Merge pull request #3190 from gilles-peskine-arm/config-full-clarify-development
Clarify that the full config enables everything that can be tested together
This commit is contained in:
Коммит
d9f694960f
|
@ -64,7 +64,7 @@ typedef struct
|
|||
uintptr_t transient_data;
|
||||
} psa_drv_se_internal_context_t;
|
||||
|
||||
typedef struct psa_se_drv_table_entry_s
|
||||
struct psa_se_drv_table_entry_s
|
||||
{
|
||||
psa_key_lifetime_t lifetime;
|
||||
const psa_drv_se_t *methods;
|
||||
|
@ -72,8 +72,8 @@ typedef struct psa_se_drv_table_entry_s
|
|||
{
|
||||
psa_drv_se_internal_context_t internal;
|
||||
psa_drv_se_context_t context;
|
||||
};
|
||||
} psa_se_drv_table_entry_t;
|
||||
} u;
|
||||
};
|
||||
|
||||
static psa_se_drv_table_entry_t driver_table[PSA_MAX_SE_DRIVERS];
|
||||
|
||||
|
@ -104,7 +104,7 @@ const psa_drv_se_t *psa_get_se_driver_methods(
|
|||
psa_drv_se_context_t *psa_get_se_driver_context(
|
||||
psa_se_drv_table_entry_t *driver )
|
||||
{
|
||||
return( &driver->context );
|
||||
return( &driver->u.context );
|
||||
}
|
||||
|
||||
int psa_get_se_driver( psa_key_lifetime_t lifetime,
|
||||
|
@ -115,7 +115,7 @@ int psa_get_se_driver( psa_key_lifetime_t lifetime,
|
|||
if( p_methods != NULL )
|
||||
*p_methods = ( driver ? driver->methods : NULL );
|
||||
if( p_drv_context != NULL )
|
||||
*p_drv_context = ( driver ? &driver->context : NULL );
|
||||
*p_drv_context = ( driver ? &driver->u.context : NULL );
|
||||
return( driver != NULL );
|
||||
}
|
||||
|
||||
|
@ -134,7 +134,7 @@ static psa_status_t psa_get_se_driver_its_file_uid(
|
|||
|
||||
#if SIZE_MAX > UINT32_MAX
|
||||
/* ITS file sizes are limited to 32 bits. */
|
||||
if( driver->internal.persistent_data_size > UINT32_MAX )
|
||||
if( driver->u.internal.persistent_data_size > UINT32_MAX )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
#endif
|
||||
|
||||
|
@ -162,8 +162,8 @@ psa_status_t psa_load_se_persistent_data(
|
|||
* persistent_data_size is in range, but compilers don't know that,
|
||||
* so cast to reassure them. */
|
||||
return( psa_its_get( uid, 0,
|
||||
(uint32_t) driver->internal.persistent_data_size,
|
||||
driver->internal.persistent_data,
|
||||
(uint32_t) driver->u.internal.persistent_data_size,
|
||||
driver->u.internal.persistent_data,
|
||||
&length ) );
|
||||
}
|
||||
|
||||
|
@ -181,8 +181,8 @@ psa_status_t psa_save_se_persistent_data(
|
|||
* persistent_data_size is in range, but compilers don't know that,
|
||||
* so cast to reassure them. */
|
||||
return( psa_its_set( uid,
|
||||
(uint32_t) driver->internal.persistent_data_size,
|
||||
driver->internal.persistent_data,
|
||||
(uint32_t) driver->u.internal.persistent_data_size,
|
||||
driver->u.internal.persistent_data,
|
||||
0 ) );
|
||||
}
|
||||
|
||||
|
@ -221,8 +221,8 @@ psa_status_t psa_find_se_slot_for_key(
|
|||
driver->methods->key_management->p_validate_slot_number;
|
||||
if( p_validate_slot_number == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
status = p_validate_slot_number( &driver->context,
|
||||
driver->internal.persistent_data,
|
||||
status = p_validate_slot_number( &driver->u.context,
|
||||
driver->u.internal.persistent_data,
|
||||
attributes, method,
|
||||
*slot_number );
|
||||
}
|
||||
|
@ -240,8 +240,8 @@ psa_status_t psa_find_se_slot_for_key(
|
|||
driver->methods->key_management->p_allocate;
