Merge more portable AES-NI
diff --git a/ChangeLog b/ChangeLog
index af8ae01..82bddbb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -4,11 +4,14 @@
Features
* debug_set_log_mode() added to determine raw or full logging
* debug_set_threshold() added to ignore messages over threshold level
+ * version_check_feature() added to check for compile-time options at
+ run-time
Changes
* POLARSSL_CONFIG_OPTIONS has been removed. All values are individually
checked and filled in the relevant module headers
* Debug module only outputs full lines instead of parts
+ * Better support for the different Attribute Types from IETF PKIX (RFC 5280)
* AES-NI now compiles with "old" assemblers too
Bugfix
@@ -19,6 +22,12 @@
* cert_write app should use subject of issuer certificate as issuer of cert
* Fix false reject in padding check in ssl_decrypt_buf() for CBC
ciphersuites, for full SSL frames of data.
+ * Improve interoperability by not writing extension length in ClientHello /
+ ServerHello when no extensions are present (found by Matthew Page)
+ * rsa_check_pubkey() now allows an E up to N
+ * On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
+ * mpi_fill_random() was creating numbers larger than requested on
+ big-endian platform when size was not an integer number of limbs
= PolarSSL 1.3.6 released on 2014-04-11
diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index b332822..002d245 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -956,6 +956,19 @@
//#define POLARSSL_THREADING_PTHREAD
/**
+ * \def POLARSSL_VERSION_FEATURES
+ *
+ * Allow run-time checking of compile-time enabled features. Thus allowing users
+ * to check at run-time if the library is for instance compiled with threading
+ * support via version_check_feature().
+ *
+ * Requires: POLARSSL_VERSION_C
+ *
+ * Comment this to disable run-time checking and save ROM space
+ */
+#define POLARSSL_VERSION_FEATURES
+
+/**
* \def POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3
*
* If set, the X509 parser will not break-off when parsing an X509 certificate
@@ -2100,9 +2113,11 @@
/* Debug options */
//#define POLARSSL_DEBUG_DFL_MODE POLARSSL_DEBUG_LOG_FULL /**< Default log: Full or Raw */
-/* \} name */
+/* \} name SECTION: Module configuration options */
-/*
+/**
+ * \name SECTION: Sanity checks
+ *
* Sanity checks on defines and dependencies
*/
#if defined(POLARSSL_AESNI_C) && !defined(POLARSSL_HAVE_ASM)
@@ -2355,6 +2370,10 @@
#endif
#undef POLARSSL_THREADING_IMPL
+#if defined(POLARSSL_VERSION_FEATURES) && !defined(POLARSSL_VERSION_C)
+#error "POLARSSL_VERSION_FEATURES defined, but not all prerequisites"
+#endif
+
#if defined(POLARSSL_X509_USE_C) && ( !defined(POLARSSL_BIGNUM_C) || \
!defined(POLARSSL_OID_C) || !defined(POLARSSL_ASN1_PARSE_C) || \
!defined(POLARSSL_PK_PARSE_C) )
@@ -2387,4 +2406,6 @@
#error "POLARSSL_X509_CSR_WRITE_C defined, but not all prerequisites"
#endif
+/* \} name SECTION: Sanity checks */
+
#endif /* config.h */
diff --git a/include/polarssl/oid.h b/include/polarssl/oid.h
index ade4683..d825f4c 100644
--- a/include/polarssl/oid.h
+++ b/include/polarssl/oid.h
@@ -105,14 +105,23 @@
*/
#define OID_AT OID_ISO_CCITT_DS "\x04" /**< id-at OBJECT IDENTIFIER ::= {joint-iso-ccitt(2) ds(5) 4} */
#define OID_AT_CN OID_AT "\x03" /**< id-at-commonName AttributeType:= {id-at 3} */
+#define OID_AT_SUR_NAME OID_AT "\x04" /**< id-at-surName AttributeType:= {id-at 4} */
#define OID_AT_SERIAL_NUMBER OID_AT "\x05" /**< id-at-serialNumber AttributeType:= {id-at 5} */
#define OID_AT_COUNTRY OID_AT "\x06" /**< id-at-countryName AttributeType:= {id-at 6} */
#define OID_AT_LOCALITY OID_AT "\x07" /**< id-at-locality AttributeType:= {id-at 7} */
#define OID_AT_STATE OID_AT "\x08" /**< id-at-state AttributeType:= {id-at 8} */
#define OID_AT_ORGANIZATION OID_AT "\x0A" /**< id-at-organizationName AttributeType:= {id-at 10} */
#define OID_AT_ORG_UNIT OID_AT "\x0B" /**< id-at-organizationalUnitName AttributeType:= {id-at 11} */
+#define OID_AT_TITLE OID_AT "\x0C" /**< id-at-title AttributeType:= {id-at 12} */
#define OID_AT_POSTAL_ADDRESS OID_AT "\x10" /**< id-at-postalAddress AttributeType:= {id-at 16} */
#define OID_AT_POSTAL_CODE OID_AT "\x11" /**< id-at-postalCode AttributeType:= {id-at 17} */
+#define OID_AT_GIVEN_NAME OID_AT "\x2A" /**< id-at-givenName AttributeType:= {id-at 42} */
+#define OID_AT_INITIALS OID_AT "\x2B" /**< id-at-initials AttributeType:= {id-at 43} */
+#define OID_AT_GENERATION_QUALIFIER OID_AT "\x2C" /**< id-at-generationQualifier AttributeType:= {id-at 44} */
+#define OID_AT_DN_QUALIFIER OID_AT "\x2E" /**< id-at-dnQualifier AttributeType:= {id-at 46} */
+#define OID_AT_PSEUDONYM OID_AT "\x41" /**< id-at-pseudonym AttributeType:= {id-at 65} */
+
+#define OID_DOMAIN_COMPONENT "\x09\x92\x26\x89\x93\xF2\x2C\x64\x01\x19" /** id-domainComponent AttributeType:= {itu-t(0) data(9) pss(2342) ucl(19200300) pilot(100) pilotAttributeType(1) domainComponent(25)} */
/*
* OIDs for standard certificate extensions
diff --git a/include/polarssl/version.h b/include/polarssl/version.h
index 7e9d2ea..bae1244 100644
--- a/include/polarssl/version.h
+++ b/include/polarssl/version.h
@@ -3,7 +3,7 @@
*
* \brief Run-time version information
*
- * Copyright (C) 2006-2013, Brainspark B.V.
+ * Copyright (C) 2006-2014, Brainspark B.V.
*
* This file is part of PolarSSL (http://www.polarssl.org)
* Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
@@ -75,11 +75,30 @@
/**
* Get the full version string ("PolarSSL x.y.z").
*
- * \param string The string that will receive the value.
- * (Should be at least 18 bytes in size)
+ * \param string The string that will receive the value. The PolarSSL version
+ * string will use 18 bytes AT MOST including a terminating
+ * null byte.
+ * (So the buffer should be at least 18 bytes to receive this
+ * version string).
