write_binary_le #1
-mbedtls_mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
+mpi_write_binary_le:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"24448b952fbbef93f89286ba330e62528b151eac265cc8ce3038519d09e148af89288e91f48b41acad55d9dc5e2b18097c106be4ce132721bf6359eaf403e7ff90623e8866ee5c192320418daa682f144adedf84f25de11f49d1fe009d374109":200:0
Test mbedtls_mpi_write_binary_le #1 (Buffer just fits)
-mbedtls_mpi_write_binary_le:"123123123123123123123123123":"2331122331122331122331122301":14:0
+mpi_write_binary_le:"123123123123123123123123123":"2331122331122331122331122301":14:0
Test mbedtls_mpi_write_binary_le #2 (Buffer too small)
-mbedtls_mpi_write_binary_le:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+mpi_write_binary_le:"123123123123123123123123123":"23311223311223311223311223":13:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_read_file #1
-mbedtls_mpi_read_file:"data_files/mpi_16":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
+mpi_read_file:"data_files/mpi_16":"01f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":0
Test mbedtls_mpi_read_file #1 (Empty file)
-mbedtls_mpi_read_file:"data_files/hash_file_4":"":MBEDTLS_ERR_MPI_FILE_IO_ERROR
+mpi_read_file:"data_files/hash_file_4":"":MBEDTLS_ERR_MPI_FILE_IO_ERROR
Test mbedtls_mpi_read_file #2 (Illegal input)
-mbedtls_mpi_read_file:"data_files/hash_file_2":"":0
+mpi_read_file:"data_files/hash_file_2":"":0
Test mbedtls_mpi_read_file #3 (Input too big)
-mbedtls_mpi_read_file:"data_files/mpi_too_big":"":MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
+mpi_read_file:"data_files/mpi_too_big":"":MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL
Base test mbedtls_mpi_write_file #1
-mbedtls_mpi_write_file:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"data_files/mpi_write"
+mpi_write_file:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":"data_files/mpi_write"
Test mbedtls_mpi_lsb: 0 (null)
-mbedtls_mpi_lsb:"":0
+mpi_lsb:"":0
Test mbedtls_mpi_lsb: 0 (1 limb)
-mbedtls_mpi_lsb:"0":0
+mpi_lsb:"0":0
Base test mbedtls_mpi_lsb #1
-mbedtls_mpi_lsb:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":2
+mpi_lsb:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":2
Base test mbedtls_mpi_lsb #2
-mbedtls_mpi_lsb:"18":3
+mpi_lsb:"18":3
Base test mbedtls_mpi_lsb #3
-mbedtls_mpi_lsb:"24":2
+mpi_lsb:"24":2
Base test mbedtls_mpi_lsb #4
-mbedtls_mpi_lsb:"2000":13
+mpi_lsb:"2000":13
Base test mbedtls_mpi_bitlen #1
-mbedtls_mpi_bitlen:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":764
+mpi_bitlen:"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":764
Base test mbedtls_mpi_bitlen #2
-mbedtls_mpi_bitlen:"18":5
+mpi_bitlen:"18":5
Base test mbedtls_mpi_bitlen #3
-mbedtls_mpi_bitlen:"1":1
+mpi_bitlen:"1":1
Base test mbedtls_mpi_bitlen #4
-mbedtls_mpi_bitlen:"f":4
+mpi_bitlen:"f":4
Base test mbedtls_mpi_bitlen #5
-mbedtls_mpi_bitlen:"10":5
+mpi_bitlen:"10":5
Base test mbedtls_mpi_bitlen #6
-mbedtls_mpi_bitlen:"a":4
+mpi_bitlen:"a":4
Base test mbedtls_mpi_bitlen: 0 (null)
-mbedtls_mpi_bitlen:"":0
+mpi_bitlen:"":0
Base test mbedtls_mpi_bitlen: 0 (1 limb)
-mbedtls_mpi_bitlen:"0":0
+mpi_bitlen:"0":0
Base test mbedtls_mpi_cmp_int #1
-mbedtls_mpi_cmp_int:693:693:0
+mpi_cmp_int:693:693:0
Base test mbedtls_mpi_cmp_int #2
-mbedtls_mpi_cmp_int:693:692:1
+mpi_cmp_int:693:692:1
Base test mbedtls_mpi_cmp_int #3
-mbedtls_mpi_cmp_int:693:694:-1
+mpi_cmp_int:693:694:-1
Base test mbedtls_mpi_cmp_int (Negative values) #1
-mbedtls_mpi_cmp_int:-2:-2:0
+mpi_cmp_int:-2:-2:0
Base test mbedtls_mpi_cmp_int (Negative values) #2
-mbedtls_mpi_cmp_int:-2:-3:1
+mpi_cmp_int:-2:-3:1
Base test mbedtls_mpi_cmp_int (Negative values) #3
-mbedtls_mpi_cmp_int:-2:-1:-1
+mpi_cmp_int:-2:-1:-1
Base test mbedtls_mpi_cmp_mpi #1
-mbedtls_mpi_cmp_mpi:"2b5":"2b5":0
+mpi_cmp_mpi:"2b5":"2b5":0
Base test mbedtls_mpi_cmp_mpi #2
-mbedtls_mpi_cmp_mpi:"2b5":"2b4":1
+mpi_cmp_mpi:"2b5":"2b4":1
Base test mbedtls_mpi_cmp_mpi #3
-mbedtls_mpi_cmp_mpi:"2b5":"2b6":-1
+mpi_cmp_mpi:"2b5":"2b6":-1
Base test mbedtls_mpi_cmp_mpi (Negative values) #1
-mbedtls_mpi_cmp_mpi:"-2":"-2":0
+mpi_cmp_mpi:"-2":"-2":0
Base test mbedtls_mpi_cmp_mpi (Negative values) #2
-mbedtls_mpi_cmp_mpi:"-2":"-3":1
+mpi_cmp_mpi:"-2":"-3":1
Base test mbedtls_mpi_cmp_mpi (Negative values) #3
-mbedtls_mpi_cmp_mpi:"-2":"-1":-1
+mpi_cmp_mpi:"-2":"-1":-1
Base test mbedtls_mpi_cmp_mpi (Mixed values) #4
-mbedtls_mpi_cmp_mpi:"-3":"2":-1
+mpi_cmp_mpi:"-3":"2":-1
Base test mbedtls_mpi_cmp_mpi (Mixed values) #5
-mbedtls_mpi_cmp_mpi:"2":"-3":1
+mpi_cmp_mpi:"2":"-3":1
Base test mbedtls_mpi_cmp_mpi (Mixed values) #6
-mbedtls_mpi_cmp_mpi:"-2":"1c67967269c6":-1
+mpi_cmp_mpi:"-2":"1c67967269c6":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (null)
-mbedtls_mpi_cmp_mpi:"":"":0
+mpi_cmp_mpi:"":"":0
Test mbedtls_mpi_cmp_mpi: 0 (null) = 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"":"0":0
+mpi_cmp_mpi:"":"0":0
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (null)
-mbedtls_mpi_cmp_mpi:"0":"":0
+mpi_cmp_mpi:"0":"":0
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) = 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"0":"0":0
+mpi_cmp_mpi:"0":"0":0
Test mbedtls_mpi_cmp_mpi: 0 (null) < positive
-mbedtls_mpi_cmp_mpi:"":"7b":-1
+mpi_cmp_mpi:"":"7b":-1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive
-mbedtls_mpi_cmp_mpi:"0":"7b":-1
+mpi_cmp_mpi:"0":"7b":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) > negative
-mbedtls_mpi_cmp_mpi:"":"-7b":1
+mpi_cmp_mpi:"":"-7b":1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative
-mbedtls_mpi_cmp_mpi:"0":"-7b":1
+mpi_cmp_mpi:"0":"-7b":1
Test mbedtls_mpi_cmp_mpi: positive > 0 (null)
-mbedtls_mpi_cmp_mpi:"7b":"":1
+mpi_cmp_mpi:"7b":"":1
Test mbedtls_mpi_cmp_mpi: positive > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"7b":"0":1
+mpi_cmp_mpi:"7b":"0":1
Test mbedtls_mpi_cmp_mpi: negative < 0 (null)
-mbedtls_mpi_cmp_mpi:"-7b":"":-1
+mpi_cmp_mpi:"-7b":"":-1
Test mbedtls_mpi_cmp_mpi: negative < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-7b":"0":-1
+mpi_cmp_mpi:"-7b":"0":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"":"0000000000000000123":-1
+mpi_cmp_mpi:"":"0000000000000000123":-1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < positive with leading zero limb
-mbedtls_mpi_cmp_mpi:"0":"0000000000000000123":-1
+mpi_cmp_mpi:"0":"0000000000000000123":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"":"-0000000000000000123":1
+mpi_cmp_mpi:"":"-0000000000000000123":1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > negative with leading zero limb
-mbedtls_mpi_cmp_mpi:"0":"-0000000000000000123":1
+mpi_cmp_mpi:"0":"-0000000000000000123":1
Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (null)
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"":1
+mpi_cmp_mpi:"0000000000000000123":"":1
Test mbedtls_mpi_cmp_mpi: positive with leading zero limb > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"0000000000000000123":"0":1
+mpi_cmp_mpi:"0000000000000000123":"0":1
Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (null)
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"":-1
+mpi_cmp_mpi:"-0000000000000000123":"":-1
Test mbedtls_mpi_cmp_mpi: negative with leading zero limb < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-0000000000000000123":"0":-1
+mpi_cmp_mpi:"-0000000000000000123":"0":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) < large positive
-mbedtls_mpi_cmp_mpi:"":"1230000000000000000":-1
+mpi_cmp_mpi:"":"1230000000000000000":-1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) < large positive
-mbedtls_mpi_cmp_mpi:"0":"1230000000000000000":-1
+mpi_cmp_mpi:"0":"1230000000000000000":-1
Test mbedtls_mpi_cmp_mpi: 0 (null) > large negative
-mbedtls_mpi_cmp_mpi:"":"-1230000000000000000":1
+mpi_cmp_mpi:"":"-1230000000000000000":1
Test mbedtls_mpi_cmp_mpi: 0 (1 limb) > large negative
-mbedtls_mpi_cmp_mpi:"0":"-1230000000000000000":1
+mpi_cmp_mpi:"0":"-1230000000000000000":1
Test mbedtls_mpi_cmp_mpi: large positive > 0 (null)
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"":1
+mpi_cmp_mpi:"1230000000000000000":"":1
Test mbedtls_mpi_cmp_mpi: large positive > 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"1230000000000000000":"0":1
+mpi_cmp_mpi:"1230000000000000000":"0":1
Test mbedtls_mpi_cmp_mpi: large negative < 0 (null)
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"":-1
+mpi_cmp_mpi:"-1230000000000000000":"":-1
Test mbedtls_mpi_cmp_mpi: large negative < 0 (1 limb)
-mbedtls_mpi_cmp_mpi:"-1230000000000000000":"0":-1
+mpi_cmp_mpi:"-1230000000000000000":"0":-1
Base test mbedtls_mpi_lt_mpi_ct #1
-mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0
+mpi_lt_mpi_ct:1:"2B5":1:"2B5":0:0
Base test mbedtls_mpi_lt_mpi_ct #2
-mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B4":0:0
+mpi_lt_mpi_ct:1:"2B5":1:"2B4":0:0
Base test mbedtls_mpi_lt_mpi_ct #3
-mbedtls_mpi_lt_mpi_ct:1:"2B5":1:"2B6":1:0
+mpi_lt_mpi_ct:1:"2B5":1:"2B6":1:0
Base test mbedtls_mpi_lt_mpi_ct (Negative values) #1
-mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-2":0:0
+mpi_lt_mpi_ct:1:"-2":1:"-2":0:0
Base test mbedtls_mpi_lt_mpi_ct (Negative values) #2
-mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-3":0:0
+mpi_lt_mpi_ct:1:"-2":1:"-3":0:0
Base test mbedtls_mpi_lt_mpi_ct (Negative values) #3
-mbedtls_mpi_lt_mpi_ct:1:"-2":1:"-1":1:0
+mpi_lt_mpi_ct:1:"-2":1:"-1":1:0
Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #1
-mbedtls_mpi_lt_mpi_ct:1:"-3":1:"2":1:0
+mpi_lt_mpi_ct:1:"-3":1:"2":1:0
Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #2
-mbedtls_mpi_lt_mpi_ct:1:"2":1:"-3":0:0
+mpi_lt_mpi_ct:1:"2":1:"-3":0:0
Base test mbedtls_mpi_lt_mpi_ct (Mixed values) #3
-mbedtls_mpi_lt_mpi_ct:2:"-2":2:"1C67967269C6":1:0
+mpi_lt_mpi_ct:2:"-2":2:"1C67967269C6":1:0
Base test mbedtls_mpi_lt_mpi_ct (X is longer in storage)
-mbedtls_mpi_lt_mpi_ct:3:"2B5":2:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_lt_mpi_ct:3:"2B5":2:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_lt_mpi_ct (Y is longer in storage)
-mbedtls_mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_lt_mpi_ct:3:"2B5":4:"2B5":0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_lt_mpi_ct (length=0)
-mbedtls_mpi_lt_mpi_ct:0:"":0:"":0:0
+mpi_lt_mpi_ct:0:"":0:"":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #1
-mbedtls_mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0
+mpi_lt_mpi_ct:2:"7FFFFFFFFFFFFFFF":2:"FF":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #2
-mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"7FFFFFFFFFFFFFFF":0:0
+mpi_lt_mpi_ct:2:"8000000000000000":2:"7FFFFFFFFFFFFFFF":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #3
-mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"1":0:0
+mpi_lt_mpi_ct:2:"8000000000000000":2:"1":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #4
-mbedtls_mpi_lt_mpi_ct:2:"8000000000000000":2:"0":0:0
+mpi_lt_mpi_ct:2:"8000000000000000":2:"0":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 64 bit) #5
-mbedtls_mpi_lt_mpi_ct:2:"FFFFFFFFFFFFFFFF":2:"FF":0:0
+mpi_lt_mpi_ct:2:"FFFFFFFFFFFFFFFF":2:"FF":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #1
-mbedtls_mpi_lt_mpi_ct:1:"7FFFFFFF":1:"FF":0:0
+mpi_lt_mpi_ct:1:"7FFFFFFF":1:"FF":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #2
-mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"7FFFFFFF":0:0
+mpi_lt_mpi_ct:1:"80000000":1:"7FFFFFFF":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #3
-mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"1":0:0
+mpi_lt_mpi_ct:1:"80000000":1:"1":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #4
-mbedtls_mpi_lt_mpi_ct:1:"80000000":1:"0":0:0
+mpi_lt_mpi_ct:1:"80000000":1:"0":0:0
Base test mbedtls_mpi_lt_mpi_ct (corner case - 32 bit) #5
-mbedtls_mpi_lt_mpi_ct:1:"FFFFFFFF":1:"FF":0:0
+mpi_lt_mpi_ct:1:"FFFFFFFF":1:"FF":0:0
Multi-limb mbedtls_mpi_lt_mpi_ct (X<Y, zero vs non-zero MS limb)
-mbedtls_mpi_lt_mpi_ct:2:"0FFFFFFFFFFFFFFFF":2:"1FFFFFFFFFFFFFFFF":1:0
+mpi_lt_mpi_ct:2:"0FFFFFFFFFFFFFFFF":2:"1FFFFFFFFFFFFFFFF":1:0
Multi-limb mbedtls_mpi_lt_mpi_ct (X>Y, equal MS limbs)
-mbedtls_mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFF1":2:"-EEFFFFFFFFFFFFFFFF":0:0
+mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFF1":2:"-EEFFFFFFFFFFFFFFFF":0:0
Multi-limb mbedtls_mpi_lt_mpi_ct (X=Y)
-mbedtls_mpi_lt_mpi_ct:2:"EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":0:0
+mpi_lt_mpi_ct:2:"EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":0:0
Multi-limb mbedtls_mpi_lt_mpi_ct (X=-Y)
-mbedtls_mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":1:0
+mpi_lt_mpi_ct:2:"-EEFFFFFFFFFFFFFFFF":2:"EEFFFFFFFFFFFFFFFF":1:0
Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #1
-mbedtls_mpi_lt_mpi_ct:2:"11FFFFFFFFFFFFFFFF":2:"FF1111111111111111":1:0
+mpi_lt_mpi_ct:2:"11FFFFFFFFFFFFFFFF":2:"FF1111111111111111":1:0
Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #2
-mbedtls_mpi_lt_mpi_ct:2:"FF1111111111111111":2:"11FFFFFFFFFFFFFFFF":0:0
+mpi_lt_mpi_ct:2:"FF1111111111111111":2:"11FFFFFFFFFFFFFFFF":0:0
Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #3
-mbedtls_mpi_lt_mpi_ct:2:"-11FFFFFFFFFFFFFFFF":2:"-FF1111111111111111":0:0
+mpi_lt_mpi_ct:2:"-11FFFFFFFFFFFFFFFF":2:"-FF1111111111111111":0:0
Multi-limb mbedtls_mpi_lt_mpi_ct (Alternating limbs) #4
-mbedtls_mpi_lt_mpi_ct:2:"-FF1111111111111111":2:"-11FFFFFFFFFFFFFFFF":1:0
+mpi_lt_mpi_ct:2:"-FF1111111111111111":2:"-11FFFFFFFFFFFFFFFF":1:0
Base test mbedtls_mpi_cmp_abs #1
-mbedtls_mpi_cmp_abs:"2b5":"2b5":0
+mpi_cmp_abs:"2b5":"2b5":0
Base test mbedtls_mpi_cmp_abs #2
-mbedtls_mpi_cmp_abs:"2b5":"2b4":1
+mpi_cmp_abs:"2b5":"2b4":1
Base test mbedtls_mpi_cmp_abs #3
-mbedtls_mpi_cmp_abs:"2b5":"2b6":-1
+mpi_cmp_abs:"2b5":"2b6":-1
Base test mbedtls_mpi_cmp_abs (Negative values) #1
-mbedtls_mpi_cmp_abs:"-2":"-2":0
+mpi_cmp_abs:"-2":"-2":0
Base test mbedtls_mpi_cmp_abs (Negative values) #2
-mbedtls_mpi_cmp_abs:"-2":"-3":-1
+mpi_cmp_abs:"-2":"-3":-1
Base test mbedtls_mpi_cmp_abs (Negative values) #3
-mbedtls_mpi_cmp_abs:"-2":"-1":1
+mpi_cmp_abs:"-2":"-1":1
Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (null)
-mbedtls_mpi_cmp_abs:"":"":0
+mpi_cmp_abs:"":"":0
Test mbedtls_mpi_cmp_abs: 0 (null) = 0 (1 limb)
-mbedtls_mpi_cmp_abs:"":"0":0
+mpi_cmp_abs:"":"0":0
Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (null)
-mbedtls_mpi_cmp_abs:"0":"":0
+mpi_cmp_abs:"0":"":0
Test mbedtls_mpi_cmp_abs: 0 (1 limb) = 0 (1 limb)
-mbedtls_mpi_cmp_abs:"0":"0":0
+mpi_cmp_abs:"0":"0":0
Base test mbedtls_mpi_cmp_abs (Mix values) #1
-mbedtls_mpi_cmp_abs:"-2":"2":0
+mpi_cmp_abs:"-2":"2":0
Base test mbedtls_mpi_cmp_abs (Mix values) #2
-mbedtls_mpi_cmp_abs:"2":"-3":-1
+mpi_cmp_abs:"2":"-3":-1
Base test mbedtls_mpi_cmp_abs (Mix values) #3
-mbedtls_mpi_cmp_abs:"-2":"1":1
+mpi_cmp_abs:"-2":"1":1
Copy large negative to large negative
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
Copy large negative to large positive
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+mpi_copy:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
Copy large negative to small negative
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"-beef"
+mpi_copy:"-ca5cadedb01dfaceacc01ade":"-beef"
Copy large negative to small positive
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"beef"
+mpi_copy:"-ca5cadedb01dfaceacc01ade":"beef"
Copy large negative to zero (1 limb)
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":"0"
+mpi_copy:"-ca5cadedb01dfaceacc01ade":"0"
Copy large negative to zero (null)
-mbedtls_mpi_copy:"-ca5cadedb01dfaceacc01ade":""
+mpi_copy:"-ca5cadedb01dfaceacc01ade":""
Copy large positive to large negative
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
Copy large positive to large positive
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+mpi_copy:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
Copy large positive to small negative
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"-beef"
+mpi_copy:"ca5cadedb01dfaceacc01ade":"-beef"
Copy large positive to small positive
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"beef"
+mpi_copy:"ca5cadedb01dfaceacc01ade":"beef"
Copy large positive to zero (1 limb)
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":"0"
+mpi_copy:"ca5cadedb01dfaceacc01ade":"0"
Copy large positive to zero (null)
-mbedtls_mpi_copy:"ca5cadedb01dfaceacc01ade":""
+mpi_copy:"ca5cadedb01dfaceacc01ade":""
Copy small negative to large negative
-mbedtls_mpi_copy:"-bead":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"-bead":"-face1e55ca11ab1ecab005e5"
Copy small negative to large positive
-mbedtls_mpi_copy:"-bead":"face1e55ca11ab1ecab005e5"
+mpi_copy:"-bead":"face1e55ca11ab1ecab005e5"
Copy small negative to small negative
-mbedtls_mpi_copy:"-bead":"-beef"
+mpi_copy:"-bead":"-beef"
Copy small negative to small positive
-mbedtls_mpi_copy:"-bead":"beef"
+mpi_copy:"-bead":"beef"
Copy small negative to zero (1 limb)
-mbedtls_mpi_copy:"-bead":"0"
+mpi_copy:"-bead":"0"
Copy small negative to zero (null)
-mbedtls_mpi_copy:"-bead":""
+mpi_copy:"-bead":""
Copy small positive to large negative
-mbedtls_mpi_copy:"bead":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"bead":"-face1e55ca11ab1ecab005e5"
Copy small positive to large positive
-mbedtls_mpi_copy:"bead":"face1e55ca11ab1ecab005e5"
+mpi_copy:"bead":"face1e55ca11ab1ecab005e5"
Copy small positive to small negative
-mbedtls_mpi_copy:"bead":"-beef"
+mpi_copy:"bead":"-beef"
Copy small positive to small positive
-mbedtls_mpi_copy:"bead":"beef"
+mpi_copy:"bead":"beef"
Copy small positive to zero (1 limb)
-mbedtls_mpi_copy:"bead":"0"
+mpi_copy:"bead":"0"
Copy small positive to zero (null)
-mbedtls_mpi_copy:"bead":""
+mpi_copy:"bead":""
Copy zero (1 limb) to large negative
-mbedtls_mpi_copy:"0":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"0":"-face1e55ca11ab1ecab005e5"
Copy zero (1 limb) to large positive
-mbedtls_mpi_copy:"0":"face1e55ca11ab1ecab005e5"
+mpi_copy:"0":"face1e55ca11ab1ecab005e5"
Copy zero (1 limb) to small negative
-mbedtls_mpi_copy:"0":"-beef"
+mpi_copy:"0":"-beef"
Copy zero (1 limb) to small positive
-mbedtls_mpi_copy:"0":"beef"
+mpi_copy:"0":"beef"
Copy zero (1 limb) to zero (1 limb)
-mbedtls_mpi_copy:"0":"0"
+mpi_copy:"0":"0"
Copy zero (1 limb) to zero (null)
-mbedtls_mpi_copy:"0":""
+mpi_copy:"0":""
Copy zero (null) to large negative
-mbedtls_mpi_copy:"":"-face1e55ca11ab1ecab005e5"
+mpi_copy:"":"-face1e55ca11ab1ecab005e5"
Copy zero (null) to large positive
-mbedtls_mpi_copy:"":"face1e55ca11ab1ecab005e5"
+mpi_copy:"":"face1e55ca11ab1ecab005e5"
Copy zero (null) to small negative
-mbedtls_mpi_copy:"":"-beef"
+mpi_copy:"":"-beef"
Copy zero (null) to small positive
-mbedtls_mpi_copy:"":"beef"
+mpi_copy:"":"beef"
Copy zero (null) to zero (1 limb)
-mbedtls_mpi_copy:"":"0"
+mpi_copy:"":"0"
Copy zero (null) to zero (null)
-mbedtls_mpi_copy:"":""
+mpi_copy:"":""
Copy self: large negative
mpi_copy_self:"-ca5cadedb01dfaceacc01ade"
@@ -554,112 +554,112 @@
mpi_copy_self:""
Swap large negative with large negative
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"-ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
Swap large negative with large positive
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+mpi_swap:"-ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
Swap large negative with small negative
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"-beef"
+mpi_swap:"-ca5cadedb01dfaceacc01ade":"-beef"
Swap large negative with small positive
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"beef"
+mpi_swap:"-ca5cadedb01dfaceacc01ade":"beef"
Swap large negative with zero (1 limb)
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":"0"
+mpi_swap:"-ca5cadedb01dfaceacc01ade":"0"
Swap large negative with zero (null)
-mbedtls_mpi_swap:"-ca5cadedb01dfaceacc01ade":""
+mpi_swap:"-ca5cadedb01dfaceacc01ade":""
Swap large positive with large negative
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"ca5cadedb01dfaceacc01ade":"-face1e55ca11ab1ecab005e5"
Swap large positive with large positive
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
+mpi_swap:"ca5cadedb01dfaceacc01ade":"face1e55ca11ab1ecab005e5"
Swap large positive with small negative
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"-beef"
+mpi_swap:"ca5cadedb01dfaceacc01ade":"-beef"
Swap large positive with small positive
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"beef"
+mpi_swap:"ca5cadedb01dfaceacc01ade":"beef"
Swap large positive with zero (1 limb)
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":"0"
+mpi_swap:"ca5cadedb01dfaceacc01ade":"0"
Swap large positive with zero (null)
-mbedtls_mpi_swap:"ca5cadedb01dfaceacc01ade":""
+mpi_swap:"ca5cadedb01dfaceacc01ade":""
Swap small negative with large negative
-mbedtls_mpi_swap:"-bead":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"-bead":"-face1e55ca11ab1ecab005e5"
Swap small negative with large positive
-mbedtls_mpi_swap:"-bead":"face1e55ca11ab1ecab005e5"
+mpi_swap:"-bead":"face1e55ca11ab1ecab005e5"
Swap small negative with small negative
-mbedtls_mpi_swap:"-bead":"-beef"
+mpi_swap:"-bead":"-beef"
Swap small negative with small positive
-mbedtls_mpi_swap:"-bead":"beef"
+mpi_swap:"-bead":"beef"
Swap small negative with zero (1 limb)
-mbedtls_mpi_swap:"-bead":"0"
+mpi_swap:"-bead":"0"
Swap small negative with zero (null)
-mbedtls_mpi_swap:"-bead":""
+mpi_swap:"-bead":""
Swap small positive with large negative
-mbedtls_mpi_swap:"bead":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"bead":"-face1e55ca11ab1ecab005e5"
Swap small positive with large positive
-mbedtls_mpi_swap:"bead":"face1e55ca11ab1ecab005e5"
+mpi_swap:"bead":"face1e55ca11ab1ecab005e5"
Swap small positive with small negative
-mbedtls_mpi_swap:"bead":"-beef"
+mpi_swap:"bead":"-beef"
Swap small positive with small positive
-mbedtls_mpi_swap:"bead":"beef"
+mpi_swap:"bead":"beef"
Swap small positive with zero (1 limb)
-mbedtls_mpi_swap:"bead":"0"
+mpi_swap:"bead":"0"
Swap small positive with zero (null)
-mbedtls_mpi_swap:"bead":""
+mpi_swap:"bead":""
Swap zero (1 limb) with large negative
-mbedtls_mpi_swap:"0":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"0":"-face1e55ca11ab1ecab005e5"
Swap zero (1 limb) with large positive
-mbedtls_mpi_swap:"0":"face1e55ca11ab1ecab005e5"
+mpi_swap:"0":"face1e55ca11ab1ecab005e5"
Swap zero (1 limb) with small negative
-mbedtls_mpi_swap:"0":"-beef"
+mpi_swap:"0":"-beef"
Swap zero (1 limb) with small positive
-mbedtls_mpi_swap:"0":"beef"
+mpi_swap:"0":"beef"
Swap zero (1 limb) with zero (1 limb)
-mbedtls_mpi_swap:"0":"0"
+mpi_swap:"0":"0"
Swap zero (1 limb) with zero (null)
-mbedtls_mpi_swap:"0":""
+mpi_swap:"0":""
Swap zero (null) with large negative
-mbedtls_mpi_swap:"":"-face1e55ca11ab1ecab005e5"
+mpi_swap:"":"-face1e55ca11ab1ecab005e5"
Swap zero (null) with large positive
-mbedtls_mpi_swap:"":"face1e55ca11ab1ecab005e5"
+mpi_swap:"":"face1e55ca11ab1ecab005e5"
Swap zero (null) with small negative
-mbedtls_mpi_swap:"":"-beef"
+mpi_swap:"":"-beef"
Swap zero (null) with small positive
-mbedtls_mpi_swap:"":"beef"
+mpi_swap:"":"beef"
Swap zero (null) with zero (1 limb)
-mbedtls_mpi_swap:"":"0"
+mpi_swap:"":"0"
Swap zero (null) with zero (null)
-mbedtls_mpi_swap:"":""
+mpi_swap:"":""
Swap self: large negative
mpi_swap_self:"-ca5cadedb01dfaceacc01ade"
@@ -680,1038 +680,1038 @@
mpi_swap_self:""
Shrink 0 limbs in a buffer of size 0 to 0
-mbedtls_mpi_shrink:0:0:0:0
+mpi_shrink:0:0:0:0
Shrink 2 limbs in a buffer of size 2 to 4
-mbedtls_mpi_shrink:2:2:4:4
+mpi_shrink:2:2:4:4
Shrink 2 limbs in a buffer of size 4 to 4
-mbedtls_mpi_shrink:4:2:4:4
+mpi_shrink:4:2:4:4
Shrink 2 limbs in a buffer of size 8 to 4
-mbedtls_mpi_shrink:8:2:4:4
+mpi_shrink:8:2:4:4
Shrink 4 limbs in a buffer of size 8 to 4
-mbedtls_mpi_shrink:8:4:4:4
+mpi_shrink:8:4:4:4
Shrink 6 limbs in a buffer of size 8 to 4 yielding 6
-mbedtls_mpi_shrink:8:6:4:6
+mpi_shrink:8:6:4:6
Shrink 2 limbs in a buffer of size 4 to 0 yielding 2
-mbedtls_mpi_shrink:4:2:0:2
+mpi_shrink:4:2:0:2
Shrink 1 limbs in a buffer of size 4 to 0 yielding 1
-mbedtls_mpi_shrink:4:1:0:1
+mpi_shrink:4:1:0:1
Shrink 0 limbs in a buffer of size 4 to 0 yielding 1
-mbedtls_mpi_shrink:4:0:0:1
+mpi_shrink:4:0:0:1
Base test mbedtls_mpi_add_abs #1
-mbedtls_mpi_add_abs:"bc614e":"9cde3":"c62f31"
+mpi_add_abs:"bc614e":"9cde3":"c62f31"
Base test mbedtls_mpi_add_abs #2
-mbedtls_mpi_add_abs:"-bc614e":"9cde3":"c62f31"
+mpi_add_abs:"-bc614e":"9cde3":"c62f31"
Base test mbedtls_mpi_add_abs #3
-mbedtls_mpi_add_abs:"bc614e":"-9cde3":"c62f31"
+mpi_add_abs:"bc614e":"-9cde3":"c62f31"
Base test mbedtls_mpi_add_abs #4
-mbedtls_mpi_add_abs:"-bc614e":"-9cde3":"c62f31"
+mpi_add_abs:"-bc614e":"-9cde3":"c62f31"
Test mbedtls_mpi_add_abs: 0 (null) + 0 (null)
-mbedtls_mpi_add_abs:"":"":"0"
+mpi_add_abs:"":"":"0"
Test mbedtls_mpi_add_abs: 0 (null) + 1
-mbedtls_mpi_add_abs:"":"01":"01"
+mpi_add_abs:"":"01":"01"
Test mbedtls_mpi_add_abs: 1 + 0 (null)
-mbedtls_mpi_add_abs:"01":"":"01"
+mpi_add_abs:"01":"":"01"
Test mbedtls_mpi_add_abs #1
-mbedtls_mpi_add_abs:"-1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424"
+mpi_add_abs:"-1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424"
Regression mbedtls_mpi_add_abs (add small to very large MPI with carry rollover) [#1]
-mbedtls_mpi_add_abs:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":"08":"1000000000000000000000000000000"
+mpi_add_abs:"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":"08":"1000000000000000000000000000000"
Regression mbedtls_mpi_add_abs (add small to very large MPI with carry rollover) [#2]
-mbedtls_mpi_add_abs:"08":"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":"1000000000000000000000000000000"
+mpi_add_abs:"08":"FFFFFFFFFFFFFFFFFFFFFFFFFFFFF8":"1000000000000000000000000000000"
Base test mbedtls_mpi_add_mpi #1
-mbedtls_mpi_add_mpi:"bc614e":"9cde3":"c62f31"
+mpi_add_mpi:"bc614e":"9cde3":"c62f31"
Base test mbedtls_mpi_add_mpi #2
-mbedtls_mpi_add_mpi:"-bc614e":"9cde3":"-b2936b"
+mpi_add_mpi:"-bc614e":"9cde3":"-b2936b"
Base test mbedtls_mpi_add_mpi #3
-mbedtls_mpi_add_mpi:"bc614e":"-9cde3":"b2936b"
+mpi_add_mpi:"bc614e":"-9cde3":"b2936b"
Base test mbedtls_mpi_add_mpi #4
-mbedtls_mpi_add_mpi:"-bc614e":"-9cde3":"-c62f31"
+mpi_add_mpi:"-bc614e":"-9cde3":"-c62f31"
Test mbedtls_mpi_add_mpi: 0 (null) + 0 (null)
-mbedtls_mpi_add_mpi:"":"":"0"
+mpi_add_mpi:"":"":"0"
Test mbedtls_mpi_add_mpi: 0 (null) + 1
-mbedtls_mpi_add_mpi:"":"01":"01"
+mpi_add_mpi:"":"01":"01"
Test mbedtls_mpi_add_mpi: 1 + 0 (null)
-mbedtls_mpi_add_mpi:"01":"":"01"
+mpi_add_mpi:"01":"":"01"
Test mbedtls_mpi_add_mpi: 0 (null) + -1
-mbedtls_mpi_add_mpi:"":"-01":"-01"
+mpi_add_mpi:"":"-01":"-01"
Test mbedtls_mpi_add_mpi: -1 + 0 (null)
-mbedtls_mpi_add_mpi:"-01":"":"-01"
+mpi_add_mpi:"-01":"":"-01"
Test mbedtls_mpi_add_mpi #1
-mbedtls_mpi_add_mpi:"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":"1194815323a3b10dc8cb9293d7c85b719d79974dd43a0e4de3a5babaee7276e428559e1caa42d296a6234b1628323acff85fd798f9632d6b3d437c122ddb0c8ec215a8159a1fe2aaa91390af0b8cf65967dde43439da979d0d23b88fe14a13e30407471f77bb1c10ef08ca8af2f29f92b2874bcd5065bd2fc58b1ea366"
+mpi_add_mpi:"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":"1194815323a3b10dc8cb9293d7c85b719d79974dd43a0e4de3a5babaee7276e428559e1caa42d296a6234b1628323acff85fd798f9632d6b3d437c122ddb0c8ec215a8159a1fe2aaa91390af0b8cf65967dde43439da979d0d23b88fe14a13e30407471f77bb1c10ef08ca8af2f29f92b2874bcd5065bd2fc58b1ea366"
Test mbedtls_mpi_add_mpi #2
-mbedtls_mpi_add_mpi:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424"
+mpi_add_mpi:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424"
Base test mbedtls_mpi_add_mpi inplace #1
-mbedtls_mpi_add_mpi_inplace:"bc614e":"178c29c"
+mpi_add_mpi_inplace:"bc614e":"178c29c"
Test mbedtls_mpi_add_mpi inplace #2
-mbedtls_mpi_add_mpi_inplace:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"3eaa665874917221f3285ed9229cb17de6f48fdc8b962c94b6d71a200d7eb340b3842893273d7d7fbea2fa5c3b75910021af63e283d32f7ad003bb5d93a0b221e9e5bc56589ae29c58294e5f8fe2f54851ab38a62c4fe12"
+mpi_add_mpi_inplace:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"3eaa665874917221f3285ed9229cb17de6f48fdc8b962c94b6d71a200d7eb340b3842893273d7d7fbea2fa5c3b75910021af63e283d32f7ad003bb5d93a0b221e9e5bc56589ae29c58294e5f8fe2f54851ab38a62c4fe12"
Test mbedtls_mpi_add_mpi inplace #3
-mbedtls_mpi_add_mpi_inplace:"ffffffffffffffffffffffffffffffff":"01fffffffffffffffffffffffffffffffe"
+mpi_add_mpi_inplace:"ffffffffffffffffffffffffffffffff":"01fffffffffffffffffffffffffffffffe"
Test mbedtls_mpi_add_int #1
-mbedtls_mpi_add_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9343e109"
+mpi_add_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9343e109"
Test mbedtls_mpi_add_int #2
-mbedtls_mpi_add_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9216a209"
+mpi_add_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9216a209"
Test mbedtls_mpi_add_int: 0 (null) + 0
-mbedtls_mpi_add_int:"":0:"0"
+mpi_add_int:"":0:"0"
Test mbedtls_mpi_add_int: 0 (null) + 1
-mbedtls_mpi_add_int:"":1:"1"
+mpi_add_int:"":1:"1"
Base test mbedtls_mpi_sub_abs #1 (|B| > |A|)
-mbedtls_mpi_sub_abs:"5":"7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"5":"7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #2 (|B| > |A|)
-mbedtls_mpi_sub_abs:"-5":"-7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"-5":"-7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #3 (|B| > |A|)
-mbedtls_mpi_sub_abs:"-5":"7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"-5":"7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #4 (|B| > |A|)
-mbedtls_mpi_sub_abs:"5":"-7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"5":"-7":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #1 (|B| >> |A| with more limbs)
-mbedtls_mpi_sub_abs:"5":"123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"5":"123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #2 (|B| >> |A| with more limbs)
-mbedtls_mpi_sub_abs:"-5":"-123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"-5":"-123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #3 (|B| >> |A| with more limbs)
-mbedtls_mpi_sub_abs:"-5":"123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"-5":"123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #4 (|B| >> |A| with more limbs)
-mbedtls_mpi_sub_abs:"5":"-123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"5":"-123456789abcdef01":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_sub_abs #1
-mbedtls_mpi_sub_abs:"7":"5":"2":0
+mpi_sub_abs:"7":"5":"2":0
Base test mbedtls_mpi_sub_abs #2
-mbedtls_mpi_sub_abs:"-7":"-5":"2":0
+mpi_sub_abs:"-7":"-5":"2":0
Base test mbedtls_mpi_sub_abs #3
-mbedtls_mpi_sub_abs:"-7":"5":"2":0
+mpi_sub_abs:"-7":"5":"2":0
Base test mbedtls_mpi_sub_abs #4
-mbedtls_mpi_sub_abs:"7":"-5":"2":0
+mpi_sub_abs:"7":"-5":"2":0
Test mbedtls_mpi_sub_abs: 0 (null) - 0 (null)
-mbedtls_mpi_sub_abs:"":"":"":0
+mpi_sub_abs:"":"":"":0
Test mbedtls_mpi_sub_abs: 0 (null) - 0 (1 limb)
-mbedtls_mpi_sub_abs:"":"00":"":0
+mpi_sub_abs:"":"00":"":0
Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (null)
-mbedtls_mpi_sub_abs:"00":"":"":0
+mpi_sub_abs:"00":"":"":0
Test mbedtls_mpi_sub_abs: 0 (1 limb) - 0 (1 limb)
-mbedtls_mpi_sub_abs:"00":"00":"":0
+mpi_sub_abs:"00":"00":"":0
Test mbedtls_mpi_sub_abs: 1 - 0 (null)
-mbedtls_mpi_sub_abs:"01":"":"01":0
+mpi_sub_abs:"01":"":"01":0
Test mbedtls_mpi_sub_abs: 0 (null) - 1
-mbedtls_mpi_sub_abs:"":"01":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_sub_abs:"":"01":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_sub_abs #1
-mbedtls_mpi_sub_abs:"FFFFFFFFFF":"01":"FFFFFFFFFE":0
+mpi_sub_abs:"FFFFFFFFFF":"01":"FFFFFFFFFE":0
Test mbedtls_mpi_sub_abs #2
-mbedtls_mpi_sub_abs:"FFFFFFFFF0":"01":"FFFFFFFFEF":0
+mpi_sub_abs:"FFFFFFFFF0":"01":"FFFFFFFFEF":0
Test mbedtls_mpi_sub_abs #3
-mbedtls_mpi_sub_abs:"FF00000000":"0F00000000":"F000000000":0
+mpi_sub_abs:"FF00000000":"0F00000000":"F000000000":0
Test mbedtls_mpi_sub_abs #4
-mbedtls_mpi_sub_abs:"FF00000000":"0F00000001":"EFFFFFFFFF":0
+mpi_sub_abs:"FF00000000":"0F00000001":"EFFFFFFFFF":0
Base test mbedtls_mpi_sub_mpi #1 (Test with negative result)
-mbedtls_mpi_sub_mpi:"5":"7":"-2"
+mpi_sub_mpi:"5":"7":"-2"
Base test mbedtls_mpi_sub_mpi #2 (Test with negative inputs)
-mbedtls_mpi_sub_mpi:"-5":"-7":"2"
+mpi_sub_mpi:"-5":"-7":"2"
Base test mbedtls_mpi_sub_mpi #3 (Test with negative base)
-mbedtls_mpi_sub_mpi:"-5":"7":"-c"
+mpi_sub_mpi:"-5":"7":"-c"
Base test mbedtls_mpi_sub_mpi #4 (Test with negative subtraction)
-mbedtls_mpi_sub_mpi:"5":"-7":"c"
+mpi_sub_mpi:"5":"-7":"c"
Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (null)
-mbedtls_mpi_sub_mpi:"":"":"0"
+mpi_sub_mpi:"":"":"0"
Test mbedtls_mpi_sub_mpi: 0 (null) - 0 (1 limb)
-mbedtls_mpi_sub_mpi:"":"00":"0"
+mpi_sub_mpi:"":"00":"0"
Test mbedtls_mpi_sub_mpi: 0 (null) - 1
-mbedtls_mpi_sub_mpi:"":"1":"-1"
+mpi_sub_mpi:"":"1":"-1"
Test mbedtls_mpi_sub_mpi: 0 (null) - -1
-mbedtls_mpi_sub_mpi:"":"-1":"1"
+mpi_sub_mpi:"":"-1":"1"
Test mbedtls_mpi_sub_mpi: 0 (1 limb) - 0 (null)
-mbedtls_mpi_sub_mpi:"00":"":"0"
+mpi_sub_mpi:"00":"":"0"
Test mbedtls_mpi_sub_mpi: 1 - 0 (null)
-mbedtls_mpi_sub_mpi:"1":"":"1"
+mpi_sub_mpi:"1":"":"1"
Test mbedtls_mpi_sub_mpi: -1 - 0 (null)
-mbedtls_mpi_sub_mpi:"-1":"":"-1"
+mpi_sub_mpi:"-1":"":"-1"
Test mbedtls_mpi_sub_mpi #1
-mbedtls_mpi_sub_mpi:"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":"7d59bb22d0ccd7c1334b894851e69c098d02afef307ad3685a53b64082d787c232916b1657ae5ba8baacbd0f85357e53a6530270289bd45afcb8c984ae8b9770eecaf7c83f77e2827ce0ec315ddcb4495d3cf03451969c92c77c21e056888d1c672b3058287b351732b00fdc58c4dd7152abd8627b3b957c0ea314110"
+mpi_sub_mpi:"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":"7d59bb22d0ccd7c1334b894851e69c098d02afef307ad3685a53b64082d787c232916b1657ae5ba8baacbd0f85357e53a6530270289bd45afcb8c984ae8b9770eecaf7c83f77e2827ce0ec315ddcb4495d3cf03451969c92c77c21e056888d1c672b3058287b351732b00fdc58c4dd7152abd8627b3b957c0ea314110"
Test mbedtls_mpi_sub_mpi #2 (Test for negative result)
-mbedtls_mpi_sub_mpi:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"-941379d00fed1491bf6b78cfd96c727f4fce2bcfb17550b3aeda568bf84ffc7b4799252e981788b15eed145b1f738a40d2dfbb91921fc9daa2695b66950f5920248a553c4172d0eb02a0061469467618cdf794dc18863a40ed507a532c64612"
+mpi_sub_mpi:"1f55332c3a48b910f9942f6c914e58bef37a47ee45cb164a5b6b8d1006bf59a059c21449939ebebfdf517d2e1dbac88010d7b1f141e997bd6801ddaec9d05910f4f2de2b2c4d714e2c14a72fc7f17aa428d59c531627f09":"941379d00fed1491dec0abfc13b52b9049625b3c42c3a972a2549e7a3e1b12c5a304b23e9ed6e251b8af28a4b3124900b23138bfafda925ab3410d57d6f8f0dd8c8c32eb0b4329fbf792e43f9593e766fa0c3c0be077b4e5162616a6428c51b":"-941379d00fed1491bf6b78cfd96c727f4fce2bcfb17550b3aeda568bf84ffc7b4799252e981788b15eed145b1f738a40d2dfbb91921fc9daa2695b66950f5920248a553c4172d0eb02a0061469467618cdf794dc18863a40ed507a532c64612"
Test mbedtls_mpi_sub_int #1
-mbedtls_mpi_sub_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9343e109"
+mpi_sub_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9343e109"
Test mbedtls_mpi_sub_int #2
-mbedtls_mpi_sub_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9216a209"
+mpi_sub_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd9216a209"
Test mbedtls_mpi_sub_int: 0 (null) - 0
-mbedtls_mpi_sub_int:"":0:"0"
+mpi_sub_int:"":0:"0"
Test mbedtls_mpi_sub_int: 0 (null) - 1
-mbedtls_mpi_sub_int:"":1:"-1"
+mpi_sub_int:"":1:"-1"
Test mbedtls_mpi_sub_int: 0 (null) - -1
-mbedtls_mpi_sub_int:"":-1:"1"
+mpi_sub_int:"":-1:"1"
Test mbedtls_mpi_shift_l #1
-mbedtls_mpi_shift_l:"40":1:"80"
+mpi_shift_l:"40":1:"80"
Test mbedtls_mpi_shift_l #2
-mbedtls_mpi_shift_l:"1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a2227a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a511698b5dad0416305db7fcf":37:"328dc52b150bb10c75c43e9209f98928f0824a69daa7d5e643ec7e54444f478c7597ea16c60ab2bf219f5064fedb701b30dfd2c1017976bbe37b7d36e9f71bdbe57bb67f042b6a9bffacc8126477988e7c8b51fd3a11cef4a22d316bb5a082c60bb6ff9e000000000"
+mpi_shift_l:"1946e2958a85d8863ae21f4904fcc49478412534ed53eaf321f63f2a2227a3c63acbf50b6305595f90cfa8327f6db80d986fe96080bcbb5df1bdbe9b74fb8dedf2bddb3f8215b54dffd66409323bcc473e45a8fe9d08e77a511698b5dad0416305db7fcf":37:"328dc52b150bb10c75c43e9209f98928f0824a69daa7d5e643ec7e54444f478c7597ea16c60ab2bf219f5064fedb701b30dfd2c1017976bbe37b7d36e9f71bdbe57bb67f042b6a9bffacc8126477988e7c8b51fd3a11cef4a22d316bb5a082c60bb6ff9e000000000"
Test mbedtls_mpi_shift_l: 0 (null) <<= 0
-mbedtls_mpi_shift_l:"":0:"0"
+mpi_shift_l:"":0:"0"
Test mbedtls_mpi_shift_l: 0 (null) <<= 1
-mbedtls_mpi_shift_l:"":1:"0"
+mpi_shift_l:"":1:"0"
Test mbedtls_mpi_shift_l: 0 (null) <<= 64
-mbedtls_mpi_shift_l:"":64:"0"
+mpi_shift_l:"":64:"0"
Test mbedtls_mpi_shift_r #1
-mbedtls_mpi_shift_r:"80":1:"40"
+mpi_shift_r:"80":1:"40"
Test mbedtls_mpi_shift_r #2
-mbedtls_mpi_shift_r:"4a36ce2a2eba161116629d6196efb17ee4f01ef753cd32b9e952d4d69e4b2401e85e0c3ba0ea761f44e312db10209fb6b38963c9c0302dc67b1b531c32301d8d341968c734387ef8bc2496051e0bb530975839852d8dd15684788f9dca62cb0c372ac51":45:"251b6715175d0b088b314eb0cb77d8bf72780f7ba9e6995cf4a96a6b4f259200f42f061dd0753b0fa271896d88104fdb59c4b1e4e01816e33d8da98e19180ec69a0cb4639a1c3f7c5e124b028f05da984bac1cc296c6e8ab423c47cee531"
+mpi_shift_r:"4a36ce2a2eba161116629d6196efb17ee4f01ef753cd32b9e952d4d69e4b2401e85e0c3ba0ea761f44e312db10209fb6b38963c9c0302dc67b1b531c32301d8d341968c734387ef8bc2496051e0bb530975839852d8dd15684788f9dca62cb0c372ac51":45:"251b6715175d0b088b314eb0cb77d8bf72780f7ba9e6995cf4a96a6b4f259200f42f061dd0753b0fa271896d88104fdb59c4b1e4e01816e33d8da98e19180ec69a0cb4639a1c3f7c5e124b028f05da984bac1cc296c6e8ab423c47cee531"
Test mbedtls_mpi_shift_r #4 [#1]
-mbedtls_mpi_shift_r:"FFFFFFFFFFFFFFFF":63:"01"
+mpi_shift_r:"FFFFFFFFFFFFFFFF":63:"01"
Test mbedtls_mpi_shift_r #4 [#2]
-mbedtls_mpi_shift_r:"FFFFFFFFFFFFFFFF":64:"00"
+mpi_shift_r:"FFFFFFFFFFFFFFFF":64:"00"
Test mbedtls_mpi_shift_r #6
-mbedtls_mpi_shift_r:"FFFFFFFFFFFFFFFF":65:"00"
+mpi_shift_r:"FFFFFFFFFFFFFFFF":65:"00"
Test mbedtls_mpi_shift_r #7
-mbedtls_mpi_shift_r:"FFFFFFFFFFFFFFFF":128:"00"
+mpi_shift_r:"FFFFFFFFFFFFFFFF":128:"00"
Test mbedtls_mpi_shift_r: 0 (null) >>= 0
-mbedtls_mpi_shift_r:"":0:"0"
+mpi_shift_r:"":0:"0"
Test mbedtls_mpi_shift_r: 0 (null) >>= 1
-mbedtls_mpi_shift_r:"":1:"0"
+mpi_shift_r:"":1:"0"
Test mbedtls_mpi_shift_r: 0 (null) >>= 64
-mbedtls_mpi_shift_r:"":64:"0"
+mpi_shift_r:"":64:"0"
Base test mbedtls_mpi_mul_mpi #1
-mbedtls_mpi_mul_mpi:"5":"7":"23"
+mpi_mul_mpi:"5":"7":"23"
Base test mbedtls_mpi_mul_mpi #2
-mbedtls_mpi_mul_mpi:"-5":"7":"-23"
+mpi_mul_mpi:"-5":"7":"-23"
Base test mbedtls_mpi_mul_mpi #3
-mbedtls_mpi_mul_mpi:"5":"-7":"-23"
+mpi_mul_mpi:"5":"-7":"-23"
Base test mbedtls_mpi_mul_mpi #4
-mbedtls_mpi_mul_mpi:"-5":"-7":"23"
+mpi_mul_mpi:"-5":"-7":"23"
Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (null)
-mbedtls_mpi_mul_mpi:"":"":"0"
+mpi_mul_mpi:"":"":"0"
Test mbedtls_mpi_mul_mpi: 0 (null) * 0 (1 limb)
-mbedtls_mpi_mul_mpi:"":"00":"0"
+mpi_mul_mpi:"":"00":"0"
Test mbedtls_mpi_mul_mpi: 0 (null) * 1
-mbedtls_mpi_mul_mpi:"":"01":"0"
+mpi_mul_mpi:"":"01":"0"
Test mbedtls_mpi_mul_mpi: 0 (null) * -1
-mbedtls_mpi_mul_mpi:"":"-01":"0"
+mpi_mul_mpi:"":"-01":"0"
Test mbedtls_mpi_mul_mpi: 0 (1 limb) * -1
-mbedtls_mpi_mul_mpi:"00":"-01":"0"
+mpi_mul_mpi:"00":"-01":"0"
Test mbedtls_mpi_mul_mpi: 0 (1 limb) * 0 (null)
-mbedtls_mpi_mul_mpi:"00":"":"0"
+mpi_mul_mpi:"00":"":"0"
Test mbedtls_mpi_mul_mpi: 1 * 0 (null)
-mbedtls_mpi_mul_mpi:"01":"":"0"
+mpi_mul_mpi:"01":"":"0"
Test mbedtls_mpi_mul_mpi: -1 * 0 (null)
-mbedtls_mpi_mul_mpi:"-01":"":"0"
+mpi_mul_mpi:"-01":"":"0"
Test mbedtls_mpi_mul_mpi: -1 * 0 (1 limb)
-mbedtls_mpi_mul_mpi:"-01":"00":"0"
+mpi_mul_mpi:"-01":"00":"0"
Test mbedtls_mpi_mul_mpi #1
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in B, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A
-mbedtls_mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0
-mbedtls_mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, B < 0
-mbedtls_mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B
-mbedtls_mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0
-mbedtls_mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, B < 0
-mbedtls_mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #1, leading 0 limb in A and B, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
+mpi_mul_mpi:"-000000000000000002f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-000000000000000001b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb59"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in B, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb590000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #2, trailing 0 limb in A and B, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf24510000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c890000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in A, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf245100000000000000000000000000000000":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, B < 0
-mbedtls_mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"-0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_mpi #3, trailing 0 limbs in B, A < 0, B < 0
-mbedtls_mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
+mpi_mul_mpi:"-02f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"-01b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c8900000000000000000000000000000000":"0503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5900000000000000000000000000000000"
Test mbedtls_mpi_mul_int #1
-mbedtls_mpi_mul_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"=="
+mpi_mul_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"=="
Test mbedtls_mpi_mul_int #2 (Unsigned, thus failure)
-mbedtls_mpi_mul_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"-9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"!="
+mpi_mul_int:"10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"-9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"!="
Test mbedtls_mpi_mul_int #3
-mbedtls_mpi_mul_int:"-10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"-9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"=="
+mpi_mul_int:"-10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":9871232:"-9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"=="
Test mbedtls_mpi_mul_int #4 (Unsigned, thus failure)
-mbedtls_mpi_mul_int:"-10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"!="
+mpi_mul_int:"-10cc4ebcb68cbdaa438b80692d9e586b384ae3e1fa33f3db5962d394bec17fd92ad4189":-9871232:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"!="
Test mbedtls_mpi_mul_int: 0 (null) * 0
-mbedtls_mpi_mul_int:"":0:"":"=="
+mpi_mul_int:"":0:"":"=="
Test mbedtls_mpi_mul_int: 0 (null) * 1
-mbedtls_mpi_mul_int:"":1:"":"=="
+mpi_mul_int:"":1:"":"=="
Test mbedtls_mpi_mul_int: 0 (null) * 0x1234
-mbedtls_mpi_mul_int:"":0x1234:"":"=="
+mpi_mul_int:"":0x1234:"":"=="
Base test mbedtls_mpi_div_mpi #1