|
||||
if( p_allocate == NULL )
|
||||
return( PSA_ERROR_NOT_SUPPORTED );
|
||||
status = p_allocate( &driver->context,
|
||||
driver->internal.persistent_data,
|
||||
status = p_allocate( &driver->u.context,
|
||||
driver->u.internal.persistent_data,
|
||||
attributes, method,
|
||||
slot_number );
|
||||
}
|
||||
|
@ -265,8 +265,8 @@ psa_status_t psa_destroy_se_key( psa_se_drv_table_entry_t *driver,
|
|||
driver->methods->key_management->p_destroy == NULL )
|
||||
return( PSA_ERROR_NOT_PERMITTED );
|
||||
status = driver->methods->key_management->p_destroy(
|
||||
&driver->context,
|
||||
driver->internal.persistent_data,
|
||||
&driver->u.context,
|
||||
driver->u.internal.persistent_data,
|
||||
slot_number );
|
||||
storage_status = psa_save_se_persistent_data( driver );
|
||||
return( status == PSA_SUCCESS ? storage_status : status );
|
||||
|
@ -284,8 +284,8 @@ psa_status_t psa_init_all_se_drivers( void )
|
|||
if( methods->p_init != NULL )
|
||||
{
|
||||
psa_status_t status = methods->p_init(
|
||||
&driver->context,
|
||||
driver->internal.persistent_data,
|
||||
&driver->u.context,
|
||||
driver->u.internal.persistent_data,
|
||||
driver->lifetime );
|
||||
if( status != PSA_SUCCESS )
|
||||
return( status );
|
||||
|
@ -341,14 +341,14 @@ psa_status_t psa_register_se_driver(
|
|||
|
||||
driver_table[i].lifetime = lifetime;
|
||||
driver_table[i].methods = methods;
|
||||
driver_table[i].internal.persistent_data_size =
|
||||
driver_table[i].u.internal.persistent_data_size =
|
||||
methods->persistent_data_size;
|
||||
|
||||
if( methods->persistent_data_size != 0 )
|
||||
{
|
||||
driver_table[i].internal.persistent_data =
|
||||
driver_table[i].u.internal.persistent_data =
|
||||
mbedtls_calloc( 1, methods->persistent_data_size );
|
||||
if( driver_table[i].internal.persistent_data == NULL )
|
||||
if( driver_table[i].u.internal.persistent_data == NULL )
|
||||
{
|
||||
status = PSA_ERROR_INSUFFICIENT_MEMORY;
|
||||
goto error;
|
||||
|
@ -373,8 +373,8 @@ void psa_unregister_all_se_drivers( void )
|
|||
size_t i;
|
||||
for( i = 0; i < PSA_MAX_SE_DRIVERS; i++ )
|
||||
{
|
||||
if( driver_table[i].internal.persistent_data != NULL )
|
||||
mbedtls_free( driver_table[i].internal.persistent_data );
|
||||
if( driver_table[i].u.internal.persistent_data != NULL )
|
||||
mbedtls_free( driver_table[i].u.internal.persistent_data );
|
||||
}
|
||||
memset( driver_table, 0, sizeof( driver_table ) );
|
||||
}
|
||||
|
|
|
@ -85,7 +85,8 @@ int main( void )
|
|||
|
||||
int main( int argc, char *argv[] )
|
||||
{
|
||||
int ret = 1, i, n;
|
||||
int ret = 1, i;
|
||||
unsigned n;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
int mode;
|
||||
size_t keylen, ilen, olen;
|
||||
|
|
|
@ -64,7 +64,8 @@ int main( void )
|
|||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1, c;
|
||||
int ret = 1;
|
||||
unsigned c;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i, olen = 0;
|
||||
mbedtls_pk_context pk;
|
||||
|
|
|
@ -65,7 +65,7 @@ int main( int argc, char *argv[] )
|
|||
FILE *f;
|
||||
int ret = 1;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
int c;
|
||||
unsigned c;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
mbedtls_mpi N, P, Q, D, E, DP, DQ, QP;
|
||||
|
|
|
@ -59,7 +59,8 @@ int main( void )
|
|||
int main( int argc, char *argv[] )
|
||||
{