*/
void version_get_string_full( char *string );
+/**
+ * \brief Check if support for a feature was compiled into this
+ * PolarSSL binary. This allows you to see at runtime if the
+ * library was for instance compiled with or without
+ * Multi-threading support.
+ *
+ * Note: only checks against defines in the sections "System
+ * support", "PolarSSL modules" and "PolarSSL feature
+ * support" in config.h
+ *
+ * \param feature The string for the define to check (e.g. "POLARSSL_AES_C")
+ *
+ * \return 0 if the feature is present, -1 if not.
+ */
+int version_check_feature( const char *feature );
+
#ifdef __cplusplus
}
#endif
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 19d1a2a..8b595cf 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -60,6 +60,7 @@
threading.c
timing.c
version.c
+ version_features.c
x509.c
x509_crt.c
x509_crl.c
diff --git a/library/Makefile b/library/Makefile
index 251a682..e02a258 100644
--- a/library/Makefile
+++ b/library/Makefile
@@ -57,7 +57,7 @@
sha512.o ssl_cache.o ssl_cli.o \
ssl_srv.o ssl_ciphersuites.o \
ssl_tls.o threading.o timing.o \
- version.o \
+ version.o version_features.o \
x509.o x509_create.o \
x509_crl.o x509_crt.o x509_csr.o \
x509write_crt.o x509write_csr.o \
diff --git a/library/bignum.c b/library/bignum.c
index 012e9e3..5fbb7d3 100644
--- a/library/bignum.c
+++ b/library/bignum.c
@@ -1773,16 +1773,28 @@
return( ret );
}
+/*
+ * Fill X with size bytes of random.
+ *
+ * Use a temporary bytes representation to make sure the result is the same
+ * regardless of the platform endianness (usefull when f_rng is actually
+ * deterministic, eg for tests).
+ */
int mpi_fill_random( mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
void *p_rng )
{
int ret;
+ unsigned char buf[POLARSSL_MPI_MAX_SIZE];
+
+ if( size > POLARSSL_MPI_MAX_SIZE )
+ return( POLARSSL_ERR_MPI_BAD_INPUT_DATA );
MPI_CHK( mpi_grow( X, CHARS_TO_LIMBS( size ) ) );
MPI_CHK( mpi_lset( X, 0 ) );
- MPI_CHK( f_rng( p_rng, (unsigned char *) X->p, size ) );
+ MPI_CHK( f_rng( p_rng, buf, size ) );
+ MPI_CHK( mpi_read_binary( X, buf, size ) );
cleanup:
return( ret );
diff --git a/library/oid.c b/library/oid.c
index a2b929b..2a61193 100644
--- a/library/oid.c
+++ b/library/oid.c
@@ -196,6 +196,38 @@
"postalCode",
},
{
+ { ADD_LEN( OID_AT_SUR_NAME ), "id-at-surName", "Surname" },
+ "SN",
+ },
+ {
+ { ADD_LEN( OID_AT_GIVEN_NAME ), "id-at-givenName", "Given name" },
+ "GN",
+ },
+ {
+ { ADD_LEN( OID_AT_INITIALS ), "id-at-initials", "Initials" },
+ "initials",
+ },
+ {
+ { ADD_LEN( OID_AT_GENERATION_QUALIFIER ), "id-at-generationQualifier", "Generation qualifier" },
+ "generationQualifier",
+ },
+ {
+ { ADD_LEN( OID_AT_TITLE ), "id-at-title", "Title" },
+ "title",
+ },
+ {
+ { ADD_LEN( OID_AT_DN_QUALIFIER ),"id-at-dnQualifier", "Distinguished Name qualifier" },
+ "dnQualifier",
+ },
+ {
+ { ADD_LEN( OID_AT_PSEUDONYM ), "id-at-pseudonym", "Pseudonym" },
+ "pseudonym",
+ },
+ {
+ { ADD_LEN( OID_DOMAIN_COMPONENT ), "id-domainComponent", "Domain component" },
+ "DC",
+ },
+ {
{ NULL, 0, NULL, NULL },
NULL,
}
diff --git a/library/rsa.c b/library/rsa.c
index 4523368..1786149 100644
--- a/library/rsa.c
+++ b/library/rsa.c
@@ -168,7 +168,7 @@
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
if( mpi_msb( &ctx->E ) < 2 ||
- mpi_msb( &ctx->E ) > 64 )
+ mpi_cmp_mpi( &ctx->E, &ctx->N ) >= 0 )
return( POLARSSL_ERR_RSA_KEY_CHECK_FAILED );
return( 0 );
@@ -1469,6 +1469,7 @@
#if defined(POLARSSL_PKCS1_V15)
static int myrand( void *rng_state, unsigned char *output, size_t len )
{
+#if !defined(__OpenBSD__)
size_t i;
if( rng_state != NULL )
@@ -1476,6 +1477,12 @@
for( i = 0; i < len; ++i )
output[i] = rand();
+#else
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ arc4random_buf( output, len );
+#endif /* !OpenBSD */
return( 0 );
}
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index 0a69f4d..cd0d8c2 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -651,9 +651,12 @@
SSL_DEBUG_MSG( 3, ( "client hello, total extension length: %d",
ext_len ) );
- *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ext_len ) & 0xFF );
- p += ext_len;
+ if( ext_len > 0 )
+ {
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+ }
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index dee6cd8..acf2ef2 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -1921,9 +1921,12 @@
SSL_DEBUG_MSG( 3, ( "server hello, total extension length: %d", ext_len ) );
- *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
- *p++ = (unsigned char)( ( ext_len ) & 0xFF );
- p += ext_len;
+ if( ext_len > 0 )
+ {
+ *p++ = (unsigned char)( ( ext_len >> 8 ) & 0xFF );
+ *p++ = (unsigned char)( ( ext_len ) & 0xFF );
+ p += ext_len;
+ }
ssl->out_msglen = p - buf;
ssl->out_msgtype = SSL_MSG_HANDSHAKE;
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 271bfe6..e9b1024 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -1908,6 +1908,12 @@
SSL_DEBUG_MSG( 2, ( "=> fetch input" ) );
+ if( nb_want > SSL_BUFFER_LEN - 8 )
+ {
+ SSL_DEBUG_MSG( 1, ( "requesting more data than fits" ) );
+ return( POLARSSL_ERR_SSL_BAD_INPUT_DATA );
+ }
+
while( ssl->in_left < nb_want )
{
len = nb_want - ssl->in_left;
@@ -2131,13 +2137,20 @@
return( POLARSSL_ERR_SSL_INVALID_RECORD );
}
+ /* Sanity check (outer boundaries) */
+ if( ssl->in_msglen < 1 || ssl->in_msglen > SSL_BUFFER_LEN - 13 )
+ {
+ SSL_DEBUG_MSG( 1, ( "bad message length" ) );
+ return( POLARSSL_ERR_SSL_INVALID_RECORD );
+ }
+
/*
- * Make sure the message length is acceptable
+ * Make sure the message length is acceptable for the current transform
+ * and protocol version.