-mbedtls_mpi_div_mpi:"3e8":"d":"4c":"c":0
+mpi_div_mpi:"3e8":"d":"4c":"c":0
Base test mbedtls_mpi_div_mpi #2 (Divide by zero (1 limb))
-mbedtls_mpi_div_mpi:"3e8":"0":"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"3e8":"0":"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_div_mpi #2 (Divide by zero (null))
-mbedtls_mpi_div_mpi:"3e8":"":"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"3e8":"":"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_div_mpi #3
-mbedtls_mpi_div_mpi:"3e8":"-d":"-4c":"c":0
+mpi_div_mpi:"3e8":"-d":"-4c":"c":0
Test mbedtls_mpi_div_mpi: 0 (null) / 0 (null)
-mbedtls_mpi_div_mpi:"":"":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"":"":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_mpi: 0 (null) / 0 (1 limb)
-mbedtls_mpi_div_mpi:"":"0":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"":"0":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (null)
-mbedtls_mpi_div_mpi:"0":"":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"0":"":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_mpi: 0 (1 limb) / 0 (1 limb)
-mbedtls_mpi_div_mpi:"0":"0":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_mpi:"0":"0":"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_mpi: 0 (null) / 1
-mbedtls_mpi_div_mpi:"":"1":"":"":0
+mpi_div_mpi:"":"1":"":"":0
Test mbedtls_mpi_div_mpi: 0 (null) / -1
-mbedtls_mpi_div_mpi:"":"-1":"":"":0
+mpi_div_mpi:"":"-1":"":"":0
Test mbedtls_mpi_div_mpi: -0 (null) / 1
-mbedtls_mpi_div_mpi:"-":"1":"":"":0
+mpi_div_mpi:"-":"1":"":"":0
Test mbedtls_mpi_div_mpi: -0 (null) / -1
-mbedtls_mpi_div_mpi:"-":"-1":"":"":0
+mpi_div_mpi:"-":"-1":"":"":0
Test mbedtls_mpi_div_mpi: -0 (null) / 42
-mbedtls_mpi_div_mpi:"-":"2a":"":"":0
+mpi_div_mpi:"-":"2a":"":"":0
Test mbedtls_mpi_div_mpi: -0 (null) / -42
-mbedtls_mpi_div_mpi:"-":"-2a":"":"":0
+mpi_div_mpi:"-":"-2a":"":"":0
Test mbedtls_mpi_div_mpi #1
-mbedtls_mpi_div_mpi:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"22":"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
+mpi_div_mpi:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":"22":"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
Test mbedtls_mpi_div_mpi #2
-mbedtls_mpi_div_mpi:"503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5a":"2f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"1b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"1":0
+mpi_div_mpi:"503ae899d35ae5b7706b067aed7cb2952da37a5d4ad58f05f69abe14e8aaae88eab2baed858177cb4595c0edc92e5ac13c2bba2bfa23276dd023e9e52f547d4c9edb138d86aad329d7afb01e15eab7281e181cb249fc91bf09d621d86561301edda156f80e3bbff853a312852fe9e3d0541cb86801390aff1dc3c05bcb592c266f625b70e419b4c7e7e85399bb06c0e50b099b4292f9eaff4d869681faa1f745b5fcb3349ed93c572739a31dcf76b43370cf9f86cc54e982dfac9467bde915c697e60554e0d698be6bb2dd1f8bc64659f6baee7641b51f4b5ed7010c04600fcd382db84a93fe3d4d86e86a459c6cebb5a":"2f77b94b179d4a51360f04fa56e2c0784ce3b8a742280b016904896a5605fbe9e0f0683f82c439d979ab14e11b34e05ae96232b18fb2e0d1319f4942732d7eadf92ae90cb8c68ec8ece154d334f553564b6f6db185b33b8d3635598c3d128acde8bbb7b13697e48d1a542e5f9168d2d83a8dd05ae1eaf2451":"1b0b14c432710cde936e3fc100515e95dca61e10b8a68d9632bfa0546a9731a1ce6bebc6cb5fe6f5fd7e57b25f737f6a0ce5402e216b8b81c06f0c5ccce447d7f5631d14bff9dfa16f7cc72c56c84b636d00a5f35199d17ee9bf3f8746f44374ffd4ae22cf84089f04a9f7f356d6dc9f8cf8ef208a9b88c89":"1":0
Test mbedtls_mpi_div_mpi #3
-mbedtls_mpi_div_mpi:"3e8":"7":"8e":"6":0
+mpi_div_mpi:"3e8":"7":"8e":"6":0
Test mbedtls_mpi_div_mpi #4
-mbedtls_mpi_div_mpi:"309":"7":"6f":"0":0
+mpi_div_mpi:"309":"7":"6f":"0":0
Base test mbedtls_mpi_div_int #1
-mbedtls_mpi_div_int:"3e8":13:"4c":"c":0
+mpi_div_int:"3e8":13:"4c":"c":0
Base test mbedtls_mpi_div_int #2 (Divide by zero)
-mbedtls_mpi_div_int:"3e8":0:"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_int:"3e8":0:"1":"1":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_div_int #3
-mbedtls_mpi_div_int:"3e8":-13:"-4c":"c":0
+mpi_div_int:"3e8":-13:"-4c":"c":0
Test mbedtls_mpi_div_int #1
-mbedtls_mpi_div_int:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":34:"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
+mpi_div_int:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":34:"4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
Test mbedtls_mpi_div_int #2
-mbedtls_mpi_div_int:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":-34:"-4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
+mpi_div_int:"9e22d6da18a33d1ef28d2a82242b3f6e9c9742f63e5d440f58a190bfaf23a7866e67589adb80":-34:"-4a6abf75b13dc268ea9cc8b5b6aaf0ac85ecd437a4e0987fb13cf8d2acc57c0306c738c1583":"1a":0
Test mbedtls_mpi_div_int: 0 (null) / 0
-mbedtls_mpi_div_int:"":0:"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_int:"":0:"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_int: 0 (1 limb) / 0
-mbedtls_mpi_div_int:"00":0:"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_div_int:"00":0:"":"":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Test mbedtls_mpi_div_int: 0 (null) / 1
-mbedtls_mpi_div_int:"":1:"":"":0
+mpi_div_int:"":1:"":"":0
Base test mbedtls_mpi_mod_mpi #1
-mbedtls_mpi_mod_mpi:"3e8":"d":"c":0
+mpi_mod_mpi:"3e8":"d":"c":0
Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (null))
-mbedtls_mpi_mod_mpi:"3e8":"":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_mod_mpi:"3e8":"":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_mpi #2 (Divide by zero (1 limb))
-mbedtls_mpi_mod_mpi:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_mod_mpi:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_mpi #3
-mbedtls_mpi_mod_mpi:"-3e8":"d":"1":0
+mpi_mod_mpi:"-3e8":"d":"1":0
Base test mbedtls_mpi_mod_mpi #4 (Negative modulo)
-mbedtls_mpi_mod_mpi:"3e8":"-d":"-1":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_mpi:"3e8":"-d":"-1":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_mpi #5 (Negative modulo)
-mbedtls_mpi_mod_mpi:"-3e8":"-d":"-c":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_mpi:"-3e8":"-d":"-c":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_mpi: 0 (null) % 1
-mbedtls_mpi_mod_mpi:"":"1":"":0
+mpi_mod_mpi:"":"1":"":0
Test mbedtls_mpi_mod_mpi: 0 (null) % -1
-mbedtls_mpi_mod_mpi:"":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_mpi:"":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_mpi: -0 (null) % 1
-mbedtls_mpi_mod_mpi:"-":"1":"":0
+mpi_mod_mpi:"-":"1":"":0
Test mbedtls_mpi_mod_mpi: -0 (null) % -1
-mbedtls_mpi_mod_mpi:"-":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_mpi:"-":"-1":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_mpi: -0 (null) % 42
-mbedtls_mpi_mod_mpi:"-":"2a":"":0
+mpi_mod_mpi:"-":"2a":"":0
Test mbedtls_mpi_mod_mpi: -0 (null) % -42
-mbedtls_mpi_mod_mpi:"-":"-2a":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_mpi:"-":"-2a":"":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #1
-mbedtls_mpi_mod_int:"3e8":"d":"c":0
+mpi_mod_int:"3e8":0xd:0xc:0
Base test mbedtls_mpi_mod_int #2 (Divide by zero)
-mbedtls_mpi_mod_int:"3e8":"0":"0":MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
+mpi_mod_int:"3e8":0x0:0x0:MBEDTLS_ERR_MPI_DIVISION_BY_ZERO
Base test mbedtls_mpi_mod_int #3
-mbedtls_mpi_mod_int:"-3e8":"d":"1":0
+mpi_mod_int:"-3e8":0xd:0x1:0
Base test mbedtls_mpi_mod_int #4 (Negative modulo)
-mbedtls_mpi_mod_int:"3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"3e8":-0xd:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #5 (Negative modulo)
-mbedtls_mpi_mod_int:"-3e8":"-d":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"-3e8":-0xd:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Base test mbedtls_mpi_mod_int #6 (By 1)
-mbedtls_mpi_mod_int:"3e8":"1":"0":0
+mpi_mod_int:"3e8":0x1:0x0:0
Base test mbedtls_mpi_mod_int #7 (By 2)
-mbedtls_mpi_mod_int:"3e9":"2":"1":0
+mpi_mod_int:"3e9":0x2:0x1:0
Base test mbedtls_mpi_mod_int #8 (By 2)
-mbedtls_mpi_mod_int:"3e8":"2":"0":0
+mpi_mod_int:"3e8":0x2:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % 1
-mbedtls_mpi_mod_int:"":"1":"0":0
+mpi_mod_int:"":0x1:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % 2
-mbedtls_mpi_mod_int:"":"2":"0":0
+mpi_mod_int:"":0x2:0x0:0
Test mbedtls_mpi_mod_int: 0 (null) % -1
-mbedtls_mpi_mod_int:"":"-1":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"":-0x1:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
Test mbedtls_mpi_mod_int: 0 (null) % -2
-mbedtls_mpi_mod_int:"":"-2":"0":MBEDTLS_ERR_MPI_NEGATIVE_VALUE
+mpi_mod_int:"":-0x2:0x0:MBEDTLS_ERR_MPI_NEGATIVE_VALUE
# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
#Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
#depends_on:MBEDTLS_HAVE_INT64
-#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
+#mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":0x47DCCA4847DCCA48:0x2EFE6F1A7D28035A:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 5178236083361335880 -> 3386266129388798810
-mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
+mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA4847DCCA48":"2EFE6F1A7D28035A":0
# CURRENTLY FAILS - SEE GITHUB ISSUE #6540
#Test mbedtls_mpi_mod_int: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
#depends_on:MBEDTLS_HAVE_INT64
-#mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
+#mpi_mod_int:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":0x47DCCA4847DCCA48:0x0:0
Test mbedtls_mpi_mod_mpi: 230772460340062999996714233870911201200 % 5178236083361335880 -> 0
-mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
+mpi_mod_mpi:"AD9D28BF6C4E98FDC2584FEF03A6DFB0":"47DCCA4847DCCA48":"0":0
# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
Test mbedtls_mpi_mod_int: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
depends_on:MBEDTLS_HAVE_INT64
-mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
+mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980CEE30A":0x47DCCA48:0x379BD2:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000300000010 % 1205652040 -> 3644370
-mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
+mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980CEE30A":"47DCCA48":"379BD2":0
# CURRENTLY FAILS WHEN MPIS ARE 32-BIT (ISSUE #6450): WHEN FIXED, REMOVE "depends_on" LINE
Test mbedtls_mpi_mod_int: 230772460340063000000100500000296355640 % 1205652040 -> 0
depends_on:MBEDTLS_HAVE_INT64
-mbedtls_mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
+mpi_mod_int:"AD9D28BF6C4E98FDF156BF0980974738":0x47DCCA48:0x0:0
Test mbedtls_mpi_mod_mpi: 230772460340063000000100500000296355640 % 1205652040 -> 0
-mbedtls_mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
+mpi_mod_mpi:"AD9D28BF6C4E98FDF156BF0980974738":"47DCCA48":"0":0
Base test mbedtls_mpi_exp_mod #1
-mbedtls_mpi_exp_mod:"17":"d":"1d":"18":0
+mpi_exp_mod:"17":"d":"1d":"18":0
Base test mbedtls_mpi_exp_mod #2 (Even N)
-mbedtls_mpi_exp_mod:"17":"d":"1e":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod:"17":"d":"1e":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #2 (N = 0 (null))
-mbedtls_mpi_exp_mod:"17":"d":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod:"17":"d":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #3 (Negative N)
-mbedtls_mpi_exp_mod:"17":"d":"-1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod:"17":"d":"-1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #4 (Negative base)
-mbedtls_mpi_exp_mod:"-17":"d":"1d":"5":0
+mpi_exp_mod:"-17":"d":"1d":"5":0
Base test mbedtls_mpi_exp_mod #5 (Negative exponent)
-mbedtls_mpi_exp_mod:"17":"-d":"1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod:"17":"-d":"1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Base test mbedtls_mpi_exp_mod #6 (Negative base + exponent)
-mbedtls_mpi_exp_mod:"-17":"-d":"1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod:"-17":"-d":"1d":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (null) mod 9
-mbedtls_mpi_exp_mod:"":"":"09":"1":0
+mpi_exp_mod:"":"":"09":"1":0
Test mbedtls_mpi_exp_mod: 0 (null) ^ 0 (1 limb) mod 9
-mbedtls_mpi_exp_mod:"":"00":"09":"1":0
+mpi_exp_mod:"":"00":"09":"1":0
Test mbedtls_mpi_exp_mod: 0 (null) ^ 1 mod 9
-mbedtls_mpi_exp_mod:"":"01":"09":"":0
+mpi_exp_mod:"":"01":"09":"":0
Test mbedtls_mpi_exp_mod: 0 (null) ^ 2 mod 9
-mbedtls_mpi_exp_mod:"":"02":"09":"":0
+mpi_exp_mod:"":"02":"09":"":0
Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (null) mod 9
-mbedtls_mpi_exp_mod:"00":"":"09":"1":0
+mpi_exp_mod:"00":"":"09":"1":0
Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 0 (1 limb) mod 9
-mbedtls_mpi_exp_mod:"00":"00":"09":"1":0
+mpi_exp_mod:"00":"00":"09":"1":0
Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 1 mod 9
-mbedtls_mpi_exp_mod:"00":"01":"09":"":0
+mpi_exp_mod:"00":"01":"09":"":0
Test mbedtls_mpi_exp_mod: 0 (1 limb) ^ 2 mod 9
-mbedtls_mpi_exp_mod:"00":"02":"09":"":0
+mpi_exp_mod:"00":"02":"09":"":0
Test mbedtls_mpi_exp_mod: 1 ^ 0 (null) mod 9
-mbedtls_mpi_exp_mod:"01":"":"09":"1":0
+mpi_exp_mod:"01":"":"09":"1":0
Test mbedtls_mpi_exp_mod: 4 ^ 0 (null) mod 9
-mbedtls_mpi_exp_mod:"04":"":"09":"1":0
+mpi_exp_mod:"04":"":"09":"1":0
Test mbedtls_mpi_exp_mod: 10 ^ 0 (null) mod 9
-mbedtls_mpi_exp_mod:"0a":"":"09":"1":0
+mpi_exp_mod:"0a":"":"09":"1":0
Test mbedtls_mpi_exp_mod: 1 ^ 0 (1 limb) mod 9
-mbedtls_mpi_exp_mod:"01":"00":"09":"1":0
+mpi_exp_mod:"01":"00":"09":"1":0
Test mbedtls_mpi_exp_mod: 4 ^ 0 (1 limb) mod 9
-mbedtls_mpi_exp_mod:"04":"00":"09":"1":0
+mpi_exp_mod:"04":"00":"09":"1":0
Test mbedtls_mpi_exp_mod: 10 ^ 0 (1 limb) mod 9
-mbedtls_mpi_exp_mod:"0a":"00":"09":"1":0
+mpi_exp_mod:"0a":"00":"09":"1":0
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent
-mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:"":0
+mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:10:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent
-mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:10:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: MAX_SIZE modulus
-mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE:"":0
+mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 modulus
-mbedtls_mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE + 1:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod_size:2:2:MBEDTLS_MPI_MAX_SIZE + 1:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod: MAX_SIZE exponent and modulus
-mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:"":0
+mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE:MBEDTLS_MPI_MAX_SIZE:"":0
Test mbedtls_mpi_exp_mod: MAX_SIZE + 1 exponent and modulus
-mbedtls_mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:MBEDTLS_MPI_MAX_SIZE + 1:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_exp_mod_size:2:MBEDTLS_MPI_MAX_SIZE + 1:MBEDTLS_MPI_MAX_SIZE + 1:"":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_exp_mod #1
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"11a9351d2d32ccd568e75bf8b4ebbb2a36be691b55832edac662ff79803df8af525fba453068be16ac3920bcc1b468f8f7fe786e0fa4ecbabcad31e5e3b05def802eb8600deaf11ef452487db878df20a80606e4bb6a163b83895d034cc8b53dbcd005be42ffdd2ce99bed06089a0b79d":"37880b547b41bda303bddda307eefe24b4aedf076c9b814b903aaf328a10825c7e259a20afc6b70b487bb21a6d32d0ee98a0b9f42ff812c901e2f79237fe3e00856992dd69d93ebc0664c75863829621751b0ac35a8ae8a0965841607d3099b8e0ed24442749ba09acbcb165598dcd40":0
+mpi_exp_mod:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"11a9351d2d32ccd568e75bf8b4ebbb2a36be691b55832edac662ff79803df8af525fba453068be16ac3920bcc1b468f8f7fe786e0fa4ecbabcad31e5e3b05def802eb8600deaf11ef452487db878df20a80606e4bb6a163b83895d034cc8b53dbcd005be42ffdd2ce99bed06089a0b79d":"37880b547b41bda303bddda307eefe24b4aedf076c9b814b903aaf328a10825c7e259a20afc6b70b487bb21a6d32d0ee98a0b9f42ff812c901e2f79237fe3e00856992dd69d93ebc0664c75863829621751b0ac35a8ae8a0965841607d3099b8e0ed24442749ba09acbcb165598dcd40":0
Test mbedtls_mpi_exp_mod (Negative base) [#1]
-mbedtls_mpi_exp_mod:"-2540be400":"2540be400":"1869f":"1":0
+mpi_exp_mod:"-2540be400":"2540be400":"1869f":"1":0
Test mbedtls_mpi_exp_mod (Negative base) [#2]
depends_on:MPI_MAX_BITS_LARGER_THAN_792
-mbedtls_mpi_exp_mod:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
+mpi_exp_mod:"-9f13012cd92aa72fb86ac8879d2fde4f7fd661aaae43a00971f081cc60ca277059d5c37e89652e2af2585d281d66ef6a9d38a117e9608e9e7574cd142dc55278838a2161dd56db9470d4c1da2d5df15a908ee2eb886aaa890f23be16de59386663a12f1afbb325431a3e835e3fd89b98b96a6f77382f458ef9a37e1f84a03045c8676ab55291a94c2228ea15448ee96b626b998":"40a54d1b9e86789f06d9607fb158672d64867665c73ee9abb545fc7a785634b354c7bae5b962ce8040cf45f2c1f3d3659b2ee5ede17534c8fc2ec85c815e8df1fe7048d12c90ee31b88a68a081f17f0d8ce5f4030521e9400083bcea73a429031d4ca7949c2000d597088e0c39a6014d8bf962b73bb2e8083bd0390a4e00b9b3":"eeaf0ab9adb38dd69c33f80afa8fc5e86072618775ff3c0b9ea2314c9c256576d674df7496ea81d3383b4813d692c6e0e0d5d8e250b98be48e495c1d6089dad15dc7d7b46154d6b6ce8ef4ad69b15d4982559b297bcf1885c529f566660e57ec68edbc3c05726cc02fd4cbf4976eaa9afd5138fe8376435b9fc61d2fc0eb06e3":"21acc7199e1b90f9b4844ffe12c19f00ec548c5d32b21c647d48b6015d8eb9ec9db05b4f3d44db4227a2b5659c1a7cceb9d5fa8fa60376047953ce7397d90aaeb7465e14e820734f84aa52ad0fc66701bcbb991d57715806a11531268e1e83dd48288c72b424a6287e9ce4e5cc4db0dd67614aecc23b0124a5776d36e5c89483":0
Base test GCD #1
-mbedtls_mpi_gcd:"2b5":"261":"15"
+mpi_gcd:"2b5":"261":"15"
Base test GCD #2
-mbedtls_mpi_gcd:"6e4":"364":"1c"
+mpi_gcd:"6e4":"364":"1c"
Base test GCD #3
-mbedtls_mpi_gcd:"2dcdb10b":"2050d306":"1"
+mpi_gcd:"2dcdb10b":"2050d306":"1"
Test GCD: 0 (null), 0 (null)
-mbedtls_mpi_gcd:"":"":"0"
+mpi_gcd:"":"":"0"
Test GCD: 0 (null), 0 (1 limb)
-mbedtls_mpi_gcd:"":"00":"0"
+mpi_gcd:"":"00":"0"
Test GCD: 0 (null), 3
-mbedtls_mpi_gcd:"":"03":"3"
+mpi_gcd:"":"03":"3"
Test GCD: 0 (null), 6
-mbedtls_mpi_gcd:"":"06":"6"
+mpi_gcd:"":"06":"6"
Test GCD: 0 (1 limb), 0 (null)
-mbedtls_mpi_gcd:"00":"":"0"
+mpi_gcd:"00":"":"0"
Test GCD: 0 (1 limb), 3
-mbedtls_mpi_gcd:"00":"03":"3"
+mpi_gcd:"00":"03":"3"
Test GCD: 0 (1 limb), 6
-mbedtls_mpi_gcd:"00":"06":"6"
+mpi_gcd:"00":"06":"6"
Test GCD: 3, 0 (null)
-mbedtls_mpi_gcd:"03":"":"3"
+mpi_gcd:"03":"":"3"
Test GCD: 3, 0 (1 limb)
-mbedtls_mpi_gcd:"03":"00":"3"
+mpi_gcd:"03":"00":"3"
Test GCD: 6, 0 (null)
-mbedtls_mpi_gcd:"06":"":"6"
+mpi_gcd:"06":"":"6"
Test GCD: 6, 0 (1 limb)
-mbedtls_mpi_gcd:"06":"00":"6"
+mpi_gcd:"06":"00":"6"
Test GCD: gcd=1, 0 < A < B
-mbedtls_mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
+mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
Test GCD: gcd=1, 0 < B < A
-mbedtls_mpi_gcd:"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"1"
+mpi_gcd:"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"1"
Test GCD: gcd=1, A > 0, B < 0
-mbedtls_mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
+mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
Test GCD: gcd=1, A < 0 < B, |A| < |B|
-mbedtls_mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
+mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
Test GCD: gcd=1, B < A < 0
-mbedtls_mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
+mpi_gcd:"-109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"-33ae3764fd06a00cdc3cba5c45dc79a9edb4e67e4d057cc74139d531c25190d111775fc4a0f4439b8b1930bbd766e7b46f170601f316c8a18ff8d5cb5ca5581f168345d101edb462b7d93b7c520ccb8fb276b447a63d869203cc11f67a1122dc4da034218de85e39":"1"
Test GCD: gcd=2, 0 < A < B
-mbedtls_mpi_gcd:"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"2"
+mpi_gcd:"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"2"
Test GCD: gcd=2, 0 < B < A
-mbedtls_mpi_gcd:"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"2"
+mpi_gcd:"675c6ec9fa0d4019b87974b88bb8f353db69ccfc9a0af98e8273aa6384a321a222eebf8941e8873716326177aecdcf68de2e0c03e62d91431ff1ab96b94ab03e2d068ba203db68c56fb276f8a419971f64ed688f4c7b0d24079823ecf42245b89b4068431bd0bc72":"213fc8ae290cdcadfba95b36d6d0dbe4e4495f6f0d19e9e1976f28a4d2650a797e17dd4c2b282ccca9a279b3fc1b3b4b2952fdc40461e25f6a869bce7f69f0204e4b402c4566363d485c744ca032073583be630d37b2f261af25f6e59b552e3b15002b5e":"2"
Test GCD: gcd=3, 0 < A < B
-mbedtls_mpi_gcd:"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"3"
+mpi_gcd:"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"3"
Test GCD: gcd=3, 0 < B < A
-mbedtls_mpi_gcd:"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"3"
+mpi_gcd:"9b0aa62ef713e02694b62f14d1956cfdc91eb37ae7107655c3ad7f9546f4b27334661f4de2dccad2a14b92338634b71d4d451205d94459e4afea816215f0085d4389d17305c91d28278bb274f62662af17641cd6f2b893b60b6435e36e336894e8e09c64a9b91aab":"31dfad053d934b04f97e08d2423949d7566e0f2693a6ded26326bcf73b978fb63d23cbf240bc4332fe73b68dfa28d8f0bdfc7ca60692d38f1fc9e9b5bf1ee8307570e0426819515bec8aae72f04b0ad0459d9493d38c6b9286b8f25868ffc5589f80410d":"3"
Test GCD: gcd=4, 0 < A < B
-mbedtls_mpi_gcd:"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"4"
+mpi_gcd:"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"4"
Test GCD: gcd=4, 0 < B < A
-mbedtls_mpi_gcd:"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"4"
+mpi_gcd:"ceb8dd93f41a803370f2e9711771e6a7b6d399f93415f31d04e754c70946434445dd7f1283d10e6e2c64c2ef5d9b9ed1bc5c1807cc5b22863fe3572d7295607c5a0d174407b6d18adf64edf148332e3ec9dad11e98f61a480f3047d9e8448b713680d08637a178e4":"427f915c5219b95bf752b66dada1b7c9c892bede1a33d3c32ede5149a4ca14f2fc2fba98565059995344f367f836769652a5fb8808c3c4bed50d379cfed3e0409c9680588acc6c7a90b8e89940640e6b077cc61a6f65e4c35e4bedcb36aa5c762a0056bc":"4"
Test GCD: gcd=6, 0 < A < B
-mbedtls_mpi_gcd:"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"6"
+mpi_gcd:"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"6"
Test GCD: gcd=6, 0 < B < A
-mbedtls_mpi_gcd:"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"6"
+mpi_gcd:"136154c5dee27c04d296c5e29a32ad9fb923d66f5ce20ecab875aff2a8de964e668cc3e9bc5b995a5429724670c696e3a9a8a240bb288b3c95fd502c42be010ba8713a2e60b923a504f1764e9ec4cc55e2ec839ade571276c16c86bc6dc66d129d1c138c953723556":"63bf5a0a7b269609f2fc11a4847293aeacdc1e4d274dbda4c64d79ee772f1f6c7a4797e481788665fce76d1bf451b1e17bf8f94c0d25a71e3f93d36b7e3dd060eae1c084d032a2b7d9155ce5e09615a08b3b2927a718d7250d71e4b0d1ff8ab13f00821a":"6"
Test GCD: 0 < A = B
-mbedtls_mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af"
+mpi_gcd:"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af":"109fe45714866e56fdd4ad9b6b686df27224afb7868cf4f0cbb794526932853cbf0beea61594166654d13cd9fe0d9da594a97ee20230f12fb5434de73fb4f8102725a01622b31b1ea42e3a265019039ac1df31869bd97930d792fb72cdaa971d8a8015af"
Base test mbedtls_mpi_inv_mod #1
-mbedtls_mpi_inv_mod:"3":"b":"4":0
+mpi_inv_mod:"3":"b":"4":0
Test mbedtls_mpi_inv_mod: mod 0 (null)
-mbedtls_mpi_inv_mod:"3":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_inv_mod:"3":"":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_inv_mod: mod 0 (1 limb)
-mbedtls_mpi_inv_mod:"3":"0":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_inv_mod:"3":"0":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_inv_mod: mod negative
-mbedtls_mpi_inv_mod:"3":"-b":"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_inv_mod:"3":"-b":"4":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_inv_mod: 2^-1 mod 4
-mbedtls_mpi_inv_mod:"2":"4":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_inv_mod:"2":"4":"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_inv_mod: mod 1
-mbedtls_mpi_inv_mod:"3":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_inv_mod:"3":"1":"0":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_inv_mod: 0 (null) ^-1
-mbedtls_mpi_inv_mod:"":"11":"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_inv_mod:"":"11":"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_inv_mod: 0 (1 limb) ^-1
-mbedtls_mpi_inv_mod:"00":"11":"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_inv_mod:"00":"11":"":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_inv_mod #1
-mbedtls_mpi_inv_mod:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0
+mpi_inv_mod:"aa4df5cb14b4c31237f98bd1faf527c283c2d0f3eec89718664ba33f9762907c":"fffbbd660b94412ae61ead9c2906a344116e316a256fd387874c6c675b1d587d":"8d6a5c1d7adeae3e94b9bcd2c47e0d46e778bc8804a2cc25c02d775dc3d05b0c":0
Base test mbedtls_mpi_is_prime #1
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"0":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Base test mbedtls_mpi_is_prime #2
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"1":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"1":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Base test mbedtls_mpi_is_prime #3
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2":0
+mpi_is_prime:"2":0
Base test mbedtls_mpi_is_prime #4
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"3":0
+mpi_is_prime:"3":0
Base test mbedtls_mpi_is_prime #5
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"4":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"4":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Base test mbedtls_mpi_is_prime #6
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"5":0
+mpi_is_prime:"5":0
Base test mbedtls_mpi_is_prime #7
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"1b":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"1b":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Base test mbedtls_mpi_is_prime #8
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2f":0
+mpi_is_prime:"2f":0
Test mbedtls_mpi_is_prime #1a
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"b91ba63180c726fbd57786f27f1ede97a3b40c59a7fcfb5898f076e9af57028d":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"b91ba63180c726fbd57786f27f1ede97a3b40c59a7fcfb5898f076e9af57028d":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_is_prime #1b
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"b3a119602ee213cde28581ecd892e0f592a338655dce4ca88054b3d124d0e561":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"b3a119602ee213cde28581ecd892e0f592a338655dce4ca88054b3d124d0e561":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_is_prime #2a
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba0123":0
+mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba0123":0
Test mbedtls_mpi_is_prime #2b
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba00c1":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
+mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba00c1":MBEDTLS_ERR_MPI_NOT_ACCEPTABLE
Test mbedtls_mpi_is_prime #3
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"257ffffffffffffffffff":0
+mpi_is_prime:"257ffffffffffffffffff":0
Test mbedtls_mpi_is_prime #4
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"a1ffffffffffffffffffff":0
+mpi_is_prime:"a1ffffffffffffffffffff":0
Test mbedtls_mpi_is_prime #5 [#1]
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"397ffffffffffffffffffffffffffff":0
+mpi_is_prime:"397ffffffffffffffffffffffffffff":0
Test mbedtls_mpi_is_prime #5 [#2]
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"aaaaaaaaaaaaaab":0
+mpi_is_prime:"aaaaaaaaaaaaaab":0
Test mbedtls_mpi_is_prime #6
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2aaaaaaaaaaaaaaaaaab":0
+mpi_is_prime:"2aaaaaaaaaaaaaaaaaab":0
Test mbedtls_mpi_is_prime #7
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"aaaaaaaaaaaaaaaaaaaaaaaab":0
+mpi_is_prime:"aaaaaaaaaaaaaaaaaaaaaaaab":0
Test mbedtls_mpi_is_prime #8
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaab":0
+mpi_is_prime:"2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaab":0
Test mbedtls_mpi_is_prime #9
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":0
+mpi_is_prime:"4df72d07b4b71c8dacb6cffa954f8d88254b6277099308baf003fab73227f34029643b5a263f66e0d3c3fa297ef71755efd53b8fb6cb812c6bbf7bcf179298bd9947c4c8b14324140a2c0f5fad7958a69050a987a6096e9f055fb38edf0c5889eca4a0cfa99b45fbdeee4c696b328ddceae4723945901ec025076b12b":0
Test mbedtls_mpi_is_prime #10
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":0
+mpi_is_prime:"cb50e82a8583f44ee0025942e7362991b24e12663a0ddc234a57b0f7b4ff7b025bf5a6707dedc2898e70b739042c95a996283dffdf67558768784553c61e302e8812bc90f0bb0696870cfb910b560cefed8d99bbf7a00b31ccdbd56f3594e5a653cfd127d2167b13119e5c45c3f76b4e3d904a9bc0cbb43c33aa7f23b":0
Test mbedtls_mpi_is_prime #11
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"7a364ab3de755f924642bd5273524234f78395da1ed9098f39af4fe248288b0cb7f1c27214588969479d7dc9f0d327b5544dd4c095aa1fa271df421fe9ee460855cc8423d223e2c85dc793f6babdca7fc804ea1f408f867db053bfd98c45085ea5d805c78d2863bacdfcaf4c6147ebb74a9056045074785714c0b84ed":0
+mpi_is_prime:"7a364ab3de755f924642bd5273524234f78395da1ed9098f39af4fe248288b0cb7f1c27214588969479d7dc9f0d327b5544dd4c095aa1fa271df421fe9ee460855cc8423d223e2c85dc793f6babdca7fc804ea1f408f867db053bfd98c45085ea5d805c78d2863bacdfcaf4c6147ebb74a9056045074785714c0b84ed":0
Test mbedtls_mpi_is_prime #12
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"9c3525e8404f89b7d30b3ccfdb0fab17f81adebbac1b6c6bf558a796014fe3b6cd2c4445c0826d7ef5f5d3aff5ac108185675d2159cd275c64812f24da66dbb0147efc6a3d2f8060e8304f48844abc9d33686087ccc11f":0
+mpi_is_prime:"9c3525e8404f89b7d30b3ccfdb0fab17f81adebbac1b6c6bf558a796014fe3b6cd2c4445c0826d7ef5f5d3aff5ac108185675d2159cd275c64812f24da66dbb0147efc6a3d2f8060e8304f48844abc9d33686087ccc11f":0
Test mbedtls_mpi_is_prime #13
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba0123":0
+mpi_is_prime:"284139ea19c139ebe09a8111926aaa39a2c2be12ed487a809d3cb5bc55854725b4cdcb5734c58f90b2f60d99cc1950cdbc8d651793e93c9c6f0ead752500a32c56c62082912b66132b2a6aa42ada923e1ad22ceb7ba0123":0
Test mbedtls_mpi_is_prime #14
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2eede25f74336afd1f51cbc4e809f8bb746ffac49335d129d1ff322ee3498b2b8144f0b136de076db169da4f4436de1f0c715b3d255272b4d77523174081a2fb703f82409185e0ef73e5a8bdf94e5b789fb7bf9be8eec9f":0
+mpi_is_prime:"2eede25f74336afd1f51cbc4e809f8bb746ffac49335d129d1ff322ee3498b2b8144f0b136de076db169da4f4436de1f0c715b3d255272b4d77523174081a2fb703f82409185e0ef73e5a8bdf94e5b789fb7bf9be8eec9f":0
Test mbedtls_mpi_is_prime #15
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"7fffffffffffffffffffffffffffffff":0
+mpi_is_prime:"7fffffffffffffffffffffffffffffff":0
Test mbedtls_mpi_is_prime #16
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"7fffffff":0
+mpi_is_prime:"7fffffff":0
Test mbedtls_mpi_is_prime #17
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"39531fcd":0
+mpi_is_prime:"39531fcd":0
Test mbedtls_mpi_is_prime #18
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"ab1cdb3":0
+mpi_is_prime:"ab1cdb3":0
Test mbedtls_mpi_is_prime #19
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"1ef3103":0
+mpi_is_prime:"1ef3103":0
Test mbedtls_mpi_is_prime #20
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime:"2faa127":0
+mpi_is_prime:"2faa127":0
Test mbedtls_mpi_is_prime_det (4 non-witnesses)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5
+mpi_is_prime_det:"043BD64BA10B11DA83FBD296B04BCA9E0552FAF6E09CAC74E2D7E735ED0DB09FC47ED76145644203EE0C826013BC602F560BCDAAED557D04683859A65D659FF828A245A2C5B1AC41E01E4669A525A45E23AF":"040EA852F7935ACCECC0E87B845281F047D10DC9AAFEF990AF9D3D66770DA30B0C5B5E03EEA8C0CB79B936FE0BB8EE5389EC1D34EB16C58AA3F2E11AF084160CDF6400BE1CC179867AB074866952D9F34EE7042D27F960E715A97FCB93F3182247D0A6AE51BD21CC2F6B0651F9E572C5FB86F3137053FA85FD7A51816D69B3A53A5A438C17754836D04E98CA240B901F828332F2D72D88C497DA45F533F99A6E53EDEA6B0424EC8951B048FA9A80134B37D0A67014597934E3CFC52C5A4DD4751ADF8D66FC79E84E2A3148C4B15C17E12CB659390FD275F39A331FFC80EC699BC3F6FAB868E30E9B14575FCDAB6FAED01E00112DD28704177E09C335AD43A696FEA761E8DF3B0663277A5C3637F9060CB5E5654F72E9A6B0F369E660AD4CF7ABF4195493545B367BD55271CD4BB7D9C15D3F508FE8F7409C2126FC8E73B43A67CD4EFB21E9F15DBF040A2A8D5F5ED75CEAC12B595C0051F3EC9D5A58ACE82A9506E64F780E9836728260FFE1BFD73E8A9869E3D46A35A856D3028F7FEAB9F4F1A04449AEDC80017EE1014080D87F0B50C8EF255324CD89F7D039":82:5
Test mbedtls_mpi_is_prime_det (39 non-witnesses)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40
+mpi_is_prime_det:"155102B67930FBE8858DF6C0642D77D419A7B7968E622CC7500F3E3F2C5168368C50E0083187":"119B3E2C721834D83416239B04447AA18AE0163E61DCAE97054563D79E094A6FA4485BD6A0501445BF57FE9C058926CDB862E04CC1A95D79D61D9AB3466857A53E04F8D7470C9C86649B226A13DDC534E18DFD5C22FAEA317CA4D4960F18457FD6D2FFB5F3273F74C89980DC774590D8D30D1159CA81999ED94A042D67DA68C82616AD46C2C88288A8EBD0B37AC7C152D9522CA4544642AD1210F6B642FEBF43563FA872B0DEFAFC69D0B6570E8FEA9570D0AADCFA9B06CC8BFD62CEDC221541210EEEF9762448C6D49F26AA767A4D66CB168589E0201923015314E6CD4A480E5936E7CF145F73A564C5B782635B3AFC3028E2632C5D3458224A7C9E8BA1876E8F690463C878292D3DC011E9640331E7F7621F2B5E0F6713DD8C9D6767521C4BA880DA8D11C67753C8493D2C4C4F1443147550D0B25B7FAD04EAFA9F8AA60974C1365C8A794CFEECEB4279B1150909A97E5A7A10B5D91186CA5B25A612036631FE73529C8CFAE51E76FB704A772DE5320EFC1212E7A399B1FEBF57D014AF9129DFF5D2C5DFBBEEAC55F360CF6D22FA90B8E2E9AD0C71AB6495A9452A58D653B8CC26128C66B43EFBA6E39AEC5717A1A3C2AE1449FCABAFE1180B159DA55190CD81A3D9E8D798647E11B827F0A057D6DA5AAD78AB5112EE65E10E8B8B369BA24E1B8AD2CD8548C497016C07A143DE1232F8059BE303572456FA92E76A0F23D1340629228B7D27C02D3833A72745B91A3DBEB5E081117A9F19597F00E4277B414FAEA8C8CEB895C37F956A5A22F8D7A10ADA50B22BAB312504904511AA0EFDD4D3BF20ECB17E8A684564FFB5BBD5E22C429F9A75A4FB4AE468FE7612ED53C7A11212E7EF3435CC9CA6E7DB167B8CCE2BECF35F89013F8F876223C77FA81570970858663C6E32B91080AA47F9C90177F51E6FD7747B910C9489C7B6ACB070996198AD9A40A69711274159210A9A12DBAAA4FB4632446066AB70D735DC95F7C2BCE517E88C064D728DE82B1B043DF4AEE0EFF5131120A4E5B9B4180EB6F6B8A0D1491ABDA069058A9966B1A517D8E7B4997DC52A1E698FD79E271153DF1913FE6787A5D99DE69F39C3F22D26DC731CFBB33FF5C267D85D7A3DAE8E1C87E1DB2F1236212EF1942EA756967FB3D07D629E59EA4034D9A9B5E270DD4A31C8A3DFDA99C1094B5537132C196DA2AEAF5253A019B9AF25B5DCB0D4DD75C7C9C353DA9DAABFB23959A5455312E7E1C21268C1BC14E83DCFDF50C27FD3E8B4EDC04C5F3CB5FCFFF2B57151E1B1EE1A6456DC006BC43E1158674AA4CF7D146DE4A57103BE43ED130C8007294ED2418C7A2B769A7D20EBB5A8367A77B313F81BB119B9954305FF160FF83EED7F808EE6D340A5CCC000CF81AA497D315D350CCE4E86A31456B8AA85B677491FC662933DFA55EB5BFF64B8D85430D676A85D1CAFAFF383E68C4E6C22A51063739EC03FC58C36C07C44E54828BE2152B2E9AFB0F179B157D09B64C147B524BB5424BB1914419424D9100D06EDCFC718F4DF3D562E9E16C446663F35273CA7BC5426B868A80C8D415C9A12A1619CDB7CDB5BEBC70313150BDF8C3AB26B809FE62D28E798EF1EF98C410A2DA0A9071F82154AC569078B0E647E2C085D1D907E634453442803D0492D3D0C78CACB762020C0E589C8B0981321EA2771305FD0413F3B2963FCE9A232F6641DB7E12ADC009A032063C41756E5E19E5711DE12711F07AFE7545B4D83F3EFD7BFD0435297C89DF3D4AF96EBE2CE8D64B93E36EA5D7E5A0492151D0CAEE7449A7D35E1A3C83E22C3B35162C073CC3B1CF76FBDEE84270721FC042EAAEB7325110181415E2031CFB7462F15111291CDAC0560FF9F4C7341F2FA261B97CEF348D074AA2EB4DB153FE6B1410519DA4213B611999868F3B867A2B6D758D333C4989DE80782683CA26ECDE373C71524F01B76349CE8A07A5EBECBB42259CF970DDA756EC996B189FEA045FEE45F23D476960913106ECA2510B8517AA75D56FA4152B2BDDC212014E5D07FD964D6EE532F0616DF74E104659955132331FABF2D2AD265E71C93C648A956FA0A3DB21FF103D516527F2DA0E870340B61EE8A8ED913B60605EB5A67B834D0FC90564386012585609870FEF6530B3E3C037B55506F0B5694F6B0FC":38:40
Test mbedtls_mpi_gen_prime (Too small)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:2:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_gen_prime:2:0:MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Test mbedtls_mpi_gen_prime (OK, minimum size)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:3:0:0
+mpi_gen_prime:3:0:0
Test mbedtls_mpi_gen_prime (corner case limb size -1 bits)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:63:0:0
+mpi_gen_prime:63:0:0
Test mbedtls_mpi_gen_prime (corner case limb size)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:64:0:0
+mpi_gen_prime:64:0:0
Test mbedtls_mpi_gen_prime (corner case limb size +1 bits)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:65:0:0
+mpi_gen_prime:65:0:0
Test mbedtls_mpi_gen_prime (Larger)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:128:0:0
+mpi_gen_prime:128:0:0
Test mbedtls_mpi_gen_prime (Safe)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0
+mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH:0
Test mbedtls_mpi_gen_prime (Safe with lower error rate)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH | MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
+mpi_gen_prime:128:MBEDTLS_MPI_GEN_PRIME_FLAG_DH | MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
Test mbedtls_mpi_gen_prime standard RSA #1 (lower error rate)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:1024:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
+mpi_gen_prime:1024:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
Test mbedtls_mpi_gen_prime standard RSA #2 (lower error rate)
depends_on:MBEDTLS_GENPRIME
-mbedtls_mpi_gen_prime:1536:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
+mpi_gen_prime:1536:MBEDTLS_MPI_GEN_PRIME_FLAG_LOW_ERR:0
Test bit getting (Value bit 25)
-mbedtls_mpi_get_bit:"2faa127":25:1
+mpi_get_bit:"2faa127":25:1
Test bit getting (Larger but same limb)
-mbedtls_mpi_get_bit:"2faa127":26:0
+mpi_get_bit:"2faa127":26:0
Test bit getting (Larger and non-existing limb)
-mbedtls_mpi_get_bit:"2faa127":500:0
+mpi_get_bit:"2faa127":500:0
Test bit getting in 0 (null)
-mbedtls_mpi_get_bit:"":500:0
+mpi_get_bit:"":500:0
Test bit getting (Value bit 24)
-mbedtls_mpi_get_bit:"2faa127":24:0
+mpi_get_bit:"2faa127":24:0
Test bit getting (Value bit 23)
-mbedtls_mpi_get_bit:"2faa127":23:1
+mpi_get_bit:"2faa127":23:1
Test bit set (Change existing value with a 1)
-mbedtls_mpi_set_bit:"2faa127":24:1:"3faa127":0
+mpi_set_bit:"2faa127":24:1:"3faa127":0
Test bit set (Change existing value with a 0)
-mbedtls_mpi_set_bit:"2faa127":25:0:"faa127":0
+mpi_set_bit:"2faa127":25:0:"faa127":0
Test bit set (Add above existing limbs with a 0)
-mbedtls_mpi_set_bit:"2faa127":80:0:"2faa127":0
+mpi_set_bit:"2faa127":80:0:"2faa127":0
Test bit set (Add above existing limbs with a 1)
-mbedtls_mpi_set_bit:"2faa127":80:1:"100000000000002faa127":0
+mpi_set_bit:"2faa127":80:1:"100000000000002faa127":0
Test bit set (Add to 0 (null) with a 0)
-mbedtls_mpi_set_bit:"":65:0:"":0
+mpi_set_bit:"":65:0:"":0
Test bit set (Add to 0 (null) with a 1)
-mbedtls_mpi_set_bit:"":65:1:"020000000000000000":0
+mpi_set_bit:"":65:1:"020000000000000000":0
Test bit set (Bit index larger than 31 with a 0)
-mbedtls_mpi_set_bit:"FFFFFFFFFFFFFFFF":32:0:"FFFFFFFEFFFFFFFF":0
+mpi_set_bit:"FFFFFFFFFFFFFFFF":32:0:"FFFFFFFEFFFFFFFF":0
Test bit set (Bit index larger than 31 with a 1)
-mbedtls_mpi_set_bit:"00":32:1:"0100000000":0
+mpi_set_bit:"00":32:1:"0100000000":0
Test bit set (Invalid bit value)
-mbedtls_mpi_set_bit:"00":5:2:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
+mpi_set_bit:"00":5:2:"00":MBEDTLS_ERR_MPI_BAD_INPUT_DATA
Fill random: 0 bytes
mpi_fill_random:0:0:0:0
diff --git a/tests/suites/test_suite_ccm.function b/tests/suites/test_suite_ccm.function
index 735c9aa..8e59528 100644
--- a/tests/suites/test_suite_ccm.function
+++ b/tests/suites/test_suite_ccm.function
@@ -48,7 +48,7 @@
mbedtls_ccm_init(&ctx);
- ASSERT_ALLOC_WEAK(add, add_len);
+ TEST_CALLOC_OR_SKIP(add, add_len);
memset(key, 0, sizeof(key));
memset(msg, 0, sizeof(msg));
memset(iv, 0, sizeof(iv));
diff --git a/tests/suites/test_suite_chacha20.function b/tests/suites/test_suite_chacha20.function
index 7f49561..3c6f06c 100644
--- a/tests/suites/test_suite_chacha20.function
+++ b/tests/suites/test_suite_chacha20.function
@@ -29,8 +29,8 @@
TEST_ASSERT(mbedtls_chacha20_crypt(key_str->x, nonce_str->x, counter, src_str->len, src_str->x,
output) == 0);
- ASSERT_COMPARE(output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len);
+ TEST_MEMORY_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API
@@ -44,8 +44,8 @@
memset(output, 0x00, sizeof(output));
TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len, src_str->x, output) == 0);
- ASSERT_COMPARE(output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len);
+ TEST_MEMORY_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
/*
* Test the streaming API again, piecewise
@@ -60,8 +60,8 @@
TEST_ASSERT(mbedtls_chacha20_update(&ctx, src_str->len - 1,
src_str->x + 1, output + 1) == 0);
- ASSERT_COMPARE(output, expected_output_str->len,
- expected_output_str->x, expected_output_str->len);
+ TEST_MEMORY_COMPARE(output, expected_output_str->len,
+ expected_output_str->x, expected_output_str->len);
mbedtls_chacha20_free(&ctx);
}
diff --git a/tests/suites/test_suite_cipher.function b/tests/suites/test_suite_cipher.function
index ef9ff0a..9235e3d 100644
--- a/tests/suites/test_suite_cipher.function
+++ b/tests/suites/test_suite_cipher.function
@@ -1229,7 +1229,7 @@
* (we need the tag appended to the ciphertext)
*/
cipher_plus_tag_len = cipher->len + tag->len;
- ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len);
+ TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len);
memcpy(cipher_plus_tag, cipher->x, cipher->len);
memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len);
@@ -1247,7 +1247,7 @@
* Try decrypting to a buffer that's 1B too small
*/
if (decrypt_buf_len != 0) {
- ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1);
+ TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1);
outlen = 0;
ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
@@ -1262,7 +1262,7 @@
/*
* Authenticate and decrypt, and check result
*/
- ASSERT_ALLOC(decrypt_buf, decrypt_buf_len);
+ TEST_CALLOC(decrypt_buf, decrypt_buf_len);
outlen = 0;
ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
@@ -1274,7 +1274,7 @@
TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len));
} else {
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
+ TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
}
/* Free this, but keep cipher_plus_tag for deprecated function with PSA */
@@ -1306,7 +1306,7 @@
/*
* Try encrypting with an output buffer that's 1B too small
*/
- ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1);
+ TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1);
outlen = 0;
ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
@@ -1320,7 +1320,7 @@
/*
* Encrypt and check the result
*/
- ASSERT_ALLOC(encrypt_buf, encrypt_buf_len);
+ TEST_CALLOC(encrypt_buf, encrypt_buf_len);
outlen = 0;
ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
@@ -1374,7 +1374,7 @@
* Authenticate and decrypt, and check result
*/
- ASSERT_ALLOC(decrypt_buf, cipher->len);
+ TEST_CALLOC(decrypt_buf, cipher->len);
outlen = 0;
ret = mbedtls_cipher_auth_decrypt(&ctx, iv->x, iv->len, ad->x, ad->len,
tmp_cipher, cipher->len, decrypt_buf, &outlen,
@@ -1390,7 +1390,7 @@
} else {
/* authentic message: is the plaintext correct? */
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
+ TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
}
mbedtls_free(decrypt_buf);
@@ -1411,14 +1411,14 @@
/* prepare buffers for encryption */
#if defined(MBEDTLS_USE_PSA_CRYPTO)
if (use_psa) {
- ASSERT_ALLOC(cipher_plus_tag, cipher->len + tag->len);
+ TEST_CALLOC(cipher_plus_tag, cipher->len + tag->len);
tmp_cipher = cipher_plus_tag;