|
||||
FILE *f;
|
||||
int ret = 1, c;
|
||||
int ret = 1;
|
||||
unsigned c;
|
||||
int exit_code = MBEDTLS_EXIT_FAILURE;
|
||||
size_t i;
|
||||
mbedtls_rsa_context rsa;
|
||||
|
|
|
@ -377,7 +377,9 @@ int main( void )
|
|||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
* length limit: 4095 bytes in C99. */
|
||||
#define USAGE1 \
|
||||
"\n usage: ssl_client2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" server_name=%%s default: localhost\n" \
|
||||
|
@ -401,7 +403,8 @@ int main( void )
|
|||
"\n" \
|
||||
USAGE_DTLS \
|
||||
USAGE_CID \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE2 \
|
||||
" auth_mode=%%s default: (library default: none)\n" \
|
||||
" options: none, optional, required\n" \
|
||||
USAGE_IO \
|
||||
|
@ -411,7 +414,8 @@ int main( void )
|
|||
USAGE_PSK \
|
||||
USAGE_ECJPAKE \
|
||||
USAGE_ECRESTART \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE3 \
|
||||
" allow_legacy=%%d default: (library default: no)\n" \
|
||||
USAGE_RENEGO \
|
||||
" exchanges=%%d default: 1\n" \
|
||||
|
@ -434,7 +438,8 @@ int main( void )
|
|||
USAGE_CURVES \
|
||||
USAGE_RECSPLIT \
|
||||
USAGE_DHMLEN \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
|
@ -1244,7 +1249,10 @@ int main( int argc, char *argv[] )
|
|||
if( ret == 0 )
|
||||
ret = 1;
|
||||
|
||||
mbedtls_printf( USAGE );
|
||||
mbedtls_printf( USAGE1 );
|
||||
mbedtls_printf( USAGE2 );
|
||||
mbedtls_printf( USAGE3 );
|
||||
mbedtls_printf( USAGE4 );
|
||||
|
||||
list = mbedtls_ssl_list_ciphersuites();
|
||||
while( *list )
|
||||
|
|
|
@ -463,7 +463,9 @@ int main( void )
|
|||
#define USAGE_SERIALIZATION ""
|
||||
#endif
|
||||
|
||||
#define USAGE \
|
||||
/* USAGE is arbitrarily split to stay under the portable string literal
|
||||
* length limit: 4095 bytes in C99. */
|
||||
#define USAGE1 \
|
||||
"\n usage: ssl_server2 param=<>...\n" \
|
||||
"\n acceptable parameters:\n" \
|
||||
" server_addr=%%s default: (all interfaces)\n" \
|
||||
|
@ -484,7 +486,8 @@ int main( void )
|
|||
USAGE_COOKIES \
|
||||
USAGE_ANTI_REPLAY \
|
||||
USAGE_BADMAC_LIMIT \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE2 \
|
||||
" auth_mode=%%s default: (library default: none)\n" \
|
||||
" options: none, optional, required\n" \
|
||||
" cert_req_ca_list=%%d default: 1 (send ca list)\n" \
|
||||
|
@ -496,7 +499,8 @@ int main( void )
|
|||
USAGE_PSK \
|
||||
USAGE_CA_CALLBACK \
|
||||
USAGE_ECJPAKE \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE3 \
|
||||
" allow_legacy=%%d default: (library default: no)\n" \
|
||||
USAGE_RENEGO \
|
||||
" exchanges=%%d default: 1\n" \
|
||||
|
@ -513,7 +517,8 @@ int main( void )
|
|||
USAGE_EMS \
|
||||
USAGE_ETM \
|
||||
USAGE_CURVES \
|
||||
"\n" \
|
||||
"\n"
|
||||
#define USAGE4 \
|
||||
" arc4=%%d default: (library default: 0)\n" \
|
||||
" allow_sha1=%%d default: 0\n" \
|
||||
" min_version=%%s default: (library default: tls1)\n" \
|
||||
|
@ -1910,7 +1915,10 @@ int main( int argc, char *argv[] )
|
|||
if( ret == 0 )
|
||||
ret = 1;
|
||||
|
||||
mbedtls_printf( USAGE );
|
||||
mbedtls_printf( USAGE1 );
|
||||
mbedtls_printf( USAGE2 );
|
||||
mbedtls_printf( USAGE3 );
|
||||
mbedtls_printf( USAGE4 );
|
||||
|
||||
list = mbedtls_ssl_list_ciphersuites();
|
||||
while( *list )
|
||||
|
|
|
@ -159,45 +159,68 @@ def realfull_adapter(_name, active, section):