*/
if( ssl->transform_in == NULL )
{
- if( ssl->in_msglen < 1 ||
- ssl->in_msglen > SSL_MAX_CONTENT_LEN )
+ if( ssl->in_msglen > SSL_MAX_CONTENT_LEN )
{
SSL_DEBUG_MSG( 1, ( "bad message length" ) );
return( POLARSSL_ERR_SSL_INVALID_RECORD );
diff --git a/library/version_features.c b/library/version_features.c
new file mode 100644
index 0000000..2382798
--- /dev/null
+++ b/library/version_features.c
@@ -0,0 +1,542 @@
+/*
+ * Version feature information
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_VERSION_C)
+
+#include "polarssl/version.h"
+
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#define snprintf _snprintf
+#endif
+
+const char *features[] = {
+#if defined(POLARSSL_HAVE_INT8)
+ "POLARSSL_HAVE_INT8",
+#endif /* POLARSSL_HAVE_INT8 */
+#if defined(POLARSSL_HAVE_INT16)
+ "POLARSSL_HAVE_INT16",
+#endif /* POLARSSL_HAVE_INT16 */
+#if defined(POLARSSL_HAVE_LONGLONG)
+ "POLARSSL_HAVE_LONGLONG",
+#endif /* POLARSSL_HAVE_LONGLONG */
+#if defined(POLARSSL_HAVE_ASM)
+ "POLARSSL_HAVE_ASM",
+#endif /* POLARSSL_HAVE_ASM */
+#if defined(POLARSSL_HAVE_SSE2)
+ "POLARSSL_HAVE_SSE2",
+#endif /* POLARSSL_HAVE_SSE2 */
+#if defined(POLARSSL_HAVE_TIME)
+ "POLARSSL_HAVE_TIME",
+#endif /* POLARSSL_HAVE_TIME */
+#if defined(POLARSSL_HAVE_IPV6)
+ "POLARSSL_HAVE_IPV6",
+#endif /* POLARSSL_HAVE_IPV6 */
+#if defined(POLARSSL_PLATFORM_MEMORY)
+ "POLARSSL_PLATFORM_MEMORY",
+#endif /* POLARSSL_PLATFORM_MEMORY */
+#if defined(POLARSSL_PLATFORM_NO_STD_FUNCTIONS)
+ "POLARSSL_PLATFORM_NO_STD_FUNCTIONS",
+#endif /* POLARSSL_PLATFORM_NO_STD_FUNCTIONS */
+#if defined(POLARSSL_PLATFORM_PRINTF_ALT)
+ "POLARSSL_PLATFORM_PRINTF_ALT",
+#endif /* POLARSSL_PLATFORM_PRINTF_ALT */
+#if defined(POLARSSL_PLATFORM_FPRINTF_ALT)
+ "POLARSSL_PLATFORM_FPRINTF_ALT",
+#endif /* POLARSSL_PLATFORM_FPRINTF_ALT */
+#if defined(POLARSSL_TIMING_ALT)
+ "POLARSSL_TIMING_ALT",
+#endif /* POLARSSL_TIMING_ALT */
+#if defined(POLARSSL_AES_ALT)
+ "POLARSSL_AES_ALT",
+#endif /* POLARSSL_AES_ALT */
+#if defined(POLARSSL_ARC4_ALT)
+ "POLARSSL_ARC4_ALT",
+#endif /* POLARSSL_ARC4_ALT */
+#if defined(POLARSSL_BLOWFISH_ALT)
+ "POLARSSL_BLOWFISH_ALT",
+#endif /* POLARSSL_BLOWFISH_ALT */
+#if defined(POLARSSL_CAMELLIA_ALT)
+ "POLARSSL_CAMELLIA_ALT",
+#endif /* POLARSSL_CAMELLIA_ALT */
+#if defined(POLARSSL_DES_ALT)
+ "POLARSSL_DES_ALT",
+#endif /* POLARSSL_DES_ALT */
+#if defined(POLARSSL_XTEA_ALT)
+ "POLARSSL_XTEA_ALT",
+#endif /* POLARSSL_XTEA_ALT */
+#if defined(POLARSSL_MD2_ALT)
+ "POLARSSL_MD2_ALT",
+#endif /* POLARSSL_MD2_ALT */
+#if defined(POLARSSL_MD4_ALT)
+ "POLARSSL_MD4_ALT",
+#endif /* POLARSSL_MD4_ALT */
+#if defined(POLARSSL_MD5_ALT)
+ "POLARSSL_MD5_ALT",
+#endif /* POLARSSL_MD5_ALT */
+#if defined(POLARSSL_RIPEMD160_ALT)
+ "POLARSSL_RIPEMD160_ALT",
+#endif /* POLARSSL_RIPEMD160_ALT */
+#if defined(POLARSSL_SHA1_ALT)
+ "POLARSSL_SHA1_ALT",
+#endif /* POLARSSL_SHA1_ALT */
+#if defined(POLARSSL_SHA256_ALT)
+ "POLARSSL_SHA256_ALT",
+#endif /* POLARSSL_SHA256_ALT */
+#if defined(POLARSSL_SHA512_ALT)
+ "POLARSSL_SHA512_ALT",
+#endif /* POLARSSL_SHA512_ALT */
+#if defined(POLARSSL_AES_ROM_TABLES)
+ "POLARSSL_AES_ROM_TABLES",
+#endif /* POLARSSL_AES_ROM_TABLES */
+#if defined(POLARSSL_CIPHER_MODE_CBC)
+ "POLARSSL_CIPHER_MODE_CBC",
+#endif /* POLARSSL_CIPHER_MODE_CBC */
+#if defined(POLARSSL_CIPHER_MODE_CFB)
+ "POLARSSL_CIPHER_MODE_CFB",
+#endif /* POLARSSL_CIPHER_MODE_CFB */
+#if defined(POLARSSL_CIPHER_MODE_CTR)
+ "POLARSSL_CIPHER_MODE_CTR",
+#endif /* POLARSSL_CIPHER_MODE_CTR */
+#if defined(POLARSSL_CIPHER_NULL_CIPHER)
+ "POLARSSL_CIPHER_NULL_CIPHER",
+#endif /* POLARSSL_CIPHER_NULL_CIPHER */
+#if defined(POLARSSL_CIPHER_PADDING_PKCS7)
+ "POLARSSL_CIPHER_PADDING_PKCS7",
+#endif /* POLARSSL_CIPHER_PADDING_PKCS7 */
+#if defined(POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS)
+ "POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS",
+#endif /* POLARSSL_CIPHER_PADDING_ONE_AND_ZEROS */
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN)
+ "POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN",
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS_AND_LEN */
+#if defined(POLARSSL_CIPHER_PADDING_ZEROS)
+ "POLARSSL_CIPHER_PADDING_ZEROS",
+#endif /* POLARSSL_CIPHER_PADDING_ZEROS */