tmp_tag = cipher_plus_tag + cipher->len;
} else
#endif /* MBEDTLS_USE_PSA_CRYPTO */
{
- ASSERT_ALLOC(encrypt_buf, cipher->len);
- ASSERT_ALLOC(tag_buf, tag->len);
+ TEST_CALLOC(encrypt_buf, cipher->len);
+ TEST_CALLOC(tag_buf, tag->len);
tmp_cipher = encrypt_buf;
tmp_tag = tag_buf;
}
diff --git a/tests/suites/test_suite_constant_time.function b/tests/suites/test_suite_constant_time.function
index a40149a..3f91a7d 100644
--- a/tests/suites/test_suite_constant_time.function
+++ b/tests/suites/test_suite_constant_time.function
@@ -23,8 +23,8 @@
size_t src_len = offset_max + len;
size_t secret;
- ASSERT_ALLOC(dst, len);
- ASSERT_ALLOC(src, src_len);
+ TEST_CALLOC(dst, len);
+ TEST_CALLOC(src, src_len);
/* Fill src in a way that we can detect if we copied the right bytes */
mbedtls_test_rnd_std_rand(NULL, src, src_len);
@@ -38,7 +38,7 @@
TEST_CF_PUBLIC(&secret, sizeof(secret));
TEST_CF_PUBLIC(dst, len);
- ASSERT_COMPARE(dst, len, src + secret, len);
+ TEST_MEMORY_COMPARE(dst, len, src + secret, len);
}
exit:
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 57d5a4e..45f0c01 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -35,7 +35,7 @@
block_size = hash == MBEDTLS_MD_SHA384 ? 128 : 64;
/* Use allocated out buffer to catch overwrites */
- ASSERT_ALLOC(out, out_len);
+ TEST_CALLOC(out, out_len);
/* Set up contexts with the given hash and a dummy key */
TEST_EQUAL(0, mbedtls_md_setup(&ctx, md_info, 1));
@@ -54,7 +54,7 @@
mbedtls_test_set_step(max_in_len * 10000);
/* Use allocated in buffer to catch overreads */
- ASSERT_ALLOC(data, max_in_len);
+ TEST_CALLOC(data, max_in_len);
min_in_len = max_in_len > 255 ? max_in_len - 255 : 0;
for (in_len = min_in_len; in_len <= max_in_len; in_len++) {
@@ -84,7 +84,7 @@
TEST_EQUAL(0, mbedtls_md_hmac_reset(&ref_ctx));
/* Compare */
- ASSERT_COMPARE(out, out_len, ref_out, out_len);
+ TEST_MEMORY_COMPARE(out, out_len, ref_out, out_len);
}
mbedtls_free(data);
diff --git a/tests/suites/test_suite_debug.data b/tests/suites/test_suite_debug.data
index 0092774..87ec67c 100644
--- a/tests/suites/test_suite_debug.data
+++ b/tests/suites/test_suite_debug.data
@@ -65,3 +65,6 @@
Debug print certificate #2 (EC)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_BASE64_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
mbedtls_debug_print_crt:"data_files/test-ca2.crt":"MyFile":999:"PREFIX_":"MyFile(0999)\: PREFIX_ #1\:\nMyFile(0999)\: cert. version \: 3\nMyFile(0999)\: serial number \: C1\:43\:E2\:7E\:62\:43\:CC\:E8\nMyFile(0999)\: issuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: subject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nMyFile(0999)\: issued on \: 2019-02-10 14\:44\:00\nMyFile(0999)\: expires on \: 2029-02-10 14\:44\:00\nMyFile(0999)\: signed using \: ECDSA with SHA256\nMyFile(0999)\: EC key size \: 384 bits\nMyFile(0999)\: basic constraints \: CA=true\nMyFile(0999)\: value of 'crt->eckey.Q(X)' (384 bits) is\:\nMyFile(0999)\: c3 da 2b 34 41 37 58 2f 87 56 fe fc 89 ba 29 43\nMyFile(0999)\: 4b 4e e0 6e c3 0e 57 53 33 39 58 d4 52 b4 91 95\nMyFile(0999)\: 39 0b 23 df 5f 17 24 62 48 fc 1a 95 29 ce 2c 2d\nMyFile(0999)\: value of 'crt->eckey.Q(Y)' (384 bits) is\:\nMyFile(0999)\: 87 c2 88 52 80 af d6 6a ab 21 dd b8 d3 1c 6e 58\nMyFile(0999)\: b8 ca e8 b2 69 8e f3 41 ad 29 c3 b4 5f 75 a7 47\nMyFile(0999)\: 6f d5 19 29 55 69 9a 53 3b 20 b4 66 16 60 33 1e\n"
+
+Check mbedtls_calloc overallocation
+check_mbedtls_calloc_overallocation:1:1
diff --git a/tests/suites/test_suite_debug.function b/tests/suites/test_suite_debug.function
index cbb3a63..9ece280 100644
--- a/tests/suites/test_suite_debug.function
+++ b/tests/suites/test_suite_debug.function
@@ -61,6 +61,7 @@
mbedtls_ssl_config_init(&conf);
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -75,6 +76,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -90,6 +92,7 @@
mbedtls_ssl_config_init(&conf);
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -102,6 +105,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -117,7 +121,7 @@
mbedtls_ssl_config_init(&conf);
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
-
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -130,6 +134,7 @@
exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -145,6 +150,8 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
+
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
@@ -161,6 +168,7 @@
mbedtls_x509_crt_free(&crt);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -178,6 +186,7 @@
mbedtls_mpi_init(&val);
memset(buffer.buf, 0, 2000);
buffer.ptr = buffer.buf;
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_setup(&ssl, &conf) == 0);
@@ -193,5 +202,20 @@
mbedtls_mpi_free(&val);
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void check_mbedtls_calloc_overallocation(int num, int size)
+{
+ unsigned char *buf;
+ buf = mbedtls_calloc((size_t) num * SIZE_MAX/2, (size_t) size * SIZE_MAX/2);
+ /* Dummy usage of the pointer to prevent optimizing it */
+ mbedtls_printf("calloc pointer : %p\n", buf);
+ TEST_ASSERT(buf == NULL);
+
+exit:
+ mbedtls_free(buf);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_ecp.function b/tests/suites/test_suite_ecp.function
index 6110a78..b134061 100644
--- a/tests/suites/test_suite_ecp.function
+++ b/tests/suites/test_suite_ecp.function
@@ -61,12 +61,11 @@
if (grp1->t_data != grp2->t_data) {
return 1;
}
- if (grp1->T_size != grp2->T_size) {
- return 1;
- }
- if (grp1->T != grp2->T) {
- return 1;
- }
+ /* Here we should not compare T and T_size as the value of T is
+ * always NULL for Montgomery curves and for Weierstrass curves
+ * it will be NULL until ecp_mul is called. After calling ecp_mul,
+ * the value will be unique (dynamically allocated).
+ */
return 0;
}
@@ -490,7 +489,7 @@
* MBEDTLS_ECP_WINDOW_SIZE, as well as implementation details that may
* change in the future. A factor 2 is a minimum safety margin.
*
- * For reference, with mbed TLS 2.4 and default settings, for P-256:
+ * For reference, with Mbed TLS 2.4 and default settings, for P-256:
* - Random point mult: ~3250M
* - Cold base point mult: ~3300M
* - Hot base point mult: ~1100M
@@ -853,8 +852,8 @@
&len, actual_result, sizeof(actual_result)));
TEST_ASSERT(len <= MBEDTLS_ECP_MAX_PT_LEN);
- ASSERT_COMPARE(expected_result->x, expected_result->len,
- actual_result, len);
+ TEST_MEMORY_COMPARE(expected_result->x, expected_result->len,
+ actual_result, len);
exit:
mbedtls_ecp_group_free(&grp);
@@ -1207,6 +1206,8 @@
// Copy group and compare with original
TEST_EQUAL(mbedtls_ecp_group_copy(&grp_cpy, &grp), 0);
+ TEST_ASSERT(grp_cpy.T == NULL);
+ TEST_ASSERT(grp_cpy.T_size == 0);
TEST_EQUAL(mbedtls_ecp_group_cmp(&grp, &grp_cpy), 0);
// Check curve is in curve list and group ID list
@@ -1355,8 +1356,8 @@
ret = mbedtls_ecp_write_key(&key, buf, in_key->len);
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(in_key->x, in_key->len,
- buf, in_key->len);
+ TEST_MEMORY_COMPARE(in_key->x, in_key->len,
+ buf, in_key->len);
} else {
unsigned char export1[MBEDTLS_ECP_MAX_BYTES];
unsigned char export2[MBEDTLS_ECP_MAX_BYTES];
@@ -1370,8 +1371,8 @@
ret = mbedtls_ecp_write_key(&key2, export2, in_key->len);
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(export1, in_key->len,
- export2, in_key->len);
+ TEST_MEMORY_COMPARE(export1, in_key->len,
+ export2, in_key->len);
}
}
@@ -1425,7 +1426,7 @@
rnd_info.fallback_f_rng = NULL;
rnd_info.fallback_p_rng = NULL;
- ASSERT_ALLOC(actual, expected->len);
+ TEST_CALLOC(actual, expected->len);
ret = mbedtls_ecp_gen_privkey_mx(bits, &d,
mbedtls_test_rnd_buffer_rand, &rnd_info);
@@ -1447,8 +1448,8 @@
* (can be enforced by checking these bits).
* - Other bits must be random (by testing with different RNG outputs,
* we validate that those bits are indeed influenced by the RNG). */
- ASSERT_COMPARE(expected->x, expected->len,
- actual, expected->len);
+ TEST_MEMORY_COMPARE(expected->x, expected->len,
+ actual, expected->len);
}
exit:
diff --git a/tests/suites/test_suite_entropy.function b/tests/suites/test_suite_entropy.function
index b04ed54..5d8487c 100644
--- a/tests/suites/test_suite_entropy.function
+++ b/tests/suites/test_suite_entropy.function
@@ -135,7 +135,7 @@
/* END_HEADER */
/* BEGIN_DEPENDENCIES
- * depends_on:MBEDTLS_ENTROPY_C
+ * depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_PSA_INJECT_ENTROPY
* END_DEPENDENCIES
*/
diff --git a/tests/suites/test_suite_hkdf.function b/tests/suites/test_suite_hkdf.function
index 2bfbf3c..f307a7d 100644
--- a/tests/suites/test_suite_hkdf.function
+++ b/tests/suites/test_suite_hkdf.function
@@ -24,8 +24,8 @@
info->x, info->len, okm, expected_okm->len);
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(okm, expected_okm->len,
- expected_okm->x, expected_okm->len);
+ TEST_MEMORY_COMPARE(okm, expected_okm->len,
+ expected_okm->x, expected_okm->len);
}
/* END_CASE */
@@ -53,7 +53,7 @@
ret = mbedtls_hkdf_extract(md, salt, salt_len, ikm, ikm_len, output_prk);
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(output_prk, output_prk_len, prk, prk_len);
+ TEST_MEMORY_COMPARE(output_prk, output_prk_len, prk, prk_len);
exit:
mbedtls_free(ikm);
@@ -89,7 +89,7 @@
ret = mbedtls_hkdf_expand(md, prk, prk_len, info, info_len,
output_okm, OKM_LEN);
TEST_ASSERT(ret == 0);
- ASSERT_COMPARE(output_okm, okm_len, okm, okm_len);
+ TEST_MEMORY_COMPARE(output_okm, okm_len, okm, okm_len);
exit:
mbedtls_free(info);
diff --git a/tests/suites/test_suite_md.function b/tests/suites/test_suite_md.function
index c1cf8ec..308eaa1 100644
--- a/tests/suites/test_suite_md.function
+++ b/tests/suites/test_suite_md.function
@@ -139,7 +139,7 @@
TEST_EQUAL(0, mbedtls_md(md_info, src, src_len, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
}
/* END_CASE */
@@ -155,7 +155,7 @@
TEST_EQUAL(0, mbedtls_md(md_info, src_str->x, src_str->len, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
}
/* END_CASE */
@@ -188,14 +188,14 @@
TEST_EQUAL(0, mbedtls_md_update(&ctx, src + halfway, src_len - halfway));
TEST_EQUAL(0, mbedtls_md_finish(&ctx, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
/* Test clone */
memset(output, 0x00, sizeof(output));
TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src + halfway, src_len - halfway));
TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
exit:
mbedtls_md_free(&ctx);
@@ -228,14 +228,14 @@
TEST_EQUAL(0, mbedtls_md_update(&ctx, src_str->x + halfway, src_str->len - halfway));
TEST_EQUAL(0, mbedtls_md_finish(&ctx, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
/* Test clone */
memset(output, 0x00, sizeof(output));
TEST_EQUAL(0, mbedtls_md_update(&ctx_copy, src_str->x + halfway, src_str->len - halfway));
TEST_EQUAL(0, mbedtls_md_finish(&ctx_copy, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
exit:
mbedtls_md_free(&ctx);
@@ -258,7 +258,7 @@
TEST_EQUAL(0, mbedtls_md_hmac(md_info, key_str->x, key_str->len,
src_str->x, src_str->len, output));
- ASSERT_COMPARE(output, trunc_size, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len);
}
/* END_CASE */
@@ -285,7 +285,7 @@
TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway));
TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output));
- ASSERT_COMPARE(output, trunc_size, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len);
/* Test again, for reset() */
memset(output, 0x00, sizeof(output));
@@ -295,7 +295,7 @@
TEST_EQUAL(0, mbedtls_md_hmac_update(&ctx, src_str->x + halfway, src_str->len - halfway));
TEST_EQUAL(0, mbedtls_md_hmac_finish(&ctx, output));
- ASSERT_COMPARE(output, trunc_size, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, trunc_size, hash->x, hash->len);
exit:
mbedtls_md_free(&ctx);
@@ -314,6 +314,6 @@
TEST_EQUAL(0, mbedtls_md_file(md_info, filename, output));
- ASSERT_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, mbedtls_md_get_size(md_info), hash->x, hash->len);
}
/* END_CASE */
diff --git a/tests/suites/test_suite_mps.function b/tests/suites/test_suite_mps.function
index a9ccf22..03818ec 100644
--- a/tests/suites/test_suite_mps.function
+++ b/tests/suites/test_suite_mps.function
@@ -60,7 +60,7 @@
/* Consumption (upper layer) */
/* Consume exactly what's available */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 100, bufA, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, bufA, 100);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, &paused) == 0);
@@ -108,14 +108,14 @@
/* Consumption (upper layer) */
/* Consume exactly what's available */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 100, bufA, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, bufA, 100);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Preparation */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 100, bufB, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, bufB, 100);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
@@ -162,11 +162,11 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, buf, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, buf, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 70, buf + 10, 70);
+ TEST_MEMORY_COMPARE(tmp, 70, buf + 10, 70);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0);
- ASSERT_COMPARE(tmp, tmp_len, buf + 80, 20);
+ TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 80, 20);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup (lower layer) */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
@@ -202,18 +202,18 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufA, sizeof(bufA)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 70, bufA + 10, 70);
+ TEST_MEMORY_COMPARE(tmp, 70, bufA + 10, 70);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, &tmp_len) == 0);
- ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 20);
+ TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 20);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Preparation */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, bufB, sizeof(bufB)) == 0);
/* Consumption */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 100, bufB, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, bufB, 100);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
@@ -243,7 +243,7 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf, 50);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -284,10 +284,10 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf, 50);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, buf + 50, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, buf + 50, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
/* Wrapup (lower layer) */
@@ -295,7 +295,7 @@
MBEDTLS_ERR_MPS_READER_ACCUMULATOR_TOO_SMALL);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, &tmp_len) == 0);
- ASSERT_COMPARE(tmp, tmp_len, buf + 50, 50);
+ TEST_MEMORY_COMPARE(tmp, tmp_len, buf + 50, 50);
mbedtls_mps_reader_free(&rd);
}
@@ -325,7 +325,7 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf, 50);
/* Excess request */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, (mbedtls_mps_size_t) -1, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -376,10 +376,10 @@
/* Consumption (upper layer) */
/* Ask for more than what's available. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_MEMORY_COMPARE(tmp, 80, bufA, 80);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
switch (option) {
case 0: /* Single uncommitted fetch at pausing */
case 1:
@@ -400,50 +400,50 @@
switch (option) {
case 0: /* Single fetch at pausing, re-fetch with commit. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
case 1: /* Single fetch at pausing, re-fetch without commit. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 2: /* Multiple fetches at pausing, repeat without commit. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 3: /* Multiple fetches at pausing, repeat with commit 1. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
break;
case 4: /* Multiple fetches at pausing, repeat with commit 2. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
case 5: /* Multiple fetches at pausing, repeat with commit 3. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
break;
@@ -453,7 +453,7 @@
/* In all cases, fetch the rest of the second buffer. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 90, bufB + 10, 90);
+ TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
@@ -498,7 +498,7 @@
/* Consumption (upper layer) */
/* Ask for more than what's available. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_MEMORY_COMPARE(tmp, 80, bufA, 80);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* 20 left, ask for 70 -> 50 overhead */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) ==
@@ -538,8 +538,8 @@
/* Consumption */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 70, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
- ASSERT_COMPARE(tmp + 20, 50, bufB, 50);
+ TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20);
+ TEST_MEMORY_COMPARE(tmp + 20, 50, bufB, 50);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 1000, &tmp, &fetch_len) == 0);
switch (option) {
case 0:
@@ -591,14 +591,14 @@
/* Fetch (but not commit) the entire buffer. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf), &tmp, NULL)
== 0);
- ASSERT_COMPARE(tmp, 100, buf, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, buf, 100);
break;
case 1:
/* Fetch (but not commit) parts of the buffer. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
&tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
+ TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
break;
case 2:
@@ -606,13 +606,13 @@
* fetch but not commit the rest of the buffer. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
&tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
+ TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2, buf, sizeof(buf) / 2);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, sizeof(buf) / 2,
&tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, sizeof(buf) / 2,
- buf + sizeof(buf) / 2,
- sizeof(buf) / 2);
+ TEST_MEMORY_COMPARE(tmp, sizeof(buf) / 2,
+ buf + sizeof(buf) / 2,
+ sizeof(buf) / 2);
break;
default:
@@ -646,16 +646,16 @@
TEST_ASSERT(mbedtls_mps_reader_feed(&rd, buf, sizeof(buf)) == 0);
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf, 50);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf + 50, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50);
/* Preparation */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) ==
MBEDTLS_ERR_MPS_READER_DATA_LEFT);
/* Consumption */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 50, buf + 50, 50);
+ TEST_MEMORY_COMPARE(tmp, 50, buf + 50, 50);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
TEST_ASSERT(mbedtls_mps_reader_reclaim(&rd, NULL) == 0);
@@ -699,10 +699,10 @@
/* Consumption (upper layer) */
/* Ask for more than what's available. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 80, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 80, bufA, 80);
+ TEST_MEMORY_COMPARE(tmp, 80, bufA, 80);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -717,10 +717,10 @@
/* Consume */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, &tmp_len) == 0);
- ASSERT_COMPARE(tmp, tmp_len, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, tmp_len, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -731,18 +731,18 @@
/* Consume */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufB + 10, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufC, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufB + 10, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufC, 10);
break;
case 1: /* Fetch same chunks, commit afterwards, and
* then exceed bounds of new buffer; accumulator
* not large enough. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 51, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -756,10 +756,10 @@
* then exceed bounds of new buffer; accumulator
* large enough. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -769,19 +769,19 @@
/* Consume */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 50, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
- ASSERT_COMPARE(tmp + 20, 20, bufB, 20);
- ASSERT_COMPARE(tmp + 40, 10, bufC, 10);
+ TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20);
+ TEST_MEMORY_COMPARE(tmp + 20, 20, bufB, 20);
+ TEST_MEMORY_COMPARE(tmp + 40, 10, bufC, 10);
break;
case 3: /* Fetch same chunks, don't commit afterwards, and
* then exceed bounds of new buffer; accumulator
* not large enough. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 80, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 80, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 20, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 10, bufA + 90, 10);
- ASSERT_COMPARE(tmp + 10, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 10, bufA + 90, 10);
+ TEST_MEMORY_COMPARE(tmp + 10, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 21, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_OUT_OF_DATA);
@@ -844,15 +844,15 @@
mbedtls_mps_reader rd;
if (acc_size > 0) {
- ASSERT_ALLOC(acc, acc_size);
+ TEST_CALLOC(acc, acc_size);
}
/* This probably needs to be changed because we want
* our tests to be deterministic. */
// srand( time( NULL ) );
- ASSERT_ALLOC(outgoing, num_out_chunks * max_chunk_size);
- ASSERT_ALLOC(incoming, num_out_chunks * max_chunk_size);
+ TEST_CALLOC(outgoing, num_out_chunks * max_chunk_size);
+ TEST_CALLOC(incoming, num_out_chunks * max_chunk_size);
mbedtls_mps_reader_init(&rd, acc, acc_size);
@@ -884,7 +884,7 @@
}
tmp_size = (rand() % max_chunk_size) + 1;
- ASSERT_ALLOC(tmp, tmp_size);
+ TEST_CALLOC(tmp, tmp_size);
TEST_ASSERT(mbedtls_test_rnd_std_rand(NULL, tmp, tmp_size) == 0);
ret = mbedtls_mps_reader_feed(&rd, tmp, tmp_size);
@@ -1005,16 +1005,16 @@
case 0:
/* Ask for buffered data in a single chunk, no commit */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
- ASSERT_COMPARE(tmp + 20, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20);
+ TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10);
success = 1;
break;
case 1:
/* Ask for buffered data in a single chunk, with commit */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 30, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 20, bufA + 80, 20);
- ASSERT_COMPARE(tmp + 20, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 20, bufA + 80, 20);
+ TEST_MEMORY_COMPARE(tmp + 20, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
@@ -1035,7 +1035,7 @@
/* Asking for buffered data in different
* chunks than before CAN fail. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 10, &tmp, NULL) ==
MBEDTLS_ERR_MPS_READER_INCONSISTENT_REQUESTS);
break;
@@ -1044,10 +1044,10 @@
/* Asking for buffered data different chunks
* than before NEED NOT fail - no commits */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
- ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5);
+ TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10);
success = 1;
break;
@@ -1055,11 +1055,11 @@
/* Asking for buffered data different chunks
* than before NEED NOT fail - intermediate commit */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
- ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5);
+ TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10);
success = 1;
break;
@@ -1067,10 +1067,10 @@
/* Asking for buffered data different chunks
* than before NEED NOT fail - end commit */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
- ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5);
+ TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
@@ -1079,11 +1079,11 @@
/* Asking for buffered data different chunks
* than before NEED NOT fail - intermediate & end commit */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 15, bufA + 80, 15);
+ TEST_MEMORY_COMPARE(tmp, 15, bufA + 80, 15);
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 15, &tmp, NULL) == 0);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
- ASSERT_COMPARE(tmp, 5, bufA + 95, 5);
- ASSERT_COMPARE(tmp + 5, 10, bufB, 10);
+ TEST_MEMORY_COMPARE(tmp, 5, bufA + 95, 5);
+ TEST_MEMORY_COMPARE(tmp + 5, 10, bufB, 10);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
success = 1;
break;
@@ -1096,7 +1096,7 @@
if (success == 1) {
/* In all succeeding cases, fetch the rest of the second buffer. */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 90, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 90, bufB + 10, 90);
+ TEST_MEMORY_COMPARE(tmp, 90, bufB + 10, 90);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
@@ -1131,7 +1131,7 @@
/* Consumption (upper layer) */
TEST_ASSERT(mbedtls_mps_reader_get(&rd, 100, &tmp, NULL) == 0);
- ASSERT_COMPARE(tmp, 100, buf, 100);
+ TEST_MEMORY_COMPARE(tmp, 100, buf, 100);
TEST_ASSERT(mbedtls_mps_reader_commit(&rd) == 0);
/* Wrapup */
diff --git a/tests/suites/test_suite_oid.data b/tests/suites/test_suite_oid.data
index 38d8b7e..2d33141 100644
--- a/tests/suites/test_suite_oid.data
+++ b/tests/suites/test_suite_oid.data
@@ -101,12 +101,30 @@
OID get numeric string - multi-byte first subidentifier
oid_get_numeric_string:"8837":0:"2.999"
+OID get numeric string - second subidentifier not terminated
+oid_get_numeric_string:"0081":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+
OID get numeric string - empty oid buffer
oid_get_numeric_string:"":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
OID get numeric string - no final / all bytes have top bit set
oid_get_numeric_string:"818181":MBEDTLS_ERR_ASN1_OUT_OF_DATA:""
+OID get numeric string - 0.39
+oid_get_numeric_string:"27":0:"0.39"
+
+OID get numeric string - 1.0
+oid_get_numeric_string:"28":0:"1.0"
+
+OID get numeric string - 1.39
+oid_get_numeric_string:"4f":0:"1.39"
+
+OID get numeric string - 2.0
+oid_get_numeric_string:"50":0:"2.0"
+
+OID get numeric string - 1 byte first subidentifier beyond 2.39
+oid_get_numeric_string:"7f":0:"2.47"
+
# Encodes the number 0x0400000000 as a subidentifier which overflows 32-bits
OID get numeric string - 32-bit overflow
oid_get_numeric_string:"C080808000":MBEDTLS_ERR_ASN1_INVALID_DATA:""
diff --git a/tests/suites/test_suite_oid.function b/tests/suites/test_suite_oid.function
index 7759baf..c06e337 100644
--- a/tests/suites/test_suite_oid.function
+++ b/tests/suites/test_suite_oid.function
@@ -104,13 +104,16 @@
int ret;
input_oid.tag = MBEDTLS_ASN1_OID;
- input_oid.p = oid->x;
+ /* Test that an empty OID is not dereferenced */
+ input_oid.p = oid->len ? oid->x : (void *) 1;
input_oid.len = oid->len;
ret = mbedtls_oid_get_numeric_string(buf, sizeof(buf), &input_oid);
if (error_ret == 0) {
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(ret, strlen(result_str));
+ TEST_ASSERT(ret >= 3);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
} else {
TEST_EQUAL(ret, error_ret);
}
diff --git a/tests/suites/test_suite_pem.data b/tests/suites/test_suite_pem.data
index 37484d8..0f4b6b4 100644
--- a/tests/suites/test_suite_pem.data
+++ b/tests/suites/test_suite_pem.data
@@ -22,6 +22,10 @@
PEM read (DES-CBC + invalid iv)
mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: DES-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+PEM read (AES-128-CBC + invalid iv)
+depends_on:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
+mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-128-CBC,00$":"pwd":MBEDTLS_ERR_PEM_INVALID_ENC_IV
+
PEM read (unknown encryption algorithm)
depends_on:MBEDTLS_AES_C
mbedtls_pem_read_buffer:"^":"$":"^\nProc-Type\: 4,ENCRYPTED\nDEK-Info\: AES-,00$":"pwd":MBEDTLS_ERR_PEM_UNKNOWN_ENC_ALG
diff --git a/tests/suites/test_suite_pk.function b/tests/suites/test_suite_pk.function
index 4f24a46..c17037f 100644
--- a/tests/suites/test_suite_pk.function
+++ b/tests/suites/test_suite_pk.function
@@ -133,12 +133,10 @@
size_t len;
mbedtls_pk_debug_item dbg;
- PSA_ASSERT(psa_crypto_init());
-
mbedtls_pk_init(&pk);
mbedtls_pk_init(&pk2);
- TEST_ASSERT(psa_crypto_init() == PSA_SUCCESS);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup_opaque(&pk, MBEDTLS_SVC_KEY_ID_INIT) ==
MBEDTLS_ERR_PK_BAD_INPUT_DATA);
@@ -212,6 +210,7 @@
void *options = NULL;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_VALID_PARAM(mbedtls_pk_free(NULL));
@@ -292,6 +291,9 @@
TEST_ASSERT(mbedtls_pk_parse_public_key(&pk, NULL, 0) ==
MBEDTLS_ERR_PK_KEY_INVALID_FORMAT);
#endif /* MBEDTLS_PK_PARSE_C */
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -302,6 +304,8 @@
/* For the write tests to be effective, we need a valid key pair. */
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_pk_parse_key(&pk,
key_data->x, key_data->len,
NULL, 0) == 0);
@@ -322,6 +326,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -342,6 +347,7 @@
(void) str;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_INVALID_PARAM(mbedtls_pk_init(NULL));
@@ -591,6 +597,8 @@
#endif /* MBEDTLS_PEM_WRITE_C */
#endif /* MBEDTLS_PK_WRITE_C */
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -600,6 +608,7 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(type)) == 0);
TEST_ASSERT(pk_genkey(&pk, parameter) == 0);
@@ -612,6 +621,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -623,6 +633,7 @@
mbedtls_pk_init(&pub);
mbedtls_pk_init(&prv);
mbedtls_pk_init(&alt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&pub, pub_file) == 0);
TEST_ASSERT(mbedtls_pk_parse_keyfile(&prv, prv_file, NULL) == 0);
@@ -638,9 +649,11 @@
}
#endif
+exit:
mbedtls_pk_free(&pub);
mbedtls_pk_free(&prv);
mbedtls_pk_free(&alt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -663,6 +676,7 @@
#endif
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
memset(hash_result, 0x00, MBEDTLS_MD_MAX_SIZE);
@@ -691,6 +705,7 @@
mbedtls_pk_restart_free(rs_ctx);
#endif
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -709,6 +724,7 @@
size_t hash_len;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
memset(hash_result, 0x00, sizeof(hash_result));
@@ -744,6 +760,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -795,6 +812,7 @@
mbedtls_pk_init(&pub);
memset(hash, 0, sizeof(hash));
memset(sig, 0, sizeof(sig));
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&prv, mbedtls_pk_info_from_type(pk_type)) == 0);
TEST_ASSERT(mbedtls_ecp_group_load(&mbedtls_pk_ec(prv)->grp, grp_id) == 0);
@@ -872,6 +890,7 @@
mbedtls_pk_restart_free(&rs_ctx);
mbedtls_pk_free(&prv);
mbedtls_pk_free(&pub);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -896,7 +915,7 @@
#endif
hash_len = mbedtls_md_get_size(mbedtls_md_info_from_type(md));
- ASSERT_ALLOC(hash, hash_len);
+ TEST_CALLOC(hash, hash_len);
mbedtls_pk_init(&pk);
USE_PSA_INIT();
@@ -980,8 +999,8 @@
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
memset(output, 0, sizeof(output));
-
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk, mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
rsa = mbedtls_pk_rsa(pk);
@@ -997,6 +1016,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1016,6 +1036,7 @@
mbedtls_pk_init(&pk);
mbedtls_mpi_init(&N); mbedtls_mpi_init(&P);
mbedtls_mpi_init(&Q); mbedtls_mpi_init(&E);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
@@ -1050,6 +1071,7 @@
mbedtls_mpi_free(&N); mbedtls_mpi_free(&P);
mbedtls_mpi_free(&Q); mbedtls_mpi_free(&E);
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1064,6 +1086,7 @@
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
memset(&rnd_info, 0, sizeof(mbedtls_test_rnd_pseudo_info));
memset(output, 0, sizeof(output));
@@ -1081,6 +1104,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1088,7 +1112,7 @@
void pk_rsa_overflow()
{
mbedtls_pk_context pk;
- size_t hash_len = SIZE_MAX, sig_len = SIZE_MAX;
+ size_t hash_len = UINT_MAX + 1, sig_len = UINT_MAX + 1;
unsigned char hash[50], sig[100];
if (SIZE_MAX <= UINT_MAX) {
@@ -1099,6 +1123,7 @@
memset(sig, 0, sizeof(sig));
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_RSA)) == 0);
@@ -1118,6 +1143,7 @@
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1138,7 +1164,9 @@
int ret = MBEDTLS_ERR_PK_TYPE_MISMATCH;
mbedtls_rsa_init(&raw, MBEDTLS_RSA_PKCS_V15, MBEDTLS_MD_NONE);
- mbedtls_pk_init(&rsa); mbedtls_pk_init(&alt);
+ mbedtls_pk_init(&rsa);
+ mbedtls_pk_init(&alt);
+ USE_PSA_INIT();
memset(hash, 0x2a, sizeof(hash));
memset(sig, 0, sizeof(sig));
@@ -1199,7 +1227,9 @@
exit:
mbedtls_rsa_free(&raw);
- mbedtls_pk_free(&rsa); mbedtls_pk_free(&alt);
+ mbedtls_pk_free(&rsa);
+ mbedtls_pk_free(&alt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1229,10 +1259,10 @@
* - parse it to a PK context and verify the signature this way
*/
- PSA_ASSERT(psa_crypto_init());
-
/* Create legacy EC public/private key in PK context. */
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_pk_setup(&pk,
mbedtls_pk_info_from_type(MBEDTLS_PK_ECKEY)) == 0);
TEST_ASSERT(mbedtls_ecp_gen_key(grpid,
diff --git a/tests/suites/test_suite_pkcs12.function b/tests/suites/test_suite_pkcs12.function
index 17d2ed7..0d39912 100644
--- a/tests/suites/test_suite_pkcs12.function
+++ b/tests/suites/test_suite_pkcs12.function
@@ -42,7 +42,7 @@
salt_len = salt_arg->len;
- ASSERT_ALLOC(output_data, key_size);
+ TEST_CALLOC(output_data, key_size);
int ret = mbedtls_pkcs12_derivation(output_data,
key_size,
@@ -57,8 +57,8 @@
TEST_EQUAL(ret, expected_status);
if (expected_status == 0) {
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output_data, key_size);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output_data, key_size);
}
exit:
diff --git a/tests/suites/test_suite_pkcs1_v21.function b/tests/suites/test_suite_pkcs1_v21.function
index bf99df6..0ecd4a7 100644
--- a/tests/suites/test_suite_pkcs1_v21.function
+++ b/tests/suites/test_suite_pkcs1_v21.function
@@ -42,7 +42,7 @@
message_str->len, message_str->x,
output) == result);
if (result == 0) {
- ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
+ TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
exit:
@@ -98,7 +98,7 @@
output,
sizeof(output)) == result);
if (result == 0) {
- ASSERT_COMPARE(output, output_len, result_str->x, result_str->len);
+ TEST_MEMORY_COMPARE(output, output_len, result_str->x, result_str->len);
}
}
@@ -154,7 +154,7 @@
&info, MBEDTLS_RSA_PRIVATE, digest, 0,
hash_result, output) == result);
if (result == 0) {
- ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
+ TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
info.buf = rnd_buf->x;
@@ -165,7 +165,7 @@
&info, digest, 0, hash_result,
fixed_salt_length, output) == result);
if (result == 0) {
- ASSERT_COMPARE(output, ctx.len, result_str->x, result_str->len);
+ TEST_MEMORY_COMPARE(output, ctx.len, result_str->x, result_str->len);
}
exit:
diff --git a/tests/suites/test_suite_pkparse.data b/tests/suites/test_suite_pkparse.data
index 8b0449e..9108a21 100644
--- a/tests/suites/test_suite_pkparse.data
+++ b/tests/suites/test_suite_pkparse.data
@@ -1,13 +1,13 @@
Parse RSA Key #1 (No password when required)
-depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"NULL":MBEDTLS_ERR_PK_PASSWORD_REQUIRED
Parse RSA Key #2 (Correct password)
-depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLTest":0
Parse RSA Key #3 (Wrong password)
-depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_DES_C
+depends_on:MBEDTLS_MD5_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_AES_C
pk_parse_keyfile_rsa:"data_files/test-ca.key":"PolarSSLWRONG":MBEDTLS_ERR_PK_PASSWORD_MISMATCH
Parse RSA Key #4 (DES Encrypted)
diff --git a/tests/suites/test_suite_pkparse.function b/tests/suites/test_suite_pkparse.function
index f2f5e97..d6b6984 100644
--- a/tests/suites/test_suite_pkparse.function
+++ b/tests/suites/test_suite_pkparse.function
@@ -17,6 +17,7 @@
char *pwd = password;
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
if (strcmp(pwd, "NULL") == 0) {
pwd = NULL;
@@ -35,6 +36,7 @@
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -45,6 +47,7 @@
int res;
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
@@ -59,6 +62,7 @@
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -69,6 +73,7 @@
int res;
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
res = mbedtls_pk_parse_public_keyfile(&ctx, key_file);
@@ -83,6 +88,7 @@
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -93,6 +99,7 @@
int res;
mbedtls_pk_init(&ctx);
+ USE_PSA_INIT();
res = mbedtls_pk_parse_keyfile(&ctx, key_file, password);
@@ -107,6 +114,7 @@
exit:
mbedtls_pk_free(&ctx);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -116,10 +124,12 @@
mbedtls_pk_context pk;
mbedtls_pk_init(&pk);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_key(&pk, buf->x, buf->len, NULL, 0) == result);
exit:
mbedtls_pk_free(&pk);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_pkwrite.data b/tests/suites/test_suite_pkwrite.data
index e0101cc..f10bdd6 100644
--- a/tests/suites/test_suite_pkwrite.data
+++ b/tests/suites/test_suite_pkwrite.data
@@ -1,47 +1,107 @@
Public key write check RSA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_pubkey_check:"data_files/server1.pubkey"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_pubkey_check:"data_files/server1.pubkey":TEST_PEM
+
+Public key write check RSA (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_pubkey_check:"data_files/server1.pubkey.der":TEST_DER
Public key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_pubkey_check:"data_files/rsa4096_pub.pem"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_pubkey_check:"data_files/rsa4096_pub.pem":TEST_PEM
+
+Public key write check RSA 4096 (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_pubkey_check:"data_files/rsa4096_pub.der":TEST_DER
Public key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_pub.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_pub.pem":TEST_PEM
+
+Public key write check EC 192 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_pub.der":TEST_DER
Public key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_521_pub.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_521_pub.pem":TEST_PEM
+
+Public key write check EC 521 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_521_pub.der":TEST_DER
Public key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_write_pubkey_check:"data_files/ec_bp512_pub.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_bp512_pub.pem":TEST_PEM
+
+Public key write check EC Brainpool 512 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_pubkey_check:"data_files/ec_bp512_pub.der":TEST_DER
Private key write check RSA
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_key_check:"data_files/server1.key"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_key_check:"data_files/server1.key":TEST_PEM
+
+Private key write check RSA (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_key_check:"data_files/server1.key.der":TEST_DER
Private key write check RSA 4096
-depends_on:MBEDTLS_RSA_C:MBEDTLS_BASE64_C
-pk_write_key_check:"data_files/rsa4096_prv.pem"
+depends_on:MBEDTLS_RSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C
+pk_write_key_check:"data_files/rsa4096_prv.pem":TEST_PEM
+
+Private key write check RSA 4096 (DER)
+depends_on:MBEDTLS_RSA_C
+pk_write_key_check:"data_files/rsa4096_prv.der":TEST_DER
Private key write check EC 192 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
-pk_write_key_check:"data_files/ec_prv.sec1.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_key_check:"data_files/ec_prv.sec1.pem":TEST_PEM
+
+Private key write check EC 192 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_key_check:"data_files/ec_prv.sec1.der":TEST_DER
Private key write check EC 256 bits (top bit set)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
-pk_write_key_check:"data_files/ec_256_long_prv.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_write_key_check:"data_files/ec_256_long_prv.pem":TEST_PEM
+
+Private key write check EC 256 bits (top bit set) (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED
+pk_write_key_check:"data_files/ec_256_long_prv.der":TEST_DER
Private key write check EC 521 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_key_check:"data_files/ec_521_prv.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_prv.pem":TEST_PEM
+
+Private key write check EC 521 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_prv.der":TEST_DER
Private key write check EC 521 bits (top byte is 0)
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
-pk_write_key_check:"data_files/ec_521_short_prv.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_short_prv.pem":TEST_PEM
+
+Private key write check EC 521 bits (top byte is 0) (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_key_check:"data_files/ec_521_short_prv.der":TEST_DER
Private key write check EC Brainpool 512 bits
-depends_on:MBEDTLS_ECP_C:MBEDTLS_BASE64_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
-pk_write_key_check:"data_files/ec_bp512_prv.pem"
+depends_on:MBEDTLS_ECP_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_PEM_WRITE_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_key_check:"data_files/ec_bp512_prv.pem":TEST_PEM
+
+Private key write check EC Brainpool 512 bits (DER)
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_key_check:"data_files/ec_bp512_prv.der":TEST_DER
+
+Derive public key EC 192 bits
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED
+pk_write_public_from_private:"data_files/ec_prv.sec1.der":"data_files/ec_pub.der"
+
+Derive public key EC 521 bits
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_SECP521R1_ENABLED
+pk_write_public_from_private:"data_files/ec_521_prv.der":"data_files/ec_521_pub.der"
+
+Derive public key EC Brainpool 512 bits
+depends_on:MBEDTLS_ECP_C:MBEDTLS_ECP_DP_BP512R1_ENABLED
+pk_write_public_from_private:"data_files/ec_bp512_prv.der":"data_files/ec_bp512_pub.der"
diff --git a/tests/suites/test_suite_pkwrite.function b/tests/suites/test_suite_pkwrite.function
index a49846b..d1f7813 100644
--- a/tests/suites/test_suite_pkwrite.function
+++ b/tests/suites/test_suite_pkwrite.function
@@ -2,6 +2,106 @@
#include "mbedtls/pk.h"
#include "mbedtls/pem.h"
#include "mbedtls/oid.h"
+#include "psa/crypto_sizes.h"
+
+typedef enum {
+ TEST_PEM,
+ TEST_DER
+} pkwrite_file_format_t;
+
+/* Helper function for removing "\r" chars from a buffer. */
+static void fix_new_lines(unsigned char *in_str, size_t *len)
+{
+ size_t chars_left;
+ unsigned int i;
+
+ for (i = 0; (i < *len) && (*len > 0); i++) {
+ if (in_str[i] == '\r') {
+ if (i < (*len - 1)) {
+ chars_left = *len - i - 1;
+ memmove(&in_str[i], &in_str[i+1], chars_left);
+ } else {
+ in_str[i] = '\0';
+ }
+ *len = *len - 1;
+ }
+ }
+}
+
+static void pk_write_check_common(char *key_file, int is_public_key, int is_der)
+{
+ mbedtls_pk_context key;
+ unsigned char *buf = NULL;
+ unsigned char *check_buf = NULL;
+ unsigned char *start_buf;
+ size_t buf_len, check_buf_len;
+ int ret;
+
+ mbedtls_pk_init(&key);
+ USE_PSA_INIT();
+
+ /* Note: if mbedtls_pk_load_file() successfully reads the file, then
+ it also allocates check_buf, which should be freed on exit */
+ TEST_EQUAL(mbedtls_pk_load_file(key_file, &check_buf, &check_buf_len), 0);
+ TEST_ASSERT(check_buf_len > 0);
+
+ /* Windows' line ending is different from the Linux's one ("\r\n" vs "\n").