|
|||
return active
|
||||
return True
|
||||
|
||||
# The goal of the full configuration is to have everything that can be tested
|
||||
# together. This includes deprecated or insecure options. It excludes:
|
||||
# * Options that require additional build dependencies or unusual hardware.
|
||||
# * Options that make testing less effective.
|
||||
# * Options that are incompatible with other options, or more generally that
|
||||
# interact with other parts of the code in such a way that a bulk enabling
|
||||
# is not a good way to test them.
|
||||
# * Options that remove features.
|
||||
EXCLUDE_FROM_FULL = frozenset([
|
||||
#pylint: disable=line-too-long
|
||||
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY', # interacts with ENTROPY_FORCE_SHA256
|
||||
'MBEDTLS_DEPRECATED_REMOVED', # conflicts with deprecated options
|
||||
'MBEDTLS_DEPRECATED_WARNING', # conflicts with deprecated options
|
||||
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED', # influences the use of ECDH in TLS
|
||||
'MBEDTLS_ECP_RESTARTABLE', # incompatible with USE_PSA_CRYPTO
|
||||
'MBEDTLS_ENTROPY_FORCE_SHA256', # interacts with CTR_DRBG_128_BIT_KEY
|
||||
'MBEDTLS_HAVE_SSE2', # hardware dependency
|
||||
'MBEDTLS_MEMORY_BACKTRACE', # depends on MEMORY_BUFFER_ALLOC_C
|
||||
'MBEDTLS_MEMORY_BUFFER_ALLOC_C', # makes sanitizers (e.g. ASan) less effective
|
||||
'MBEDTLS_MEMORY_DEBUG', # depends on MEMORY_BUFFER_ALLOC_C
|
||||
'MBEDTLS_NO_64BIT_MULTIPLICATION', # influences anything that uses bignum
|
||||
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES', # removes a feature
|
||||
'MBEDTLS_NO_PLATFORM_ENTROPY', # removes a feature
|
||||
'MBEDTLS_NO_UDBL_DIVISION', # influences anything that uses bignum
|
||||
'MBEDTLS_PKCS11_C', # build dependency (libpkcs11-helper)
|
||||
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS', # removes a feature
|
||||
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER', # platform dependency (PSA SPM) (at this time)
|
||||
'MBEDTLS_PSA_CRYPTO_SPM', # platform dependency (PSA SPM)
|
||||
'MBEDTLS_PSA_INJECT_ENTROPY', # build dependency (hook functions)
|
||||
'MBEDTLS_REMOVE_3DES_CIPHERSUITES', # removes a feature
|
||||
'MBEDTLS_REMOVE_ARC4_CIPHERSUITES', # removes a feature
|
||||
'MBEDTLS_RSA_NO_CRT', # influences the use of RSA in X.509 and TLS
|
||||
'MBEDTLS_SHA512_NO_SHA384', # removes a feature
|
||||
'MBEDTLS_SSL_HW_RECORD_ACCEL', # build dependency (hook functions)
|
||||
'MBEDTLS_TEST_NULL_ENTROPY', # removes a feature
|
||||
'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION', # influences the use of X.509 in TLS
|
||||
'MBEDTLS_ZLIB_SUPPORT', # build dependency (libz)
|
||||
])
|
||||
|
||||
def is_seamless_alt(name):
|
||||
"""Whether the xxx_ALT symbol should be included in the full configuration.
|
||||
|
||||
Include alternative implementations of platform functions, which are
|
||||
configurable function pointers that default to the built-in function.
|
||||
This way we test that the function pointers exist and build correctly
|
||||
without changing the behavior, and tests can verify that the function
|
||||
pointers are used by modifying those pointers.
|
||||
|
||||
Exclude alternative implementations of library functions since they require
|
||||
an implementation of the relevant functions and an xxx_alt.h header.
|
||||
"""
|
||||
if name == 'MBEDTLS_PLATFORM_SETUP_TEARDOWN_ALT':
|
||||
# Similar to non-platform xxx_ALT, requires platform_alt.h
|
||||
return False
|
||||
return name.startswith('MBEDTLS_PLATFORM_')
|
||||
|
||||
def include_in_full(name):
|
||||
"""Rules for symbols in the "full" configuration."""