+#if defined(POLARSSL_ENABLE_WEAK_CIPHERSUITES)
+ "POLARSSL_ENABLE_WEAK_CIPHERSUITES",
+#endif /* POLARSSL_ENABLE_WEAK_CIPHERSUITES */
+#if defined(POLARSSL_ECP_DP_SECP192R1_ENABLED)
+ "POLARSSL_ECP_DP_SECP192R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP192R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP224R1_ENABLED)
+ "POLARSSL_ECP_DP_SECP224R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP224R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP256R1_ENABLED)
+ "POLARSSL_ECP_DP_SECP256R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP256R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP384R1_ENABLED)
+ "POLARSSL_ECP_DP_SECP384R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP384R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP521R1_ENABLED)
+ "POLARSSL_ECP_DP_SECP521R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP521R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP192K1_ENABLED)
+ "POLARSSL_ECP_DP_SECP192K1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP192K1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP224K1_ENABLED)
+ "POLARSSL_ECP_DP_SECP224K1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP224K1_ENABLED */
+#if defined(POLARSSL_ECP_DP_SECP256K1_ENABLED)
+ "POLARSSL_ECP_DP_SECP256K1_ENABLED",
+#endif /* POLARSSL_ECP_DP_SECP256K1_ENABLED */
+#if defined(POLARSSL_ECP_DP_BP256R1_ENABLED)
+ "POLARSSL_ECP_DP_BP256R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_BP256R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_BP384R1_ENABLED)
+ "POLARSSL_ECP_DP_BP384R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_BP384R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_BP512R1_ENABLED)
+ "POLARSSL_ECP_DP_BP512R1_ENABLED",
+#endif /* POLARSSL_ECP_DP_BP512R1_ENABLED */
+#if defined(POLARSSL_ECP_DP_M221_ENABLED)
+ "POLARSSL_ECP_DP_M221_ENABLED",
+#endif /* POLARSSL_ECP_DP_M221_ENABLED */
+#if defined(POLARSSL_ECP_DP_M255_ENABLED)
+ "POLARSSL_ECP_DP_M255_ENABLED",
+#endif /* POLARSSL_ECP_DP_M255_ENABLED */
+#if defined(POLARSSL_ECP_DP_M383_ENABLED)
+ "POLARSSL_ECP_DP_M383_ENABLED",
+#endif /* POLARSSL_ECP_DP_M383_ENABLED */
+#if defined(POLARSSL_ECP_DP_M511_ENABLED)
+ "POLARSSL_ECP_DP_M511_ENABLED",
+#endif /* POLARSSL_ECP_DP_M511_ENABLED */
+#if defined(POLARSSL_ECP_NIST_OPTIM)
+ "POLARSSL_ECP_NIST_OPTIM",
+#endif /* POLARSSL_ECP_NIST_OPTIM */
+#if defined(POLARSSL_ECDSA_DETERMINISTIC)
+ "POLARSSL_ECDSA_DETERMINISTIC",
+#endif /* POLARSSL_ECDSA_DETERMINISTIC */
+#if defined(POLARSSL_KEY_EXCHANGE_PSK_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_PSK_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_PSK_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_RSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_RSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_RSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_DHE_RSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_RSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_ECDH_ECDSA_ENABLED */
+#if defined(POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED)
+ "POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED",
+#endif /* POLARSSL_KEY_EXCHANGE_ECDH_RSA_ENABLED */
+#if defined(POLARSSL_PK_PARSE_EC_EXTENDED)
+ "POLARSSL_PK_PARSE_EC_EXTENDED",
+#endif /* POLARSSL_PK_PARSE_EC_EXTENDED */
+#if defined(POLARSSL_ERROR_STRERROR_BC)
+ "POLARSSL_ERROR_STRERROR_BC",
+#endif /* POLARSSL_ERROR_STRERROR_BC */
+#if defined(POLARSSL_ERROR_STRERROR_DUMMY)
+ "POLARSSL_ERROR_STRERROR_DUMMY",
+#endif /* POLARSSL_ERROR_STRERROR_DUMMY */
+#if defined(POLARSSL_GENPRIME)
+ "POLARSSL_GENPRIME",
+#endif /* POLARSSL_GENPRIME */
+#if defined(POLARSSL_FS_IO)
+ "POLARSSL_FS_IO",
+#endif /* POLARSSL_FS_IO */
+#if defined(POLARSSL_NO_DEFAULT_ENTROPY_SOURCES)
+ "POLARSSL_NO_DEFAULT_ENTROPY_SOURCES",
+#endif /* POLARSSL_NO_DEFAULT_ENTROPY_SOURCES */
+#if defined(POLARSSL_NO_PLATFORM_ENTROPY)
+ "POLARSSL_NO_PLATFORM_ENTROPY",
+#endif /* POLARSSL_NO_PLATFORM_ENTROPY */
+#if defined(POLARSSL_ENTROPY_FORCE_SHA256)
+ "POLARSSL_ENTROPY_FORCE_SHA256",
+#endif /* POLARSSL_ENTROPY_FORCE_SHA256 */
+#if defined(POLARSSL_MEMORY_DEBUG)
+ "POLARSSL_MEMORY_DEBUG",
+#endif /* POLARSSL_MEMORY_DEBUG */
+#if defined(POLARSSL_MEMORY_BACKTRACE)