+ * Git treats PEM files as text, so when on Windows, it replaces new lines
+ * with "\r\n" on checkout.
+ * Unfortunately mbedtls_pk_load_file() loads files in binary format,
+ * while mbedtls_pk_write_pubkey_pem() goes through the I/O layer which
+ * uses "\n" for newlines in both Windows and Linux.
+ * Here we remove the extra "\r" so that "buf" and "check_buf" can be
+ * easily compared later. */
+ if (!is_der) {
+ fix_new_lines(check_buf, &check_buf_len);
+ }
+ TEST_ASSERT(check_buf_len > 0);
+
+ TEST_CALLOC(buf, check_buf_len);
+
+ if (is_public_key) {
+ TEST_EQUAL(mbedtls_pk_parse_public_keyfile(&key, key_file), 0);
+ if (is_der) {
+ ret = mbedtls_pk_write_pubkey_der(&key, buf, check_buf_len);
+ } else {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ ret = mbedtls_pk_write_pubkey_pem(&key, buf, check_buf_len);
+#else
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
+ }
+ } else {
+ TEST_EQUAL(mbedtls_pk_parse_keyfile(&key, key_file, NULL), 0);
+ if (is_der) {
+ ret = mbedtls_pk_write_key_der(&key, buf, check_buf_len);
+ } else {
+#if defined(MBEDTLS_PEM_WRITE_C)
+ ret = mbedtls_pk_write_key_pem(&key, buf, check_buf_len);
+#else
+ ret = MBEDTLS_ERR_PK_FEATURE_UNAVAILABLE;
+#endif
+ }
+ }
+
+ if (is_der) {
+ TEST_LE_U(1, ret);
+ buf_len = ret;
+ start_buf = buf + check_buf_len - buf_len;
+ } else {
+ TEST_EQUAL(ret, 0);
+ buf_len = strlen((char *) buf) + 1; /* +1 takes the string terminator into account */
+ start_buf = buf;
+ }
+
+ TEST_MEMORY_COMPARE(start_buf, buf_len, check_buf, check_buf_len);
+
+exit:
+ mbedtls_free(buf);
+ mbedtls_free(check_buf);
+ mbedtls_pk_free(&key);
+ USE_PSA_DONE();
+}
/* END_HEADER */
/* BEGIN_DEPENDENCIES
@@ -9,80 +109,70 @@
* END_DEPENDENCIES
*/
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_pubkey_check(char *key_file)
+/* BEGIN_CASE */
+void pk_write_pubkey_check(char *key_file, int is_der)
{
- mbedtls_pk_context key;
- unsigned char buf[5000];
- unsigned char check_buf[5000];
- int ret;
- FILE *f;
- size_t ilen, pem_len, buf_index;
-
- memset(buf, 0, sizeof(buf));
- memset(check_buf, 0, sizeof(check_buf));
-
- mbedtls_pk_init(&key);
- TEST_ASSERT(mbedtls_pk_parse_public_keyfile(&key, key_file) == 0);
-
- ret = mbedtls_pk_write_pubkey_pem(&key, buf, sizeof(buf));
- TEST_ASSERT(ret == 0);
-
- pem_len = strlen((char *) buf);
-
- // check that the rest of the buffer remains clear
- for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
- TEST_ASSERT(buf[buf_index] == 0);
- }
-
- f = fopen(key_file, "r");
- TEST_ASSERT(f != NULL);
- ilen = fread(check_buf, 1, sizeof(check_buf), f);
- fclose(f);
-
- TEST_ASSERT(ilen == pem_len);
- TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
-
-exit:
- mbedtls_pk_free(&key);
+ pk_write_check_common(key_file, 1, is_der);
+ goto exit; /* make the compiler happy */
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_PEM_WRITE_C */
-void pk_write_key_check(char *key_file)
+/* BEGIN_CASE */
+void pk_write_key_check(char *key_file, int is_der)
{
- mbedtls_pk_context key;
- unsigned char buf[5000];
- unsigned char check_buf[5000];
- int ret;
- FILE *f;
- size_t ilen, pem_len, buf_index;
+ pk_write_check_common(key_file, 0, is_der);
+ goto exit; /* make the compiler happy */
+}
+/* END_CASE */
- memset(buf, 0, sizeof(buf));
- memset(check_buf, 0, sizeof(check_buf));
+/* BEGIN_CASE */
+void pk_write_public_from_private(char *priv_key_file, char *pub_key_file)
+{
+ mbedtls_pk_context priv_key;
+ uint8_t *derived_key_raw = NULL;
+ size_t derived_key_len = 0;
+ uint8_t *pub_key_raw = NULL;
+ size_t pub_key_len = 0;
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_svc_key_id_t opaque_key_id = MBEDTLS_SVC_KEY_ID_INIT;
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
- mbedtls_pk_init(&key);
- TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
+ mbedtls_pk_init(&priv_key);
+ USE_PSA_INIT();
- ret = mbedtls_pk_write_key_pem(&key, buf, sizeof(buf));
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(mbedtls_pk_parse_keyfile(&priv_key, priv_key_file, NULL), 0);
+ TEST_EQUAL(mbedtls_pk_load_file(pub_key_file, &pub_key_raw,
+ &pub_key_len), 0);
- pem_len = strlen((char *) buf);
+ derived_key_len = pub_key_len;
+ TEST_CALLOC(derived_key_raw, derived_key_len);
- // check that the rest of the buffer remains clear
- for (buf_index = pem_len; buf_index < sizeof(buf); ++buf_index) {
- TEST_ASSERT(buf[buf_index] == 0);
- }
+ TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
+ derived_key_len), pub_key_len);
- f = fopen(key_file, "r");
- TEST_ASSERT(f != NULL);
- ilen = fread(check_buf, 1, sizeof(check_buf), f);
- fclose(f);
+ TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len,
+ pub_key_raw, pub_key_len);
- TEST_ASSERT(ilen == strlen((char *) buf));
- TEST_ASSERT(memcmp((char *) buf, (char *) check_buf, ilen) == 0);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ mbedtls_platform_zeroize(derived_key_raw, derived_key_len);
+
+ TEST_EQUAL(mbedtls_pk_wrap_as_opaque(&priv_key, &opaque_key_id,
+ PSA_ALG_NONE), 0);
+
+ TEST_EQUAL(mbedtls_pk_write_pubkey_der(&priv_key, derived_key_raw,
+ derived_key_len), pub_key_len);
+
+ TEST_MEMORY_COMPARE(derived_key_raw, derived_key_len,
+ pub_key_raw, pub_key_len);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
exit:
- mbedtls_pk_free(&key);
+#if defined(MBEDTLS_USE_PSA_CRYPTO)
+ psa_destroy_key(opaque_key_id);
+#endif /* MBEDTLS_USE_PSA_CRYPTO */
+ mbedtls_free(derived_key_raw);
+ mbedtls_free(pub_key_raw);
+ mbedtls_pk_free(&priv_key);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_platform_printf.data b/tests/suites/test_suite_platform_printf.data
new file mode 100644
index 0000000..891771b
--- /dev/null
+++ b/tests/suites/test_suite_platform_printf.data
@@ -0,0 +1,114 @@
+# The test cases for printf and integers have two purposes: they exercise
+# the printf function family, and they exercise the passing of integers
+# and strings through the test framework.
+
+printf "%d", 0
+printf_int:"%d":0:"0"
+
+printf "%d", -0
+printf_int:"%d":-0:"0"
+
+printf "%d", 0x0
+printf_int:"%d":0x0:"0"
+
+printf "%d", 0x00
+printf_int:"%d":0x00:"0"
+
+printf "%d", 0x000000000000000000000000000000000000000000
+printf_int:"%d":0x000000000000000000000000000000000000000000:"0"
+
+printf "%d", -0x0
+printf_int:"%d":-0x0:"0"
+
+printf "%d", 1
+printf_int:"%d":1:"1"
+
+printf "%d", 0x1
+printf_int:"%d":0x1:"1"
+
+printf "%d", 0x0000000000000000000000000000000000000000001
+printf_int:"%d":0x0000000000000000000000000000000000000000001:"1"
+
+printf "%d", -1
+printf_int:"%d":-1:"-1"
+
+printf "%d", -0x1
+printf_int:"%d":-0x1:"-1"
+
+printf "%d", -0x0000000000000000000000000000000000000000001
+printf_int:"%d":-0x0000000000000000000000000000000000000000001:"-1"
+
+printf "%d", 2147483647
+printf_int:"%d":2147483647:"2147483647"
+
+printf "%d", 0x7fffffff
+printf_int:"%d":0x7fffffff:"2147483647"
+
+printf "%d", -2147483647
+printf_int:"%d":-2147483647:"-2147483647"
+
+printf "%d", -0x7fffffff
+printf_int:"%d":-0x7fffffff:"-2147483647"
+
+printf "%d", -2147483648
+printf_int:"%d":-2147483648:"-2147483648"
+
+printf "%d", -0x80000000
+printf_int:"%d":-0x80000000:"-2147483648"
+
+# Test that LONG_MAX is coming out untruncated through the test framework.
+printf "%lx", LONG_MAX
+printf_long_max:"%lx":LONG_MAX
+
+# The next few test cases exercise how the test framework handles special
+# characters in strings.
+printf "%c%c", SPACE, SPACE
+printf_char2:"%c%c":SPACE_CHAR:SPACE_CHAR:" "
+
+printf "%c%c", NEWLINE, SPACE
+printf_char2:"%c%c":NEWLINE_CHAR:SPACE_CHAR:"\n "
+
+printf "%c%c", DOUBLE QUOTE, SPACE
+printf_char2:"%c%c":DOUBLE_QUOTE_CHAR:SPACE_CHAR:"\" "
+
+printf "%c%c", COLON, SPACE
+printf_char2:"%c%c":COLON_CHAR:SPACE_CHAR:"\: "
+
+printf "%c%c", QUESTION, SPACE
+printf_char2:"%c%c":QUESTION_CHAR:SPACE_CHAR:"? "
+
+printf "%c%c", BACKSLASH, SPACE
+printf_char2:"%c%c":BACKSLASH_CHAR:SPACE_CHAR:"\\ "
+
+printf "%c%c", SPACE, BACKSLASH
+printf_char2:"%c%c":SPACE_CHAR:BACKSLASH_CHAR:" \\"
+
+printf "%c%c", COLON, COLON
+printf_char2:"%c%c":COLON_CHAR:COLON_CHAR:"\:\:"
+
+printf "%c%c", COLON, NEWLINE
+printf_char2:"%c%c":COLON_CHAR:NEWLINE_CHAR:"\:\n"
+
+printf "%c%c", QUESTION, QUESTION
+printf_char2:"%c%c":QUESTION_CHAR:QUESTION_CHAR:"??"
+
+printf "%c%c", QUESTION, NEWLINE
+printf_char2:"%c%c":QUESTION_CHAR:NEWLINE_CHAR:"?\n"
+
+printf "%c%c", BACKSLASH, NEWLINE
+printf_char2:"%c%c":BACKSLASH_CHAR:NEWLINE_CHAR:"\\\n"
+
+printf "%c%c", BACKSLASH, DOUBLE QUOTE
+printf_char2:"%c%c":BACKSLASH_CHAR:DOUBLE_QUOTE_CHAR:"\\\""
+
+printf "%c%c", BACKSLASH, COLON
+printf_char2:"%c%c":BACKSLASH_CHAR:COLON_CHAR:"\\\:"
+
+printf "%c%c", BACKSLASH, QUESTION
+printf_char2:"%c%c":BACKSLASH_CHAR:QUESTION_CHAR:"\\?"
+
+printf "%c%c", BACKSLASH, BACKSLASH
+printf_char2:"%c%c":BACKSLASH_CHAR:BACKSLASH_CHAR:"\\\\"
+
+printf "%c%c", BACKSLASH, n
+printf_char2:"%c%c":BACKSLASH_CHAR:LOWERCASE_N_CHAR:"\\n"
diff --git a/tests/suites/test_suite_platform_printf.function b/tests/suites/test_suite_platform_printf.function
new file mode 100644
index 0000000..643accf
--- /dev/null
+++ b/tests/suites/test_suite_platform_printf.function
@@ -0,0 +1,89 @@
+/* BEGIN_HEADER */
+
+/* The printf test functions take a format argument from the test data
+ * for several reasons:
+ * - For some tests, it makes sense to vary the format.
+ * - For all tests, it means we're testing the actual printf function
+ * that parses the format at runtime, and not a compiler optimization.
+ * (It may be useful to add tests that allow compiler optimizations.
+ * There aren't any yet at the time of writing.)
+ */
+
+#include "mbedtls/platform.h"
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#define NEWLINE_CHAR '\n'
+#define SPACE_CHAR ' '
+#define DOUBLE_QUOTE_CHAR '"'
+#define COLON_CHAR ':'
+#define QUESTION_CHAR '?'
+#define BACKSLASH_CHAR '\\'
+#define LOWERCASE_N_CHAR 'n'
+/* END_HEADER */
+
+/* BEGIN_CASE */
+void printf_int(char *format, /* any format expecting one int argument, e.g. "%d" */
+ int x, char *result)
+{
+ char *output = NULL;
+ const size_t n = strlen(result);
+
+ /* Nominal case: buffer just large enough */
+ TEST_CALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, x));
+ TEST_MEMORY_COMPARE(result, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void printf_long_max(const char *format, /* "%lx" or longer type */
+ long value)
+{
+ char *expected = NULL;
+ char *output = NULL;
+ /* 2 hex digits per byte */
+ const size_t n = sizeof(value) * 2;
+
+ /* We assume that long has no padding bits! */
+ TEST_CALLOC(expected, n + 1);
+ expected[0] = '7';
+ memset(expected + 1, 'f', sizeof(value) * 2 - 1);
+
+ TEST_CALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, value));
+ TEST_MEMORY_COMPARE(expected, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+ mbedtls_free(expected);
+}
+/* END_CASE */
+
+/* BEGIN_CASE */
+void printf_char2(char *format, /* "%c%c" */
+ int arg1, int arg2, char *result)
+{
+ char *output = NULL;
+ const size_t n = strlen(result);
+
+ /* Nominal case: buffer just large enough */
+ TEST_CALLOC(output, n + 1);
+ TEST_EQUAL(n, mbedtls_snprintf(output, n + 1, format, arg1, arg2));
+ TEST_MEMORY_COMPARE(result, n + 1, output, n + 1);
+ mbedtls_free(output);
+ output = NULL;
+
+exit:
+ mbedtls_free(output);
+}
+/* END_CASE */
diff --git a/tests/suites/test_suite_poly1305.function b/tests/suites/test_suite_poly1305.function
index 1a0e388..c391c86 100644
--- a/tests/suites/test_suite_poly1305.function
+++ b/tests/suites/test_suite_poly1305.function
@@ -22,8 +22,8 @@
TEST_ASSERT(mbedtls_poly1305_mac(key->x, src_str->x,
src_str->len, mac) == 0);
- ASSERT_COMPARE(mac, expected_mac->len,
- expected_mac->x, expected_mac->len);
+ TEST_MEMORY_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
/*
* Test the streaming API
@@ -36,8 +36,8 @@
TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE(mac, expected_mac->len,
- expected_mac->x, expected_mac->len);
+ TEST_MEMORY_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
/*
* Test the streaming API again, piecewise
@@ -53,8 +53,8 @@
TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE(mac, expected_mac->len,
- expected_mac->x, expected_mac->len);
+ TEST_MEMORY_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
}
/*
@@ -69,8 +69,8 @@
TEST_ASSERT(mbedtls_poly1305_finish(&ctx, mac) == 0);
- ASSERT_COMPARE(mac, expected_mac->len,
- expected_mac->x, expected_mac->len);
+ TEST_MEMORY_COMPARE(mac, expected_mac->len,
+ expected_mac->x, expected_mac->len);
}
mbedtls_poly1305_free(&ctx);
diff --git a/tests/suites/test_suite_psa_crypto.data b/tests/suites/test_suite_psa_crypto.data
index aad1bf2..03cc2ff 100644
--- a/tests/suites/test_suite_psa_crypto.data
+++ b/tests/suites/test_suite_psa_crypto.data
@@ -2428,7 +2428,7 @@
aead_encrypt_decrypt:PSA_KEY_TYPE_AES:"D7828D13B2B0BDC325A76236DF93CC6B":PSA_ALG_CTR:"000102030405060708090A0B0C0D0E0F":"":"":PSA_ERROR_NOT_SUPPORTED
PSA AEAD encrypt/decrypt: invalid algorithm (ChaCha20)
-depends_on:MBEDTLS_CHACHA20_C
+depends_on:PSA_WANT_KEY_TYPE_CHACHA20
aead_encrypt_decrypt:PSA_KEY_TYPE_CHACHA20:"808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9f":PSA_ALG_STREAM_CIPHER:"":"":"":PSA_ERROR_NOT_SUPPORTED
PSA signature size: RSA keypair, 1024 bits, PKCS#1 v1.5 raw
diff --git a/tests/suites/test_suite_psa_crypto.function b/tests/suites/test_suite_psa_crypto.function
index 5bd7b36..0db5bff 100644
--- a/tests/suites/test_suite_psa_crypto.function
+++ b/tests/suites/test_suite_psa_crypto.function
@@ -471,7 +471,7 @@
/* Skip the test case if the target running the test cannot
* accommodate large keys due to heap size constraints */
- ASSERT_ALLOC_WEAK(buffer, buffer_size);
+ TEST_CALLOC_OR_SKIP(buffer, buffer_size);
memset(buffer, 'K', byte_size);
PSA_ASSERT(psa_crypto_init());
@@ -533,7 +533,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
PSA_ASSERT(psa_crypto_init());
- ASSERT_ALLOC(buffer, buffer_size);
+ TEST_CALLOC(buffer, buffer_size);
TEST_ASSERT((ret = construct_fake_rsa_key(buffer, buffer_size, &p,
bits, keypair)) >= 0);
@@ -578,9 +578,9 @@
psa_key_attributes_t got_attributes = PSA_KEY_ATTRIBUTES_INIT;
export_size = (ptrdiff_t) data->len + export_size_delta;
- ASSERT_ALLOC(exported, export_size);
+ TEST_CALLOC(exported, export_size);
if (!canonical_input) {
- ASSERT_ALLOC(reexported, export_size);
+ TEST_CALLOC(reexported, export_size);
}
PSA_ASSERT(psa_crypto_init());
@@ -623,7 +623,7 @@
}
if (canonical_input) {
- ASSERT_COMPARE(data->x, data->len, exported, exported_length);
+ TEST_MEMORY_COMPARE(data->x, data->len, exported, exported_length);
} else {
mbedtls_svc_key_id_t key2 = MBEDTLS_SVC_KEY_ID_INIT;
PSA_ASSERT(psa_import_key(&attributes, exported, exported_length,
@@ -632,8 +632,8 @@
reexported,
export_size,
&reexported_length));
- ASSERT_COMPARE(exported, exported_length,
- reexported, reexported_length);
+ TEST_MEMORY_COMPARE(exported, exported_length,
+ reexported, reexported_length);
PSA_ASSERT(psa_destroy_key(key2));
}
TEST_ASSERT(exported_length <=
@@ -687,7 +687,7 @@
PSA_ASSERT(psa_import_key(&attributes, data->x, data->len, &key));
/* Export the public key */
- ASSERT_ALLOC(exported, export_size);
+ TEST_CALLOC(exported, export_size);
status = psa_export_public_key(key,
exported, export_size,
&exported_length);
@@ -703,8 +703,8 @@
PSA_EXPORT_PUBLIC_KEY_OUTPUT_SIZE(public_type, bits));
TEST_LE_U(expected_public_key->len,
PSA_EXPORT_PUBLIC_KEY_MAX_SIZE);
- ASSERT_COMPARE(expected_public_key->x, expected_public_key->len,
- exported, exported_length);
+ TEST_MEMORY_COMPARE(expected_public_key->x, expected_public_key->len,
+ exported, exported_length);
}
exit:
@@ -1081,7 +1081,7 @@
key_bits = psa_get_key_bits(&attributes);
buffer_length = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits,
exercise_alg);
- ASSERT_ALLOC(buffer, buffer_length);
+ TEST_CALLOC(buffer, buffer_length);
status = psa_asymmetric_encrypt(key, exercise_alg,
NULL, 0,
@@ -1446,11 +1446,11 @@
psa_get_key_enrollment_algorithm(&target_attributes));
if (expected_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC(export_buffer, material->len);
+ TEST_CALLOC(export_buffer, material->len);
PSA_ASSERT(psa_export_key(target_key, export_buffer,
material->len, &length));
- ASSERT_COMPARE(material->x, material->len,
- export_buffer, length);
+ TEST_MEMORY_COMPARE(material->x, material->len,
+ export_buffer, length);
}
if (!mbedtls_test_psa_exercise_key(target_key, expected_usage, expected_alg)) {
@@ -1599,7 +1599,7 @@
psa_status_t expected_status = expected_status_arg;
psa_status_t status;
- ASSERT_ALLOC(output, output_size);
+ TEST_CALLOC(output, output_size);
PSA_ASSERT(psa_crypto_init());
@@ -1650,16 +1650,16 @@
output, PSA_HASH_LENGTH(alg),
&output_length));
TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg));
- ASSERT_COMPARE(output, output_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
/* Compute with larger buffer */
PSA_ASSERT(psa_hash_compute(alg, input->x, input->len,
output, sizeof(output),
&output_length));
TEST_EQUAL(output_length, PSA_HASH_LENGTH(alg));
- ASSERT_COMPARE(output, output_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
/* Compare with correct hash */
PSA_ASSERT(psa_hash_compare(alg, input->x, input->len,
@@ -2187,7 +2187,7 @@
PSA_ERROR_BUFFER_TOO_SMALL);
mbedtls_test_set_step(output_size);
- ASSERT_ALLOC(actual_mac, output_size);
+ TEST_CALLOC(actual_mac, output_size);
/* Calculate the MAC, one-shot case. */
TEST_EQUAL(psa_mac_compute(key, alg,
@@ -2195,8 +2195,8 @@
actual_mac, output_size, &mac_length),
expected_status);
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_mac->x, expected_mac->len,
- actual_mac, mac_length);
+ TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
}
if (output_size > 0) {
@@ -2214,8 +2214,8 @@
PSA_ASSERT(psa_mac_abort(&operation));
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_mac->x, expected_mac->len,
- actual_mac, mac_length);
+ TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
}
mbedtls_free(actual_mac);
actual_mac = NULL;
@@ -2283,7 +2283,7 @@
PSA_ERROR_INVALID_SIGNATURE);
/* Test a MAC that's too long, one-shot case. */
- ASSERT_ALLOC(perturbed_mac, expected_mac->len + 1);
+ TEST_CALLOC(perturbed_mac, expected_mac->len + 1);
memcpy(perturbed_mac, expected_mac->x, expected_mac->len);
TEST_EQUAL(psa_mac_verify(key, alg,
input->x, input->len,
@@ -2608,7 +2608,7 @@
output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg,
input->len);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@@ -2662,7 +2662,7 @@
&key));
output_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg,
plaintext->len);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
/* set_iv() is not allowed */
PSA_ASSERT(psa_cipher_encrypt_setup(&operation, key, alg));
@@ -2697,8 +2697,8 @@
output_buffer_size - output_length,
&length));
output_length += length;
- ASSERT_COMPARE(ciphertext->x, ciphertext->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len,
+ output, output_length);
/* Multipart encryption */
PSA_ASSERT(psa_cipher_decrypt_setup(&operation, key, alg));
@@ -2715,24 +2715,24 @@
output_buffer_size - output_length,
&length));
output_length += length;
- ASSERT_COMPARE(plaintext->x, plaintext->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(plaintext->x, plaintext->len,
+ output, output_length);
/* One-shot encryption */
output_length = ~0;
PSA_ASSERT(psa_cipher_encrypt(key, alg, plaintext->x, plaintext->len,
output, output_buffer_size,
&output_length));
- ASSERT_COMPARE(ciphertext->x, ciphertext->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(ciphertext->x, ciphertext->len,
+ output, output_length);
/* One-shot decryption */
output_length = ~0;
PSA_ASSERT(psa_cipher_decrypt(key, alg, ciphertext->x, ciphertext->len,
output, output_buffer_size,
&output_length));
- ASSERT_COMPARE(plaintext->x, plaintext->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(plaintext->x, plaintext->len,
+ output, output_length);
exit:
mbedtls_free(output);
@@ -2811,8 +2811,8 @@
output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
- ASSERT_ALLOC(output1, output1_buffer_size);
- ASSERT_ALLOC(output2, output2_buffer_size);
+ TEST_CALLOC(output1, output1_buffer_size);
+ TEST_CALLOC(output2, output2_buffer_size);
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@@ -2850,8 +2850,8 @@
output2_length += function_output_length;
PSA_ASSERT(psa_cipher_abort(&operation));
- ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size,
- output2, output2_length);
+ TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size,
+ output2, output2_length);
exit:
psa_cipher_abort(&operation);
@@ -2903,7 +2903,7 @@
output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
TEST_LE_U(first_part_size, input->len);
PSA_ASSERT(psa_cipher_update(&operation, input->x, first_part_size,
@@ -2949,8 +2949,8 @@
if (expected_status == PSA_SUCCESS) {
PSA_ASSERT(psa_cipher_abort(&operation));
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, total_output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
@@ -3002,7 +3002,7 @@
output_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
TEST_LE_U(first_part_size, input->len);
PSA_ASSERT(psa_cipher_update(&operation,
@@ -3049,8 +3049,8 @@
if (expected_status == PSA_SUCCESS) {
PSA_ASSERT(psa_cipher_abort(&operation));
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, total_output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
@@ -3095,13 +3095,13 @@
/* Allocate input buffer and copy the iv and the plaintext */
input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
if (input_buffer_size > 0) {
- ASSERT_ALLOC(input, input_buffer_size);
+ TEST_CALLOC(input, input_buffer_size);
memcpy(input, iv->x, iv->len);
memcpy(input + iv->len, input_arg->x, input_arg->len);
}
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
status = psa_cipher_decrypt(key, alg, input, input_buffer_size, output,
output_buffer_size, &output_length);
@@ -3142,13 +3142,13 @@
/* Allocate input buffer and copy the iv and the plaintext */
input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
if (input_buffer_size > 0) {
- ASSERT_ALLOC(input, input_buffer_size);
+ TEST_CALLOC(input, input_buffer_size);
memcpy(input, iv->x, iv->len);
memcpy(input + iv->len, input_arg->x, input_arg->len);
}
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@@ -3160,8 +3160,8 @@
TEST_LE_U(output_length,
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(input_buffer_size));
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, output_length);
exit:
mbedtls_free(input);
mbedtls_free(output);
@@ -3196,7 +3196,7 @@
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
output1_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
- ASSERT_ALLOC(output1, output1_size);
+ TEST_CALLOC(output1, output1_size);
PSA_ASSERT(psa_cipher_encrypt(key, alg, input->x, input->len,
output1, output1_size,
@@ -3207,7 +3207,7 @@
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len));
output2_size = output1_length;
- ASSERT_ALLOC(output2, output2_size);
+ TEST_CALLOC(output2, output2_size);
PSA_ASSERT(psa_cipher_decrypt(key, alg, output1, output1_length,
output2, output2_size,
@@ -3217,7 +3217,7 @@
TEST_LE_U(output2_length,
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length));
- ASSERT_COMPARE(input->x, input->len, output2, output2_length);
+ TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length);
exit:
mbedtls_free(output1);
@@ -3273,7 +3273,7 @@
output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
TEST_LE_U(output1_buffer_size,
PSA_CIPHER_ENCRYPT_OUTPUT_MAX_SIZE(input->len));
- ASSERT_ALLOC(output1, output1_buffer_size);
+ TEST_CALLOC(output1, output1_buffer_size);
TEST_LE_U(first_part_size, input->len);
@@ -3316,7 +3316,7 @@
PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, output1_length));
TEST_LE_U(output2_buffer_size,
PSA_CIPHER_DECRYPT_OUTPUT_MAX_SIZE(output1_length));
- ASSERT_ALLOC(output2, output2_buffer_size);
+ TEST_CALLOC(output2, output2_buffer_size);
if (iv_length > 0) {
PSA_ASSERT(psa_cipher_set_iv(&operation2,
@@ -3357,7 +3357,7 @@
PSA_ASSERT(psa_cipher_abort(&operation2));
- ASSERT_COMPARE(input->x, input->len, output2, output2_length);
+ TEST_MEMORY_COMPARE(input->x, input->len, output2, output2_length);
exit:
psa_cipher_abort(&operation1);
@@ -3412,7 +3412,7 @@
TEST_ASSERT(output_size <=
PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
}
- ASSERT_ALLOC(output_data, output_size);
+ TEST_CALLOC(output_data, output_size);
status = psa_aead_encrypt(key, alg,
nonce->x, nonce->len,
@@ -3433,7 +3433,7 @@
TEST_EQUAL(status, expected_result);
if (PSA_SUCCESS == expected_result) {
- ASSERT_ALLOC(output_data2, output_length);
+ TEST_CALLOC(output_data2, output_length);
/* For all currently defined algorithms, PSA_AEAD_DECRYPT_OUTPUT_SIZE
* should be exact. */
@@ -3452,8 +3452,8 @@
&output_length2),
expected_result);
- ASSERT_COMPARE(input_data->x, input_data->len,
- output_data2, output_length2);
+ TEST_MEMORY_COMPARE(input_data->x, input_data->len,
+ output_data2, output_length2);
}
exit:
@@ -3501,7 +3501,7 @@
PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
TEST_ASSERT(output_size <=
PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
- ASSERT_ALLOC(output_data, output_size);
+ TEST_CALLOC(output_data, output_size);
status = psa_aead_encrypt(key, alg,
nonce->x, nonce->len,
@@ -3519,8 +3519,8 @@
}
PSA_ASSERT(status);
- ASSERT_COMPARE(expected_result->x, expected_result->len,
- output_data, output_length);
+ TEST_MEMORY_COMPARE(expected_result->x, expected_result->len,
+ output_data, output_length);
exit:
psa_destroy_key(key);
@@ -3571,7 +3571,7 @@
TEST_ASSERT(output_size <=
PSA_AEAD_DECRYPT_OUTPUT_MAX_SIZE(input_data->len));
}
- ASSERT_ALLOC(output_data, output_size);
+ TEST_CALLOC(output_data, output_size);
status = psa_aead_decrypt(key, alg,
nonce->x, nonce->len,
@@ -3592,8 +3592,8 @@
TEST_EQUAL(status, expected_result);
if (expected_result == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_data->x, expected_data->len,
- output_data, output_length);
+ TEST_MEMORY_COMPARE(expected_data->x, expected_data->len,
+ output_data, output_length);
}
exit:
@@ -3655,7 +3655,7 @@
key_bits, alg);
TEST_ASSERT(signature_size != 0);
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
/* Perform the signature. */
PSA_ASSERT(psa_sign_hash(key, alg,
@@ -3663,8 +3663,8 @@
signature, signature_size,
&signature_length));
/* Verify that the signature is what is expected. */
- ASSERT_COMPARE(output_data->x, output_data->len,
- signature, signature_length);
+ TEST_MEMORY_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
#if defined(MBEDTLS_TEST_DEPRECATED)
memset(signature, 0, signature_size);
@@ -3673,8 +3673,8 @@
input_data->x, input_data->len,
signature, signature_size,
&signature_length));
- ASSERT_COMPARE(output_data->x, output_data->len,
- signature, signature_length);
+ TEST_MEMORY_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
#endif /* MBEDTLS_TEST_DEPRECATED */
exit:
@@ -3705,7 +3705,7 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
PSA_ASSERT(psa_crypto_init());
@@ -3775,7 +3775,7 @@
key_bits, alg);
TEST_ASSERT(signature_size != 0);
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
/* Perform the signature. */
PSA_ASSERT(psa_sign_hash(key, alg,
@@ -3926,15 +3926,15 @@
signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
TEST_ASSERT(signature_size != 0);
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
PSA_ASSERT(psa_sign_message(key, alg,
input_data->x, input_data->len,
signature, signature_size,
&signature_length));
- ASSERT_COMPARE(output_data->x, output_data->len,
- signature, signature_length);
+ TEST_MEMORY_COMPARE(output_data->x, output_data->len,
+ signature, signature_length);
exit:
psa_reset_key_attributes(&attributes);
@@ -3964,7 +3964,7 @@
size_t signature_length = 0xdeadbeef;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
PSA_ASSERT(psa_crypto_init());
@@ -4024,7 +4024,7 @@
signature_size = PSA_SIGN_OUTPUT_SIZE(key_type, key_bits, alg);
TEST_ASSERT(signature_size != 0);
TEST_LE_U(signature_size, PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
PSA_ASSERT(psa_sign_message(key, alg,
input_data->x, input_data->len,
@@ -4164,7 +4164,7 @@
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE);
- ASSERT_ALLOC(output, output_size);
+ TEST_CALLOC(output, output_size);
/* Encrypt the input */
actual_status = psa_asymmetric_encrypt(key, alg,
@@ -4246,13 +4246,13 @@
output_size = PSA_ASYMMETRIC_ENCRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
TEST_LE_U(output_size, PSA_ASYMMETRIC_ENCRYPT_OUTPUT_MAX_SIZE);
- ASSERT_ALLOC(output, output_size);
+ TEST_CALLOC(output, output_size);
output2_size = input_data->len;
TEST_LE_U(output2_size,
PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg));
TEST_LE_U(output2_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE);
- ASSERT_ALLOC(output2, output2_size);
+ TEST_CALLOC(output2, output2_size);
/* We test encryption by checking that encrypt-then-decrypt gives back
* the original plaintext because of the non-optional random
@@ -4271,8 +4271,8 @@
label->x, label->len,
output2, output2_size,
&output2_length));
- ASSERT_COMPARE(input_data->x, input_data->len,
- output2, output2_length);
+ TEST_MEMORY_COMPARE(input_data->x, input_data->len,
+ output2, output2_length);
exit:
/*
@@ -4320,7 +4320,7 @@
/* Determine the maximum ciphertext length */
output_size = PSA_ASYMMETRIC_DECRYPT_OUTPUT_SIZE(key_type, key_bits, alg);
TEST_LE_U(output_size, PSA_ASYMMETRIC_DECRYPT_OUTPUT_MAX_SIZE);
- ASSERT_ALLOC(output, output_size);
+ TEST_CALLOC(output, output_size);
PSA_ASSERT(psa_asymmetric_decrypt(key, alg,
input_data->x, input_data->len,
@@ -4328,8 +4328,8 @@
output,
output_size,
&output_length));
- ASSERT_COMPARE(expected_data->x, expected_data->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(expected_data->x, expected_data->len,
+ output, output_length);
/* If the label is empty, the test framework puts a non-null pointer
* in label->x. Test that a null pointer works as well. */
@@ -4344,8 +4344,8 @@
output,
output_size,
&output_length));
- ASSERT_COMPARE(expected_data->x, expected_data->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(expected_data->x, expected_data->len,
+ output, output_length);
}
exit:
@@ -4375,7 +4375,7 @@
psa_status_t expected_status = expected_status_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC(output, output_size);
+ TEST_CALLOC(output, output_size);
PSA_ASSERT(psa_crypto_init());
@@ -4694,7 +4694,7 @@
expected_outputs[i] = NULL;
}
}
- ASSERT_ALLOC(output_buffer, output_buffer_size);
+ TEST_CALLOC(output_buffer, output_buffer_size);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_DERIVE);
@@ -4756,8 +4756,8 @@
/* Success. Check the read data. */
PSA_ASSERT(status);
if (output_sizes[i] != 0) {
- ASSERT_COMPARE(output_buffer, output_sizes[i],
- expected_outputs[i], output_sizes[i]);
+ TEST_MEMORY_COMPARE(output_buffer, output_sizes[i],
+ expected_outputs[i], output_sizes[i]);
}
/* Check the operation status. */
expected_capacity -= output_sizes[i];
@@ -4931,8 +4931,8 @@
psa_key_attributes_t derived_attributes = PSA_KEY_ATTRIBUTES_INIT;
size_t length;
- ASSERT_ALLOC(output_buffer, capacity);
- ASSERT_ALLOC(export_buffer, capacity);
+ TEST_CALLOC(output_buffer, capacity);
+ TEST_CALLOC(export_buffer, capacity);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&base_attributes, PSA_KEY_USAGE_DERIVE);
@@ -4982,8 +4982,8 @@
TEST_EQUAL(length, bytes2);
/* Compare the outputs from the two runs. */
- ASSERT_COMPARE(output_buffer, bytes1 + bytes2,
- export_buffer, capacity);
+ TEST_MEMORY_COMPARE(output_buffer, bytes1 + bytes2,
+ export_buffer, capacity);
exit:
mbedtls_free(output_buffer);
@@ -5128,31 +5128,31 @@
PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE);
/* Good case with exact output size */
- ASSERT_ALLOC(output, expected_output->len);
+ TEST_CALLOC(output, expected_output->len);
PSA_ASSERT(psa_raw_key_agreement(alg, our_key,
peer_key_data->x, peer_key_data->len,
output, expected_output->len,
&output_length));
- ASSERT_COMPARE(output, output_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
mbedtls_free(output);
output = NULL;
output_length = ~0;
/* Larger buffer */
- ASSERT_ALLOC(output, expected_output->len + 1);
+ TEST_CALLOC(output, expected_output->len + 1);
PSA_ASSERT(psa_raw_key_agreement(alg, our_key,
peer_key_data->x, peer_key_data->len,
output, expected_output->len + 1,
&output_length));
- ASSERT_COMPARE(output, output_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output, output_length,
+ expected_output->x, expected_output->len);
mbedtls_free(output);
output = NULL;
output_length = ~0;
/* Buffer too small */
- ASSERT_ALLOC(output, expected_output->len - 1);
+ TEST_CALLOC(output, expected_output->len - 1);
TEST_EQUAL(psa_raw_key_agreement(alg, our_key,
peer_key_data->x, peer_key_data->len,
output, expected_output->len - 1,
@@ -5241,8 +5241,8 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
uint8_t *actual_output = NULL;
- ASSERT_ALLOC(actual_output, MAX(expected_output1->len,
- expected_output2->len));
+ TEST_CALLOC(actual_output, MAX(expected_output1->len,
+ expected_output2->len));
PSA_ASSERT(psa_crypto_init());
@@ -5268,14 +5268,14 @@
PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
actual_output,
expected_output1->len));
- ASSERT_COMPARE(actual_output, expected_output1->len,
- expected_output1->x, expected_output1->len);
+ TEST_MEMORY_COMPARE(actual_output, expected_output1->len,
+ expected_output1->x, expected_output1->len);
if (expected_output2->len != 0) {
PSA_ASSERT(psa_key_derivation_output_bytes(&operation,
actual_output,
expected_output2->len));
- ASSERT_COMPARE(actual_output, expected_output2->len,
- expected_output2->x, expected_output2->len);
+ TEST_MEMORY_COMPARE(actual_output, expected_output2->len,
+ expected_output2->x, expected_output2->len);
}
exit:
@@ -5297,8 +5297,8 @@
TEST_ASSERT(bytes_arg >= 0);
- ASSERT_ALLOC(output, bytes);
- ASSERT_ALLOC(changed, bytes);
+ TEST_CALLOC(output, bytes);
+ TEST_CALLOC(changed, bytes);
PSA_ASSERT(psa_crypto_init());
@@ -5416,8 +5416,8 @@
is_default_public_exponent = 1;
e_read_size = 0;
}
- ASSERT_ALLOC(e_read_buffer, e_read_size);
- ASSERT_ALLOC(exported, exported_size);
+ TEST_CALLOC(e_read_buffer, e_read_size);
+ TEST_CALLOC(exported, exported_size);
PSA_ASSERT(psa_crypto_init());
@@ -5443,7 +5443,7 @@
if (is_default_public_exponent) {
TEST_EQUAL(e_read_length, 0);
} else {
- ASSERT_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
+ TEST_MEMORY_COMPARE(e_read_buffer, e_read_length, e_arg->x, e_arg->len);
}
/* Do something with the key according to its type and permitted usage. */
@@ -5479,7 +5479,7 @@
TEST_EQUAL(p[1], 0);
TEST_EQUAL(p[2], 1);
} else {
- ASSERT_COMPARE(p, len, e_arg->x, e_arg->len);
+ TEST_MEMORY_COMPARE(p, len, e_arg->x, e_arg->len);
}
}
@@ -5519,8 +5519,8 @@
size_t second_exported_length;
if (usage_flags & PSA_KEY_USAGE_EXPORT) {
- ASSERT_ALLOC(first_export, export_size);
- ASSERT_ALLOC(second_export, export_size);
+ TEST_CALLOC(first_export, export_size);
+ TEST_CALLOC(second_export, export_size);
}
PSA_ASSERT(psa_crypto_init());
@@ -5577,7 +5577,7 @@
break;
default:
- TEST_ASSERT(!"generation_method not implemented in test");
+ TEST_FAIL("generation_method not implemented in test");
break;
}
psa_reset_key_attributes(&attributes);
@@ -5588,8 +5588,8 @@
first_export, export_size,
&first_exported_length));
if (generation_method == IMPORT_KEY) {
- ASSERT_COMPARE(data->x, data->len,
- first_export, first_exported_length);
+ TEST_MEMORY_COMPARE(data->x, data->len,
+ first_export, first_exported_length);
}
}
@@ -5615,8 +5615,8 @@
PSA_ASSERT(psa_export_key(key,
second_export, export_size,
&second_exported_length));
- ASSERT_COMPARE(first_export, first_exported_length,
- second_export, second_exported_length);
+ TEST_MEMORY_COMPARE(first_export, first_exported_length,
+ second_export, second_exported_length);
}
/* Do something with the key according to its type and permitted usage. */
diff --git a/tests/suites/test_suite_psa_crypto_driver_wrappers.function b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
index 953b9ff..b789908 100644
--- a/tests/suites/test_suite_psa_crypto_driver_wrappers.function
+++ b/tests/suites/test_suite_psa_crypto_driver_wrappers.function
@@ -56,7 +56,7 @@
TEST_ASSERT(signature_size != 0);
TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
actual_status = psa_sign_hash(key, alg,
data_input->x, data_input->len,
@@ -64,8 +64,8 @@
&signature_length);
TEST_EQUAL(actual_status, expected_status);
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(signature, signature_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(signature, signature_length,
+ expected_output->x, expected_output->len);
}
TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits, 1);
@@ -183,7 +183,7 @@
TEST_ASSERT(signature_size != 0);
TEST_ASSERT(signature_size <= PSA_SIGNATURE_MAX_SIZE);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(signature, signature_size);
actual_status = psa_sign_message(key, alg,
data_input->x, data_input->len,
@@ -191,8 +191,8 @@
&signature_length);
TEST_EQUAL(actual_status, expected_status);
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(signature, signature_length,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(signature, signature_length,
+ expected_output->x, expected_output->len);
}
/* In the builtin algorithm the driver is called twice. */
TEST_EQUAL(mbedtls_test_driver_signature_sign_hooks.hits,
@@ -313,8 +313,8 @@
psa_export_key(key, actual_output, sizeof(actual_output), &actual_output_length);
if (fake_output->len > 0) {
- ASSERT_COMPARE(actual_output, actual_output_length,
- expected_output, expected_output_length);
+ TEST_MEMORY_COMPARE(actual_output, actual_output_length,
+ expected_output, expected_output_length);
} else {
size_t zeroes = 0;
for (size_t i = 0; i < sizeof(actual_output); i++) {
@@ -445,8 +445,8 @@
}
if (actual_status == PSA_SUCCESS) {
- ASSERT_COMPARE(actual_output, actual_output_length,
- expected_output_ptr, expected_output_length);
+ TEST_MEMORY_COMPARE(actual_output, actual_output_length,
+ expected_output_ptr, expected_output_length);
}
exit:
psa_reset_key_attributes(&attributes);
@@ -487,8 +487,8 @@
output1_buffer_size = PSA_CIPHER_ENCRYPT_OUTPUT_SIZE(key_type, alg, input->len);
output2_buffer_size = PSA_CIPHER_UPDATE_OUTPUT_SIZE(key_type, alg, input->len) +
PSA_CIPHER_FINISH_OUTPUT_SIZE(key_type, alg);
- ASSERT_ALLOC(output1, output1_buffer_size);
- ASSERT_ALLOC(output2, output2_buffer_size);
+ TEST_CALLOC(output1, output1_buffer_size);
+ TEST_CALLOC(output2, output2_buffer_size);
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@@ -527,8 +527,8 @@
PSA_ASSERT(psa_cipher_abort(&operation));
// driver function should've been called as part of the finish() core routine
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
- ASSERT_COMPARE(output1 + iv_size, output1_length - iv_size,
- output2, output2_length);
+ TEST_MEMORY_COMPARE(output1 + iv_size, output1_length - iv_size,
+ output2, output2_length);
exit:
psa_cipher_abort(&operation);
@@ -605,7 +605,7 @@
output_buffer_size = ((size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
if (mock_output_arg) {
mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
@@ -655,8 +655,8 @@
PSA_ASSERT(psa_cipher_abort(&operation));
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, total_output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
@@ -733,7 +733,7 @@
output_buffer_size = ((size_t) input->len +
PSA_BLOCK_CIPHER_BLOCK_LENGTH(key_type));
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
if (mock_output_arg) {
mbedtls_test_driver_cipher_hooks.forced_output = expected_output->x;
@@ -784,8 +784,8 @@
PSA_ASSERT(psa_cipher_abort(&operation));
TEST_EQUAL(mbedtls_test_driver_cipher_hooks.hits, 0);
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, total_output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, total_output_length);
}
exit:
@@ -832,13 +832,13 @@
/* Allocate input buffer and copy the iv and the plaintext */
input_buffer_size = ((size_t) input_arg->len + (size_t) iv->len);
if (input_buffer_size > 0) {
- ASSERT_ALLOC(input, input_buffer_size);
+ TEST_CALLOC(input, input_buffer_size);
memcpy(input, iv->x, iv->len);
memcpy(input + iv->len, input_arg->x, input_arg->len);
}
output_buffer_size = PSA_CIPHER_DECRYPT_OUTPUT_SIZE(key_type, alg, input_buffer_size);
- ASSERT_ALLOC(output, output_buffer_size);
+ TEST_CALLOC(output, output_buffer_size);
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
@@ -856,8 +856,8 @@
TEST_EQUAL(status, expected_status);
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_output->x, expected_output->len,
- output, output_length);
+ TEST_MEMORY_COMPARE(expected_output->x, expected_output->len,
+ output, output_length);
}
exit:
@@ -885,7 +885,7 @@
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
mbedtls_test_driver_cipher_hooks = mbedtls_test_driver_cipher_hooks_init();
- ASSERT_ALLOC(output, input->len + 16);
+ TEST_CALLOC(output, input->len + 16);
output_buffer_size = input->len + 16;
PSA_ASSERT(psa_crypto_init());
@@ -1125,7 +1125,7 @@
PSA_AEAD_ENCRYPT_OUTPUT_SIZE(key_type, alg, input_data->len));
TEST_ASSERT(output_size <=
PSA_AEAD_ENCRYPT_OUTPUT_MAX_SIZE(input_data->len));
- ASSERT_ALLOC(output_data, output_size);
+ TEST_CALLOC(output_data, output_size);
mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_encrypt(key, alg,
@@ -1141,8 +1141,8 @@
PSA_SUCCESS : forced_status);
if (status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_result->x, expected_result->len,
- output_data, output_length);
+ TEST_MEMORY_COMPARE(expected_result->x, expected_result->len,
+ output_data, output_length);
}
exit:
@@ -1187,7 +1187,7 @@
output_size = input_data->len - PSA_AEAD_TAG_LENGTH(key_type, key_bits,
alg);
- ASSERT_ALLOC(output_data, output_size);
+ TEST_CALLOC(output_data, output_size);
mbedtls_test_driver_aead_hooks.forced_status = forced_status;
status = psa_aead_decrypt(key, alg,
@@ -1204,8 +1204,8 @@
PSA_SUCCESS : forced_status);
if (status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_data->x, expected_data->len,
- output_data, output_length);
+ TEST_MEMORY_COMPARE(expected_data->x, expected_data->len,
+ output_data, output_length);
}
exit:
@@ -1250,7 +1250,7 @@
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
&key));
- ASSERT_ALLOC(actual_mac, mac_buffer_size);
+ TEST_CALLOC(actual_mac, mac_buffer_size);
mbedtls_test_driver_mac_hooks.forced_status = forced_status;
/*
@@ -1326,8 +1326,8 @@
}
if (forced_status == PSA_SUCCESS) {
- ASSERT_COMPARE(expected_mac->x, expected_mac->len,
- actual_mac, mac_length);
+ TEST_MEMORY_COMPARE(expected_mac->x, expected_mac->len,
+ actual_mac, mac_length);
}
mbedtls_free(actual_mac);
@@ -1470,15 +1470,15 @@
psa_status_t actual_status;
PSA_ASSERT(psa_crypto_init());
- ASSERT_ALLOC(output_buffer, expected_output->len);
+ TEST_CALLOC(output_buffer, expected_output->len);
actual_status = psa_export_key(key, output_buffer, expected_output->len, &output_size);
if (expected_status == PSA_SUCCESS) {
PSA_ASSERT(actual_status);
TEST_EQUAL(output_size, expected_output->len);
- ASSERT_COMPARE(output_buffer, output_size,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output_buffer, output_size,
+ expected_output->x, expected_output->len);
PSA_ASSERT(psa_get_key_attributes(key, &attributes));
TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits);
@@ -1521,15 +1521,15 @@
psa_status_t actual_status;
PSA_ASSERT(psa_crypto_init());
- ASSERT_ALLOC(output_buffer, expected_output->len);
+ TEST_CALLOC(output_buffer, expected_output->len);
actual_status = psa_export_public_key(key, output_buffer, expected_output->len, &output_size);
if (expected_status == PSA_SUCCESS) {
PSA_ASSERT(actual_status);
TEST_EQUAL(output_size, expected_output->len);
- ASSERT_COMPARE(output_buffer, output_size,
- expected_output->x, expected_output->len);
+ TEST_MEMORY_COMPARE(output_buffer, output_size,
+ expected_output->x, expected_output->len);
PSA_ASSERT(psa_get_key_attributes(key, &attributes));
TEST_EQUAL(psa_get_key_bits(&attributes), builtin_key_bits);
@@ -1564,7 +1564,7 @@
mbedtls_test_driver_hash_hooks.forced_status = forced_status;
PSA_ASSERT(psa_crypto_init());
- ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+ TEST_CALLOC(output, PSA_HASH_LENGTH(alg));
TEST_EQUAL(psa_hash_compute(alg, input->x, input->len,
output, PSA_HASH_LENGTH(alg),
@@ -1573,7 +1573,7 @@
TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
if (expected_status == PSA_SUCCESS) {
- ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
@@ -1597,7 +1597,7 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+ TEST_CALLOC(output, PSA_HASH_LENGTH(alg));
PSA_ASSERT(psa_crypto_init());
@@ -1619,7 +1619,7 @@
forced_status == PSA_ERROR_NOT_SUPPORTED ? 1 : 4);
TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
- ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
@@ -1642,7 +1642,7 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+ TEST_CALLOC(output, PSA_HASH_LENGTH(alg));
PSA_ASSERT(psa_crypto_init());
@@ -1674,7 +1674,7 @@
TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 2);
TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
@@ -1697,7 +1697,7 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+ TEST_CALLOC(output, PSA_HASH_LENGTH(alg));
PSA_ASSERT(psa_crypto_init());
@@ -1727,7 +1727,7 @@
TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, forced_status);
if (forced_status == PSA_SUCCESS) {
- ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
@@ -1751,7 +1751,7 @@
size_t output_length;
mbedtls_test_driver_hash_hooks = mbedtls_test_driver_hash_hooks_init();
- ASSERT_ALLOC(output, PSA_HASH_LENGTH(alg));
+ TEST_CALLOC(output, PSA_HASH_LENGTH(alg));
PSA_ASSERT(psa_crypto_init());
@@ -1786,7 +1786,7 @@
TEST_EQUAL(mbedtls_test_driver_hash_hooks.hits, 3);
TEST_EQUAL(mbedtls_test_driver_hash_hooks.driver_status, PSA_SUCCESS);
- ASSERT_COMPARE(output, output_length, hash->x, hash->len);
+ TEST_MEMORY_COMPARE(output, output_length, hash->x, hash->len);
}
exit:
diff --git a/tests/suites/test_suite_psa_crypto_entropy.function b/tests/suites/test_suite_psa_crypto_entropy.function
index 26ce0d3..362b3da 100644
--- a/tests/suites/test_suite_psa_crypto_entropy.function
+++ b/tests/suites/test_suite_psa_crypto_entropy.function
@@ -12,28 +12,56 @@
MBEDTLS_ENTROPY_BLOCK_SIZE)
#if defined(MBEDTLS_PSA_INJECT_ENTROPY)
+#include <psa_crypto_its.h>
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
-#include <stdio.h>
-#else
-#include <psa/internal_trusted_storage.h>
-#endif
+/* Check the entropy seed file.
+ *
+ * \param expected_size Expected size in bytes.
+ * If 0, the file must not exist.
+ *
+ * \retval 1 Either \p expected_size is nonzero and
+ * the entropy seed file exists and has exactly this size,
+ * or \p expected_size is zero and the file does not exist.
+ * \retval 0 Either \p expected_size is nonzero but
+ * the entropy seed file does not exist or has a different size,
+ * or \p expected_size is zero but the file exists.
+ * In this case, the test case is marked as failed.
+ *
+ * \note We enforce that the seed is in a specific ITS file.
+ * This must not change, otherwise we break backward compatibility if
+ * the library is upgraded on a device with an existing seed.
+ */
+int check_random_seed_file(size_t expected_size)
+{
+ /* The value of the random seed UID must not change. Otherwise that would
+ * break upgrades of the library on devices that already contain a seed
+ * file. If this test assertion fails, you've presumably broken backward
+ * compatibility! */
+ TEST_EQUAL(PSA_CRYPTO_ITS_RANDOM_SEED_UID, 0xFFFFFF52);
-/* Remove the entropy seed file. Since the library does not expose a way
- * to do this (it would be a security risk if such a function was ever
- * accessible in production), implement this functionality in a white-box
- * manner. */
+ struct psa_storage_info_t info = { 0, 0 };
+ psa_status_t status = psa_its_get_info(PSA_CRYPTO_ITS_RANDOM_SEED_UID,
+ &info);
+
+ if (expected_size == 0) {
+ TEST_EQUAL(status, PSA_ERROR_DOES_NOT_EXIST);
+ } else {
+ TEST_EQUAL(status, PSA_SUCCESS);
+ TEST_EQUAL(info.size, expected_size);
+ }
+ return 1;
+
+exit:
+ return 0;
+}
+
+/* Remove the entropy seed file.
+ *
+ * See check_random_seed_file() regarding abstraction boundaries.
+ */
psa_status_t remove_seed_file(void)
{
-#if defined(MBEDTLS_PSA_ITS_FILE_C)
- if (remove("00000000ffffff52.psa_its") == 0) {
- return PSA_SUCCESS;
- } else {
- return PSA_ERROR_DOES_NOT_EXIST;
- }
-#else
return psa_its_remove(PSA_CRYPTO_ITS_RANDOM_SEED_UID);
-#endif
}
#endif /* MBEDTLS_PSA_INJECT_ENTROPY */
@@ -86,8 +114,8 @@
size_t signature_size = PSA_SIGNATURE_MAX_SIZE;
size_t signature_length;
- ASSERT_ALLOC(input, input_size);
- ASSERT_ALLOC(signature, signature_size);
+ TEST_CALLOC(input, input_size);
+ TEST_CALLOC(signature, signature_size);
PSA_ASSERT(psa_crypto_init());
PSA_ASSERT(psa_import_key(&attributes, key_data->x, key_data->len,
@@ -135,7 +163,7 @@
} else {
seed_size = seed_length_b;
}
- ASSERT_ALLOC(seed, seed_size);
+ TEST_CALLOC(seed, seed_size);
/* fill seed with some data */
for (i = 0; i < seed_size; ++i) {
seed[i] = i;
@@ -143,18 +171,34 @@
status = remove_seed_file();
TEST_ASSERT((status == PSA_SUCCESS) ||
(status == PSA_ERROR_DOES_NOT_EXIST));
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
+
status = mbedtls_psa_inject_entropy(seed, seed_length_a);
TEST_EQUAL(status, expected_status_a);
+ if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+ 0)) {
+ goto exit;
+ }
+
status = mbedtls_psa_inject_entropy(seed, seed_length_b);
TEST_EQUAL(status, expected_status_b);
+ if (!check_random_seed_file(expected_status_a == PSA_SUCCESS ? seed_length_a :
+ expected_status_b == PSA_SUCCESS ? seed_length_b :
+ 0)) {
+ goto exit;
+ }
+
PSA_ASSERT(psa_crypto_init());
PSA_ASSERT(psa_generate_random(output,
sizeof(output)));
TEST_ASSERT(memcmp(output, zeros, sizeof(output)) != 0);
+
exit:
mbedtls_free(seed);
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */
@@ -168,25 +212,40 @@
for (i = 0; i < sizeof(seed); ++i) {
seed[i] = i;
}
+
status = remove_seed_file();
TEST_ASSERT((status == PSA_SUCCESS) ||
(status == PSA_ERROR_DOES_NOT_EXIST));
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
PSA_ASSERT(status);
+ TEST_ASSERT(check_random_seed_file(sizeof(seed)));
status = remove_seed_file();
TEST_EQUAL(status, PSA_SUCCESS);
+ if (!check_random_seed_file(0)) {
+ goto exit;
+ }
+
status = psa_crypto_init();
TEST_EQUAL(status, PSA_ERROR_INSUFFICIENT_ENTROPY);
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
PSA_ASSERT(status);
+ if (!check_random_seed_file(sizeof(seed))) {
+ goto exit;
+ }
+
status = psa_crypto_init();
PSA_ASSERT(status);
PSA_DONE();
+
/* The seed is written by nv_seed callback functions therefore the injection will fail */
status = mbedtls_psa_inject_entropy(seed, sizeof(seed));
TEST_EQUAL(status, PSA_ERROR_NOT_PERMITTED);
+
exit:
- remove_seed_file();
PSA_DONE();
+ mbedtls_test_inject_entropy_restore();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_psa_crypto_hash.function b/tests/suites/test_suite_psa_crypto_hash.function
index f12541d..0405c1d 100644
--- a/tests/suites/test_suite_psa_crypto_hash.function
+++ b/tests/suites/test_suite_psa_crypto_hash.function
@@ -25,8 +25,8 @@
PSA_ASSERT(psa_hash_finish(&operation,
actual_hash, sizeof(actual_hash),
&actual_hash_length));
- ASSERT_COMPARE(expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length);
+ TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
exit:
psa_hash_abort(&operation);
@@ -83,14 +83,14 @@
PSA_ASSERT(psa_hash_finish(&operation,
actual_hash, sizeof(actual_hash),
&actual_hash_length));
- ASSERT_COMPARE(expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length);
+ TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
PSA_ASSERT(psa_hash_finish(&operation2,
actual_hash, sizeof(actual_hash),
&actual_hash_length));
- ASSERT_COMPARE(expected_hash->x, expected_hash->len,
- actual_hash, actual_hash_length);
+ TEST_MEMORY_COMPARE(expected_hash->x, expected_hash->len,
+ actual_hash, actual_hash_length);
} while (len++ != input->len);
exit:
diff --git a/tests/suites/test_suite_psa_crypto_init.data b/tests/suites/test_suite_psa_crypto_init.data
index 9620a64..8c5b41d 100644
--- a/tests/suites/test_suite_psa_crypto_init.data
+++ b/tests/suites/test_suite_psa_crypto_init.data
@@ -25,7 +25,10 @@
Custom entropy sources: all standard
custom_entropy_sources:0x0000ffff:PSA_SUCCESS
+# MBEDTLS_PSA_INJECT_ENTROPY means that a source of entropy (the seed file)
+# is effectively always available.
Custom entropy sources: none
+depends_on:!MBEDTLS_PSA_INJECT_ENTROPY
custom_entropy_sources:0:PSA_ERROR_INSUFFICIENT_ENTROPY
Fake entropy: never returns anything
diff --git a/tests/suites/test_suite_psa_crypto_init.function b/tests/suites/test_suite_psa_crypto_init.function
index 7345ad1..63767f0 100644
--- a/tests/suites/test_suite_psa_crypto_init.function
+++ b/tests/suites/test_suite_psa_crypto_init.function
@@ -289,7 +289,7 @@
uint8_t *seed = NULL;
size_t seed_size = seed_size_arg;
- ASSERT_ALLOC(seed, seed_size);
+ TEST_CALLOC(seed, seed_size);
TEST_ASSERT(mbedtls_nv_seed_write(seed, seed_size) >= 0);
custom_entropy_sources_mask = ENTROPY_SOURCE_NV_SEED;
diff --git a/tests/suites/test_suite_psa_crypto_persistent_key.function b/tests/suites/test_suite_psa_crypto_persistent_key.function
index db99d79..8f6a57f 100644
--- a/tests/suites/test_suite_psa_crypto_persistent_key.function
+++ b/tests/suites/test_suite_psa_crypto_persistent_key.function
@@ -61,13 +61,13 @@
psa_set_key_algorithm(&attributes, key_alg);
psa_set_key_enrollment_algorithm(&attributes, key_alg2);
- ASSERT_ALLOC(file_data, file_data_length);
+ TEST_CALLOC(file_data, file_data_length);
psa_format_key_data_for_storage(key_data->x, key_data->len,
&attributes.core,
file_data);
- ASSERT_COMPARE(expected_file_data->x, expected_file_data->len,
- file_data, file_data_length);
+ TEST_MEMORY_COMPARE(expected_file_data->x, expected_file_data->len,
+ file_data, file_data_length);
exit:
mbedtls_free(file_data);
@@ -111,8 +111,8 @@
(uint32_t) expected_key_alg);
TEST_EQUAL(psa_get_key_enrollment_algorithm(&attributes),
(uint32_t) expected_key_alg2);
- ASSERT_COMPARE(expected_key_data->x, expected_key_data->len,
- key_data, key_data_length);
+ TEST_MEMORY_COMPARE(expected_key_data->x, expected_key_data->len,
+ key_data, key_data_length);
exit:
mbedtls_free(key_data);
@@ -127,7 +127,7 @@
size_t data_length = data_length_arg;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC(data, data_length);
+ TEST_CALLOC(data, data_length);
PSA_ASSERT(psa_crypto_init());
@@ -267,7 +267,7 @@
size_t exported_length;
psa_key_attributes_t attributes = PSA_KEY_ATTRIBUTES_INIT;
- ASSERT_ALLOC(exported, export_size);
+ TEST_CALLOC(exported, export_size);
PSA_ASSERT(psa_crypto_init());
@@ -307,7 +307,7 @@
PSA_ASSERT(psa_export_key(key_id, exported, export_size,
&exported_length));
- ASSERT_COMPARE(data->x, data->len, exported, exported_length);
+ TEST_MEMORY_COMPARE(data->x, data->len, exported, exported_length);
/* Destroy the key */
PSA_ASSERT(psa_destroy_key(key_id));
diff --git a/tests/suites/test_suite_psa_crypto_se_driver_hal.function b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
index aeced54..15232a4 100644
--- a/tests/suites/test_suite_psa_crypto_se_driver_hal.function
+++ b/tests/suites/test_suite_psa_crypto_se_driver_hal.function
@@ -601,9 +601,9 @@
int ok = 0;
PSA_ASSERT(psa_its_get_info(uid, &info));
- ASSERT_ALLOC(loaded, info.size);
+ TEST_CALLOC(loaded, info.size);
PSA_ASSERT(psa_its_get(uid, 0, info.size, loaded, NULL));
- ASSERT_COMPARE(expected_data, size, loaded, info.size);
+ TEST_MEMORY_COMPARE(expected_data, size, loaded, info.size);
ok = 1;
exit:
@@ -958,8 +958,8 @@
PSA_ASSERT(psa_export_key(returned_id,
exported, sizeof(exported),
&exported_length));
- ASSERT_COMPARE(key_material, sizeof(key_material),
- exported, exported_length);
+ TEST_MEMORY_COMPARE(key_material, sizeof(key_material),
+ exported, exported_length);
PSA_ASSERT(psa_destroy_key(returned_id));
if (!check_persistent_data(location,
@@ -1321,7 +1321,7 @@
key_management.p_export_public = ram_export_public;
break;
default:
- TEST_ASSERT(!"unsupported flow (should be SIGN_IN_xxx)");
+ TEST_FAIL("unsupported flow (should be SIGN_IN_xxx)");
break;
}
asymmetric.p_verify = ram_verify;
diff --git a/tests/suites/test_suite_psa_crypto_slot_management.function b/tests/suites/test_suite_psa_crypto_slot_management.function
index e3bb0d3..5bd12eb 100644
--- a/tests/suites/test_suite_psa_crypto_slot_management.function
+++ b/tests/suites/test_suite_psa_crypto_slot_management.function
@@ -303,12 +303,12 @@
psa_get_key_type(&read_attributes));
TEST_EQUAL(psa_get_key_bits(&attributes),
psa_get_key_bits(&read_attributes));
- ASSERT_ALLOC(reexported, key_data->len);
+ TEST_CALLOC(reexported, key_data->len);
if (usage_flags & PSA_KEY_USAGE_EXPORT) {
PSA_ASSERT(psa_export_key(id, reexported, key_data->len,
&reexported_length));
- ASSERT_COMPARE(key_data->x, key_data->len,
- reexported, reexported_length);
+ TEST_MEMORY_COMPARE(key_data->x, key_data->len,
+ reexported, reexported_length);
} else {
TEST_EQUAL(psa_export_key(id, reexported,
key_data->len, &reexported_length),
@@ -402,8 +402,8 @@
PSA_ASSERT(psa_export_key(id,
reexported, sizeof(reexported),
&reexported_length));
- ASSERT_COMPARE(material1, sizeof(material1),
- reexported, reexported_length);
+ TEST_MEMORY_COMPARE(material1, sizeof(material1),
+ reexported, reexported_length);
PSA_ASSERT(psa_close_key(id));
@@ -575,11 +575,11 @@
psa_get_key_enrollment_algorithm(&target_attributes));
if (expected_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC(export_buffer, material->len);
+ TEST_CALLOC(export_buffer, material->len);
PSA_ASSERT(psa_export_key(returned_target_id, export_buffer,
material->len, &length));
- ASSERT_COMPARE(material->x, material->len,
- export_buffer, length);
+ TEST_MEMORY_COMPARE(material->x, material->len,
+ export_buffer, length);
} else {
size_t length;
/* Check that the key is actually non-exportable. */
@@ -689,11 +689,11 @@
psa_get_key_algorithm(&attributes2));
if (target_usage & PSA_KEY_USAGE_EXPORT) {
size_t length;
- ASSERT_ALLOC(export_buffer, target_material->len);
+ TEST_CALLOC(export_buffer, target_material->len);
PSA_ASSERT(psa_export_key(returned_target_id, export_buffer,
target_material->len, &length));
- ASSERT_COMPARE(target_material->x, target_material->len,
- export_buffer, length);
+ TEST_MEMORY_COMPARE(target_material->x, target_material->len,
+ export_buffer, length);
}
PSA_ASSERT(psa_destroy_key(returned_source_id));
@@ -775,7 +775,7 @@
mbedtls_svc_key_id_make(0, PSA_KEY_ID_VENDOR_MAX + 1);
break;
default:
- TEST_ASSERT(!"unknown handle construction");
+ TEST_FAIL("unknown handle construction");
}
/* Attempt to use the invalid handle. */
@@ -813,7 +813,7 @@
uint8_t exported[sizeof(size_t)];
size_t exported_length;
- ASSERT_ALLOC(keys, max_keys);
+ TEST_CALLOC(keys, max_keys);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&attributes, PSA_KEY_USAGE_EXPORT);
@@ -840,8 +840,8 @@
PSA_ASSERT(psa_export_key(keys[i],
exported, sizeof(exported),
&exported_length));
- ASSERT_COMPARE(exported, exported_length,
- (uint8_t *) &i, sizeof(i));
+ TEST_MEMORY_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
}
PSA_ASSERT(psa_close_key(keys[i - 1]));
@@ -917,8 +917,8 @@
PSA_ASSERT(psa_export_key(key,
exported, sizeof(exported),
&exported_length));
- ASSERT_COMPARE(exported, exported_length,
- (uint8_t *) &i, sizeof(i));
+ TEST_MEMORY_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
PSA_ASSERT(psa_destroy_key(key));
}
@@ -942,7 +942,7 @@
TEST_ASSERT(MBEDTLS_PSA_KEY_SLOT_COUNT >= 1);
- ASSERT_ALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT);
+ TEST_CALLOC(keys, MBEDTLS_PSA_KEY_SLOT_COUNT);
PSA_ASSERT(psa_crypto_init());
psa_set_key_usage_flags(&attributes,
@@ -988,7 +988,7 @@
exported, sizeof(exported),
&exported_length));
i = MBEDTLS_PSA_KEY_SLOT_COUNT - 1;
- ASSERT_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i));
+ TEST_MEMORY_COMPARE(exported, exported_length, (uint8_t *) &i, sizeof(i));
PSA_ASSERT(psa_destroy_key(keys[MBEDTLS_PSA_KEY_SLOT_COUNT - 1]));
/*
@@ -1016,8 +1016,8 @@
PSA_ASSERT(psa_export_key(keys[i],
exported, sizeof(exported),
&exported_length));
- ASSERT_COMPARE(exported, exported_length,
- (uint8_t *) &i, sizeof(i));
+ TEST_MEMORY_COMPARE(exported, exported_length,
+ (uint8_t *) &i, sizeof(i));
PSA_ASSERT(psa_destroy_key(keys[i]));
}
@@ -1028,8 +1028,8 @@
PSA_ASSERT(psa_export_key(persistent_key, exported, sizeof(exported),
&exported_length));
- ASSERT_COMPARE(exported, exported_length,
- (uint8_t *) &persistent_key, sizeof(persistent_key));
+ TEST_MEMORY_COMPARE(exported, exported_length,
+ (uint8_t *) &persistent_key, sizeof(persistent_key));
exit:
/*
* Key attributes may have been returned by psa_get_key_attributes()
diff --git a/tests/suites/test_suite_psa_crypto_storage_format.function b/tests/suites/test_suite_psa_crypto_storage_format.function
index ee66f7d..2f68409 100644
--- a/tests/suites/test_suite_psa_crypto_storage_format.function
+++ b/tests/suites/test_suite_psa_crypto_storage_format.function
@@ -36,11 +36,11 @@
/* Check that the key is represented as expected. */
PSA_ASSERT(psa_its_get_info(uid, &storage_info));
TEST_EQUAL(storage_info.size, expected_representation->len);
- ASSERT_ALLOC(actual_representation, storage_info.size);
+ TEST_CALLOC(actual_representation, storage_info.size);
PSA_ASSERT(psa_its_get(uid, 0, storage_info.size,
actual_representation, &length));
- ASSERT_COMPARE(expected_representation->x, expected_representation->len,
- actual_representation, length);
+ TEST_MEMORY_COMPARE(expected_representation->x, expected_representation->len,
+ actual_representation, length);
ok = 1;
@@ -268,12 +268,12 @@
TEST_EQUAL(psa_get_key_enrollment_algorithm(expected_attributes),
psa_get_key_enrollment_algorithm(&actual_attributes));
if (can_export(expected_attributes)) {
- ASSERT_ALLOC(exported_material, expected_material->len);
+ TEST_CALLOC(exported_material, expected_material->len);
PSA_ASSERT(psa_export_key(key_id,
exported_material, expected_material->len,
&length));
- ASSERT_COMPARE(expected_material->x, expected_material->len,
- exported_material, length);
+ TEST_MEMORY_COMPARE(expected_material->x, expected_material->len,
+ exported_material, length);
}
if ((flags & TEST_FLAG_EXERCISE) && can_exercise(&actual_attributes)) {
diff --git a/tests/suites/test_suite_psa_its.function b/tests/suites/test_suite_psa_its.function
index 7864b9c..0f66c79 100644
--- a/tests/suites/test_suite_psa_its.function
+++ b/tests/suites/test_suite_psa_its.function
@@ -10,7 +10,7 @@
* before changing how test data is constructed or validated.
*/
-#include "../library/psa_crypto_its.h"
+#include "psa_crypto_its.h"
#include "test/psa_helpers.h"
@@ -92,7 +92,7 @@
unsigned char *buffer = NULL;
size_t ret_len = 0;
- ASSERT_ALLOC(buffer, data->len);
+ TEST_CALLOC(buffer, data->len);
PSA_ASSERT(psa_its_set_wrap(uid, data->len, data->x, flags));
@@ -100,7 +100,7 @@
TEST_ASSERT(info.size == data->len);
TEST_ASSERT(info.flags == flags);
PSA_ASSERT(psa_its_get(uid, 0, data->len, buffer, &ret_len));
- ASSERT_COMPARE(data->x, data->len, buffer, ret_len);
+ TEST_MEMORY_COMPARE(data->x, data->len, buffer, ret_len);
PSA_ASSERT(psa_its_remove(uid));
@@ -122,14 +122,14 @@
unsigned char *buffer = NULL;
size_t ret_len = 0;
- ASSERT_ALLOC(buffer, MAX(data1->len, data2->len));
+ TEST_CALLOC(buffer, MAX(data1->len, data2->len));
PSA_ASSERT(psa_its_set_wrap(uid, data1->len, data1->x, flags1));
PSA_ASSERT(psa_its_get_info(uid, &info));
TEST_ASSERT(info.size == data1->len);
TEST_ASSERT(info.flags == flags1);
PSA_ASSERT(psa_its_get(uid, 0, data1->len, buffer, &ret_len));
- ASSERT_COMPARE(data1->x, data1->len, buffer, ret_len);
+ TEST_MEMORY_COMPARE(data1->x, data1->len, buffer, ret_len);
PSA_ASSERT(psa_its_set_wrap(uid, data2->len, data2->x, flags2));
PSA_ASSERT(psa_its_get_info(uid, &info));
@@ -137,7 +137,7 @@
TEST_ASSERT(info.flags == flags2);
ret_len = 0;
PSA_ASSERT(psa_its_get(uid, 0, data2->len, buffer, &ret_len));
- ASSERT_COMPARE(data2->x, data2->len, buffer, ret_len);
+ TEST_MEMORY_COMPARE(data2->x, data2->len, buffer, ret_len);
PSA_ASSERT(psa_its_remove(uid));
@@ -167,8 +167,8 @@
mbedtls_snprintf(stored, sizeof(stored),
"Content of file 0x%08lx", (unsigned long) uid);
PSA_ASSERT(psa_its_get(uid, 0, sizeof(stored), retrieved, &ret_len));
- ASSERT_COMPARE(retrieved, ret_len,
- stored, sizeof(stored));
+ TEST_MEMORY_COMPARE(retrieved, ret_len,
+ stored, sizeof(stored));
PSA_ASSERT(psa_its_remove(uid));
TEST_ASSERT(psa_its_get(uid, 0, 0, NULL, NULL) ==
PSA_ERROR_DOES_NOT_EXIST);
@@ -214,7 +214,7 @@
size_t i;
size_t ret_len = 0;
- ASSERT_ALLOC(buffer, length + 16);
+ TEST_CALLOC(buffer, length + 16);
trailer = buffer + length;
memset(trailer, '-', 16);
@@ -223,8 +223,8 @@
status = psa_its_get(uid, offset, length_arg, buffer, &ret_len);
TEST_ASSERT(status == (psa_status_t) expected_status);
if (status == PSA_SUCCESS) {
- ASSERT_COMPARE(data->x + offset, (size_t) length_arg,
- buffer, ret_len);
+ TEST_MEMORY_COMPARE(data->x + offset, (size_t) length_arg,
+ buffer, ret_len);
}
for (i = 0; i < 16; i++) {
TEST_ASSERT(trailer[i] == '-');
diff --git a/tests/suites/test_suite_random.function b/tests/suites/test_suite_random.function
index 0f0c7fa..dfc4e85 100644
--- a/tests/suites/test_suite_random.function
+++ b/tests/suites/test_suite_random.function
@@ -18,7 +18,7 @@
/* END_HEADER */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_CTR_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C */
void random_twice_with_ctr_drbg()
{
mbedtls_entropy_context entropy;
@@ -57,7 +57,7 @@
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:MBEDTLS_HMAC_DRBG_C */
+/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_HMAC_DRBG_C */
void random_twice_with_hmac_drbg(int md_type)
{
mbedtls_entropy_context entropy;
@@ -163,7 +163,7 @@
unsigned char *output = NULL;
PSA_ASSERT(psa_crypto_init());
- ASSERT_ALLOC(output, n);
+ TEST_CALLOC(output, n);
TEST_EQUAL(0, mbedtls_psa_get_random(MBEDTLS_PSA_RANDOM_STATE,
output, n));
diff --git a/tests/suites/test_suite_ssl.function b/tests/suites/test_suite_ssl.function
index 1dec18d..02c3799 100644
--- a/tests/suites/test_suite_ssl.function
+++ b/tests/suites/test_suite_ssl.function
@@ -1,2011 +1,11 @@
/* BEGIN_HEADER */
-#include <mbedtls/ssl.h>
-#include <mbedtls/ssl_internal.h>
-#include <mbedtls/ctr_drbg.h>
-#include <mbedtls/entropy.h>
-#include <mbedtls/certs.h>
-#include <mbedtls/timing.h>
-#include <mbedtls/debug.h>
-#include <ssl_tls13_keys.h>
+#include <test/ssl_helpers.h>
#include <constant_time_internal.h>
#include <test/constant_flow.h>
-#if defined(MBEDTLS_KEY_EXCHANGE_DHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_ECDHE_RSA_ENABLED) || \
- defined(MBEDTLS_KEY_EXCHANGE_RSA_ENABLED)
-#define MBEDTLS_CAN_HANDLE_RSA_TEST_KEY
-#endif
-
-enum {
-#define MBEDTLS_SSL_TLS1_3_LABEL(name, string) \
- tls1_3_label_ ## name,
- MBEDTLS_SSL_TLS1_3_LABEL_LIST
-#undef MBEDTLS_SSL_TLS1_3_LABEL
-};
-
-typedef struct log_pattern {
- const char *pattern;
- size_t counter;
-} log_pattern;
-
-/*
- * This function can be passed to mbedtls to receive output logs from it. In
- * this case, it will count the instances of a log_pattern in the received
- * logged messages.
- */
-void log_analyzer(void *ctx, int level,
- const char *file, int line,
- const char *str)
-{
- log_pattern *p = (log_pattern *) ctx;
-
- (void) level;
- (void) line;
- (void) file;
-
- if (NULL != p &&
- NULL != p->pattern &&
- NULL != strstr(str, p->pattern)) {
- p->counter++;
- }
-}
-
-/* Invalid minor version used when not specifying a min/max version or expecting a test to fail */
-#define TEST_SSL_MINOR_VERSION_NONE -1
-
-typedef struct handshake_test_options {
- const char *cipher;
- int client_min_version;
- int client_max_version;
- int server_min_version;
- int server_max_version;
- int expected_negotiated_version;
- int pk_alg;
- data_t *psk_str;
- int dtls;
- int srv_auth_mode;
- int serialize;
- int mfl;
- int cli_msg_len;
- int srv_msg_len;
- int expected_cli_fragments;
- int expected_srv_fragments;
- int renegotiate;
- int legacy_renegotiation;
- void *srv_log_obj;
- void *cli_log_obj;
- void (*srv_log_fun)(void *, int, const char *, int, const char *);
- void (*cli_log_fun)(void *, int, const char *, int, const char *);
- int resize_buffers;
-} handshake_test_options;
-
-void init_handshake_options(handshake_test_options *opts)
-{
- opts->cipher = "";
- opts->client_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->client_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_min_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->server_max_version = TEST_SSL_MINOR_VERSION_NONE;
- opts->expected_negotiated_version = MBEDTLS_SSL_MINOR_VERSION_3;
- opts->pk_alg = MBEDTLS_PK_RSA;
- opts->psk_str = NULL;
- opts->dtls = 0;
- opts->srv_auth_mode = MBEDTLS_SSL_VERIFY_NONE;
- opts->serialize = 0;
- opts->mfl = MBEDTLS_SSL_MAX_FRAG_LEN_NONE;
- opts->cli_msg_len = 100;
- opts->srv_msg_len = 100;
- opts->expected_cli_fragments = 1;
- opts->expected_srv_fragments = 1;
- opts->renegotiate = 0;
- opts->legacy_renegotiation = MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION;
- opts->srv_log_obj = NULL;
- opts->srv_log_obj = NULL;
- opts->srv_log_fun = NULL;
- opts->cli_log_fun = NULL;
- opts->resize_buffers = 1;
-}
-/*
- * Buffer structure for custom I/O callbacks.
- */
-
-typedef struct mbedtls_test_buffer {
- size_t start;
- size_t content_length;
- size_t capacity;
- unsigned char *buffer;
-} mbedtls_test_buffer;
-
-/*
- * Initialises \p buf. After calling this function it is safe to call
- * `mbedtls_test_buffer_free()` on \p buf.
- */
-void mbedtls_test_buffer_init(mbedtls_test_buffer *buf)
-{
- memset(buf, 0, sizeof(*buf));
-}
-
-/*
- * Sets up \p buf. After calling this function it is safe to call
- * `mbedtls_test_buffer_put()` and `mbedtls_test_buffer_get()` on \p buf.
- */
-int mbedtls_test_buffer_setup(mbedtls_test_buffer *buf, size_t capacity)
-{
- buf->buffer = (unsigned char *) mbedtls_calloc(capacity,
- sizeof(unsigned char));
- if (NULL == buf->buffer) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
- buf->capacity = capacity;
-
- return 0;
-}
-
-void mbedtls_test_buffer_free(mbedtls_test_buffer *buf)
-{
- if (buf->buffer != NULL) {
- mbedtls_free(buf->buffer);
- }
-
- memset(buf, 0, sizeof(*buf));
-}
-
-/*
- * Puts \p input_len bytes from the \p input buffer into the ring buffer \p buf.
- *
- * \p buf must have been initialized and set up by calling
- * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
- *
- * \retval \p input_len, if the data fits.
- * \retval 0 <= value < \p input_len, if the data does not fit.
- * \retval -1, if \p buf is NULL, it hasn't been set up or \p input_len is not
- * zero and \p input is NULL.
- */
-int mbedtls_test_buffer_put(mbedtls_test_buffer *buf,
- const unsigned char *input, size_t input_len)
-{
- size_t overflow = 0;
-
- if ((buf == NULL) || (buf->buffer == NULL)) {
- return -1;
- }
-
- /* Reduce input_len to a number that fits in the buffer. */
- if ((buf->content_length + input_len) > buf->capacity) {
- input_len = buf->capacity - buf->content_length;
- }
-
- if (input == NULL) {
- return (input_len == 0) ? 0 : -1;
- }
-
- /* Check if the buffer has not come full circle and free space is not in
- * the middle */
- if (buf->start + buf->content_length < buf->capacity) {
-
- /* Calculate the number of bytes that need to be placed at lower memory
- * address */
- if (buf->start + buf->content_length + input_len
- > buf->capacity) {
- overflow = (buf->start + buf->content_length + input_len)
- % buf->capacity;
- }
-
- memcpy(buf->buffer + buf->start + buf->content_length, input,
- input_len - overflow);
- memcpy(buf->buffer, input + input_len - overflow, overflow);
-
- } else {
- /* The buffer has come full circle and free space is in the middle */
- memcpy(buf->buffer + buf->start + buf->content_length - buf->capacity,
- input, input_len);
- }
-
- buf->content_length += input_len;
- return input_len;
-}
-
-/*
- * Gets \p output_len bytes from the ring buffer \p buf into the
- * \p output buffer. The output buffer can be NULL, in this case a part of the
- * ring buffer will be dropped, if the requested length is available.
- *
- * \p buf must have been initialized and set up by calling
- * `mbedtls_test_buffer_init()` and `mbedtls_test_buffer_setup()`.
- *
- * \retval \p output_len, if the data is available.
- * \retval 0 <= value < \p output_len, if the data is not available.
- * \retval -1, if \buf is NULL or it hasn't been set up.
- */
-int mbedtls_test_buffer_get(mbedtls_test_buffer *buf,
- unsigned char *output, size_t output_len)
-{
- size_t overflow = 0;
-
- if ((buf == NULL) || (buf->buffer == NULL)) {
- return -1;
- }
-
- if (output == NULL && output_len == 0) {
- return 0;
- }
-
- if (buf->content_length < output_len) {
- output_len = buf->content_length;
- }
-
- /* Calculate the number of bytes that need to be drawn from lower memory
- * address */
- if (buf->start + output_len > buf->capacity) {
- overflow = (buf->start + output_len) % buf->capacity;
- }
-
- if (output != NULL) {
- memcpy(output, buf->buffer + buf->start, output_len - overflow);
- memcpy(output + output_len - overflow, buf->buffer, overflow);
- }
-
- buf->content_length -= output_len;
- buf->start = (buf->start + output_len) % buf->capacity;
-
- return output_len;
-}
-
-/*
- * Errors used in the message transport mock tests
- */
- #define MBEDTLS_TEST_ERROR_ARG_NULL -11
- #define MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED -44
-
-/*
- * Context for a message metadata queue (fifo) that is on top of the ring buffer.
- */
-typedef struct mbedtls_test_message_queue {
- size_t *messages;
- int pos;
- int num;
- int capacity;
-} mbedtls_test_message_queue;
-
-/*
- * Setup and free functions for the message metadata queue.
- *
- * \p capacity describes the number of message metadata chunks that can be held
- * within the queue.
- *
- * \retval 0, if a metadata queue of a given length can be allocated.
- * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation failed.
- */
-int mbedtls_test_message_queue_setup(mbedtls_test_message_queue *queue,
- size_t capacity)
-{
- queue->messages = (size_t *) mbedtls_calloc(capacity, sizeof(size_t));
- if (NULL == queue->messages) {
- return MBEDTLS_ERR_SSL_ALLOC_FAILED;
- }
-
- queue->capacity = capacity;
- queue->pos = 0;
- queue->num = 0;
-
- return 0;
-}
-
-void mbedtls_test_message_queue_free(mbedtls_test_message_queue *queue)
-{
- if (queue == NULL) {
- return;
- }
-
- if (queue->messages != NULL) {
- mbedtls_free(queue->messages);
- }
-
- memset(queue, 0, sizeof(*queue));
-}
-
-/*
- * Push message length information onto the message metadata queue.
- * This will become the last element to leave it (fifo).
- *
- * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
- * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the queue is full.
- * \retval \p len, if the push was successful.
- */
-int mbedtls_test_message_queue_push_info(mbedtls_test_message_queue *queue,
- size_t len)
-{
- int place;
- if (queue == NULL) {
- return MBEDTLS_TEST_ERROR_ARG_NULL;
- }
-
- if (queue->num >= queue->capacity) {
- return MBEDTLS_ERR_SSL_WANT_WRITE;
- }
-
- place = (queue->pos + queue->num) % queue->capacity;
- queue->messages[place] = len;
- queue->num++;
- return len;
-}
-
-/*
- * Pop information about the next message length from the queue. This will be
- * the oldest inserted message length(fifo). \p msg_len can be null, in which
- * case the data will be popped from the queue but not copied anywhere.
- *
- * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
- * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
- * \retval message length, if the pop was successful, up to the given
- \p buf_len.