+ "POLARSSL_MEMORY_BACKTRACE",
+#endif /* POLARSSL_MEMORY_BACKTRACE */
+#if defined(POLARSSL_PKCS1_V15)
+ "POLARSSL_PKCS1_V15",
+#endif /* POLARSSL_PKCS1_V15 */
+#if defined(POLARSSL_PKCS1_V21)
+ "POLARSSL_PKCS1_V21",
+#endif /* POLARSSL_PKCS1_V21 */
+#if defined(POLARSSL_RSA_NO_CRT)
+ "POLARSSL_RSA_NO_CRT",
+#endif /* POLARSSL_RSA_NO_CRT */
+#if defined(POLARSSL_SELF_TEST)
+ "POLARSSL_SELF_TEST",
+#endif /* POLARSSL_SELF_TEST */
+#if defined(POLARSSL_SSL_ALERT_MESSAGES)
+ "POLARSSL_SSL_ALERT_MESSAGES",
+#endif /* POLARSSL_SSL_ALERT_MESSAGES */
+#if defined(POLARSSL_SSL_DEBUG_ALL)
+ "POLARSSL_SSL_DEBUG_ALL",
+#endif /* POLARSSL_SSL_DEBUG_ALL */
+#if defined(POLARSSL_SSL_HW_RECORD_ACCEL)
+ "POLARSSL_SSL_HW_RECORD_ACCEL",
+#endif /* POLARSSL_SSL_HW_RECORD_ACCEL */
+#if defined(POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO)
+ "POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO",
+#endif /* POLARSSL_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO */
+#if defined(POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE)
+ "POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE",
+#endif /* POLARSSL_SSL_SRV_RESPECT_CLIENT_PREFERENCE */
+#if defined(POLARSSL_SSL_MAX_FRAGMENT_LENGTH)
+ "POLARSSL_SSL_MAX_FRAGMENT_LENGTH",
+#endif /* POLARSSL_SSL_MAX_FRAGMENT_LENGTH */
+#if defined(POLARSSL_SSL_PROTO_SSL3)
+ "POLARSSL_SSL_PROTO_SSL3",
+#endif /* POLARSSL_SSL_PROTO_SSL3 */
+#if defined(POLARSSL_SSL_PROTO_TLS1)
+ "POLARSSL_SSL_PROTO_TLS1",
+#endif /* POLARSSL_SSL_PROTO_TLS1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1_1)
+ "POLARSSL_SSL_PROTO_TLS1_1",
+#endif /* POLARSSL_SSL_PROTO_TLS1_1 */
+#if defined(POLARSSL_SSL_PROTO_TLS1_2)
+ "POLARSSL_SSL_PROTO_TLS1_2",
+#endif /* POLARSSL_SSL_PROTO_TLS1_2 */
+#if defined(POLARSSL_SSL_ALPN)
+ "POLARSSL_SSL_ALPN",
+#endif /* POLARSSL_SSL_ALPN */
+#if defined(POLARSSL_SSL_SESSION_TICKETS)
+ "POLARSSL_SSL_SESSION_TICKETS",
+#endif /* POLARSSL_SSL_SESSION_TICKETS */
+#if defined(POLARSSL_SSL_SERVER_NAME_INDICATION)
+ "POLARSSL_SSL_SERVER_NAME_INDICATION",
+#endif /* POLARSSL_SSL_SERVER_NAME_INDICATION */
+#if defined(POLARSSL_SSL_TRUNCATED_HMAC)
+ "POLARSSL_SSL_TRUNCATED_HMAC",
+#endif /* POLARSSL_SSL_TRUNCATED_HMAC */
+#if defined(POLARSSL_SSL_SET_CURVES)
+ "POLARSSL_SSL_SET_CURVES",
+#endif /* POLARSSL_SSL_SET_CURVES */
+#if defined(POLARSSL_THREADING_ALT)
+ "POLARSSL_THREADING_ALT",
+#endif /* POLARSSL_THREADING_ALT */
+#if defined(POLARSSL_THREADING_PTHREAD)
+ "POLARSSL_THREADING_PTHREAD",
+#endif /* POLARSSL_THREADING_PTHREAD */
+#if defined(POLARSSL_VERSION_FEATURES)
+ "POLARSSL_VERSION_FEATURES",
+#endif /* POLARSSL_VERSION_FEATURES */
+#if defined(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
+ "POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3",
+#endif /* POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3 */
+#if defined(POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION)
+ "POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION",
+#endif /* POLARSSL_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION */
+#if defined(POLARSSL_X509_CHECK_KEY_USAGE)
+ "POLARSSL_X509_CHECK_KEY_USAGE",
+#endif /* POLARSSL_X509_CHECK_KEY_USAGE */
+#if defined(POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE)
+ "POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE",
+#endif /* POLARSSL_X509_CHECK_EXTENDED_KEY_USAGE */
+#if defined(POLARSSL_ZLIB_SUPPORT)
+ "POLARSSL_ZLIB_SUPPORT",
+#endif /* POLARSSL_ZLIB_SUPPORT */
+#if defined(POLARSSL_AESNI_C)
+ "POLARSSL_AESNI_C",
+#endif /* POLARSSL_AESNI_C */
+#if defined(POLARSSL_AES_C)
+ "POLARSSL_AES_C",
+#endif /* POLARSSL_AES_C */
+#if defined(POLARSSL_ARC4_C)
+ "POLARSSL_ARC4_C",
+#endif /* POLARSSL_ARC4_C */
+#if defined(POLARSSL_ASN1_PARSE_C)
+ "POLARSSL_ASN1_PARSE_C",
+#endif /* POLARSSL_ASN1_PARSE_C */
+#if defined(POLARSSL_ASN1_WRITE_C)
+ "POLARSSL_ASN1_WRITE_C",
+#endif /* POLARSSL_ASN1_WRITE_C */
+#if defined(POLARSSL_BASE64_C)
+ "POLARSSL_BASE64_C",
+#endif /* POLARSSL_BASE64_C */
+#if defined(POLARSSL_BIGNUM_C)
+ "POLARSSL_BIGNUM_C",
+#endif /* POLARSSL_BIGNUM_C */
+#if defined(POLARSSL_BLOWFISH_C)
+ "POLARSSL_BLOWFISH_C",
+#endif /* POLARSSL_BLOWFISH_C */
+#if defined(POLARSSL_CAMELLIA_C)
+ "POLARSSL_CAMELLIA_C",