- */
-int mbedtls_test_message_queue_pop_info(mbedtls_test_message_queue *queue,
- size_t buf_len)
-{
- size_t message_length;
- if (queue == NULL) {
- return MBEDTLS_TEST_ERROR_ARG_NULL;
- }
- if (queue->num == 0) {
- return MBEDTLS_ERR_SSL_WANT_READ;
- }
-
- message_length = queue->messages[queue->pos];
- queue->messages[queue->pos] = 0;
- queue->num--;
- queue->pos++;
- queue->pos %= queue->capacity;
- if (queue->pos < 0) {
- queue->pos += queue->capacity;
- }
-
- return (message_length > buf_len) ? buf_len : message_length;
-}
-
-/*
- * Take a peek on the info about the next message length from the queue.
- * This will be the oldest inserted message length(fifo).
- *
- * \retval MBEDTLS_TEST_ERROR_ARG_NULL, if the queue is null.
- * \retval MBEDTLS_ERR_SSL_WANT_READ, if the queue is empty.
- * \retval 0, if the peek was successful.
- * \retval MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED, if the given buffer length is
- * too small to fit the message. In this case the \p msg_len will be
- * set to the full message length so that the
- * caller knows what portion of the message can be dropped.
- */
-int mbedtls_test_message_queue_peek_info(mbedtls_test_message_queue *queue,
- size_t buf_len, size_t *msg_len)
-{
- if (queue == NULL || msg_len == NULL) {
- return MBEDTLS_TEST_ERROR_ARG_NULL;
- }
- if (queue->num == 0) {
- return MBEDTLS_ERR_SSL_WANT_READ;
- }
-
- *msg_len = queue->messages[queue->pos];
- return (*msg_len > buf_len) ? MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED : 0;
-}
-/*
- * Context for the I/O callbacks simulating network connection.
- */
-
-#define MBEDTLS_MOCK_SOCKET_CONNECTED 1
-
-typedef struct mbedtls_mock_socket {
- int status;
- mbedtls_test_buffer *input;
- mbedtls_test_buffer *output;
- struct mbedtls_mock_socket *peer;
-} mbedtls_mock_socket;
-
-/*
- * Setup and teardown functions for mock sockets.
- */
-void mbedtls_mock_socket_init(mbedtls_mock_socket *socket)
-{
- memset(socket, 0, sizeof(*socket));
-}
-
-/*
- * Closes the socket \p socket.
- *
- * \p socket must have been previously initialized by calling
- * mbedtls_mock_socket_init().
- *
- * This function frees all allocated resources and both sockets are aware of the
- * new connection state.
- *
- * That is, this function does not simulate half-open TCP connections and the
- * phenomenon that when closing a UDP connection the peer is not aware of the
- * connection having been closed.
- */
-void mbedtls_mock_socket_close(mbedtls_mock_socket *socket)
-{
- if (socket == NULL) {
- return;
- }
-
- if (socket->input != NULL) {
- mbedtls_test_buffer_free(socket->input);
- mbedtls_free(socket->input);
- }
-
- if (socket->output != NULL) {
- mbedtls_test_buffer_free(socket->output);
- mbedtls_free(socket->output);
- }
-
- if (socket->peer != NULL) {
- memset(socket->peer, 0, sizeof(*socket->peer));
- }
-
- memset(socket, 0, sizeof(*socket));
-}
-
-/*
- * Establishes a connection between \p peer1 and \p peer2.
- *
- * \p peer1 and \p peer2 must have been previously initialized by calling
- * mbedtls_mock_socket_init().
- *
- * The capacities of the internal buffers are set to \p bufsize. Setting this to
- * the correct value allows for simulation of MTU, sanity testing the mock
- * implementation and mocking TCP connections with lower memory cost.
- */
-int mbedtls_mock_socket_connect(mbedtls_mock_socket *peer1,
- mbedtls_mock_socket *peer2,
- size_t bufsize)
-{
- int ret = -1;
-
- peer1->output =
- (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer));
- if (peer1->output == NULL) {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
- mbedtls_test_buffer_init(peer1->output);
- if (0 != (ret = mbedtls_test_buffer_setup(peer1->output, bufsize))) {
- goto exit;
- }
-
- peer2->output =
- (mbedtls_test_buffer *) mbedtls_calloc(1, sizeof(mbedtls_test_buffer));
- if (peer2->output == NULL) {
- ret = MBEDTLS_ERR_SSL_ALLOC_FAILED;
- goto exit;
- }
- mbedtls_test_buffer_init(peer2->output);
- if (0 != (ret = mbedtls_test_buffer_setup(peer2->output, bufsize))) {
- goto exit;
- }
-
- peer1->peer = peer2;
- peer2->peer = peer1;
- peer1->input = peer2->output;
- peer2->input = peer1->output;
-
- peer1->status = peer2->status = MBEDTLS_MOCK_SOCKET_CONNECTED;
- ret = 0;
-
-exit:
-
- if (ret != 0) {
- mbedtls_mock_socket_close(peer1);
- mbedtls_mock_socket_close(peer2);
- }
-
- return ret;
-}
-
-/*
- * Callbacks for simulating blocking I/O over connection-oriented transport.
- */
-
-int mbedtls_mock_tcp_send_b(void *ctx, const unsigned char *buf, size_t len)
-{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
-
- if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
- return -1;
- }
-
- return mbedtls_test_buffer_put(socket->output, buf, len);
-}
-
-int mbedtls_mock_tcp_recv_b(void *ctx, unsigned char *buf, size_t len)
-{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
-
- if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
- return -1;
- }
-
- return mbedtls_test_buffer_get(socket->input, buf, len);
-}
-
-/*
- * Callbacks for simulating non-blocking I/O over connection-oriented transport.
- */
-
-int mbedtls_mock_tcp_send_nb(void *ctx, const unsigned char *buf, size_t len)
-{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
-
- if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
- return -1;
- }
-
- if (socket->output->capacity == socket->output->content_length) {
- return MBEDTLS_ERR_SSL_WANT_WRITE;
- }
-
- return mbedtls_test_buffer_put(socket->output, buf, len);
-}
-
-int mbedtls_mock_tcp_recv_nb(void *ctx, unsigned char *buf, size_t len)
-{
- mbedtls_mock_socket *socket = (mbedtls_mock_socket *) ctx;
-
- if (socket == NULL || socket->status != MBEDTLS_MOCK_SOCKET_CONNECTED) {
- return -1;
- }
-
- if (socket->input->content_length == 0) {
- return MBEDTLS_ERR_SSL_WANT_READ;
- }
-
- return mbedtls_test_buffer_get(socket->input, buf, len);
-}
-
-/* Errors used in the message socket mocks */
-
-#define MBEDTLS_TEST_ERROR_CONTEXT_ERROR -55
-#define MBEDTLS_TEST_ERROR_SEND_FAILED -66
-#define MBEDTLS_TEST_ERROR_RECV_FAILED -77
-
-/*
- * Structure used as an addon, or a wrapper, around the mocked sockets.
- * Contains an input queue, to which the other socket pushes metadata,
- * and an output queue, to which this one pushes metadata. This context is
- * considered as an owner of the input queue only, which is initialized and
- * freed in the respective setup and free calls.
- */
-typedef struct mbedtls_test_message_socket_context {
- mbedtls_test_message_queue *queue_input;
- mbedtls_test_message_queue *queue_output;
- mbedtls_mock_socket *socket;
-} mbedtls_test_message_socket_context;
-
-void mbedtls_message_socket_init(mbedtls_test_message_socket_context *ctx)
-{
- ctx->queue_input = NULL;
- ctx->queue_output = NULL;
- ctx->socket = NULL;
-}
-
-/*
- * Setup a given message socket context including initialization of
- * input/output queues to a chosen capacity of messages. Also set the
- * corresponding mock socket.
- *
- * \retval 0, if everything succeeds.
- * \retval MBEDTLS_ERR_SSL_ALLOC_FAILED, if allocation of a message
- * queue failed.
- */
-int mbedtls_message_socket_setup(mbedtls_test_message_queue *queue_input,
- mbedtls_test_message_queue *queue_output,
- size_t queue_capacity,
- mbedtls_mock_socket *socket,
- mbedtls_test_message_socket_context *ctx)
-{
- int ret = mbedtls_test_message_queue_setup(queue_input, queue_capacity);
- if (ret != 0) {
- return ret;
- }
- ctx->queue_input = queue_input;
- ctx->queue_output = queue_output;
- ctx->socket = socket;
- mbedtls_mock_socket_init(socket);
-
- return 0;
-}
-
-/*
- * Close a given message socket context, along with the socket itself. Free the
- * memory allocated by the input queue.
- */
-void mbedtls_message_socket_close(mbedtls_test_message_socket_context *ctx)
-{
- if (ctx == NULL) {
- return;
- }
-
- mbedtls_test_message_queue_free(ctx->queue_input);
- mbedtls_mock_socket_close(ctx->socket);
- memset(ctx, 0, sizeof(*ctx));
-}
-
-/*
- * Send one message through a given message socket context.
- *
- * \retval \p len, if everything succeeds.
- * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
- * elements or the context itself is null.
- * \retval MBEDTLS_TEST_ERROR_SEND_FAILED if mbedtls_mock_tcp_send_b failed.
- * \retval MBEDTLS_ERR_SSL_WANT_WRITE, if the output queue is full.
- *
- * This function will also return any error from
- * mbedtls_test_message_queue_push_info.
- */
-int mbedtls_mock_tcp_send_msg(void *ctx, const unsigned char *buf, size_t len)
-{
- mbedtls_test_message_queue *queue;
- mbedtls_mock_socket *socket;
- mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx;
-
- if (context == NULL || context->socket == NULL
- || context->queue_output == NULL) {
- return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
- }
-
- queue = context->queue_output;
- socket = context->socket;
-
- if (queue->num >= queue->capacity) {
- return MBEDTLS_ERR_SSL_WANT_WRITE;
- }
-
- if (mbedtls_mock_tcp_send_b(socket, buf, len) != (int) len) {
- return MBEDTLS_TEST_ERROR_SEND_FAILED;
- }
-
- return mbedtls_test_message_queue_push_info(queue, len);
-}
-
-/*
- * Receive one message from a given message socket context and return message
- * length or an error.
- *
- * \retval message length, if everything succeeds.
- * \retval MBEDTLS_TEST_ERROR_CONTEXT_ERROR, if any of the needed context
- * elements or the context itself is null.
- * \retval MBEDTLS_TEST_ERROR_RECV_FAILED if mbedtls_mock_tcp_recv_b failed.
- *
- * This function will also return any error other than
- * MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED from mbedtls_test_message_queue_peek_info.
- */
-int mbedtls_mock_tcp_recv_msg(void *ctx, unsigned char *buf, size_t buf_len)
-{
- mbedtls_test_message_queue *queue;
- mbedtls_mock_socket *socket;
- mbedtls_test_message_socket_context *context = (mbedtls_test_message_socket_context *) ctx;
- size_t drop_len = 0;
- size_t msg_len;
- int ret;
-
- if (context == NULL || context->socket == NULL
- || context->queue_input == NULL) {
- return MBEDTLS_TEST_ERROR_CONTEXT_ERROR;
- }
-
- queue = context->queue_input;
- socket = context->socket;
-
- /* Peek first, so that in case of a socket error the data remains in
- * the queue. */
- ret = mbedtls_test_message_queue_peek_info(queue, buf_len, &msg_len);
- if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
- /* Calculate how much to drop */
- drop_len = msg_len - buf_len;
-
- /* Set the requested message len to be buffer length */
- msg_len = buf_len;
- } else if (ret != 0) {
- return ret;
- }
-
- if (mbedtls_mock_tcp_recv_b(socket, buf, msg_len) != (int) msg_len) {
- return MBEDTLS_TEST_ERROR_RECV_FAILED;
- }
-
- if (ret == MBEDTLS_TEST_ERROR_MESSAGE_TRUNCATED) {
- /* Drop the remaining part of the message */
- if (mbedtls_mock_tcp_recv_b(socket, NULL, drop_len) != (int) drop_len) {
- /* Inconsistent state - part of the message was read,
- * and a part couldn't. Not much we can do here, but it should not
- * happen in test environment, unless forced manually. */
- }
- }
- mbedtls_test_message_queue_pop_info(queue, buf_len);
-
- return msg_len;
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- defined(MBEDTLS_CERTS_C) && \
- defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_CTR_DRBG_C)
-
-/*
- * Structure with endpoint's certificates for SSL communication tests.
- */
-typedef struct mbedtls_endpoint_certificate {
- mbedtls_x509_crt *ca_cert;
- mbedtls_x509_crt *cert;
- mbedtls_pk_context *pkey;
-} mbedtls_endpoint_certificate;
-
-/*
- * Endpoint structure for SSL communication tests.
- */
-typedef struct mbedtls_endpoint {
- const char *name;
- mbedtls_ssl_context ssl;
- mbedtls_ssl_config conf;
- mbedtls_ctr_drbg_context ctr_drbg;
- mbedtls_entropy_context entropy;
- mbedtls_mock_socket socket;
- mbedtls_endpoint_certificate cert;
-} mbedtls_endpoint;
-
-/*
- * Deinitializes certificates from endpoint represented by \p ep.
- */
-void mbedtls_endpoint_certificate_free(mbedtls_endpoint *ep)
-{
- mbedtls_endpoint_certificate *cert = &(ep->cert);
- if (cert != NULL) {
- if (cert->ca_cert != NULL) {
- mbedtls_x509_crt_free(cert->ca_cert);
- mbedtls_free(cert->ca_cert);
- cert->ca_cert = NULL;
- }
- if (cert->cert != NULL) {
- mbedtls_x509_crt_free(cert->cert);
- mbedtls_free(cert->cert);
- cert->cert = NULL;
- }
- if (cert->pkey != NULL) {
-#if defined(MBEDTLS_USE_PSA_CRYPTO)
- if (mbedtls_pk_get_type(cert->pkey) == MBEDTLS_PK_OPAQUE) {
- mbedtls_svc_key_id_t *key_slot = cert->pkey->pk_ctx;
- psa_destroy_key(*key_slot);
- }
-#endif
- mbedtls_pk_free(cert->pkey);
- mbedtls_free(cert->pkey);
- cert->pkey = NULL;
- }
- }
-}
-
-/*
- * Initializes \p ep_cert structure and assigns it to endpoint
- * represented by \p ep.
- *
- * \retval 0 on success, otherwise error code.
- */
-int mbedtls_endpoint_certificate_init(mbedtls_endpoint *ep, int pk_alg)
-{
- int i = 0;
- int ret = -1;
- mbedtls_endpoint_certificate *cert = NULL;
-
- if (ep == NULL) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- cert = &(ep->cert);
- ASSERT_ALLOC(cert->ca_cert, 1);
- ASSERT_ALLOC(cert->cert, 1);
- ASSERT_ALLOC(cert->pkey, 1);
-
- mbedtls_x509_crt_init(cert->ca_cert);
- mbedtls_x509_crt_init(cert->cert);
- mbedtls_pk_init(cert->pkey);
-
- /* Load the trusted CA */
-
- for (i = 0; mbedtls_test_cas_der[i] != NULL; i++) {
- ret = mbedtls_x509_crt_parse_der(cert->ca_cert,
- (const unsigned char *) mbedtls_test_cas_der[i],
- mbedtls_test_cas_der_len[i]);
- TEST_ASSERT(ret == 0);
- }
-
- /* Load own certificate and private key */
-
- if (ep->conf.endpoint == MBEDTLS_SSL_IS_SERVER) {
- if (pk_alg == MBEDTLS_PK_RSA) {
- ret = mbedtls_x509_crt_parse(cert->cert,
- (const unsigned char *) mbedtls_test_srv_crt_rsa_sha256_der,
- mbedtls_test_srv_crt_rsa_sha256_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(cert->pkey,
- (const unsigned char *) mbedtls_test_srv_key_rsa_der,
- mbedtls_test_srv_key_rsa_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- } else {
- ret = mbedtls_x509_crt_parse(cert->cert,
- (const unsigned char *) mbedtls_test_srv_crt_ec_der,
- mbedtls_test_srv_crt_ec_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(cert->pkey,
- (const unsigned char *) mbedtls_test_srv_key_ec_der,
- mbedtls_test_srv_key_ec_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- }
- } else {
- if (pk_alg == MBEDTLS_PK_RSA) {
- ret = mbedtls_x509_crt_parse(cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_rsa_der,
- mbedtls_test_cli_crt_rsa_der_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_rsa_der,
- mbedtls_test_cli_key_rsa_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- } else {
- ret = mbedtls_x509_crt_parse(cert->cert,
- (const unsigned char *) mbedtls_test_cli_crt_ec_der,
- mbedtls_test_cli_crt_ec_len);
- TEST_ASSERT(ret == 0);
-
- ret = mbedtls_pk_parse_key(cert->pkey,
- (const unsigned char *) mbedtls_test_cli_key_ec_der,
- mbedtls_test_cli_key_ec_der_len, NULL, 0);
- TEST_ASSERT(ret == 0);
- }
- }
-
- mbedtls_ssl_conf_ca_chain(&(ep->conf), cert->ca_cert, NULL);
-
- ret = mbedtls_ssl_conf_own_cert(&(ep->conf), cert->cert,
- cert->pkey);
- TEST_ASSERT(ret == 0);
-
-exit:
- if (ret != 0) {
- mbedtls_endpoint_certificate_free(ep);
- }
-
- return ret;
-}
-
-/*
- * Initializes \p ep structure. It is important to call `mbedtls_endpoint_free()`
- * after calling this function even if it fails.
- *
- * \p endpoint_type must be set as MBEDTLS_SSL_IS_SERVER or
- * MBEDTLS_SSL_IS_CLIENT.
- * \p pk_alg the algorithm to use, currently only MBEDTLS_PK_RSA and
- * MBEDTLS_PK_ECDSA are supported.
- * \p dtls_context - in case of DTLS - this is the context handling metadata.
- * \p input_queue - used only in case of DTLS.
- * \p output_queue - used only in case of DTLS.
- *
- * \retval 0 on success, otherwise error code.
- */
-int mbedtls_endpoint_init(mbedtls_endpoint *ep, int endpoint_type, int pk_alg,
- mbedtls_test_message_socket_context *dtls_context,
- mbedtls_test_message_queue *input_queue,
- mbedtls_test_message_queue *output_queue,
- const mbedtls_ecp_group_id *curves)
-{
- int ret = -1;
-
- if (dtls_context != NULL && (input_queue == NULL || output_queue == NULL)) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- if (ep == NULL) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- memset(ep, 0, sizeof(*ep));
-
- ep->name = (endpoint_type == MBEDTLS_SSL_IS_SERVER) ? "Server" : "Client";
-
- mbedtls_ssl_init(&(ep->ssl));
- mbedtls_ssl_config_init(&(ep->conf));
- mbedtls_ctr_drbg_init(&(ep->ctr_drbg));
- mbedtls_ssl_conf_rng(&(ep->conf),
- mbedtls_ctr_drbg_random,
- &(ep->ctr_drbg));
- mbedtls_entropy_init(&(ep->entropy));
- if (dtls_context != NULL) {
- TEST_ASSERT(mbedtls_message_socket_setup(input_queue, output_queue,
- 100, &(ep->socket),
- dtls_context) == 0);
- } else {
- mbedtls_mock_socket_init(&(ep->socket));
- }
-
- ret = mbedtls_ctr_drbg_seed(&(ep->ctr_drbg), mbedtls_entropy_func,
- &(ep->entropy), (const unsigned char *) (ep->name),
- strlen(ep->name));
- TEST_ASSERT(ret == 0);
-
- /* Non-blocking callbacks without timeout */
- if (dtls_context != NULL) {
- mbedtls_ssl_set_bio(&(ep->ssl), dtls_context,
- mbedtls_mock_tcp_send_msg,
- mbedtls_mock_tcp_recv_msg,
- NULL);
- } else {
- mbedtls_ssl_set_bio(&(ep->ssl), &(ep->socket),
- mbedtls_mock_tcp_send_nb,
- mbedtls_mock_tcp_recv_nb,
- NULL);
- }
-
- ret = mbedtls_ssl_config_defaults(&(ep->conf), endpoint_type,
- (dtls_context != NULL) ?
- MBEDTLS_SSL_TRANSPORT_DATAGRAM :
- MBEDTLS_SSL_TRANSPORT_STREAM,
- MBEDTLS_SSL_PRESET_DEFAULT);
- TEST_ASSERT(ret == 0);
-
-#if defined(MBEDTLS_ECP_C)
- if (curves != NULL) {
- mbedtls_ssl_conf_curves(&(ep->conf), curves);
- }
-#else
- (void) curves;
-#endif
-
- ret = mbedtls_ssl_setup(&(ep->ssl), &(ep->conf));
- TEST_ASSERT(ret == 0);
-
-#if defined(MBEDTLS_SSL_PROTO_DTLS) && defined(MBEDTLS_SSL_SRV_C)
- if (endpoint_type == MBEDTLS_SSL_IS_SERVER && dtls_context != NULL) {
- mbedtls_ssl_conf_dtls_cookies(&(ep->conf), NULL, NULL, NULL);
- }
-#endif
-
- ret = mbedtls_endpoint_certificate_init(ep, pk_alg);
- TEST_ASSERT(ret == 0);
-
-exit:
- return ret;
-}
-
-/*
- * Deinitializes endpoint represented by \p ep.
- */
-void mbedtls_endpoint_free(mbedtls_endpoint *ep,
- mbedtls_test_message_socket_context *context)
-{
- mbedtls_endpoint_certificate_free(ep);
-
- mbedtls_ssl_free(&(ep->ssl));
- mbedtls_ssl_config_free(&(ep->conf));
- mbedtls_ctr_drbg_free(&(ep->ctr_drbg));
- mbedtls_entropy_free(&(ep->entropy));
-
- if (context != NULL) {
- mbedtls_message_socket_close(context);
- } else {
- mbedtls_mock_socket_close(&(ep->socket));
- }
-}
-
-/*
- * This function moves ssl handshake from \p ssl to prescribed \p state.
- * /p second_ssl is used as second endpoint and their sockets have to be
- * connected before calling this function.
- *
- * \retval 0 on success, otherwise error code.
- */
-int mbedtls_move_handshake_to_state(mbedtls_ssl_context *ssl,
- mbedtls_ssl_context *second_ssl,
- int state)
-{
- enum { BUFFSIZE = 1024 };
- int max_steps = 1000;
- int ret = 0;
-
- if (ssl == NULL || second_ssl == NULL) {
- return MBEDTLS_ERR_SSL_BAD_INPUT_DATA;
- }
-
- /* Perform communication via connected sockets */
- while ((ssl->state != state) && (--max_steps >= 0)) {
- /* If /p second_ssl ends the handshake procedure before /p ssl then
- * there is no need to call the next step */
- if (second_ssl->state != MBEDTLS_SSL_HANDSHAKE_OVER) {
- ret = mbedtls_ssl_handshake_step(second_ssl);
- if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
- return ret;
- }
- }
-
- /* We only care about the \p ssl state and returns, so we call it last,
- * to leave the iteration as soon as the state is as expected. */
- ret = mbedtls_ssl_handshake_step(ssl);
- if (ret != 0 && ret != MBEDTLS_ERR_SSL_WANT_READ &&
- ret != MBEDTLS_ERR_SSL_WANT_WRITE) {
- return ret;
- }
- }
-
- return (max_steps >= 0) ? ret : -1;
-}
-
-#endif \
- /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
-
-/*
- * Write application data. Increase write counter if necessary.
- */
-int mbedtls_ssl_write_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
- int buf_len, int *written,
- const int expected_fragments)
-{
- int ret = mbedtls_ssl_write(ssl, buf + *written, buf_len - *written);
- if (ret > 0) {
- *written += ret;
- }
-
- if (expected_fragments == 0) {
- /* Used for DTLS and the message size larger than MFL. In that case
- * the message can not be fragmented and the library should return
- * MBEDTLS_ERR_SSL_BAD_INPUT_DATA error. This error must be returned
- * to prevent a dead loop inside mbedtls_exchange_data(). */
- return ret;
- } else if (expected_fragments == 1) {
- /* Used for TLS/DTLS and the message size lower than MFL */
- TEST_ASSERT(ret == buf_len ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- } else {
- /* Used for TLS and the message size larger than MFL */
- TEST_ASSERT(expected_fragments > 1);
- TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- }
-
- return 0;
-
-exit:
- /* Some of the tests failed */
- return -1;
-}
-
-/*
- * Read application data and increase read counter and fragments counter if necessary.
- */
-int mbedtls_ssl_read_fragment(mbedtls_ssl_context *ssl, unsigned char *buf,
- int buf_len, int *read,
- int *fragments, const int expected_fragments)
-{
- int ret = mbedtls_ssl_read(ssl, buf + *read, buf_len - *read);
- if (ret > 0) {
- (*fragments)++;
- *read += ret;
- }
-
- if (expected_fragments == 0) {
- TEST_ASSERT(ret == 0);
- } else if (expected_fragments == 1) {
- TEST_ASSERT(ret == buf_len ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- } else {
- TEST_ASSERT(expected_fragments > 1);
- TEST_ASSERT((ret >= 0 && ret <= buf_len) ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- }
-
- return 0;
-
-exit:
- /* Some of the tests failed */
- return -1;
-}
-
-/*
- * Helper function setting up inverse record transformations
- * using given cipher, hash, EtM mode, authentication tag length,
- * and version.
- */
-
-#define CHK(x) \
- do \
- { \
- if (!(x)) \
- { \
- ret = -1; \
- goto cleanup; \
- } \
- } while (0)
-
-void set_ciphersuite(mbedtls_ssl_config *conf, const char *cipher,
- int *forced_ciphersuite)
-{
- const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
- forced_ciphersuite[0] = mbedtls_ssl_get_ciphersuite_id(cipher);
- forced_ciphersuite[1] = 0;
-
- ciphersuite_info =
- mbedtls_ssl_ciphersuite_from_id(forced_ciphersuite[0]);
-
- TEST_ASSERT(ciphersuite_info != NULL);
- TEST_ASSERT(ciphersuite_info->min_minor_ver <= conf->max_minor_ver);
- TEST_ASSERT(ciphersuite_info->max_minor_ver >= conf->min_minor_ver);
-
- if (conf->max_minor_ver > ciphersuite_info->max_minor_ver) {
- conf->max_minor_ver = ciphersuite_info->max_minor_ver;
- }
- if (conf->min_minor_ver < ciphersuite_info->min_minor_ver) {
- conf->min_minor_ver = ciphersuite_info->min_minor_ver;
- }
-
- mbedtls_ssl_conf_ciphersuites(conf, forced_ciphersuite);
-
-exit:
- return;
-}
-
-int psk_dummy_callback(void *p_info, mbedtls_ssl_context *ssl,
- const unsigned char *name, size_t name_len)
-{
- (void) p_info;
- (void) ssl;
- (void) name;
- (void) name_len;
-
- return 0;
-}
-
-#if MBEDTLS_SSL_CID_OUT_LEN_MAX > MBEDTLS_SSL_CID_IN_LEN_MAX
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_IN_LEN_MAX
-#else
-#define SSL_CID_LEN_MIN MBEDTLS_SSL_CID_OUT_LEN_MAX
-#endif
-
-static int build_transforms(mbedtls_ssl_transform *t_in,
- mbedtls_ssl_transform *t_out,
- int cipher_type, int hash_id,
- int etm, int tag_mode, int ver,
- size_t cid0_len,
- size_t cid1_len)
-{
- mbedtls_cipher_info_t const *cipher_info;
- int ret = 0;
-
- size_t keylen, maclen, ivlen;
- unsigned char *key0 = NULL, *key1 = NULL;
- unsigned char *md0 = NULL, *md1 = NULL;
- unsigned char iv_enc[16], iv_dec[16];
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- unsigned char cid0[SSL_CID_LEN_MIN];
- unsigned char cid1[SSL_CID_LEN_MIN];
-
- mbedtls_test_rnd_std_rand(NULL, cid0, sizeof(cid0));
- mbedtls_test_rnd_std_rand(NULL, cid1, sizeof(cid1));
-#else
- ((void) cid0_len);
- ((void) cid1_len);
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
- maclen = 0;
-
- /* Pick cipher */
- cipher_info = mbedtls_cipher_info_from_type(cipher_type);
- CHK(cipher_info != NULL);
- CHK(cipher_info->iv_size <= 16);
- CHK(cipher_info->key_bitlen % 8 == 0);
-
- /* Pick keys */
- keylen = cipher_info->key_bitlen / 8;
- /* Allocate `keylen + 1` bytes to ensure that we get
- * a non-NULL pointers from `mbedtls_calloc` even if
- * `keylen == 0` in the case of the NULL cipher. */
- CHK((key0 = mbedtls_calloc(1, keylen + 1)) != NULL);
- CHK((key1 = mbedtls_calloc(1, keylen + 1)) != NULL);
- memset(key0, 0x1, keylen);
- memset(key1, 0x2, keylen);
-
- /* Setup cipher contexts */
- CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_enc, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_in->cipher_ctx_dec, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_enc, cipher_info) == 0);
- CHK(mbedtls_cipher_setup(&t_out->cipher_ctx_dec, cipher_info) == 0);
-
-#if defined(MBEDTLS_CIPHER_MODE_CBC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC) {
- CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_in->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_enc,
- MBEDTLS_PADDING_NONE) == 0);
- CHK(mbedtls_cipher_set_padding_mode(&t_out->cipher_ctx_dec,
- MBEDTLS_PADDING_NONE) == 0);
- }
-#endif /* MBEDTLS_CIPHER_MODE_CBC */
-
- CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_enc, key0,
- keylen << 3, MBEDTLS_ENCRYPT) == 0);
- CHK(mbedtls_cipher_setkey(&t_in->cipher_ctx_dec, key1,
- keylen << 3, MBEDTLS_DECRYPT) == 0);
- CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_enc, key1,
- keylen << 3, MBEDTLS_ENCRYPT) == 0);
- CHK(mbedtls_cipher_setkey(&t_out->cipher_ctx_dec, key0,
- keylen << 3, MBEDTLS_DECRYPT) == 0);
-
- /* Setup MAC contexts */
-#if defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- if (cipher_info->mode == MBEDTLS_MODE_CBC ||
- cipher_info->mode == MBEDTLS_MODE_STREAM) {
- mbedtls_md_info_t const *md_info;
-
- /* Pick hash */
- md_info = mbedtls_md_info_from_type(hash_id);
- CHK(md_info != NULL);
-
- /* Pick hash keys */
- maclen = mbedtls_md_get_size(md_info);
- CHK((md0 = mbedtls_calloc(1, maclen)) != NULL);
- CHK((md1 = mbedtls_calloc(1, maclen)) != NULL);
- memset(md0, 0x5, maclen);
- memset(md1, 0x6, maclen);
-
- CHK(mbedtls_md_setup(&t_out->md_ctx_enc, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_out->md_ctx_dec, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_in->md_ctx_enc, md_info, 1) == 0);
- CHK(mbedtls_md_setup(&t_in->md_ctx_dec, md_info, 1) == 0);
-
- if (ver > MBEDTLS_SSL_MINOR_VERSION_0) {
- CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_enc,
- md0, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_in->md_ctx_dec,
- md1, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_enc,
- md1, maclen) == 0);
- CHK(mbedtls_md_hmac_starts(&t_out->md_ctx_dec,
- md0, maclen) == 0);
- }
-#if defined(MBEDTLS_SSL_PROTO_SSL3)
- else {
- memcpy(&t_in->mac_enc, md0, maclen);
- memcpy(&t_in->mac_dec, md1, maclen);
- memcpy(&t_out->mac_enc, md1, maclen);
- memcpy(&t_out->mac_dec, md0, maclen);
- }
-#endif
- }
-#else
- ((void) hash_id);
-#endif /* MBEDTLS_SSL_SOME_MODES_USE_MAC */
-
-
- /* Pick IV's (regardless of whether they
- * are being used by the transform). */
- ivlen = cipher_info->iv_size;
- memset(iv_enc, 0x3, sizeof(iv_enc));
- memset(iv_dec, 0x4, sizeof(iv_dec));
-
- /*
- * Setup transforms
- */
-
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC) && \
- defined(MBEDTLS_SSL_SOME_MODES_USE_MAC)
- t_out->encrypt_then_mac = etm;
- t_in->encrypt_then_mac = etm;
-#else
- ((void) etm);
-#endif
-
- t_out->minor_ver = ver;
- t_in->minor_ver = ver;
- t_out->ivlen = ivlen;
- t_in->ivlen = ivlen;
-
- switch (cipher_info->mode) {
- case MBEDTLS_MODE_GCM:
- case MBEDTLS_MODE_CCM:
-#if defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)
- if (ver == MBEDTLS_SSL_MINOR_VERSION_4) {
- t_out->fixed_ivlen = 12;
- t_in->fixed_ivlen = 12;
- } else
-#endif /* MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL */
- {
- t_out->fixed_ivlen = 4;
- t_in->fixed_ivlen = 4;
- }
- t_out->maclen = 0;
- t_in->maclen = 0;
- switch (tag_mode) {
- case 0: /* Full tag */
- t_out->taglen = 16;
- t_in->taglen = 16;
- break;
- case 1: /* Partial tag */
- t_out->taglen = 8;
- t_in->taglen = 8;
- break;
- default:
- ret = 1;
- goto cleanup;
- }
- break;
-
- case MBEDTLS_MODE_CHACHAPOLY:
- t_out->fixed_ivlen = 12;
- t_in->fixed_ivlen = 12;
- t_out->maclen = 0;
- t_in->maclen = 0;
- switch (tag_mode) {
- case 0: /* Full tag */
- t_out->taglen = 16;
- t_in->taglen = 16;
- break;
- case 1: /* Partial tag */
- t_out->taglen = 8;
- t_in->taglen = 8;
- break;
- default:
- ret = 1;
- goto cleanup;
- }
- break;
-
- case MBEDTLS_MODE_STREAM:
- case MBEDTLS_MODE_CBC:
- t_out->fixed_ivlen = 0; /* redundant, must be 0 */
- t_in->fixed_ivlen = 0; /* redundant, must be 0 */
- t_out->taglen = 0;
- t_in->taglen = 0;
- switch (tag_mode) {
- case 0: /* Full tag */
- t_out->maclen = maclen;
- t_in->maclen = maclen;
- break;
- case 1: /* Partial tag */
- t_out->maclen = 10;
- t_in->maclen = 10;
- break;
- default:
- ret = 1;
- goto cleanup;
- }
- break;
- default:
- ret = 1;
- goto cleanup;
- break;
- }
-
- /* Setup IV's */
-
- memcpy(&t_in->iv_dec, iv_dec, sizeof(iv_dec));
- memcpy(&t_in->iv_enc, iv_enc, sizeof(iv_enc));
- memcpy(&t_out->iv_dec, iv_enc, sizeof(iv_enc));
- memcpy(&t_out->iv_enc, iv_dec, sizeof(iv_dec));
-
-#if defined(MBEDTLS_SSL_DTLS_CONNECTION_ID)
- /* Add CID */
- memcpy(&t_in->in_cid, cid0, cid0_len);
- memcpy(&t_in->out_cid, cid1, cid1_len);
- t_in->in_cid_len = cid0_len;
- t_in->out_cid_len = cid1_len;
- memcpy(&t_out->in_cid, cid1, cid1_len);
- memcpy(&t_out->out_cid, cid0, cid0_len);
- t_out->in_cid_len = cid1_len;
- t_out->out_cid_len = cid0_len;
-#endif /* MBEDTLS_SSL_DTLS_CONNECTION_ID */
-
-cleanup:
-
- mbedtls_free(key0);
- mbedtls_free(key1);
-
- mbedtls_free(md0);
- mbedtls_free(md1);
-
- return ret;
-}
-
-/*
- * Populate a session structure for serialization tests.
- * Choose dummy values, mostly non-0 to distinguish from the init default.
- */
-static int ssl_populate_session(mbedtls_ssl_session *session,
- int ticket_len,
- const char *crt_file)
-{
-#if defined(MBEDTLS_HAVE_TIME)
- session->start = mbedtls_time(NULL) - 42;
-#endif
- session->ciphersuite = 0xabcd;
- session->compression = 1;
- session->id_len = sizeof(session->id);
- memset(session->id, 66, session->id_len);
- memset(session->master, 17, sizeof(session->master));
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- defined(MBEDTLS_CERTS_C) && \
- defined(MBEDTLS_FS_IO)
- if (strlen(crt_file) != 0) {
- mbedtls_x509_crt tmp_crt;
- int ret;
-
- mbedtls_x509_crt_init(&tmp_crt);
- ret = mbedtls_x509_crt_parse_file(&tmp_crt, crt_file);
- if (ret != 0) {
- return ret;
- }
-
-#if defined(MBEDTLS_SSL_KEEP_PEER_CERTIFICATE)
- /* Move temporary CRT. */
- session->peer_cert = mbedtls_calloc(1, sizeof(*session->peer_cert));
- if (session->peer_cert == NULL) {
- return -1;
- }
- *session->peer_cert = tmp_crt;
- memset(&tmp_crt, 0, sizeof(tmp_crt));
-#else /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
- /* Calculate digest of temporary CRT. */
- session->peer_cert_digest =
- mbedtls_calloc(1, MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN);
- if (session->peer_cert_digest == NULL) {
- return -1;
- }
- ret = mbedtls_md(mbedtls_md_info_from_type(
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE),
- tmp_crt.raw.p, tmp_crt.raw.len,
- session->peer_cert_digest);
- if (ret != 0) {
- return ret;
- }
- session->peer_cert_digest_type =
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_TYPE;
- session->peer_cert_digest_len =
- MBEDTLS_SSL_PEER_CERT_DIGEST_DFL_LEN;
-#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
-
- mbedtls_x509_crt_free(&tmp_crt);
- }
-#else /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
- (void) crt_file;
-#endif /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_FS_IO */
- session->verify_result = 0xdeadbeef;
-
-#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
- if (ticket_len != 0) {
- session->ticket = mbedtls_calloc(1, ticket_len);
- if (session->ticket == NULL) {
- return -1;
- }
- memset(session->ticket, 33, ticket_len);
- }
- session->ticket_len = ticket_len;
- session->ticket_lifetime = 86401;
-#else
- (void) ticket_len;
-#endif
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- session->mfl_code = 1;
-#endif
-#if defined(MBEDTLS_SSL_TRUNCATED_HMAC)
- session->trunc_hmac = 1;
-#endif
-#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
- session->encrypt_then_mac = 1;
-#endif
-
- return 0;
-}
-
-/*
- * Perform data exchanging between \p ssl_1 and \p ssl_2 and check if the
- * message was sent in the correct number of fragments.
- *
- * /p ssl_1 and /p ssl_2 Endpoints represented by mbedtls_ssl_context. Both
- * of them must be initialized and connected beforehand.
- * /p msg_len_1 and /p msg_len_2 specify the size of the message to send.
- * /p expected_fragments_1 and /p expected_fragments_2 determine in how many
- * fragments the message should be sent.
- * expected_fragments is 0: can be used for DTLS testing while the message
- * size is larger than MFL. In that case the message
- * cannot be fragmented and sent to the second endpoint.
- * This value can be used for negative tests.
- * expected_fragments is 1: can be used for TLS/DTLS testing while the
- * message size is below MFL
- * expected_fragments > 1: can be used for TLS testing while the message
- * size is larger than MFL
- *
- * \retval 0 on success, otherwise error code.
- */
-int mbedtls_exchange_data(mbedtls_ssl_context *ssl_1,
- int msg_len_1, const int expected_fragments_1,
- mbedtls_ssl_context *ssl_2,
- int msg_len_2, const int expected_fragments_2)
-{
- unsigned char *msg_buf_1 = malloc(msg_len_1);
- unsigned char *msg_buf_2 = malloc(msg_len_2);
- unsigned char *in_buf_1 = malloc(msg_len_2);
- unsigned char *in_buf_2 = malloc(msg_len_1);
- int msg_type, ret = -1;
-
- /* Perform this test with two message types. At first use a message
- * consisting of only 0x00 for the client and only 0xFF for the server.
- * At the second time use message with generated data */
- for (msg_type = 0; msg_type < 2; msg_type++) {
- int written_1 = 0;
- int written_2 = 0;
- int read_1 = 0;
- int read_2 = 0;
- int fragments_1 = 0;
- int fragments_2 = 0;
-
- if (msg_type == 0) {
- memset(msg_buf_1, 0x00, msg_len_1);
- memset(msg_buf_2, 0xff, msg_len_2);
- } else {
- int i, j = 0;
- for (i = 0; i < msg_len_1; i++) {
- msg_buf_1[i] = j++ & 0xFF;
- }
- for (i = 0; i < msg_len_2; i++) {
- msg_buf_2[i] = (j -= 5) & 0xFF;
- }
- }
-
- while (read_1 < msg_len_2 || read_2 < msg_len_1) {
- /* ssl_1 sending */
- if (msg_len_1 > written_1) {
- ret = mbedtls_ssl_write_fragment(ssl_1, msg_buf_1,
- msg_len_1, &written_1,
- expected_fragments_1);
- if (expected_fragments_1 == 0) {
- /* This error is expected when the message is too large and
- * cannot be fragmented */
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- msg_len_1 = 0;
- } else {
- TEST_ASSERT(ret == 0);
- }
- }
-
- /* ssl_2 sending */
- if (msg_len_2 > written_2) {
- ret = mbedtls_ssl_write_fragment(ssl_2, msg_buf_2,
- msg_len_2, &written_2,
- expected_fragments_2);
- if (expected_fragments_2 == 0) {
- /* This error is expected when the message is too large and
- * cannot be fragmented */
- TEST_ASSERT(ret == MBEDTLS_ERR_SSL_BAD_INPUT_DATA);
- msg_len_2 = 0;
- } else {
- TEST_ASSERT(ret == 0);
- }
- }
-
- /* ssl_1 reading */
- if (read_1 < msg_len_2) {
- ret = mbedtls_ssl_read_fragment(ssl_1, in_buf_1,
- msg_len_2, &read_1,
- &fragments_2,
- expected_fragments_2);
- TEST_ASSERT(ret == 0);
- }
-
- /* ssl_2 reading */
- if (read_2 < msg_len_1) {
- ret = mbedtls_ssl_read_fragment(ssl_2, in_buf_2,
- msg_len_1, &read_2,
- &fragments_1,
- expected_fragments_1);
- TEST_ASSERT(ret == 0);
- }
- }
-
- ret = -1;
- TEST_ASSERT(0 == memcmp(msg_buf_1, in_buf_2, msg_len_1));
- TEST_ASSERT(0 == memcmp(msg_buf_2, in_buf_1, msg_len_2));
- TEST_ASSERT(fragments_1 == expected_fragments_1);
- TEST_ASSERT(fragments_2 == expected_fragments_2);
- }
-
- ret = 0;
-
-exit:
- free(msg_buf_1);
- free(in_buf_1);
- free(msg_buf_2);
- free(in_buf_2);
-
- return ret;
-}
-
-/*
- * Perform data exchanging between \p ssl_1 and \p ssl_2. Both of endpoints
- * must be initialized and connected beforehand.
- *
- * \retval 0 on success, otherwise error code.
- */
-int exchange_data(mbedtls_ssl_context *ssl_1,
- mbedtls_ssl_context *ssl_2)
-{
- return mbedtls_exchange_data(ssl_1, 256, 1,
- ssl_2, 256, 1);
-}
-
-#if defined(MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED) && \
- defined(MBEDTLS_CERTS_C) && \
- defined(MBEDTLS_ENTROPY_C) && \
- defined(MBEDTLS_CTR_DRBG_C)
-void perform_handshake(handshake_test_options *options)
-{
- /* forced_ciphersuite needs to last until the end of the handshake */
- int forced_ciphersuite[2];
- enum { BUFFSIZE = 17000 };
- mbedtls_endpoint client, server;
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- const char *psk_identity = "foo";
-#endif
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_timing_delay_context timer_client, timer_server;
-#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- unsigned char *context_buf = NULL;
- size_t context_buf_len;
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- int ret = -1;
-#endif
- int expected_handshake_result = 0;
-
- USE_PSA_INIT();
- mbedtls_platform_zeroize(&client, sizeof(client));
- mbedtls_platform_zeroize(&server, sizeof(server));
-
- mbedtls_test_message_queue server_queue, client_queue;
- mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
-
- /* Client side */
- if (options->dtls != 0) {
- TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- options->pk_alg, &client_context,
- &client_queue,
- &server_queue, NULL) == 0);
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&client.ssl, &timer_client,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
- } else {
- TEST_ASSERT(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- options->pk_alg, NULL, NULL,
- NULL, NULL) == 0);
- }
-
- if (options->client_min_version != TEST_SSL_MINOR_VERSION_NONE) {
- mbedtls_ssl_conf_min_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->client_min_version);
- }
-
- if (options->client_max_version != TEST_SSL_MINOR_VERSION_NONE) {
- mbedtls_ssl_conf_max_version(&client.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->client_max_version);
- }
-
- if (strlen(options->cipher) > 0) {
- set_ciphersuite(&client.conf, options->cipher, forced_ciphersuite);
- }
-
-#if defined(MBEDTLS_DEBUG_C)
- if (options->cli_log_fun) {
- mbedtls_debug_set_threshold(4);
- mbedtls_ssl_conf_dbg(&client.conf, options->cli_log_fun,
- options->cli_log_obj);
- }
-#endif
-
- /* Server side */
- if (options->dtls != 0) {
- TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- options->pk_alg, &server_context,
- &server_queue,
- &client_queue, NULL) == 0);
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
- } else {
- TEST_ASSERT(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- options->pk_alg, NULL, NULL,
- NULL, NULL) == 0);
- }
-
- mbedtls_ssl_conf_authmode(&server.conf, options->srv_auth_mode);
-
- if (options->server_min_version != TEST_SSL_MINOR_VERSION_NONE) {
- mbedtls_ssl_conf_min_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->server_min_version);
- }
-
- if (options->server_max_version != TEST_SSL_MINOR_VERSION_NONE) {
- mbedtls_ssl_conf_max_version(&server.conf, MBEDTLS_SSL_MAJOR_VERSION_3,
- options->server_max_version);
- }
-
-#if defined(MBEDTLS_SSL_MAX_FRAGMENT_LENGTH)
- TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(server.conf),
- (unsigned char) options->mfl) == 0);
- TEST_ASSERT(mbedtls_ssl_conf_max_frag_len(&(client.conf),
- (unsigned char) options->mfl) == 0);
-#else
- TEST_ASSERT(MBEDTLS_SSL_MAX_FRAG_LEN_NONE == options->mfl);
-#endif /* MBEDTLS_SSL_MAX_FRAGMENT_LENGTH */
-
-#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
- if (options->psk_str != NULL && options->psk_str->len > 0) {
- TEST_ASSERT(mbedtls_ssl_conf_psk(&client.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen(psk_identity)) == 0);
-
- TEST_ASSERT(mbedtls_ssl_conf_psk(&server.conf, options->psk_str->x,
- options->psk_str->len,
- (const unsigned char *) psk_identity,
- strlen(psk_identity)) == 0);
-
- mbedtls_ssl_conf_psk_cb(&server.conf, psk_dummy_callback, NULL);
- }
-#endif
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if (options->renegotiate) {
- mbedtls_ssl_conf_renegotiation(&(server.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED);
- mbedtls_ssl_conf_renegotiation(&(client.conf),
- MBEDTLS_SSL_RENEGOTIATION_ENABLED);
-
- mbedtls_ssl_conf_legacy_renegotiation(&(server.conf),
- options->legacy_renegotiation);
- mbedtls_ssl_conf_legacy_renegotiation(&(client.conf),
- options->legacy_renegotiation);
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-#if defined(MBEDTLS_DEBUG_C)
- if (options->srv_log_fun) {
- mbedtls_debug_set_threshold(4);
- mbedtls_ssl_conf_dbg(&server.conf, options->srv_log_fun,
- options->srv_log_obj);
- }
-#endif
-
- TEST_ASSERT(mbedtls_mock_socket_connect(&(client.socket),
- &(server.socket),
- BUFFSIZE) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
-
- if (options->expected_negotiated_version == TEST_SSL_MINOR_VERSION_NONE) {
- expected_handshake_result = MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION;
- }
-
- TEST_ASSERT(mbedtls_move_handshake_to_state(&(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER)
- == expected_handshake_result);
-
- if (expected_handshake_result != 0) {
- /* Connection will have failed by this point, skip to cleanup */
- goto exit;
- }
-
- TEST_ASSERT(client.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
- TEST_ASSERT(server.ssl.state == MBEDTLS_SSL_HANDSHAKE_OVER);
-
- /* Check that we agree on the version... */
- TEST_ASSERT(client.ssl.minor_ver == server.ssl.minor_ver);
-
- /* And check that the version negotiated is the expected one. */
- TEST_EQUAL(client.ssl.minor_ver, options->expected_negotiated_version);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- if (options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_0 &&
- options->expected_negotiated_version != MBEDTLS_SSL_MINOR_VERSION_1) {
- /* A server, when using DTLS, might delay a buffer resize to happen
- * after it receives a message, so we force it. */
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
-
- TEST_ASSERT(client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&client.ssl));
- TEST_ASSERT(client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&client.ssl));
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
- }
-#endif
-
- if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- /* Start data exchanging test */
- TEST_ASSERT(mbedtls_exchange_data(&(client.ssl), options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl), options->srv_msg_len,
- options->expected_srv_fragments)
- == 0);
- }
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if (options->serialize == 1) {
- TEST_ASSERT(options->dtls == 1);
-
- TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), NULL,
- 0, &context_buf_len)
- == MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
-
- context_buf = mbedtls_calloc(1, context_buf_len);
- TEST_ASSERT(context_buf != NULL);
-
- TEST_ASSERT(mbedtls_ssl_context_save(&(server.ssl), context_buf,
- context_buf_len,
- &context_buf_len) == 0);
-
- mbedtls_ssl_free(&(server.ssl));
- mbedtls_ssl_init(&(server.ssl));
-
- TEST_ASSERT(mbedtls_ssl_setup(&(server.ssl), &(server.conf)) == 0);
-
- mbedtls_ssl_set_bio(&(server.ssl), &server_context,
- mbedtls_mock_tcp_send_msg,
- mbedtls_mock_tcp_recv_msg,
- NULL);
-
-#if defined(MBEDTLS_TIMING_C)
- mbedtls_ssl_set_timer_cb(&server.ssl, &timer_server,
- mbedtls_timing_set_delay,
- mbedtls_timing_get_delay);
-#endif
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(server.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(server.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
- TEST_ASSERT(mbedtls_ssl_context_load(&(server.ssl), context_buf,
- context_buf_len) == 0);
-
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* Validate buffer sizes after context deserialization */
- if (options->resize_buffers != 0) {
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
-#endif
- /* Retest writing/reading */
- if (options->cli_msg_len != 0 || options->srv_msg_len != 0) {
- TEST_ASSERT(mbedtls_exchange_data(&(client.ssl),
- options->cli_msg_len,
- options->expected_cli_fragments,
- &(server.ssl),
- options->srv_msg_len,
- options->expected_srv_fragments)
- == 0);
- }
- }
-#endif /* MBEDTLS_SSL_CONTEXT_SERIALIZATION */
-
-#if defined(MBEDTLS_SSL_RENEGOTIATION)
- if (options->renegotiate) {
- /* Start test with renegotiation */
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
- /* After calling this function for the server, it only sends a handshake
- * request. All renegotiation should happen during data exchanging */
- TEST_ASSERT(mbedtls_ssl_renegotiate(&(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_PENDING);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_INITIAL_HANDSHAKE);
-
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
-
- /* After calling mbedtls_ssl_renegotiate for the client all renegotiation
- * should happen inside this function. However in this test, we cannot
- * perform simultaneous communication between client and server so this
- * function will return waiting error on the socket. All rest of
- * renegotiation should happen during data exchanging */
- ret = mbedtls_ssl_renegotiate(&(client.ssl));
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- if (options->resize_buffers != 0) {
- /* Ensure that the buffer sizes are appropriate before resizes */
- TEST_ASSERT(client.ssl.out_buf_len == MBEDTLS_SSL_OUT_BUFFER_LEN);
- TEST_ASSERT(client.ssl.in_buf_len == MBEDTLS_SSL_IN_BUFFER_LEN);
- }
-#endif
- TEST_ASSERT(ret == 0 ||
- ret == MBEDTLS_ERR_SSL_WANT_READ ||
- ret == MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_IN_PROGRESS);
-
- TEST_ASSERT(exchange_data(&(client.ssl), &(server.ssl)) == 0);
- TEST_ASSERT(server.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
- TEST_ASSERT(client.ssl.renego_status ==
- MBEDTLS_SSL_RENEGOTIATION_DONE);
-#if defined(MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH)
- /* Validate buffer sizes after renegotiation */
- if (options->resize_buffers != 0) {
- TEST_ASSERT(client.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&client.ssl));
- TEST_ASSERT(client.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&client.ssl));
- TEST_ASSERT(server.ssl.out_buf_len ==
- mbedtls_ssl_get_output_buflen(&server.ssl));
- TEST_ASSERT(server.ssl.in_buf_len ==
- mbedtls_ssl_get_input_buflen(&server.ssl));
- }
-#endif /* MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH */
- }
-#endif /* MBEDTLS_SSL_RENEGOTIATION */
-
-exit:
- mbedtls_endpoint_free(&client, options->dtls != 0 ? &client_context : NULL);
- mbedtls_endpoint_free(&server, options->dtls != 0 ? &server_context : NULL);
-#if defined(MBEDTLS_DEBUG_C)
- if (options->cli_log_fun || options->srv_log_fun) {
- mbedtls_debug_set_threshold(0);
- }
-#endif
-#if defined(MBEDTLS_SSL_CONTEXT_SERIALIZATION)
- if (context_buf != NULL) {
- mbedtls_free(context_buf);
- }
-#endif
-}
-#endif \
- /* MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED && MBEDTLS_CERTS_C && MBEDTLS_ENTROPY_C && MBEDTLS_CTR_DRBG_C */
+#define SSL_MESSAGE_QUEUE_INIT { NULL, 0, 0, 0 }
/* END_HEADER */
@@ -2018,65 +18,70 @@
void test_callback_buffer_sanity()
{
enum { MSGLEN = 10 };
- mbedtls_test_buffer buf;
+ mbedtls_test_ssl_buffer buf;
unsigned char input[MSGLEN];
unsigned char output[MSGLEN];
+ USE_PSA_INIT();
memset(input, 0, sizeof(input));
/* Make sure calling put and get on NULL buffer results in error. */
- TEST_ASSERT(mbedtls_test_buffer_put(NULL, input, sizeof(input))
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, input, sizeof(input))
== -1);
- TEST_ASSERT(mbedtls_test_buffer_get(NULL, output, sizeof(output))
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, output, sizeof(output))
== -1);
- TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, sizeof(input)) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, sizeof(input))
+ == -1);
- TEST_ASSERT(mbedtls_test_buffer_put(NULL, NULL, 0) == -1);
- TEST_ASSERT(mbedtls_test_buffer_get(NULL, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(NULL, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(NULL, NULL, 0) == -1);
/* Make sure calling put and get on a buffer that hasn't been set up results
* in error. */
- mbedtls_test_buffer_init(&buf);
+ mbedtls_test_ssl_buffer_init(&buf);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input)) == -1);
- TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, sizeof(output))
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
== -1);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, sizeof(output))
+ == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
+ == -1);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == -1);
- TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == -1);
/* Make sure calling put and get on NULL input only results in
* error if the length is not zero, and that a NULL output is valid for data
* dropping.
*/
- TEST_ASSERT(mbedtls_test_buffer_setup(&buf, sizeof(input)) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, sizeof(input)) == 0);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, sizeof(input)) == -1);
- TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, sizeof(output))
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, sizeof(input))
+ == -1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, sizeof(output))
== 0);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, NULL, 0) == 0);
- TEST_ASSERT(mbedtls_test_buffer_get(&buf, NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, NULL, 0) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, NULL, 0) == 0);
/* Make sure calling put several times in the row is safe */
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, sizeof(input))
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, sizeof(input))
== sizeof(input));
- TEST_ASSERT(mbedtls_test_buffer_get(&buf, output, 2) == 2);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 1) == 1);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 1);
- TEST_ASSERT(mbedtls_test_buffer_put(&buf, input, 2) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_get(&buf, output, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_buffer_put(&buf, input, 2) == 0);
exit:
-
- mbedtls_test_buffer_free(&buf);
+ mbedtls_test_ssl_buffer_free(&buf);
+ USE_PSA_DONE();
}
/* END_CASE */
/*
- * Test if the implementation of `mbedtls_test_buffer` related functions is
+ * Test if the implementation of `mbedtls_test_ssl_buffer` related functions is
* correct and works as expected.
*
* That is
@@ -2098,15 +103,16 @@
int put_ret[ROUNDS];
size_t get[ROUNDS];
int get_ret[ROUNDS];
- mbedtls_test_buffer buf;
+ mbedtls_test_ssl_buffer buf;
unsigned char *input = NULL;
size_t input_len;
unsigned char *output = NULL;
size_t output_len;
size_t i, j, written, read;
- mbedtls_test_buffer_init(&buf);
- TEST_ASSERT(mbedtls_test_buffer_setup(&buf, size) == 0);
+ mbedtls_test_ssl_buffer_init(&buf);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_buffer_setup(&buf, size) == 0);
/* Check the sanity of input parameters and initialise local variables. That
* is, ensure that the amount of data is not negative and that we are not
@@ -2141,7 +147,7 @@
if (input_len == 0) {
input_len = 1;
}
- ASSERT_ALLOC(input, input_len);
+ TEST_CALLOC(input, input_len);
output_len = 0;
for (j = 0; j < ROUNDS; j++) {
@@ -2155,7 +161,7 @@
if (output_len == 0) {
output_len = 1;
}
- ASSERT_ALLOC(output, output_len);
+ TEST_CALLOC(output, output_len);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
@@ -2165,11 +171,11 @@
written = read = 0;
for (j = 0; j < ROUNDS; j++) {
- TEST_ASSERT(put_ret[j] == mbedtls_test_buffer_put(&buf,
- input + written, put[j]));
+ TEST_ASSERT(put_ret[j] == mbedtls_test_ssl_buffer_put(&buf,
+ input + written, put[j]));
written += put_ret[j];
- TEST_ASSERT(get_ret[j] == mbedtls_test_buffer_get(&buf,
- output + read, get[j]));
+ TEST_ASSERT(get_ret[j] == mbedtls_test_ssl_buffer_get(&buf,
+ output + read, get[j]));
read += get_ret[j];
TEST_ASSERT(read <= written);
if (get_ret[j] > 0) {
@@ -2180,16 +186,16 @@
}
exit:
-
mbedtls_free(input);
mbedtls_free(output);
- mbedtls_test_buffer_free(&buf);
+ mbedtls_test_ssl_buffer_free(&buf);
+ USE_PSA_DONE();
}
/* END_CASE */
/*
- * Test if the implementation of `mbedtls_mock_socket` related I/O functions is
- * correct and works as expected on unconnected sockets.
+ * Test if the implementation of `mbedtls_test_mock_socket` related
+ * I/O functions is correct and works as expected on unconnected sockets.
*/
/* BEGIN_CASE */
@@ -2198,31 +204,32 @@
enum { MSGLEN = 105 };
unsigned char message[MSGLEN] = { 0 };
unsigned char received[MSGLEN] = { 0 };
- mbedtls_mock_socket socket;
+ mbedtls_test_mock_socket socket;
- mbedtls_mock_socket_init(&socket);
- TEST_ASSERT(mbedtls_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
- mbedtls_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
- TEST_ASSERT(mbedtls_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
- mbedtls_mock_socket_close(&socket);
+ mbedtls_test_mock_socket_init(&socket);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_b(&socket, message, MSGLEN) < 0);
+ mbedtls_test_mock_socket_close(&socket);
+ mbedtls_test_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_b(&socket, received, MSGLEN) < 0);
+ mbedtls_test_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
- TEST_ASSERT(mbedtls_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
- mbedtls_mock_socket_close(&socket);
- mbedtls_mock_socket_init(&socket);
- TEST_ASSERT(mbedtls_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
- mbedtls_mock_socket_close(&socket);
+ mbedtls_test_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_nb(&socket, message, MSGLEN) < 0);
+ mbedtls_test_mock_socket_close(&socket);
+ mbedtls_test_mock_socket_init(&socket);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_nb(&socket, received, MSGLEN) < 0);
+ mbedtls_test_mock_socket_close(&socket);
exit:
-
- mbedtls_mock_socket_close(&socket);
+ mbedtls_test_mock_socket_close(&socket);
+ USE_PSA_DONE();
}
/* END_CASE */
/*
- * Test if the implementation of `mbedtls_mock_socket` related functions can
- * send a single message from the client to the server.
+ * Test if the implementation of `mbedtls_test_mock_socket` related functions
+ * can send a single message from the client to the server.
*/
/* BEGIN_CASE */
@@ -2232,8 +239,8 @@
enum { BUFLEN = MSGLEN / 5 };
unsigned char message[MSGLEN];
unsigned char received[MSGLEN];
- mbedtls_mock_socket client;
- mbedtls_mock_socket server;
+ mbedtls_test_mock_socket client;
+ mbedtls_test_mock_socket server;
size_t written, read;
int send_ret, recv_ret;
mbedtls_ssl_send_t *send;
@@ -2241,15 +248,16 @@
unsigned i;
if (blocking == 0) {
- send = mbedtls_mock_tcp_send_nb;
- recv = mbedtls_mock_tcp_recv_nb;
+ send = mbedtls_test_mock_tcp_send_nb;
+ recv = mbedtls_test_mock_tcp_recv_nb;
} else {
- send = mbedtls_mock_tcp_send_b;
- recv = mbedtls_mock_tcp_recv_b;
+ send = mbedtls_test_mock_tcp_send_b;
+ recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
+ USE_PSA_INIT();
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
@@ -2258,7 +266,7 @@
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server, BUFLEN));
/* Send the message to the server */
send_ret = recv_ret = 1;
@@ -2307,15 +315,15 @@
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
-
- mbedtls_mock_socket_close(&client);
- mbedtls_mock_socket_close(&server);
+ mbedtls_test_mock_socket_close(&client);
+ mbedtls_test_mock_socket_close(&server);
+ USE_PSA_DONE();
}
/* END_CASE */
/*
- * Test if the implementation of `mbedtls_mock_socket` related functions can
- * send messages in both direction at the same time (with the I/O calls
+ * Test if the implementation of `mbedtls_test_mock_socket` related functions
+ * can send messages in both direction at the same time (with the I/O calls
* interleaving).
*/
@@ -2327,8 +335,8 @@
enum { BUFLEN = MSGLEN / 5 };
unsigned char message[ROUNDS][MSGLEN];
unsigned char received[ROUNDS][MSGLEN];
- mbedtls_mock_socket client;
- mbedtls_mock_socket server;
+ mbedtls_test_mock_socket client;
+ mbedtls_test_mock_socket server;
size_t written[ROUNDS];
size_t read[ROUNDS];
int send_ret[ROUNDS];
@@ -2338,15 +346,16 @@
mbedtls_ssl_recv_t *recv;
if (blocking == 0) {
- send = mbedtls_mock_tcp_send_nb;
- recv = mbedtls_mock_tcp_recv_nb;
+ send = mbedtls_test_mock_tcp_send_nb;
+ recv = mbedtls_test_mock_tcp_recv_nb;
} else {
- send = mbedtls_mock_tcp_send_b;
- recv = mbedtls_mock_tcp_recv_b;
+ send = mbedtls_test_mock_tcp_send_b;
+ recv = mbedtls_test_mock_tcp_recv_b;
}
- mbedtls_mock_socket_init(&client);
- mbedtls_mock_socket_init(&server);
+ mbedtls_test_mock_socket_init(&client);
+ mbedtls_test_mock_socket_init(&server);
+ USE_PSA_INIT();
/* Fill up the buffers with structured data so that unwanted changes
* can be detected */
@@ -2357,7 +366,8 @@
}
/* Make sure that sending a message takes a few iterations. */
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server, BUFLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ BUFLEN));
/* Send the message from both sides, interleaving. */
progress = 1;
@@ -2368,7 +378,7 @@
/* This loop does not stop as long as there was a successful write or read
* of at least one byte on either side. */
while (progress != 0) {
- mbedtls_mock_socket *socket;
+ mbedtls_test_mock_socket *socket;
for (i = 0; i < ROUNDS; i++) {
/* First sending is from the client */
@@ -2434,135 +444,145 @@
}
exit:
-
- mbedtls_mock_socket_close(&client);
- mbedtls_mock_socket_close(&server);
+ mbedtls_test_mock_socket_close(&client);
+ mbedtls_test_mock_socket_close(&server);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_sanity()
{
- mbedtls_test_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
+ USE_PSA_INIT();
/* Trying to push/pull to an empty queue */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(NULL, 1)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(NULL, 1)
== MBEDTLS_TEST_ERROR_ARG_NULL);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(NULL, 1)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(NULL, 1)
== MBEDTLS_TEST_ERROR_ARG_NULL);
- TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
TEST_ASSERT(queue.capacity == 3);
TEST_ASSERT(queue.num == 0);
exit:
- mbedtls_test_message_queue_free(&queue);
+ mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_basic()
{
- mbedtls_test_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
- TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* Sanity test - 3 pushes and 3 pops with sufficient space */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
TEST_ASSERT(queue.capacity == 3);
TEST_ASSERT(queue.num == 1);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
TEST_ASSERT(queue.capacity == 3);
TEST_ASSERT(queue.num == 2);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
TEST_ASSERT(queue.capacity == 3);
TEST_ASSERT(queue.num == 3);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
exit:
- mbedtls_test_message_queue_free(&queue);
+ mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_overflow_underflow()
{
- mbedtls_test_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
- TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* 4 pushes (last one with an error), 4 pops (last one with an error) */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3)
== MBEDTLS_ERR_SSL_WANT_WRITE);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1)
== MBEDTLS_ERR_SSL_WANT_READ);
exit:
- mbedtls_test_message_queue_free(&queue);
+ mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_interleaved()
{
- mbedtls_test_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
- TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 3) == 0);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 3) == 0);
/* Interleaved test - [2 pushes, 1 pop] twice, and then two pops
* (to wrap around the buffer) */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 3) == 3);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 3) == 3);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 1) == 1);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 2) == 2);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 1) == 1);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 2) == 2);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 5) == 5);
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, 8) == 8);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 5) == 5);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, 8) == 8);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 3) == 3);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 3) == 3);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 5) == 5);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 5) == 5);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, 8) == 8);
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, 8) == 8);
exit:
- mbedtls_test_message_queue_free(&queue);
+ mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE */
void ssl_message_queue_insufficient_buffer()
{
- mbedtls_test_message_queue queue;
+ mbedtls_test_ssl_message_queue queue = SSL_MESSAGE_QUEUE_INIT;
size_t message_len = 10;
size_t buffer_len = 5;
- TEST_ASSERT(mbedtls_test_message_queue_setup(&queue, 1) == 0);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_setup(&queue, 1) == 0);
/* Popping without a sufficient buffer */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&queue, message_len)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&queue, message_len)
== (int) message_len);
- TEST_ASSERT(mbedtls_test_message_queue_pop_info(&queue, buffer_len)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_pop_info(&queue, buffer_len)
== (int) buffer_len);
exit:
- mbedtls_test_message_queue_free(&queue);
+ mbedtls_test_ssl_message_queue_free(&queue);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2571,44 +591,52 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN] = { 0 }, received[MSGLEN];
- mbedtls_mock_socket client, server;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_mock_socket client, server;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
/* Send with a NULL context */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(NULL, message, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(NULL, message, MSGLEN)
== MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(NULL, message, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(NULL, message, MSGLEN)
== MBEDTLS_TEST_ERROR_CONTEXT_ERROR);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
- &server,
- &server_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context) == 0);
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context) == 0);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
== MBEDTLS_TEST_ERROR_SEND_FAILED);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_READ);
/* Push directly to a queue to later simulate a disconnected behavior */
- TEST_ASSERT(mbedtls_test_message_queue_push_info(&server_queue, MSGLEN)
+ TEST_ASSERT(mbedtls_test_ssl_message_queue_push_info(&server_queue,
+ MSGLEN)
== MSGLEN);
/* Test if there's an error when trying to read from a disconnected
* socket */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_TEST_ERROR_RECV_FAILED);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2617,52 +645,60 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send the message to the server */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MSGLEN);
/* Read from the server */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
memset(received, 0, MSGLEN);
/* Send the message to the client */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
/* Read from the client */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN)
== MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2671,55 +707,65 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN*2));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*2));
/* Send three message to the server, last one with an error */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN - 1) == MSGLEN - 1);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN - 1)
+ == MSGLEN - 1);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_WRITE);
/* Read three messages from the server, last one with an error */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
- MSGLEN - 1) == MSGLEN - 1);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN - 1)
+ == MSGLEN - 1);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_READ);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2728,46 +774,53 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
/* Send two message to the server, second one with an error */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
== MBEDTLS_TEST_ERROR_SEND_FAILED);
/* Read the only message from the server */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2776,20 +829,24 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 2,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 2,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 2,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 2,
+ &client,
+ &client_context) == 0);
memset(received, 0, MSGLEN);
/* Fill up the buffer with structured data so that unwanted changes
@@ -2797,17 +854,20 @@
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- 2 * MSGLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ 2 * MSGLEN));
/* Send two messages to the server, the second one small enough to fit in the
* receiver's buffer. */
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN / 2) == MSGLEN / 2);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN / 2)
+ == MSGLEN / 2);
/* Read a truncated message from the server */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN/2)
== MSGLEN/2);
/* Test that the first half of the message is valid, and second one isn't */
@@ -2817,15 +877,17 @@
memset(received, 0, MSGLEN);
/* Read a full message from the server */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN/2)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN/2)
== MSGLEN / 2);
/* Test that the first half of the message is valid */
TEST_ASSERT(memcmp(message, received, MSGLEN/2) == 0);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2834,35 +896,41 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 1,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 1,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 1,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 1,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN));
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN)
+ == MSGLEN);
/* Force a read error by disconnecting the socket by hand */
server.status = 0;
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_TEST_ERROR_RECV_FAILED);
/* Return to a valid state */
server.status = MBEDTLS_MOCK_SOCKET_CONNECTED;
@@ -2871,14 +939,16 @@
/* Test that even though the server tried to read once disconnected, the
* continuity is preserved */
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2887,55 +957,61 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 3,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 3,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN*3));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, and then two reads
* (to wrap around the buffer) */
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
memset(received, 0, sizeof(received));
}
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
}
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_READ);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -2944,53 +1020,57 @@
{
enum { MSGLEN = 10 };
unsigned char message[MSGLEN], received[MSGLEN];
- mbedtls_mock_socket client, server;
+ mbedtls_test_mock_socket client, server;
unsigned i;
- mbedtls_test_message_queue server_queue, client_queue;
+ mbedtls_test_ssl_message_queue server_queue, client_queue;
mbedtls_test_message_socket_context server_context, client_context;
- mbedtls_message_socket_init(&server_context);
- mbedtls_message_socket_init(&client_context);
- TEST_ASSERT(mbedtls_message_socket_setup(&server_queue, &client_queue, 3,
- &server,
- &server_context) == 0);
+ mbedtls_test_message_socket_init(&server_context);
+ mbedtls_test_message_socket_init(&client_context);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_message_socket_setup(&client_queue, &server_queue, 3,
- &client,
- &client_context) == 0);
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&server_queue,
+ &client_queue, 3,
+ &server,
+ &server_context) == 0);
+
+ TEST_ASSERT(mbedtls_test_message_socket_setup(&client_queue,
+ &server_queue, 3,
+ &client,
+ &client_context) == 0);
/* Fill up the buffer with structured data so that unwanted changes
* can be detected */
for (i = 0; i < MSGLEN; i++) {
message[i] = i & 0xFF;
}
- TEST_ASSERT(0 == mbedtls_mock_socket_connect(&client, &server,
- MSGLEN*3));
+ TEST_ASSERT(0 == mbedtls_test_mock_socket_connect(&client, &server,
+ MSGLEN*3));
/* Interleaved test - [2 sends, 1 read] twice, both ways, and then two reads
* (to wrap around the buffer) both ways. */
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&client_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&client_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_send_msg(&server_context, message,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_send_msg(&server_context, message,
+ MSGLEN) == MSGLEN);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
memset(received, 0, sizeof(received));
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
@@ -2998,27 +1078,30 @@
}
for (i = 0; i < 2; i++) {
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
memset(received, 0, sizeof(received));
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received,
- MSGLEN) == MSGLEN);
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN) == MSGLEN);
TEST_ASSERT(memcmp(message, received, MSGLEN) == 0);
memset(received, 0, sizeof(received));
}
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&server_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&server_context, received,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_READ);
- TEST_ASSERT(mbedtls_mock_tcp_recv_msg(&client_context, received, MSGLEN)
+ TEST_ASSERT(mbedtls_test_mock_tcp_recv_msg(&client_context, received,
+ MSGLEN)
== MBEDTLS_ERR_SSL_WANT_READ);
exit:
- mbedtls_message_socket_close(&server_context);
- mbedtls_message_socket_close(&client_context);
+ mbedtls_test_message_socket_close(&server_context);
+ mbedtls_test_message_socket_close(&client_context);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3031,6 +1114,7 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_config_init(&conf);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_config_defaults(&conf,
MBEDTLS_SSL_IS_CLIENT,
@@ -3048,8 +1132,10 @@
memcpy(ssl.in_ctr + 2, new->x, 6);
TEST_ASSERT(mbedtls_ssl_dtls_replay_check(&ssl) == ret);
+exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3057,12 +1143,16 @@
void ssl_set_hostname_twice(char *hostname0, char *hostname1)
{
mbedtls_ssl_context ssl;
+
mbedtls_ssl_init(&ssl);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname0) == 0);
TEST_ASSERT(mbedtls_ssl_set_hostname(&ssl, hostname1) == 0);
+exit:
mbedtls_ssl_free(&ssl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3087,12 +1177,14 @@
mbedtls_record rec, rec_backup;
mbedtls_ssl_init(&ssl);
+ USE_PSA_INIT();
+
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
- TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
- etm, tag_mode, ver,
- (size_t) cid0_len,
- (size_t) cid1_len) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len) == 0);
TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
@@ -3187,8 +1279,8 @@
mbedtls_ssl_free(&ssl);
mbedtls_ssl_transform_free(&t0);
mbedtls_ssl_transform_free(&t1);
-
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3238,10 +1330,11 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
- TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
- etm, tag_mode, ver,
- (size_t) cid0_len,
- (size_t) cid1_len) == 0);
+ USE_PSA_INIT();
+ TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
+ etm, tag_mode, ver,
+ (size_t) cid0_len,
+ (size_t) cid1_len) == 0);
TEST_ASSERT((buf = mbedtls_calloc(1, buflen)) != NULL);
@@ -3347,8 +1440,8 @@
mbedtls_ssl_free(&ssl);
mbedtls_ssl_transform_free(&t0);
mbedtls_ssl_transform_free(&t1);
-
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3388,12 +1481,13 @@
mbedtls_ssl_init(&ssl);
mbedtls_ssl_transform_init(&t0);
mbedtls_ssl_transform_init(&t1);
+ USE_PSA_INIT();
/* Set up transforms with dummy keys */
- TEST_ASSERT(build_transforms(&t0, &t1, cipher_type, hash_id,
- 0, trunc_hmac,
- MBEDTLS_SSL_MINOR_VERSION_3,
- 0, 0) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_build_transforms(&t0, &t1, cipher_type, hash_id,
+ 0, trunc_hmac,
+ MBEDTLS_SSL_MINOR_VERSION_3,
+ 0, 0) == 0);
/* Determine padding/plaintext length */
TEST_ASSERT(length_selector >= -2 && length_selector <= 255);
@@ -3422,8 +1516,8 @@
+ plaintext_len
+ t0.maclen
+ padlen + 1;
- ASSERT_ALLOC(buf, buflen);
- ASSERT_ALLOC(buf_save, buflen);
+ TEST_CALLOC(buf, buflen);
+ TEST_CALLOC(buf_save, buflen);
/* Prepare a dummy record header */
memset(rec.ctr, 0, sizeof(rec.ctr));
@@ -3558,6 +1652,7 @@
mbedtls_ssl_transform_free(&t1);
mbedtls_free(buf);
mbedtls_free(buf_save);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3594,8 +1689,8 @@
ctx->x, ctx->len,
dst, desired_length) == 0);
- ASSERT_COMPARE(dst, (size_t) desired_length,
- expected->x, (size_t) expected->len);
+ TEST_MEMORY_COMPARE(dst, (size_t) desired_length,
+ expected->x, (size_t) expected->len);
}
/* END_CASE */
@@ -3614,10 +1709,12 @@
/* Check sanity of test parameters. */
TEST_ASSERT(client_secret->len == server_secret->len);
- TEST_ASSERT(expected_client_write_iv->len == expected_server_write_iv->len &&
- expected_client_write_iv->len == (size_t) desired_iv_len);
- TEST_ASSERT(expected_client_write_key->len == expected_server_write_key->len &&
- expected_client_write_key->len == (size_t) desired_key_len);
+ TEST_ASSERT(
+ expected_client_write_iv->len == expected_server_write_iv->len &&
+ expected_client_write_iv->len == (size_t) desired_iv_len);
+ TEST_ASSERT(
+ expected_client_write_key->len == expected_server_write_key->len &&
+ expected_client_write_key->len == (size_t) desired_key_len);
TEST_ASSERT(mbedtls_ssl_tls1_3_make_traffic_keys(
(mbedtls_md_type_t) hash_alg,
@@ -3627,22 +1724,22 @@
desired_key_len, desired_iv_len,
&keys) == 0);
- ASSERT_COMPARE(keys.client_write_key,
- keys.key_len,
- expected_client_write_key->x,
- (size_t) desired_key_len);
- ASSERT_COMPARE(keys.server_write_key,
- keys.key_len,
- expected_server_write_key->x,
- (size_t) desired_key_len);
- ASSERT_COMPARE(keys.client_write_iv,
- keys.iv_len,
- expected_client_write_iv->x,
- (size_t) desired_iv_len);
- ASSERT_COMPARE(keys.server_write_iv,
- keys.iv_len,
- expected_server_write_iv->x,
- (size_t) desired_iv_len);
+ TEST_MEMORY_COMPARE(keys.client_write_key,
+ keys.key_len,
+ expected_client_write_key->x,
+ (size_t) desired_key_len);
+ TEST_MEMORY_COMPARE(keys.server_write_key,
+ keys.key_len,
+ expected_server_write_key->x,
+ (size_t) desired_key_len);
+ TEST_MEMORY_COMPARE(keys.client_write_iv,
+ keys.iv_len,
+ expected_client_write_iv->x,
+ (size_t) desired_iv_len);
+ TEST_MEMORY_COMPARE(keys.server_write_iv,
+ keys.iv_len,
+ expected_server_write_iv->x,
+ (size_t) desired_iv_len);
}
/* END_CASE */
@@ -3681,8 +1778,8 @@
already_hashed,
dst, desired_length) == 0);
- ASSERT_COMPARE(dst, desired_length,
- expected->x, desired_length);
+ TEST_MEMORY_COMPARE(dst, desired_length,
+ expected->x, desired_length);
}
/* END_CASE */
@@ -3700,8 +1797,8 @@
input->len ? input->x : NULL, input->len,
secret_new) == 0);
- ASSERT_COMPARE(secret_new, (size_t) expected->len,
- expected->x, (size_t) expected->len);
+ TEST_MEMORY_COMPARE(secret_new, (size_t) expected->len,
+ expected->x, (size_t) expected->len);
}
/* END_CASE */
@@ -3743,12 +1840,13 @@
/*
* Test that a save-load pair is the identity
*/
-
mbedtls_ssl_session_init(&original);
mbedtls_ssl_session_init(&restored);
+ USE_PSA_INIT();
/* Prepare a dummy session to work on */
- TEST_ASSERT(ssl_populate_session(&original, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_populate_session(
+ &original, ticket_len, crt_file) == 0);
/* Serialize it */
TEST_ASSERT(mbedtls_ssl_session_save(&original, NULL, 0, &len)
@@ -3829,6 +1927,7 @@
mbedtls_ssl_session_free(&original);
mbedtls_ssl_session_free(&restored);
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3842,11 +1941,12 @@
/*
* Test that a load-save pair is the identity
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare a dummy session to work on */
- TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_populate_session(
+ &session, ticket_len, crt_file) == 0);
/* Get desired buffer size for serializing */
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &len0)
@@ -3879,6 +1979,7 @@
mbedtls_ssl_session_free(&session);
mbedtls_free(buf1);
mbedtls_free(buf2);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3892,11 +1993,12 @@
/*
* Test that session_save() fails cleanly on small buffers
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare dummy session and get serialized size */
- TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_populate_session(
+ &session, ticket_len, crt_file) == 0);
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
@@ -3914,6 +2016,7 @@
exit:
mbedtls_ssl_session_free(&session);
mbedtls_free(buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3927,11 +2030,12 @@
/*
* Test that session_load() fails cleanly on small buffers
*/
-
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Prepare serialized session data */
- TEST_ASSERT(ssl_populate_session(&session, ticket_len, crt_file) == 0);
+ TEST_ASSERT(mbedtls_test_ssl_populate_session(
+ &session, ticket_len, crt_file) == 0);
TEST_ASSERT(mbedtls_ssl_session_save(&session, NULL, 0, &good_len)
== MBEDTLS_ERR_SSL_BUFFER_TOO_SMALL);
TEST_ASSERT((good_buf = mbedtls_calloc(1, good_len)) != NULL);
@@ -3955,6 +2059,7 @@
mbedtls_ssl_session_free(&session);
mbedtls_free(good_buf);
mbedtls_free(bad_buf);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -3975,6 +2080,7 @@
corrupt_config == 1 };
mbedtls_ssl_session_init(&session);
+ USE_PSA_INIT();
/* Infer length of serialized session. */
TEST_ASSERT(mbedtls_ssl_session_save(&session,
@@ -4016,61 +2122,67 @@
*byte ^= corrupted_bit;
}
}
-
+ USE_PSA_DONE();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void mbedtls_endpoint_sanity(int endpoint_type)
{
enum { BUFFSIZE = 1024 };
- mbedtls_endpoint ep;
+ mbedtls_test_ssl_endpoint ep;
int ret = -1;
- ret = mbedtls_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL);
+ USE_PSA_INIT();
+ ret = mbedtls_test_ssl_endpoint_init(NULL, endpoint_type, MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
- ret = mbedtls_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA);
+ ret = mbedtls_test_ssl_endpoint_certificate_init(NULL, MBEDTLS_PK_RSA);
TEST_ASSERT(MBEDTLS_ERR_SSL_BAD_INPUT_DATA == ret);
- ret = mbedtls_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL);
+ ret = mbedtls_test_ssl_endpoint_init(&ep, endpoint_type, MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
TEST_ASSERT(ret == 0);
exit:
- mbedtls_endpoint_free(&ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&ep, NULL);
+ USE_PSA_DONE();
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_SHA256_C */
void move_handshake_to_state(int endpoint_type, int state, int need_pass)
{
enum { BUFFSIZE = 1024 };
- mbedtls_endpoint base_ep, second_ep;
+ mbedtls_test_ssl_endpoint base_ep, second_ep;
int ret = -1;
mbedtls_platform_zeroize(&base_ep, sizeof(base_ep));
mbedtls_platform_zeroize(&second_ep, sizeof(second_ep));
- ret = mbedtls_endpoint_init(&base_ep, endpoint_type, MBEDTLS_PK_RSA,
- NULL, NULL, NULL, NULL);
+ ret = mbedtls_test_ssl_endpoint_init(&base_ep, endpoint_type,
+ MBEDTLS_PK_RSA,
+ NULL, NULL, NULL, NULL);
TEST_ASSERT(ret == 0);
- ret = mbedtls_endpoint_init(&second_ep,
- (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
- MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL);
+ ret = mbedtls_test_ssl_endpoint_init(
+ &second_ep,
+ (endpoint_type == MBEDTLS_SSL_IS_SERVER) ?