+#endif /* POLARSSL_CAMELLIA_C */
+#if defined(POLARSSL_CERTS_C)
+ "POLARSSL_CERTS_C",
+#endif /* POLARSSL_CERTS_C */
+#if defined(POLARSSL_CIPHER_C)
+ "POLARSSL_CIPHER_C",
+#endif /* POLARSSL_CIPHER_C */
+#if defined(POLARSSL_CTR_DRBG_C)
+ "POLARSSL_CTR_DRBG_C",
+#endif /* POLARSSL_CTR_DRBG_C */
+#if defined(POLARSSL_DEBUG_C)
+ "POLARSSL_DEBUG_C",
+#endif /* POLARSSL_DEBUG_C */
+#if defined(POLARSSL_DES_C)
+ "POLARSSL_DES_C",
+#endif /* POLARSSL_DES_C */
+#if defined(POLARSSL_DHM_C)
+ "POLARSSL_DHM_C",
+#endif /* POLARSSL_DHM_C */
+#if defined(POLARSSL_ECDH_C)
+ "POLARSSL_ECDH_C",
+#endif /* POLARSSL_ECDH_C */
+#if defined(POLARSSL_ECDSA_C)
+ "POLARSSL_ECDSA_C",
+#endif /* POLARSSL_ECDSA_C */
+#if defined(POLARSSL_ECP_C)
+ "POLARSSL_ECP_C",
+#endif /* POLARSSL_ECP_C */
+#if defined(POLARSSL_ENTROPY_C)
+ "POLARSSL_ENTROPY_C",
+#endif /* POLARSSL_ENTROPY_C */
+#if defined(POLARSSL_ERROR_C)
+ "POLARSSL_ERROR_C",
+#endif /* POLARSSL_ERROR_C */
+#if defined(POLARSSL_GCM_C)
+ "POLARSSL_GCM_C",
+#endif /* POLARSSL_GCM_C */
+#if defined(POLARSSL_HAVEGE_C)
+ "POLARSSL_HAVEGE_C",
+#endif /* POLARSSL_HAVEGE_C */
+#if defined(POLARSSL_HMAC_DRBG_C)
+ "POLARSSL_HMAC_DRBG_C",
+#endif /* POLARSSL_HMAC_DRBG_C */
+#if defined(POLARSSL_MD_C)
+ "POLARSSL_MD_C",
+#endif /* POLARSSL_MD_C */
+#if defined(POLARSSL_MD2_C)
+ "POLARSSL_MD2_C",
+#endif /* POLARSSL_MD2_C */
+#if defined(POLARSSL_MD4_C)
+ "POLARSSL_MD4_C",
+#endif /* POLARSSL_MD4_C */
+#if defined(POLARSSL_MD5_C)
+ "POLARSSL_MD5_C",
+#endif /* POLARSSL_MD5_C */
+#if defined(POLARSSL_MEMORY_C)
+ "POLARSSL_MEMORY_C",
+#endif /* POLARSSL_MEMORY_C */
+#if defined(POLARSSL_MEMORY_BUFFER_ALLOC_C)
+ "POLARSSL_MEMORY_BUFFER_ALLOC_C",
+#endif /* POLARSSL_MEMORY_BUFFER_ALLOC_C */
+#if defined(POLARSSL_NET_C)
+ "POLARSSL_NET_C",
+#endif /* POLARSSL_NET_C */
+#if defined(POLARSSL_OID_C)
+ "POLARSSL_OID_C",
+#endif /* POLARSSL_OID_C */
+#if defined(POLARSSL_PADLOCK_C)
+ "POLARSSL_PADLOCK_C",
+#endif /* POLARSSL_PADLOCK_C */
+#if defined(POLARSSL_PBKDF2_C)
+ "POLARSSL_PBKDF2_C",
+#endif /* POLARSSL_PBKDF2_C */
+#if defined(POLARSSL_PEM_PARSE_C)
+ "POLARSSL_PEM_PARSE_C",
+#endif /* POLARSSL_PEM_PARSE_C */
+#if defined(POLARSSL_PEM_WRITE_C)
+ "POLARSSL_PEM_WRITE_C",
+#endif /* POLARSSL_PEM_WRITE_C */
+#if defined(POLARSSL_PK_C)
+ "POLARSSL_PK_C",
+#endif /* POLARSSL_PK_C */
+#if defined(POLARSSL_PK_PARSE_C)
+ "POLARSSL_PK_PARSE_C",
+#endif /* POLARSSL_PK_PARSE_C */
+#if defined(POLARSSL_PK_WRITE_C)
+ "POLARSSL_PK_WRITE_C",
+#endif /* POLARSSL_PK_WRITE_C */
+#if defined(POLARSSL_PKCS5_C)
+ "POLARSSL_PKCS5_C",
+#endif /* POLARSSL_PKCS5_C */
+#if defined(POLARSSL_PKCS11_C)
+ "POLARSSL_PKCS11_C",
+#endif /* POLARSSL_PKCS11_C */
+#if defined(POLARSSL_PKCS12_C)
+ "POLARSSL_PKCS12_C",
+#endif /* POLARSSL_PKCS12_C */
+#if defined(POLARSSL_PLATFORM_C)
+ "POLARSSL_PLATFORM_C",
+#endif /* POLARSSL_PLATFORM_C */
+#if defined(POLARSSL_RIPEMD160_C)
+ "POLARSSL_RIPEMD160_C",
+#endif /* POLARSSL_RIPEMD160_C */
+#if defined(POLARSSL_RSA_C)
+ "POLARSSL_RSA_C",
+#endif /* POLARSSL_RSA_C */
+#if defined(POLARSSL_SHA1_C)
+ "POLARSSL_SHA1_C",
+#endif /* POLARSSL_SHA1_C */
+#if defined(POLARSSL_SHA256_C)
+ "POLARSSL_SHA256_C",
+#endif /* POLARSSL_SHA256_C */
+#if defined(POLARSSL_SHA512_C)
+ "POLARSSL_SHA512_C",
+#endif /* POLARSSL_SHA512_C */
+#if defined(POLARSSL_SSL_CACHE_C)
+ "POLARSSL_SSL_CACHE_C",
+#endif /* POLARSSL_SSL_CACHE_C */
+#if defined(POLARSSL_SSL_CLI_C)
+ "POLARSSL_SSL_CLI_C",
+#endif /* POLARSSL_SSL_CLI_C */
+#if defined(POLARSSL_SSL_SRV_C)
+ "POLARSSL_SSL_SRV_C",
+#endif /* POLARSSL_SSL_SRV_C */
+#if defined(POLARSSL_SSL_TLS_C)
+ "POLARSSL_SSL_TLS_C",
+#endif /* POLARSSL_SSL_TLS_C */
+#if defined(POLARSSL_THREADING_C)
+ "POLARSSL_THREADING_C",
+#endif /* POLARSSL_THREADING_C */
+#if defined(POLARSSL_TIMING_C)
+ "POLARSSL_TIMING_C",
+#endif /* POLARSSL_TIMING_C */
+#if defined(POLARSSL_VERSION_C)
+ "POLARSSL_VERSION_C",
+#endif /* POLARSSL_VERSION_C */
+#if defined(POLARSSL_X509_USE_C)
+ "POLARSSL_X509_USE_C",
+#endif /* POLARSSL_X509_USE_C */
+#if defined(POLARSSL_X509_CRT_PARSE_C)
+ "POLARSSL_X509_CRT_PARSE_C",
+#endif /* POLARSSL_X509_CRT_PARSE_C */
+#if defined(POLARSSL_X509_CRL_PARSE_C)
+ "POLARSSL_X509_CRL_PARSE_C",
+#endif /* POLARSSL_X509_CRL_PARSE_C */
+#if defined(POLARSSL_X509_CSR_PARSE_C)
+ "POLARSSL_X509_CSR_PARSE_C",
+#endif /* POLARSSL_X509_CSR_PARSE_C */
+#if defined(POLARSSL_X509_CREATE_C)
+ "POLARSSL_X509_CREATE_C",
+#endif /* POLARSSL_X509_CREATE_C */
+#if defined(POLARSSL_X509_CRT_WRITE_C)
+ "POLARSSL_X509_CRT_WRITE_C",
+#endif /* POLARSSL_X509_CRT_WRITE_C */
+#if defined(POLARSSL_X509_CSR_WRITE_C)
+ "POLARSSL_X509_CSR_WRITE_C",
+#endif /* POLARSSL_X509_CSR_WRITE_C */
+#if defined(POLARSSL_XTEA_C)
+ "POLARSSL_XTEA_C",
+#endif /* POLARSSL_XTEA_C */
+ NULL
+};
+
+int version_check_feature( const char *feature )
+{
+ const char **idx = features;
+
+ if( feature == NULL )
+ return( -1 );
+
+ while( *idx != NULL )
+ {
+ if( !strcasecmp( *idx, feature ) )
+ return( 0 );
+ idx++;
+ }
+ return( -1 );
+}
+
+#endif /* POLARSSL_VERSION_C */
diff --git a/library/x509_create.c b/library/x509_create.c
index 7637e61..8e12c14 100644
--- a/library/x509_create.c
+++ b/library/x509_create.c
@@ -53,18 +53,30 @@
{
if( c - s == 2 && strncasecmp( s, "CN", 2 ) == 0 )
oid = OID_AT_CN;
+ else if( c - s == 10 && strncasecmp( s, "commonName", 10 ) == 0 )
+ oid = OID_AT_CN;
else if( c - s == 1 && strncasecmp( s, "C", 1 ) == 0 )
oid = OID_AT_COUNTRY;
+ else if( c - s == 11 && strncasecmp( s, "countryName", 11 ) == 0 )
+ oid = OID_AT_COUNTRY;
else if( c - s == 1 && strncasecmp( s, "O", 1 ) == 0 )
oid = OID_AT_ORGANIZATION;
+ else if( c - s == 16 && strncasecmp( s, "organizationName", 16 ) == 0 )
+ oid = OID_AT_ORGANIZATION;
else if( c - s == 1 && strncasecmp( s, "L", 1 ) == 0 )
oid = OID_AT_LOCALITY;
+ else if( c - s == 8 && strncasecmp( s, "locality", 8 ) == 0 )
+ oid = OID_AT_LOCALITY;
else if( c - s == 1 && strncasecmp( s, "R", 1 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 2 && strncasecmp( s, "OU", 2 ) == 0 )
oid = OID_AT_ORG_UNIT;
+ else if( c - s == 22 && strncasecmp( s, "organizationalUnitName", 22 ) == 0 )
+ oid = OID_AT_ORG_UNIT;
else if( c - s == 2 && strncasecmp( s, "ST", 2 ) == 0 )
oid = OID_AT_STATE;
+ else if( c - s == 19 && strncasecmp( s, "stateOrProvinceName", 19 ) == 0 )
+ oid = OID_AT_STATE;
else if( c - s == 12 && strncasecmp( s, "emailAddress", 12 ) == 0 )
oid = OID_PKCS9_EMAIL;
else if( c - s == 12 && strncasecmp( s, "serialNumber", 12 ) == 0 )
@@ -73,6 +85,28 @@
oid = OID_AT_POSTAL_ADDRESS;
else if( c - s == 10 && strncasecmp( s, "postalCode", 10 ) == 0 )
oid = OID_AT_POSTAL_CODE;
+ else if( c - s == 11 && strncasecmp( s, "dnQualifier", 11 ) == 0 )
+ oid = OID_AT_DN_QUALIFIER;
+ else if( c - s == 5 && strncasecmp( s, "title", 5 ) == 0 )
+ oid = OID_AT_TITLE;
+ else if( c - s == 7 && strncasecmp( s, "surName", 7 ) == 0 )
+ oid = OID_AT_SUR_NAME;
+ else if( c - s == 2 && strncasecmp( s, "SN", 2 ) == 0 )
+ oid = OID_AT_SUR_NAME;
+ else if( c - s == 9 && strncasecmp( s, "givenName", 9 ) == 0 )
+ oid = OID_AT_GIVEN_NAME;
+ else if( c - s == 2 && strncasecmp( s, "GN", 2 ) == 0 )
+ oid = OID_AT_GIVEN_NAME;
+ else if( c - s == 8 && strncasecmp( s, "initials", 8 ) == 0 )
+ oid = OID_AT_INITIALS;
+ else if( c - s == 9 && strncasecmp( s, "pseudonym", 9 ) == 0 )
+ oid = OID_AT_PSEUDONYM;
+ else if( c - s == 19 && strncasecmp( s, "generationQualifier", 19 ) == 0 )
+ oid = OID_AT_GENERATION_QUALIFIER;
+ else if( c - s == 15 && strncasecmp( s, "domainComponent", 15 ) == 0 )
+ oid = OID_DOMAIN_COMPONENT;
+ else if( c - s == 2 && strncasecmp( s, "DC", 2 ) == 0 )
+ oid = OID_DOMAIN_COMPONENT;
else
{
ret = POLARSSL_ERR_X509_UNKNOWN_OID;
diff --git a/scripts/bump_version.sh b/scripts/bump_version.sh
index 167d000..bf033a5 100755
--- a/scripts/bump_version.sh
+++ b/scripts/bump_version.sh
@@ -84,3 +84,8 @@
mv tmp $i
done
+[ $VERBOSE ] && echo "Re-generating library/error.c"
+scripts/generate_errors.pl include/polarssl scripts/data_files library/error.c
+
+[ $VERBOSE ] && echo "Re-generating library/version_features.c"
+scripts/generate_features.pl include/polarssl scripts/data_files library/version_features.c
diff --git a/scripts/data_files/version_features.fmt b/scripts/data_files/version_features.fmt
new file mode 100644
index 0000000..099e82a
--- /dev/null
+++ b/scripts/data_files/version_features.fmt
@@ -0,0 +1,60 @@
+/*
+ * Version feature information
+ *
+ * Copyright (C) 2006-2014, Brainspark B.V.