+ MBEDTLS_SSL_IS_CLIENT : MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_PK_RSA, NULL, NULL, NULL, NULL);
TEST_ASSERT(ret == 0);
- ret = mbedtls_mock_socket_connect(&(base_ep.socket),
- &(second_ep.socket),
- BUFFSIZE);
+ USE_PSA_INIT();
+
+ ret = mbedtls_test_mock_socket_connect(&(base_ep.socket),
+ &(second_ep.socket),
+ BUFFSIZE);
TEST_ASSERT(ret == 0);
- ret = mbedtls_move_handshake_to_state(&(base_ep.ssl),
- &(second_ep.ssl),
- state);
+ ret = mbedtls_test_move_handshake_to_state(&(base_ep.ssl),
+ &(second_ep.ssl),
+ state);
if (need_pass) {
TEST_ASSERT(ret == 0);
TEST_ASSERT(base_ep.ssl.state == state);
@@ -4080,8 +2192,9 @@
}
exit:
- mbedtls_endpoint_free(&base_ep, NULL);
- mbedtls_endpoint_free(&second_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&base_ep, NULL);
+ mbedtls_test_ssl_endpoint_free(&second_ep, NULL);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -4090,8 +2203,8 @@
int server_min_version, int server_max_version,
int expected_negotiated_version)
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.client_min_version = client_min_version;
options.client_max_version = client_max_version;
@@ -4108,7 +2221,7 @@
options.expected_cli_fragments = 2;
options.expected_srv_fragments = 2;
}
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4118,15 +2231,15 @@
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C */
void handshake_psk_cipher(char *cipher, int pk_alg, data_t *psk_str, int dtls)
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.cipher = cipher;
options.dtls = dtls;
options.psk_str = psk_str;
options.pk_alg = pk_alg;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
@@ -4148,8 +2261,8 @@
int expected_cli_fragments,
int expected_srv_fragments, int dtls)
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.mfl = mfl;
options.cli_msg_len = cli_msg_len;
@@ -4158,7 +2271,7 @@
options.expected_srv_fragments = expected_srv_fragments;
options.dtls = dtls;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -4191,12 +2304,12 @@
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_SSL_CONTEXT_SERIALIZATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void handshake_serialization()
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.serialize = 1;
options.dtls = 1;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -4207,14 +2320,14 @@
int expected_srv_hs_fragmentation,
int expected_cli_hs_fragmentation)
{
- handshake_test_options options;
- log_pattern srv_pattern, cli_pattern;
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_ssl_log_pattern srv_pattern, cli_pattern;
srv_pattern.pattern = cli_pattern.pattern = "found fragmented DTLS handshake";
srv_pattern.counter = 0;
cli_pattern.counter = 0;
- init_handshake_options(&options);
+ mbedtls_test_init_handshake_options(&options);
options.dtls = 1;
options.mfl = mfl;
/* Set cipher to one using CBC so that record splitting can be tested */
@@ -4222,10 +2335,10 @@
options.srv_auth_mode = MBEDTLS_SSL_VERIFY_REQUIRED;
options.srv_log_obj = &srv_pattern;
options.cli_log_obj = &cli_pattern;
- options.srv_log_fun = log_analyzer;
- options.cli_log_fun = log_analyzer;
+ options.srv_log_fun = mbedtls_test_ssl_log_analyzer;
+ options.cli_log_fun = mbedtls_test_ssl_log_analyzer;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* Test if the server received a fragmented handshake */
if (expected_srv_hs_fragmentation) {
@@ -4241,14 +2354,14 @@
/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:!MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SSL_PROTO_DTLS:MBEDTLS_SSL_RENEGOTIATION:MBEDTLS_ENTROPY_C:MBEDTLS_CTR_DRBG_C:MBEDTLS_SHA256_C:MBEDTLS_CAN_HANDLE_RSA_TEST_KEY */
void renegotiation(int legacy_renegotiation)
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.renegotiate = 1;
options.legacy_renegotiation = legacy_renegotiation;
options.dtls = 1;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -4258,8 +2371,8 @@
void resize_buffers(int mfl, int renegotiation, int legacy_renegotiation,
int serialize, int dtls, char *cipher)
{
- handshake_test_options options;
- init_handshake_options(&options);
+ mbedtls_test_handshake_test_options options;
+ mbedtls_test_init_handshake_options(&options);
options.mfl = mfl;
options.cipher = cipher;
@@ -4269,7 +2382,7 @@
options.dtls = dtls;
options.resize_buffers = 1;
- perform_handshake(&options);
+ mbedtls_test_ssl_perform_handshake(&options);
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -4280,7 +2393,6 @@
{
test_resize_buffers(mfl, 0, MBEDTLS_SSL_LEGACY_NO_RENEGOTIATION, 1, 1,
(char *) "");
-
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
@@ -4291,45 +2403,46 @@
char *cipher)
{
test_resize_buffers(mfl, 1, legacy_renegotiation, 0, 1, cipher);
-
/* The goto below is used to avoid an "unused label" warning.*/
goto exit;
}
/* END_CASE */
-/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
+/* BEGIN_CASE depends_on:MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED:MBEDTLS_CERTS_C:MBEDTLS_USE_PSA_CRYPTO:MBEDTLS_PKCS1_V15:MBEDTLS_SSL_PROTO_TLS1_2:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_ENTROPY_C:!MBEDTLS_TEST_NULL_ENTROPY:!MBEDTLS_PSA_INJECT_ENTROPY:MBEDTLS_RSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_CTR_DRBG_C:MBEDTLS_ECP_C:MBEDTLS_ECDSA_C */
void raw_key_agreement_fail(int bad_server_ecdhe_key)
{
enum { BUFFSIZE = 17000 };
- mbedtls_endpoint client, server;
+ mbedtls_test_ssl_endpoint client, server;
mbedtls_psa_stats_t stats;
size_t free_slots_before = -1;
mbedtls_ecp_group_id curve_list[] = { MBEDTLS_ECP_DP_SECP256R1,
MBEDTLS_ECP_DP_NONE };
- USE_PSA_INIT();
+
mbedtls_platform_zeroize(&client, sizeof(client));
mbedtls_platform_zeroize(&server, sizeof(server));
/* Client side, force SECP256R1 to make one key bitflip fail
* the raw key agreement. Flipping the first byte makes the
* required 0x04 identifier invalid. */
- TEST_EQUAL(mbedtls_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
- MBEDTLS_PK_ECDSA, NULL, NULL,
- NULL, curve_list), 0);
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&client, MBEDTLS_SSL_IS_CLIENT,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, curve_list), 0);
/* Server side */
- TEST_EQUAL(mbedtls_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
- MBEDTLS_PK_ECDSA, NULL, NULL,
- NULL, NULL), 0);
+ TEST_EQUAL(mbedtls_test_ssl_endpoint_init(&server, MBEDTLS_SSL_IS_SERVER,
+ MBEDTLS_PK_ECDSA, NULL, NULL,
+ NULL, NULL), 0);
- TEST_EQUAL(mbedtls_mock_socket_connect(&(client.socket),
- &(server.socket),
- BUFFSIZE), 0);
+ USE_PSA_INIT();
- TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_CLIENT_KEY_EXCHANGE)
+ TEST_EQUAL(mbedtls_test_mock_socket_connect(&(client.socket),
+ &(server.socket),
+ BUFFSIZE), 0);
+
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client.ssl), &(server.ssl),
+ MBEDTLS_SSL_CLIENT_KEY_EXCHANGE)
, 0);
mbedtls_psa_get_stats(&stats);
@@ -4343,9 +2456,8 @@
(client.ssl).handshake->ecdh_psa_peerkey[0] ^= 0x02;
}
- TEST_EQUAL(mbedtls_move_handshake_to_state(&(client.ssl),
- &(server.ssl),
- MBEDTLS_SSL_HANDSHAKE_OVER),
+ TEST_EQUAL(mbedtls_test_move_handshake_to_state(
+ &(client.ssl), &(server.ssl), MBEDTLS_SSL_HANDSHAKE_OVER),
bad_server_ecdhe_key ? MBEDTLS_ERR_SSL_HW_ACCEL_FAILED : 0);
mbedtls_psa_get_stats(&stats);
@@ -4357,8 +2469,8 @@
}
exit:
- mbedtls_endpoint_free(&client, NULL);
- mbedtls_endpoint_free(&server, NULL);
+ mbedtls_test_ssl_endpoint_free(&client, NULL);
+ mbedtls_test_ssl_endpoint_free(&server, NULL);
USE_PSA_DONE();
}
@@ -4372,6 +2484,7 @@
size_t len;
mbedtls_ssl_init(&ssl);
+ USE_PSA_INIT();
mbedtls_ssl_config_init(&conf);
TEST_EQUAL(mbedtls_ssl_config_defaults(&conf, MBEDTLS_SSL_IS_SERVER,
MBEDTLS_SSL_TRANSPORT_DATAGRAM,
@@ -4387,7 +2500,9 @@
&len),
exp_ret);
+exit:
mbedtls_ssl_free(&ssl);
mbedtls_ssl_config_free(&conf);
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_timing.function b/tests/suites/test_suite_timing.function
index 59c1207..269922d 100644
--- a/tests/suites/test_suite_timing.function
+++ b/tests/suites/test_suite_timing.function
@@ -29,8 +29,20 @@
void timing_get_timer()
{
struct mbedtls_timing_hr_time time;
+
+ memset(&time, 0, sizeof(time));
+
(void) mbedtls_timing_get_timer(&time, 1);
+
+ /* Check that a non-zero time was written back */
+ int all_zero = 1;
+ for (size_t i = 0; i < sizeof(time); i++) {
+ all_zero &= ((unsigned char *) &time)[i] == 0;
+ }
+ TEST_ASSERT(!all_zero);
+
(void) mbedtls_timing_get_timer(&time, 0);
+
/* This goto is added to avoid warnings from the generated code. */
goto exit;
}
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 69f8a84..8226a68 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"2.28.2"
+check_compiletime_version:"2.28.4"
Check runtime library version
-check_runtime_version:"2.28.2"
+check_runtime_version:"2.28.4"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index 981f8ab..eeae512 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -20,7 +20,7 @@
mbedtls_snprintf(build_str, 100, "%d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %d.%d.%d", MBEDTLS_VERSION_MAJOR,
MBEDTLS_VERSION_MINOR, MBEDTLS_VERSION_PATCH);
build_int = MBEDTLS_VERSION_MAJOR << 24 |
@@ -56,7 +56,7 @@
(get_int >> 24) & 0xFF,
(get_int >> 16) & 0xFF,
(get_int >> 8) & 0xFF);
- mbedtls_snprintf(build_str_full, 100, "mbed TLS %s", version_str);
+ mbedtls_snprintf(build_str_full, 100, "Mbed TLS %s", version_str);
TEST_ASSERT(strcmp(build_str, version_str) == 0);
TEST_ASSERT(strcmp(build_str_full, get_str_full) == 0);
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 685106b..406a063 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1,378 +1,378 @@
X509 CRT information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server1.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #1 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server1.crt.der":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #2
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server2.crt":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #2 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server2.crt.der":"cert. version \: 3\nserial number \: 02\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information #3
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/test-ca.crt":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information #3 (DER)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/test-ca.crt.der":"cert. version \: 3\nserial number \: 03\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-02-10 14\:44\:00\nexpires on \: 2029-02-10 14\:44\:00\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 CRT information MD2 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD2_C
-x509_cert_info:"data_files/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_md2.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD2\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD2\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information MD4 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD4_C
-x509_cert_info:"data_files/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_md4.crt":"cert. version \: 3\nserial number \: 05\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD4\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_MD5_C
-x509_cert_info:"data_files/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_md5.crt":"cert. version \: 3\nserial number \: 06\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert MD5\nissued on \: 2000-01-01 12\:12\:12\nexpires on \: 2030-01-01 12\:12\:12\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha1.crt":"cert. version \: 3\nserial number \: 07\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha224.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA224\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha256.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA256\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-x509_cert_info:"data_files/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha384.crt":"cert. version \: 3\nserial number \: 0A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA384\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/cert_sha512.crt":"cert. version \: 3\nserial number \: 0B\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Cert SHA512\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9.crt":"cert. version \: 3\nserial number \: 16\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:38\:16\nexpires on \: 2024-01-18 13\:38\:16\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha224.crt":"cert. version \: 3\nserial number \: 17\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:36\nexpires on \: 2024-01-18 13\:57\:36\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha256.crt":"cert. version \: 3\nserial number \: 18\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:45\nexpires on \: 2024-01-18 13\:57\:45\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-x509_cert_info:"data_files/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha384.crt":"cert. version \: 3\nserial number \: 19\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:57\:58\nexpires on \: 2024-01-18 13\:57\:58\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server9-sha512.crt":"cert. version \: 3\nserial number \: 1A\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2014-01-20 13\:58\:12\nexpires on \: 2024-01-18 13\:58\:12\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha1.crt":"cert. version \: 3\nserial number \: 12\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha224.crt":"cert. version \: 3\nserial number \: 13\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5.crt":"cert. version \: 3\nserial number \: 09\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-x509_cert_info:"data_files/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha384.crt":"cert. version \: 3\nserial number \: 14\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-x509_cert_info:"data_files/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server5-sha512.crt":"cert. version \: 3\nserial number \: 15\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 16\:21\:27\nexpires on \: 2023-09-22 16\:21\:27\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC, SHA256 Digest, hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
+x509_cert_info:"data_files/parse_input/server5-othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS othername SAN\nissued on \: 2019-03-24 09\:06\:02\nexpires on \: 2029-03-21 09\:06\:02\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n"
X509 CRT information EC, SHA256 Digest, binary hardware module name SAN
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
+x509_cert_info:"data_files/parse_input/server5-nonprintable_othername.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS non-printable othername SAN\nissued on \: 2022-09-06 15\:56\:47\nexpires on \: 2032-09-03 15\:56\:47\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 3132338081008180333231\n"
X509 CRT information EC, SHA256 Digest, Wisun Fan device
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
+x509_cert_info:"data_files/parse_input/server5-fan.crt":"cert. version \: 3\nserial number \: 4D\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS FAN\nissued on \: 2019-03-25 09\:03\:46\nexpires on \: 2029-03-22 09\:03\:46\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\next key usage \: Wi-SUN Alliance Field Area Network (FAN)\n"
X509 CRT information, NS Cert Type
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
+x509_cert_info:"data_files/parse_input/server1.cert_type.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\ncert. type \: SSL Server\n"
X509 CRT information, Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/server1.key_usage.crt":"cert. version \: 3\nserial number \: 01\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2019-02-10 14\:44\:06\nexpires on \: 2029-02-10 14\:44\:06\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, Key Usage with decipherOnly
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
+x509_cert_info:"data_files/parse_input/keyUsage.decipherOnly.crt":"cert. version \: 3\nserial number \: 9B\:13\:CE\:4C\:A5\:6F\:DE\:52\nissuer name \: C=GB, L=Cambridge, O=Default Company Ltd\nsubject name \: C=GB, L=Cambridge, O=Default Company Ltd\nissued on \: 2015-05-12 10\:36\:55\nexpires on \: 2018-05-11 10\:36\:55\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment, Decipher Only\n"
X509 CRT information, Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/parse_input/cert_example_multi.crt":"cert. version \: 3\nserial number \: 11\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=www.example.com\nissued on \: 2019-07-10 11\:27\:52\nexpires on \: 2029-07-10 11\:27\:52\nsigned using \: RSA with SHA-256\nRSA key size \: 1024 bits\nsubject alt name \:\n dNSName \: example.com\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Multiple different Subject Alt Name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
+x509_cert_info:"data_files/parse_input/multiple_san.crt":"cert. version \: 3\nserial number \: 04\nissuer name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nsubject name \: C=UK, O=Mbed TLS, CN=Mbed TLS multiple othername SAN\nissued on \: 2019-04-22 16\:10\:48\nexpires on \: 2029-04-19 16\:10\:48\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\nsubject alt name \:\n dNSName \: example.com\n otherName \:\n hardware module name \:\n hardware type \: 1.3.6.1.4.1.17.3\n hardware serial number \: 313233343536\n dNSName \: example.net\n dNSName \: *.example.org\n"
X509 CRT information, Subject Alt Name + Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n <unsupported>\n <unsupported>\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
+x509_cert_info:"data_files/parse_input/cert_example_multi_nocn.crt":"cert. version \: 3\nserial number \: F7\:C6\:7F\:F8\:E9\:A9\:63\:F9\nissuer name \: C=NL\nsubject name \: C=NL\nissued on \: 2014-01-22 10\:04\:33\nexpires on \: 2024-01-22 10\:04\:33\nsigned using \: RSA with SHA1\nRSA key size \: 1024 bits\nbasic constraints \: CA=false\nsubject alt name \:\n dNSName \: www.shotokan-braunschweig.de\n dNSName \: www.massimo-abate.eu\n <unsupported>\n <unsupported>\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\n"
X509 CRT information, RSA Certificate Policy any
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-03-21 16\:40\:59\nexpires on \: 2029-03-21 16\:40\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-03-25 09\:02\:45\nexpires on \: 2029-03-25 09\:02\:45\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate Policy any with qualifier
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:14\:31\nexpires on \: 2029-04-28 13\:14\:31\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, ECDSA Certificate Policy any with qualifier
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-any_policy_with_qualifier_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 10\:16\:05\nexpires on \: 2029-04-28 10\:16\:05\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: Any Policy\n"
X509 CRT information, RSA Certificate multiple Policies
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-multi_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 12\:59\:19\nexpires on \: 2029-04-28 12\:59\:19\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, ECDSA Certificate multiple Policies
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
+x509_cert_info:"data_files/parse_input/test-ca-multi_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 12\:59\:51\nexpires on \: 2029-04-28 12\:59\:51\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???, Any Policy\n"
X509 CRT information, RSA Certificate unsupported policy
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nissued on \: 2019-04-28 13\:00\:13\nexpires on \: 2029-04-28 13\:00\:13\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, ECDSA Certificate unsupported policy
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
+x509_cert_info:"data_files/parse_input/test-ca-unsupported_policy_ec.crt":"cert. version \: 3\nserial number \: 00\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nissued on \: 2019-04-28 13\:00\:19\nexpires on \: 2029-04-28 13\:00\:19\nsigned using \: ECDSA with SHA256\nEC key size \: 384 bits\nbasic constraints \: CA=true\ncertificate policies \: ???\n"
X509 CRT information, Key Usage + Extended Key Usage
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
+x509_cert_info:"data_files/parse_input/server1.ext_ku.crt":"cert. version \: 3\nserial number \: 21\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nissued on \: 2014-04-01 14\:44\:43\nexpires on \: 2024-03-29 14\:44\:43\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nkey usage \: Digital Signature, Non Repudiation, Key Encipherment\next key usage \: TLS Web Server Authentication\n"
X509 CRT information RSA signed by EC
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_cert_info:"data_files/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server4.crt":"cert. version \: 3\nserial number \: 08\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-09-24 15\:52\:04\nexpires on \: 2023-09-22 15\:52\:04\nsigned using \: ECDSA with SHA256\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\n"
X509 CRT information EC signed by RSA
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP192R1_ENABLED:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-x509_cert_info:"data_files/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
+x509_cert_info:"data_files/parse_input/server3.crt":"cert. version \: 3\nserial number \: 0D\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nissued on \: 2013-08-09 09\:17\:03\nexpires on \: 2023-08-07 09\:17\:03\nsigned using \: RSA with SHA1\nEC key size \: 192 bits\nbasic constraints \: CA=false\n"
X509 CRT information Bitstring in subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
+x509_cert_info:"data_files/parse_input/bitstring-in-dn.pem":"cert. version \: 3\nserial number \: 02\nissuer name \: CN=Test CA 01, ST=Ecnivorp, C=XX, emailAddress=tca@example.com, O=Test CA Authority\nsubject name \: C=XX, O=tca, ST=Ecnivorp, OU=TCA, CN=Client, emailAddress=client@example.com, serialNumber=7101012255, uniqueIdentifier=?7101012255\nissued on \: 2015-03-11 12\:06\:51\nexpires on \: 2025-03-08 12\:06\:51\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nbasic constraints \: CA=false\nsubject alt name \:\n <unsupported>\next key usage \: TLS Web Client Authentication\n"
X509 CRT information Non-ASCII string in issuer name and subject name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_cert_info:"data_files/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
+x509_cert_info:"data_files/parse_input/non-ascii-string-in-issuer.crt":"cert. version \: 3\nserial number \: 05\:E6\:53\:E7\:1B\:74\:F0\:B5\:D3\:84\:6D\:0C\:6D\:DC\:FA\:3F\:A4\:5A\:2B\:E0\nissuer name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nsubject name \: C=JP, ST=Tokyo, O=?????????????????? Ltd, CN=?????????????????? CA\nissued on \: 2020-05-20 16\:17\:23\nexpires on \: 2020-06-19 16\:17\:23\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\nbasic constraints \: CA=true\n"
X509 certificate v1 with extension
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
-x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"
+x509_cert_info:"data_files/parse_input/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"
X509 SAN parsing otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
+x509_parse_san:"data_files/parse_input/server5-othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\n"
X509 SAN parsing binary otherName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
+x509_parse_san:"data_files/parse_input/server5-nonprintable_othername.crt":"type \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 3132338081008180333231\n"
X509 SAN parsing dNSName
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/parse_input/cert_example_multi.crt":"type \: 2\ndNSName \: example.com\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing Multiple different types
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
+x509_parse_san:"data_files/parse_input/multiple_san.crt":"type \: 2\ndNSName \: example.com\ntype \: 0\notherName \: hardware module name \: hardware type \: 1.3.6.1.4.1.17.3, hardware serial number \: 313233343536\ntype \: 2\ndNSName \: example.net\ntype \: 2\ndNSName \: *.example.org\n"
X509 SAN parsing, no subject alt name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-x509_parse_san:"data_files/server4.crt":""
+x509_parse_san:"data_files/parse_input/server4.crt":""
X509 SAN parsing, unsupported otherName name
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-x509_parse_san:"data_files/server5-unsupported_othername.crt":""
+x509_parse_san:"data_files/parse_input/server5-unsupported_othername.crt":""
X509 CRL information #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_expired.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-20 10\:24\:19\nnext update \: 2011-02-20 11\:24\:19\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information MD2 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD2_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_md2.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2009-07-19 19\:56\:37\nnext update \: 2009-09-17 19\:56\:37\nRevoked certificates\:\nserial number\: 01 revocation date\: 2009-02-09 21\:12\:36\nserial number\: 03 revocation date\: 2009-02-09 21\:12\:36\nsigned using \: RSA with MD2\n"
X509 CRL Information MD4 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_md4.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD4\n"
X509 CRL Information MD5 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_md5.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with MD5\n"
X509 CRL Information SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha1.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA1\n"
X509 CRL Information SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha224.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-224\n"
X509 CRL Information SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha256.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-256\n"
X509 CRL Information SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha384.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-384\n"
X509 CRL Information SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_crl_info:"data_files/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl_sha512.pem":"CRL version \: 1\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2011-02-12 14\:44\:07\nnext update \: 2011-04-13 14\:44\:07\nRevoked certificates\:\nserial number\: 01 revocation date\: 2011-02-12 14\:44\:07\nserial number\: 03 revocation date\: 2011-02-12 14\:44\:07\nsigned using \: RSA with SHA-512\n"
X509 CRL information RSA-PSS, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:46\:35\nnext update \: 2024-01-18 13\:46\:35\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0xEA)\n"
X509 CRL information RSA-PSS, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:06\nnext update \: 2024-01-18 13\:56\:06\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0xE2)\n"
X509 CRL information RSA-PSS, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:16\nnext update \: 2024-01-18 13\:56\:16\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0xDE)\n"
X509 CRL information RSA-PSS, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:28\nnext update \: 2024-01-18 13\:56\:28\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0xCE)\n"
X509 CRL information RSA-PSS, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_crl_info:"data_files/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-rsa-pss-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2014-01-20 13\:56\:38\nnext update \: 2024-01-18 13\:56\:38\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nserial number\: 16 revocation date\: 2014-01-20 13\:43\:05\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0xBE)\n"
X509 CRL Information EC, SHA1 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha1.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA1\n"
X509 CRL Information EC, SHA224 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha224.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA224\n"
X509 CRL Information EC, SHA256 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha256.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA256\n"
X509 CRL Information EC, SHA384 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha384.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA384\n"
X509 CRL Information EC, SHA512 Digest
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_info:"data_files/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
+mbedtls_x509_crl_info:"data_files/parse_input/crl-ec-sha512.pem":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=Polarssl Test EC CA\nthis update \: 2013-09-24 16\:31\:08\nnext update \: 2023-09-22 16\:31\:08\nRevoked certificates\:\nserial number\: 0A revocation date\: 2013-09-24 16\:28\:38\nsigned using \: ECDSA with SHA512\n"
X509 CRL Malformed Input (trailing spaces at end of file)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_SHA512_C:MBEDTLS_ECDSA_C
-mbedtls_x509_crl_parse:"data_files/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-malformed-trailing-spaces.pem":MBEDTLS_ERR_PEM_NO_HEADER_FOOTER_PRESENT
X509 CRL Unsupported critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-idp.pem":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
X509 CRL Unsupported non-critical extension (issuingDistributionPoint)
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
-mbedtls_x509_crl_parse:"data_files/crl-idpnc.pem":0
+mbedtls_x509_crl_parse:"data_files/parse_input/crl-idpnc.pem":0
X509 CSR Information RSA with MD4
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD4_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.md4":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD4\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with MD5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_MD5_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.md5":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with MD5\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-224\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-384\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA512_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-512\nRSA key size \: 2048 bits\n"
X509 CSR Information RSA with SHA-256, containing commas
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C:MBEDTS_X509_INFO
-mbedtls_x509_csr_info:"data_files/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1.req.commas.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 CSR Information EC with SHA1
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA1\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA224
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA224\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA256
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA256\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA384
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-mbedtls_x509_csr_info:"data_files/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA384\nEC key size \: 256 bits\n"
X509 CSR Information EC with SHA512
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server5.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: ECDSA with SHA512\nEC key size \: 256 bits\n"
X509 CSR Information RSA-PSS with SHA1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA1_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha1":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA1, MGF1-SHA1, 0x6A)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA224
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha224":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA224, MGF1-SHA224, 0x62)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA256
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA256_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA256, MGF1-SHA256, 0x5E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA384
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384
-mbedtls_x509_csr_info:"data_files/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha384":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA384, MGF1-SHA384, 0x4E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA-PSS with SHA512
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_X509_RSASSA_PSS_SUPPORT:MBEDTLS_SHA512_C
-mbedtls_x509_csr_info:"data_files/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server9.req.sha512":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=localhost\nsigned using \: RSASSA-PSS (SHA512, MGF1-SHA512, 0x3E)\nRSA key size \: 1024 bits\n"
X509 CSR Information RSA with SHA-256 - Microsoft header
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-mbedtls_x509_csr_info:"data_files/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
+mbedtls_x509_csr_info:"data_files/parse_input/server1-ms.req.sha256":"CSR version \: 1\nsubject name \: C=NL, O=PolarSSL, CN=PolarSSL Server 1\nsigned using \: RSA with SHA-256\nRSA key size \: 2048 bits\n"
X509 Verify Information: empty
x509_verify_info:0:"":""
@@ -413,7 +413,7 @@
X509 Get Distinguished Name #5
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
-mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\, Commas, CN=PolarSSL Server 1"
+mbedtls_x509_dn_gets:"data_files/server1.commas.crt":"subject":"C=NL, O=PolarSSL\\, Commas, CN=PolarSSL Server 1"
X509 Get Modified DN #1
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA1_C
@@ -1896,11 +1896,11 @@
X509 CRT ASN1 (inv extBasicConstraint, pathlen is INT_MAX)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509parse_crt_file:"data_files/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server1_pathlen_int_max.crt":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_INVALID_LENGTH:0
X509 CRT ASN1 (pathlen is INT_MAX-1)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_SHA1_C
-x509parse_crt_file:"data_files/server1_pathlen_int_max-1.crt":0
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server1_pathlen_int_max-1.crt":0:1
X509 CRT ASN1 (TBS, inv extBasicConstraint, pathlen inv length encoding)
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
@@ -2428,15 +2428,29 @@
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
x509parse_crl:"308201b330819c020101300d06092a864886f70d01010b0500303b310b3009060355040613024e4c3111300f060355040a1308506f6c617253534c3119301706035504031310506f6c617253534c2054657374204341170d3138303331343037333134385a170d3238303331343037333134385aa02d302b30290603551d1c010100041f301da01ba0198617687474703a2f2f706b692e6578616d706c652e636f6d2f300d06092a864886f70d01010b05000382010100b3fbe9d586eaf4b8ff60cf8edae06a85135db78f78198498719725b5b403c0b803c2c150f52faae7306d6a7871885dc2e9dc83a164bac7263776474ef642b660040b35a1410ac291ac8f6f18ab85e7fd6e22bd1af1c41ca95cf2448f6e2b42a018493dfc03c6b6aa1b9e3fe7b76af2182fb2121db4166bf0167d6f379c5a58adee5082423434d97be2909f5e7488053f996646db10dd49782626da53ad8eada01813c031b2bacdb0203bc017aac1735951a11d013ee4d1d5f7143ccbebf2371e66a1bec6e1febe69148f50784eef8adbb66664c96196d7e0c0bcdc807f447b54e058f37642a3337995bfbcd332208bd6016936705c82263eabd7affdba92fae3":"CRL version \: 2\nissuer name \: C=NL, O=PolarSSL, CN=PolarSSL Test CA\nthis update \: 2018-03-14 07\:31\:48\nnext update \: 2028-03-14 07\:31\:48\nRevoked certificates\:\nsigned using \: RSA with SHA-256\n":0
-X509 CRT parse path #2 (one cert)
+X509 CRT parse file dir3/Readme
+mbedtls_x509_crt_parse_file:"data_files/dir3/Readme":MBEDTLS_ERR_X509_INVALID_FORMAT:0
+
+X509 CRT parse file dir3/test-ca.crt
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
+mbedtls_x509_crt_parse_file:"data_files/dir3/test-ca.crt":0:1
+
+X509 CRT parse file dir3/test-ca2.crt
+depends_on:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
+mbedtls_x509_crt_parse_file:"data_files/dir3/test-ca2.crt":0:1
+
+# The parse_path tests are known to fail when compiled for a 32-bit architecture
+# and run via qemu-user on Linux on a 64-bit host. This is due to a known
+# bug in Qemu: https://gitlab.com/qemu-project/qemu/-/issues/263
+X509 CRT parse path #1 (one cert)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C
mbedtls_x509_crt_parse_path:"data_files/dir1":0:1
-X509 CRT parse path #3 (two certs)
+X509 CRT parse path #2 (two certs)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
mbedtls_x509_crt_parse_path:"data_files/dir2":0:2
-X509 CRT parse path #4 (two certs, one non-cert)
+X509 CRT parse path #3 (two certs, one non-cert)
depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_SHA256_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP384R1_ENABLED
mbedtls_x509_crt_parse_path:"data_files/dir3":1:2
@@ -2858,23 +2872,31 @@
X509 File parse (no issues)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_int-ca.crt":0
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_int-ca.crt":0:2
X509 File parse (extra space in one certificate)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_pem_space.crt":1
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_pem_space.crt":1:1
X509 File parse (all certificates fail)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_all_space.crt":MBEDTLS_ERR_PEM_INVALID_DATA + MBEDTLS_ERR_BASE64_INVALID_CHARACTER:0
X509 File parse (trailing spaces, OK)
depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/server7_trailing_space.crt":0
+mbedtls_x509_crt_parse_file:"data_files/parse_input/server7_trailing_space.crt":0:2
X509 File parse (Algorithm Params Tag mismatch)
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-x509parse_crt_file:"data_files/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH
+mbedtls_x509_crt_parse_file:"data_files/parse_input/cli-rsa-sha256-badalg.crt.der":MBEDTLS_ERR_X509_SIG_MISMATCH:0
+
+X509 File parse (does not conform to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field is present, mbedTLS generated before bugfix, OK)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509parse_crt_file:"data_files/parse_input/server5-non-compliant.crt":0
+
+X509 File parse (conforms to RFC 5480 / RFC 5758 - AlgorithmIdentifier's parameters field must be absent for ECDSA)
+depends_on:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
+x509parse_crt_file:"data_files/parse_input/server5.crt":0
X509 Get time (UTC no issues)
depends_on:MBEDTLS_X509_USE_C
@@ -2950,7 +2972,7 @@
X509 Get time (UTC invalid character in year)
depends_on:MBEDTLS_X509_USE_C
-x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
+x509_get_time:MBEDTLS_ASN1_UTC_TIME:"0\\1130231212Z":MBEDTLS_ERR_X509_INVALID_DATE:0:0:0:0:0:0
X509 Get time (UTC invalid character in month)
depends_on:MBEDTLS_X509_USE_C
diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index db7c086..6e32792 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -240,7 +240,7 @@
MBEDTLS_X509_SAFE_SNPRINTF;
if (MBEDTLS_OID_CMP(MBEDTLS_OID_ON_HW_MODULE_NAME,
- &san->san.other_name.value.hardware_module_name.oid) != 0) {
+ &san->san.other_name.type_id) == 0) {
ret = mbedtls_snprintf(p, n, " hardware module name :");
MBEDTLS_X509_SAFE_SNPRINTF;
ret = mbedtls_snprintf(p, n, " hardware type : ");
@@ -409,8 +409,9 @@
mbedtls_x509_crt_init(&crt);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (crt.ext_types & MBEDTLS_X509_EXT_SUBJECT_ALT_NAME) {
cur = &crt.subject_alt_names;
@@ -421,17 +422,18 @@
* If san type not supported, ignore.
*/
if (ret == 0) {
- TEST_ASSERT(verify_parse_san(&san, &p, &n) == 0);
+ TEST_EQUAL(verify_parse_san(&san, &p, &n), 0);
}
cur = cur->next;
}
}
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -444,17 +446,19 @@
mbedtls_x509_crt_init(&crt);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
res = mbedtls_x509_crt_info(buf, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -467,17 +471,19 @@
mbedtls_x509_crl_init(&crl);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crl_info(buf, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -489,11 +495,13 @@
mbedtls_x509_crl_init(&crl);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == result);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), result);
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -506,17 +514,19 @@
mbedtls_x509_csr_init(&csr);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_csr_parse_file(&csr, csr_file) == 0);
+ TEST_EQUAL(mbedtls_x509_csr_parse_file(&csr, csr_file), 0);
res = mbedtls_x509_csr_info(buf, 2000, "", &csr);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -526,13 +536,17 @@
char buf[2000];
int res;
+ USE_PSA_INIT();
memset(buf, 0, sizeof(buf));
res = mbedtls_x509_crt_verify_info(buf, sizeof(buf), prefix, flags);
TEST_ASSERT(res >= 0);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -550,19 +564,19 @@
/*
* See comments on ecp_test_vect_restart() for op count precision.
*
- * For reference, with mbed TLS 2.6 and default settings:
+ * For reference, with Mbed TLS 2.6 and default settings:
* - ecdsa_verify() for P-256: ~ 6700
* - ecdsa_verify() for P-384: ~ 18800
* - x509_verify() for server5 -> test-ca2: ~ 18800
* - x509_verify() for server10 -> int-ca3 -> int-ca2: ~ 25500
*/
-
mbedtls_x509_crt_restart_init(&rs_ctx);
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
mbedtls_ecp_set_max_ops(max_ops);
@@ -573,8 +587,8 @@
NULL, NULL, &rs_ctx);
} while (ret == MBEDTLS_ERR_ECP_IN_PROGRESS && ++cnt_restart);
- TEST_ASSERT(ret == result);
- TEST_ASSERT(flags == (uint32_t) flags_result);
+ TEST_EQUAL(ret, result);
+ TEST_EQUAL(flags, (uint32_t) flags_result);
TEST_ASSERT(cnt_restart >= min_restart);
TEST_ASSERT(cnt_restart <= max_restart);
@@ -589,6 +603,7 @@
mbedtls_x509_crt_restart_free(&rs_ctx);
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -641,9 +656,9 @@
TEST_ASSERT("No known verify callback selected" == 0);
}
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
- TEST_ASSERT(mbedtls_x509_crl_parse_file(&crl, crl_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
+ TEST_EQUAL(mbedtls_x509_crl_parse_file(&crl, crl_file), 0);
res = mbedtls_x509_crt_verify_with_profile(&crt,
&ca,
@@ -654,8 +669,8 @@
f_vrfy,
NULL);
- TEST_ASSERT(res == (result));
- TEST_ASSERT(flags == (uint32_t) (flags_result));
+ TEST_EQUAL(res, (result));
+ TEST_EQUAL(flags, (uint32_t) (flags_result));
#if defined(MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK)
/* CRLs aren't supported with CA callbacks, so skip the CA callback
@@ -672,8 +687,8 @@
f_vrfy,
NULL);
- TEST_ASSERT(res == (result));
- TEST_ASSERT(flags == (uint32_t) (flags_result));
+ TEST_EQUAL(res, result);
+ TEST_EQUAL(flags, (uint32_t) (flags_result));
}
#endif /* MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK */
exit:
@@ -695,9 +710,10 @@
mbedtls_x509_crt_init(&crt);
mbedtls_x509_crt_init(&ca);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@@ -707,11 +723,12 @@
&compat_profile, name, &flags,
NULL, NULL);
- TEST_ASSERT(ret == exp_ret);
- TEST_ASSERT(flags == (uint32_t) (-1));
+ TEST_EQUAL(ret, exp_ret);
+ TEST_EQUAL(flags, (uint32_t) (-1));
exit:
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_free(&ca);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -731,8 +748,8 @@
USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&ca, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&ca, ca_file), 0);
if (strcmp(name, "NULL") == 0) {
name = NULL;
@@ -743,8 +760,8 @@
name, &flags,
verify_print, &vrfy_ctx);
- TEST_ASSERT(ret == exp_ret);
- TEST_ASSERT(strcmp(vrfy_ctx.buf, exp_vrfy_out) == 0);
+ TEST_EQUAL(ret, exp_ret);
+ TEST_EQUAL(strcmp(vrfy_ctx.buf, exp_vrfy_out), 0);
exit:
mbedtls_x509_crt_free(&crt);
@@ -762,8 +779,9 @@
mbedtls_x509_crt_init(&crt);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "subject") == 0) {
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
} else if (strcmp(entity, "issuer") == 0) {
@@ -775,10 +793,11 @@
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -794,35 +813,38 @@
mbedtls_x509_crt_init(&crt);
memset(buf, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
crt.subject.next->val.p = (unsigned char *) new_subject_ou;
crt.subject.next->val.len = strlen(new_subject_ou);
res = mbedtls_x509_dn_gets(buf, 2000, &crt.subject);
if (ret != 0) {
- TEST_ASSERT(res == ret);
+ TEST_EQUAL(res, ret);
} else {
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp(buf, result_str) == 0);
+ TEST_EQUAL(strcmp(buf, result_str), 0);
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C */
void mbedtls_x509_get_name(char *rdn_sequence, int exp_ret)
{
- unsigned char *name;
+ unsigned char *name = NULL;
unsigned char *p;
size_t name_len;
mbedtls_x509_name head;
mbedtls_x509_name *allocated, *prev;
int ret;
+ USE_PSA_INIT();
memset(&head, 0, sizeof(head));
name = mbedtls_test_unhexify_alloc(rdn_sequence, &name_len);
@@ -843,6 +865,9 @@
TEST_EQUAL(ret, exp_ret);
mbedtls_free(name);
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -852,19 +877,21 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_from) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_past(&crt.valid_to) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_past(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -874,19 +901,21 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
if (strcmp(entity, "valid_from") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_from) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_from), result);
} else if (strcmp(entity, "valid_to") == 0) {
- TEST_ASSERT(mbedtls_x509_time_is_future(&crt.valid_to) == result);
+ TEST_EQUAL(mbedtls_x509_time_is_future(&crt.valid_to), result);
} else {
TEST_ASSERT("Unknown entity" == 0);
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -896,11 +925,13 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == result);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), result);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -913,63 +944,65 @@
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der(&crt, buf->x, buf->len), result);
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_nocopy(&crt, buf->x, buf->len), result);
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL,
- NULL) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, NULL, NULL),
+ result);
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL,
- NULL) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, NULL, NULL),
+ result);
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -987,35 +1020,37 @@
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
- &oid) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 0, parse_crt_ext_cb,
+ &oid), result);
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
mbedtls_x509_crt_free(&crt);
mbedtls_x509_crt_init(&crt);
memset(output, 0, 2000);
- TEST_ASSERT(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
- &oid) == (result));
+ TEST_EQUAL(mbedtls_x509_crt_parse_der_with_ext_cb(&crt, buf->x, buf->len, 1, parse_crt_ext_cb,
+ &oid), (result));
if ((result) == 0) {
res = mbedtls_x509_crt_info((char *) output, 2000, "", &crt);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1028,20 +1063,21 @@
mbedtls_x509_crl_init(&crl);
memset(output, 0, 2000);
+ USE_PSA_INIT();
-
- TEST_ASSERT(mbedtls_x509_crl_parse(&crl, buf->x, buf->len) == (result));
+ TEST_EQUAL(mbedtls_x509_crl_parse(&crl, buf->x, buf->len), (result));
if ((result) == 0) {
res = mbedtls_x509_crl_info((char *) output, 2000, "", &crl);
TEST_ASSERT(res != -1);
TEST_ASSERT(res != -2);
- TEST_ASSERT(strcmp((char *) output, result_str) == 0);
+ TEST_EQUAL(strcmp((char *) output, result_str), 0);
}
exit:
mbedtls_x509_crl_free(&crl);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1054,18 +1090,46 @@
mbedtls_x509_csr_init(&csr);
memset(my_out, 0, sizeof(my_out));
+ USE_PSA_INIT();
my_ret = mbedtls_x509_csr_parse_der(&csr, csr_der->x, csr_der->len);
- TEST_ASSERT(my_ret == ref_ret);
+ TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
size_t my_out_len = mbedtls_x509_csr_info(my_out, sizeof(my_out), "", &csr);
- TEST_ASSERT(my_out_len == strlen(ref_out));
- TEST_ASSERT(strcmp(my_out, ref_out) == 0);
+ TEST_EQUAL(my_out_len, strlen(ref_out));
+ TEST_EQUAL(strcmp(my_out, ref_out), 0);
}
exit:
mbedtls_x509_csr_free(&csr);
+ USE_PSA_DONE();
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_FS_IO:MBEDTLS_X509_CRT_PARSE_C */
+void mbedtls_x509_crt_parse_file(char *crt_path, int ret, int nb_crt)
+{
+ mbedtls_x509_crt chain, *cur;
+ int i;
+
+ mbedtls_x509_crt_init(&chain);
+ USE_PSA_INIT();
+
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, crt_path), ret);
+
+ /* Check how many certs we got */
+ for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
+ if (cur->raw.p != NULL) {
+ i++;
+ }
+ }
+
+ TEST_EQUAL(i, nb_crt);
+
+exit:
+ mbedtls_x509_crt_free(&chain);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1076,8 +1140,9 @@
int i;
mbedtls_x509_crt_init(&chain);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_path(&chain, crt_path) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_parse_path(&chain, crt_path), ret);
/* Check how many certs we got */
for (i = 0, cur = &chain; cur != NULL; cur = cur->next) {
@@ -1086,10 +1151,11 @@
}
}
- TEST_ASSERT(i == nb_crt);
+ TEST_EQUAL(i, nb_crt);
exit:
mbedtls_x509_crt_free(&chain);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1106,27 +1172,25 @@
* We expect chain_dir to contain certificates 00.crt, 01.crt, etc.
* with NN.crt signed by NN-1.crt
*/
-
mbedtls_x509_crt_init(&trusted);
mbedtls_x509_crt_init(&chain);
-
USE_PSA_INIT();
/* Load trusted root */
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, ca_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, ca_file), 0);
/* Load a chain with nb_int intermediates (from 01 to nb_int),
* plus one "end-entity" cert (nb_int + 1) */
ret = mbedtls_snprintf(file_buf, sizeof(file_buf), "%s/c%02d.pem", chain_dir,
nb_int + 1);
TEST_ASSERT(ret > 0 && (size_t) ret < sizeof(file_buf));
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, file_buf) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, file_buf), 0);
/* Try to verify that chain */
ret = mbedtls_x509_crt_verify(&chain, &trusted, NULL, NULL, &flags,
NULL, NULL);
- TEST_ASSERT(ret == ret_chk);
- TEST_ASSERT(flags == (uint32_t) flags_chk);
+ TEST_EQUAL(ret, ret_chk);
+ TEST_EQUAL(flags, (uint32_t) flags_chk);
exit:
mbedtls_x509_crt_free(&chain);
@@ -1148,13 +1212,12 @@
mbedtls_x509_crt_init(&chain);
mbedtls_x509_crt_init(&trusted);
-
USE_PSA_INIT();
while ((act = mystrsep(&chain_paths, " ")) != NULL) {
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&chain, act) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&chain, act), 0);
}
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&trusted, trusted_ca) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&trusted, trusted_ca), 0);
if (strcmp(profile_name, "") == 0) {
profile = &mbedtls_x509_crt_profile_default;
@@ -1171,8 +1234,8 @@
res = mbedtls_x509_crt_verify_with_profile(&chain, &trusted, NULL, profile,
NULL, &flags, verify_fatal, &vrfy_fatal_lvls);
- TEST_ASSERT(res == (result));
- TEST_ASSERT(flags == (uint32_t) (flags_result));
+ TEST_EQUAL(res, (result));
+ TEST_EQUAL(flags, (uint32_t) (flags_result));
exit:
mbedtls_x509_crt_free(&trusted);
@@ -1188,7 +1251,7 @@
const char *desc = NULL;
int ret;
-
+ USE_PSA_INIT();
oid.tag = MBEDTLS_ASN1_OID;
oid.p = buf->x;
oid.len = buf->len;
@@ -1199,10 +1262,13 @@
TEST_ASSERT(ret != 0);
TEST_ASSERT(desc == NULL);
} else {
- TEST_ASSERT(ret == 0);
+ TEST_EQUAL(ret, 0);
TEST_ASSERT(desc != NULL);
- TEST_ASSERT(strcmp(desc, ref_desc) == 0);
+ TEST_EQUAL(strcmp(desc, ref_desc), 0);
}
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1212,6 +1278,7 @@
mbedtls_x509_buf oid;
char num_buf[100];
+ USE_PSA_INIT();
memset(num_buf, 0x2a, sizeof(num_buf));
oid.tag = MBEDTLS_ASN1_OID;
@@ -1220,12 +1287,15 @@
TEST_ASSERT((size_t) blen <= sizeof(num_buf));
- TEST_ASSERT(mbedtls_oid_get_numeric_string(num_buf, blen, &oid) == ret);
+ TEST_EQUAL(mbedtls_oid_get_numeric_string(num_buf, blen, &oid), ret);
if (ret >= 0) {
- TEST_ASSERT(num_buf[ret] == 0);
- TEST_ASSERT(strcmp(num_buf, numstr) == 0);
+ TEST_EQUAL(num_buf[ret], 0);
+ TEST_EQUAL(strcmp(num_buf, numstr), 0);
}
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1235,13 +1305,15 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
- TEST_ASSERT(mbedtls_x509_crt_check_key_usage(&crt, usage) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_check_key_usage(&crt, usage), ret);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1252,15 +1324,16 @@
mbedtls_x509_crt crt;
mbedtls_x509_crt_init(&crt);
+ USE_PSA_INIT();
+ TEST_EQUAL(mbedtls_x509_crt_parse_file(&crt, crt_file), 0);
- TEST_ASSERT(mbedtls_x509_crt_parse_file(&crt, crt_file) == 0);
-
- TEST_ASSERT(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x,
- oid->len) == ret);
+ TEST_EQUAL(mbedtls_x509_crt_check_extended_key_usage(&crt, (const char *) oid->x, oid->len),
+ ret);
exit:
mbedtls_x509_crt_free(&crt);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1273,6 +1346,7 @@
unsigned char *start = buf;
unsigned char *end = buf;
+ USE_PSA_INIT();
memset(&time, 0x00, sizeof(time));
*end = (unsigned char) tag; end++;
*end = strlen(time_str);
@@ -1281,15 +1355,18 @@
memcpy(end, time_str, (size_t) *(end - 1));
end += *(end - 1);
- TEST_ASSERT(mbedtls_x509_get_time(&start, end, &time) == ret);
+ TEST_EQUAL(mbedtls_x509_get_time(&start, end, &time), ret);
if (ret == 0) {
- TEST_ASSERT(year == time.year);
- TEST_ASSERT(mon == time.mon);
- TEST_ASSERT(day == time.day);
- TEST_ASSERT(hour == time.hour);
- TEST_ASSERT(min == time.min);
- TEST_ASSERT(sec == time.sec);
+ TEST_EQUAL(year, time.year);
+ TEST_EQUAL(mon, time.mon);
+ TEST_EQUAL(day, time.day);
+ TEST_EQUAL(hour, time.hour);
+ TEST_EQUAL(min, time.min);
+ TEST_EQUAL(sec, time.sec);
}
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -1303,6 +1380,8 @@
mbedtls_md_type_t my_msg_md, my_mgf_md;
int my_salt_len;
+ USE_PSA_INIT();
+
buf.p = params->x;
buf.len = params->len;
buf.tag = params_tag;
@@ -1310,22 +1389,26 @@
my_ret = mbedtls_x509_get_rsassa_pss_params(&buf, &my_msg_md, &my_mgf_md,
&my_salt_len);
- TEST_ASSERT(my_ret == ref_ret);
+ TEST_EQUAL(my_ret, ref_ret);
if (ref_ret == 0) {
- TEST_ASSERT(my_msg_md == (mbedtls_md_type_t) ref_msg_md);
- TEST_ASSERT(my_mgf_md == (mbedtls_md_type_t) ref_mgf_md);
- TEST_ASSERT(my_salt_len == ref_salt_len);
+ TEST_EQUAL(my_msg_md, (mbedtls_md_type_t) ref_msg_md);
+ TEST_EQUAL(my_mgf_md, (mbedtls_md_type_t) ref_mgf_md);
+ TEST_EQUAL(my_salt_len, ref_salt_len);
}
exit:
- ;;
+ USE_PSA_DONE();
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_X509_CRT_PARSE_C:MBEDTLS_SELF_TEST */
void x509_selftest()
{
- TEST_ASSERT(mbedtls_x509_self_test(1) == 0);
+ USE_PSA_INIT();
+ TEST_EQUAL(mbedtls_x509_self_test(1), 0);
+
+exit:
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/tests/suites/test_suite_x509write.data b/tests/suites/test_suite_x509write.data
index 4cff30d..999c05f 100644
--- a/tests/suites/test_suite_x509write.data
+++ b/tests/suites/test_suite_x509write.data
@@ -59,64 +59,64 @@
x509_csr_check_opaque:"data_files/server5.key":MBEDTLS_MD_SHA256:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION:0
Certificate write check Server1 SHA1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.crt":0:0
Certificate write check Server1 SHA1, not before 1970
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0
Certificate write check Server1 SHA1, not after 2050
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0
Certificate write check Server1 SHA1, not before 1970, not after 2050
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"19700210144406":"20500210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0
Certificate write check Server1 SHA1, not before 2050, not after 2059
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20500210144406":"20590210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"":0:0
Certificate write check Server1 SHA1, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:1:-1:"data_files/server1.key_usage.crt":0:0
Certificate write check Server1 SHA1, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:1:-1:"data_files/server1.cert_type.crt":0:0
Certificate write check Server1 SHA1, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":0:0
Certificate write check Server1 SHA1, CA
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:1:-1:"data_files/server1.ca.crt":0:1
Certificate write check Server1 SHA1, RSA_ALT
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.noauthid.crt":1:0
Certificate write check Server1 SHA1, RSA_ALT, key_usage
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:MBEDTLS_X509_KU_DIGITAL_SIGNATURE | MBEDTLS_X509_KU_NON_REPUDIATION | MBEDTLS_X509_KU_KEY_ENCIPHERMENT:1:0:0:0:-1:"data_files/server1.key_usage_noauthid.crt":1:0
Certificate write check Server1 SHA1, RSA_ALT, ns_cert_type
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:MBEDTLS_X509_NS_CERT_TYPE_SSL_SERVER:1:0:-1:"data_files/server1.cert_type_noauthid.crt":1:0
Certificate write check Server1 SHA1, RSA_ALT, version 1
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:MBEDTLS_X509_CRT_VERSION_1:"data_files/server1.v1.crt":1:0
Certificate write check Server1 SHA1, RSA_ALT, CA
-depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_DES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
+depends_on:MBEDTLS_SHA1_C:MBEDTLS_RSA_C:MBEDTLS_PKCS1_V15:MBEDTLS_AES_C:MBEDTLS_CIPHER_MODE_CBC:MBEDTLS_MD5_C
x509_crt_check:"data_files/server1.key":"":"C=NL,O=PolarSSL,CN=PolarSSL Server 1":"data_files/test-ca.key":"PolarSSLTest":"C=NL,O=PolarSSL,CN=PolarSSL Test CA":"1":"20190210144406":"20290210144406":MBEDTLS_MD_SHA1:0:0:0:0:0:-1:"data_files/server1.ca_noauthid.crt":1:1
X509 String to Names #1
-mbedtls_x509_string_to_names:"C=NL,O=Offspark\, Inc., OU=PolarSSL":"C=NL, O=Offspark\, Inc., OU=PolarSSL":0
+mbedtls_x509_string_to_names:"C=NL,O=Offspark\\, Inc., OU=PolarSSL":"C=NL, O=Offspark\\, Inc., OU=PolarSSL":0
X509 String to Names #2
mbedtls_x509_string_to_names:"C=NL, O=Offspark, Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_UNKNOWN_OID
@@ -128,10 +128,13 @@
mbedtls_x509_string_to_names:"C=NL, O=1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890123456, OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #5 (Escape non-allowed characters)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\a Inc., OU=PolarSSL":"":MBEDTLS_ERR_X509_INVALID_NAME
X509 String to Names #6 (Escape at end)
-mbedtls_x509_string_to_names:"C=NL, O=Offspark\":"":MBEDTLS_ERR_X509_INVALID_NAME
+mbedtls_x509_string_to_names:"C=NL, O=Offspark\\":"":MBEDTLS_ERR_X509_INVALID_NAME
+
+X509 String to Names #6 (Invalid, no '=' or ',')
+mbedtls_x509_string_to_names:"ABC123":"":MBEDTLS_ERR_X509_INVALID_NAME
Check max serial length
x509_set_serial_check:
diff --git a/tests/suites/test_suite_x509write.function b/tests/suites/test_suite_x509write.function
index cb3f6a5..b4509e2 100644
--- a/tests/suites/test_suite_x509write.function
+++ b/tests/suites/test_suite_x509write.function
@@ -145,8 +145,9 @@
memset(&rnd_info, 0x2a, sizeof(mbedtls_test_rnd_pseudo_info));
mbedtls_x509write_csr_init(&req);
-
mbedtls_pk_init(&key);
+ USE_PSA_INIT();
+
TEST_ASSERT(mbedtls_pk_parse_keyfile(&key, key_file, NULL) == 0);
mbedtls_x509write_csr_set_md_alg(&req, md_type);
@@ -197,6 +198,7 @@
exit:
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -246,12 +248,11 @@
buf[pem_len] = '\0';
TEST_ASSERT(x509_crt_verifycsr(buf, pem_len + 1) == 0);
-
exit:
mbedtls_x509write_csr_free(&req);
mbedtls_pk_free(&key);
psa_destroy_key(key_id);
- PSA_DONE();
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -287,6 +288,7 @@
mbedtls_pk_init(&issuer_key_alt);
mbedtls_x509write_crt_init(&crt);
+ USE_PSA_INIT();
TEST_ASSERT(mbedtls_pk_parse_keyfile(&subject_key, subject_key_file,
subject_pwd) == 0);
@@ -422,6 +424,7 @@
mbedtls_pk_free(&subject_key);
mbedtls_pk_free(&issuer_key);
mbedtls_mpi_free(&serial);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -432,6 +435,7 @@
mbedtls_mpi serial_mpi;
uint8_t invalid_serial[MBEDTLS_X509_RFC5280_MAX_SERIAL_LEN + 1];
+ USE_PSA_INIT();
memset(invalid_serial, 0x01, sizeof(invalid_serial));
mbedtls_mpi_init(&serial_mpi);
@@ -442,6 +446,7 @@
exit:
mbedtls_mpi_free(&serial_mpi);
+ USE_PSA_DONE();
}
/* END_CASE */
@@ -455,6 +460,8 @@
mbedtls_x509_name parsed, *parsed_cur, *parsed_prv;
unsigned char buf[1024], out[1024], *c;
+ USE_PSA_INIT();
+
memset(&parsed, 0, sizeof(parsed));
memset(out, 0, sizeof(out));
memset(buf, 0, sizeof(buf));
@@ -488,5 +495,6 @@
parsed_cur = parsed_cur->next;
mbedtls_free(parsed_prv);
}
+ USE_PSA_DONE();
}
/* END_CASE */
diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj
index 88ffe1b..c75b353 100644
--- a/visualc/VS2010/mbedTLS.vcxproj
+++ b/visualc/VS2010/mbedTLS.vcxproj
@@ -237,6 +237,7 @@
<ClInclude Include="..\..\include\psa\crypto_struct.h" />
<ClInclude Include="..\..\include\psa\crypto_types.h" />
<ClInclude Include="..\..\include\psa\crypto_values.h" />
+ <ClInclude Include="..\..\tests\include\test\arguments.h" />
<ClInclude Include="..\..\tests\include\test\asn1_helpers.h" />
<ClInclude Include="..\..\tests\include\test\constant_flow.h" />
<ClInclude Include="..\..\tests\include\test\fake_external_rng_for_test.h" />
@@ -246,6 +247,7 @@
<ClInclude Include="..\..\tests\include\test\psa_exercise_key.h" />
<ClInclude Include="..\..\tests\include\test\psa_helpers.h" />
<ClInclude Include="..\..\tests\include\test\random.h" />
+ <ClInclude Include="..\..\tests\include\test\ssl_helpers.h" />
<ClInclude Include="..\..\tests\include\test\drivers\aead.h" />
<ClInclude Include="..\..\tests\include\test\drivers\cipher.h" />
<ClInclude Include="..\..\tests\include\test\drivers\config_test_driver.h" />