+ *
+ * This file is part of PolarSSL (http://www.polarssl.org)
+ * Lead Maintainer: Paul Bakker <polarssl_maintainer at polarssl.org>
+ *
+ * All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+#include "polarssl/config.h"
+
+#if defined(POLARSSL_VERSION_C)
+
+#include "polarssl/version.h"
+
+#include <string.h>
+
+#if defined(_MSC_VER) && !defined snprintf && !defined(EFIX64) && \
+ !defined(EFI32)
+#define snprintf _snprintf
+#endif
+
+const char *features[] = {
+FEATURE_DEFINES
+ NULL
+};
+
+int version_check_feature( const char *feature )
+{
+ const char **idx = features;
+
+ if( feature == NULL )
+ return( -1 );
+
+ while( *idx != NULL )
+ {
+ if( !strcasecmp( *idx, feature ) )
+ return( 0 );
+ idx++;
+ }
+ return( -1 );
+}
+
+#endif /* POLARSSL_VERSION_C */
diff --git a/scripts/generate_features.pl b/scripts/generate_features.pl
new file mode 100755
index 0000000..a72247d
--- /dev/null
+++ b/scripts/generate_features.pl
@@ -0,0 +1,57 @@
+#!/usr/bin/perl
+#
+
+use strict;
+
+my $include_dir = shift or die "Missing include directory";
+my $data_dir = shift or die "Missing data directory";
+my $feature_file = shift or die "Missing destination file";
+my $feature_format_file = $data_dir.'/version_features.fmt';
+
+my @sections = ( "System support", "PolarSSL modules",
+ "PolarSSL feature support" );
+
+my $line_separator = $/;
+undef $/;
+
+open(FORMAT_FILE, "$feature_format_file") or die "Opening feature format file '$feature_format_file': $!";
+my $feature_format = <FORMAT_FILE>;
+close(FORMAT_FILE);
+
+$/ = $line_separator;
+
+open(CONFIG_H, "$include_dir/config.h") || die("Failure when opening config.h: $!");
+
+my $feature_defines = "";
+my $in_section = 0;
+
+while (my $line = <CONFIG_H>)
+{
+ next if ($in_section && $line !~ /#define/ && $line !~ /SECTION/);
+ next if (!$in_section && $line !~ /SECTION/);
+
+ if ($in_section) {
+ if ($line =~ /SECTION/) {
+ $in_section = 0;
+ next;
+ }
+
+ my ($define) = $line =~ /#define (\w+)/;
+ $feature_defines .= "#if defined(${define})\n";
+ $feature_defines .= " \"${define}\",\n";
+ $feature_defines .= "#endif /* ${define} */\n";
+ }
+
+ if (!$in_section) {
+ my ($section_name) = $line =~ /SECTION: ([\w ]+)/;
+ my $found_section = grep $_ eq $section_name, @sections;
+
+ $in_section = 1 if ($found_section);
+ }
+};
+
+$feature_format =~ s/FEATURE_DEFINES\n/$feature_defines/g;
+
+open(ERROR_FILE, ">$feature_file") or die "Opening destination file '$feature_file': $!";
+print ERROR_FILE $feature_format;
+close(ERROR_FILE);
diff --git a/tests/suites/helpers.function b/tests/suites/helpers.function
index 1e09666..f6a3529 100644
--- a/tests/suites/helpers.function
+++ b/tests/suites/helpers.function
@@ -105,6 +105,7 @@
*/
static int rnd_std_rand( void *rng_state, unsigned char *output, size_t len )
{
+#if !defined(__OpenBSD__)
size_t i;
if( rng_state != NULL )
@@ -112,6 +113,12 @@
for( i = 0; i < len; ++i )
output[i] = rand();
+#else
+ if( rng_state != NULL )
+ rng_state = NULL;
+
+ arc4random_buf( output, len );
+#endif /* !OpenBSD */
return( 0 );
}
diff --git a/tests/suites/test_suite_rsa.data b/tests/suites/test_suite_rsa.data
index bd4b6e9..5e9afe3 100644
--- a/tests/suites/test_suite_rsa.data
+++ b/tests/suites/test_suite_rsa.data
@@ -310,7 +310,13 @@
rsa_check_pubkey:16:"fedcba9876543210deadbeefcafe4321":16:"00fedcba9876543213":0
RSA Check Public key #8 (E larger than 64 bits)
-rsa_check_pubkey:16:"fedcba9876543210deadbeefcafe4321":16:"01fedcba9876543213":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
+rsa_check_pubkey:16:"fedcba9876543210deadbeefcafe4321":16:"01fedcba9876543213":0
+
+RSA Check Public key #9 (E has size N-2)
+rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034d":0
+
+RSA Check Public key #10 (E has size N)
+rsa_check_pubkey:16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"00b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034fb38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":POLARSSL_ERR_RSA_KEY_CHECK_FAILED
RSA Private (Correct)
rsa_private:"59779fd2a39e56640c4fc1e67b60aeffcecd78aed7ad2bdfa464e93d04198d48466b8da7445f25bfa19db2844edd5c8f539cf772cc132b483169d390db28a43bc4ee0f038f6568ffc87447746cb72fefac2d6d90ee3143a915ac4688028805905a68eb8f8a96674b093c495eddd8704461eaa2b345efbb2ad6930acd8023f870":2048:16:"e79a373182bfaa722eb035f772ad2a9464bd842de59432c18bbab3a7dfeae318c9b915ee487861ab665a40bd6cda560152578e8579016c929df99fea05b4d64efca1d543850bc8164b40d71ed7f3fa4105df0fb9b9ad2a18ce182c8a4f4f975bea9aa0b9a1438a27a28e97ac8330ef37383414d1bd64607d6979ac050424fd17":16:"c6749cbb0db8c5a177672d4728a8b22392b2fc4d3b8361d5c0d5055a1b4e46d821f757c24eef2a51c561941b93b3ace7340074c058c9bb48e7e7414f42c41da4cccb5c2ba91deb30c586b7fb18af12a52995592ad139d3be429add6547e044becedaf31fa3b39421e24ee034fbf367d11f6b8f88ee483d163b431e1654ad3e89":16:"b38ac65c8141f7f5c96e14470e851936a67bf94cc6821a39ac12c05f7c0b06d9e6ddba2224703b02e25f31452f9c4a8417b62675fdc6df46b94813bc7b9769a892c482b830bfe0ad42e46668ace68903617faf6681f4babf1cc8e4b0420d3c7f61dc45434c6b54e2c3ee0fc07908509d79c9826e673bf8363255adb0add2401039a7bcd1b4ecf0fbe6ec8369d2da486eec59559dd1d54c9b24190965eafbdab203b35255765261cd0909acf93c3b8b8428cbb448de4715d1b813d0c94829c229543d391ce0adab5351f97a3810c1f73d7b1458b97daed4209c50e16d064d2d5bfda8c23893d755222793146d0a78c3d64f35549141486c3b0961a7b4c1a2034f":16:"3":"48ce62658d82be10737bd5d3579aed15bc82617e6758ba862eeb12d049d7bacaf2f62fce8bf6e980763d1951f7f0eae3a493df9890d249314b39d00d6ef791de0daebf2c50f46e54aeb63a89113defe85de6dbe77642aae9f2eceb420f3a47a56355396e728917f17876bb829fabcaeef8bf7ef6de2ff9e84e6108ea2e52bbb62b7b288efa0a3835175b8b08fac56f7396eceb1c692d419ecb79d80aef5bc08a75d89de9f2b2d411d881c0e3ffad24c311a19029d210d3d3534f1b626f982ea322b4d1cfba476860ef20d4f672f38c371084b5301b429b747ea051a619e4430e0dac33c12f9ee41ca4d81a4f6da3e495aa8524574bdc60d290dd1f7a62e90a67":0
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 1691e81..44a70ca 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -3,3 +3,13 @@
Check runtime library version
check_runtime_version:"1.3.6"
+
+Check for POLARSSL_VERSION_C
+check_feature:"POLARSSL_VERSION_C":0
+
+Check for POLARSSL_AES_C when already present
+depends_on:POLARSSL_AES_C
+check_feature:"POLARSSL_AES_C":0
+
+Check for unknown define
+check_feature:"POLARSSL_UNKNOWN":-1
diff --git a/tests/suites/test_suite_version.function b/tests/suites/test_suite_version.function
index b28707f..0619007 100644
--- a/tests/suites/test_suite_version.function
+++ b/tests/suites/test_suite_version.function
@@ -63,3 +63,11 @@
TEST_ASSERT( strcmp( version_str, get_str ) == 0 );
}
/* END_CASE */
+
+/* BEGIN_CASE */
+void check_feature( char *feature, int result )
+{
+ int check = version_check_feature( feature );
+ TEST_ASSERT( check == result );
+}
+/* END_CASE */