|
||||
if re.search(r'PLATFORM_[A-Z0-9]+_ALT', name):
|
||||
return True
|
||||
if name in [
|
||||
'MBEDTLS_CTR_DRBG_USE_128_BIT_KEY',
|
||||
'MBEDTLS_DEPRECATED_REMOVED',
|
||||
'MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED',
|
||||
'MBEDTLS_ECP_RESTARTABLE',
|
||||
'MBEDTLS_ENTROPY_FORCE_SHA256', # Variant toggle, tested separately
|
||||
'MBEDTLS_HAVE_SSE2',
|
||||
'MBEDTLS_MEMORY_BACKTRACE',
|
||||
'MBEDTLS_MEMORY_BUFFER_ALLOC_C',
|
||||
'MBEDTLS_MEMORY_DEBUG',
|
||||
'MBEDTLS_NO_64BIT_MULTIPLICATION',
|
||||
'MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES',
|
||||
'MBEDTLS_NO_PLATFORM_ENTROPY',
|
||||
'MBEDTLS_NO_UDBL_DIVISION',
|
||||
'MBEDTLS_PKCS11_C',
|
||||
'MBEDTLS_PLATFORM_NO_STD_FUNCTIONS',
|
||||
'MBEDTLS_PSA_CRYPTO_KEY_FILE_ID_ENCODES_OWNER',
|
||||
'MBEDTLS_PSA_CRYPTO_SE_C',
|
||||
'MBEDTLS_PSA_CRYPTO_SPM',
|
||||
'MBEDTLS_PSA_INJECT_ENTROPY',
|
||||
'MBEDTLS_REMOVE_3DES_CIPHERSUITES',
|
||||
'MBEDTLS_REMOVE_ARC4_CIPHERSUITES',
|
||||
'MBEDTLS_RSA_NO_CRT',
|
||||
'MBEDTLS_SHA512_NO_SHA384',
|
||||
'MBEDTLS_SSL_HW_RECORD_ACCEL',
|
||||
'MBEDTLS_SSL_PROTO_SSL3',
|
||||
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
|
||||
'MBEDTLS_TEST_NULL_ENTROPY',
|
||||
'MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3',
|
||||
'MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION',
|
||||
'MBEDTLS_ZLIB_SUPPORT',
|
||||
]:
|
||||
if name in EXCLUDE_FROM_FULL:
|
||||
return False
|
||||
if name.endswith('_ALT'):
|
||||
return False
|
||||
return is_seamless_alt(name)
|
||||
return True
|
||||
|
||||
def full_adapter(name, active, section):
|
||||
|
@ -206,25 +229,33 @@ def full_adapter(name, active, section):
|
|||
return active
|
||||
return include_in_full(name)
|
||||
|
||||
# The baremetal configuration excludes options that require a library or
|
||||
# operating system feature that is typically not present on bare metal
|
||||
# systems. Features that are excluded from "full" won't be in "baremetal"
|
||||
# either (unless explicitly turned on in baremetal_adapter) so they don't
|
||||
# need to be repeated here.
|
||||
EXCLUDE_FROM_BAREMETAL = frozenset([
|
||||
#pylint: disable=line-too-long
|
||||
'MBEDTLS_ENTROPY_NV_SEED', # requires a filesystem and FS_IO or alternate NV seed hooks
|
||||
'MBEDTLS_FS_IO', # requires a filesystem
|
||||
'MBEDTLS_HAVEGE_C', # requires a clock
|
||||
'MBEDTLS_HAVE_TIME', # requires a clock
|
||||
'MBEDTLS_HAVE_TIME_DATE', # requires a clock
|
||||
'MBEDTLS_NET_C', # requires POSIX-like networking
|
||||
'MBEDTLS_PLATFORM_FPRINTF_ALT', # requires FILE* from stdio.h
|
||||
'MBEDTLS_PLATFORM_NV_SEED_ALT', # requires a filesystem and ENTROPY_NV_SEED
|
||||
'MBEDTLS_PLATFORM_TIME_ALT', # requires a clock and HAVE_TIME
|
||||
'MBEDTLS_PSA_CRYPTO_SE_C', # requires a filesystem and PSA_CRYPTO_STORAGE_C
|
||||
'MBEDTLS_PSA_CRYPTO_STORAGE_C', # requires a filesystem
|
||||
'MBEDTLS_PSA_ITS_FILE_C', # requires a filesystem
|
||||
'MBEDTLS_THREADING_C', # requires a threading interface
|
||||
'MBEDTLS_THREADING_PTHREAD', # requires pthread
|
||||
'MBEDTLS_TIMING_C', # requires a clock
|
||||
])
|
||||
|
||||
def keep_in_baremetal(name):
|
||||
"""Rules for symbols in the "baremetal" configuration."""
|
||||
if name in [
|
||||
'MBEDTLS_DEPRECATED_WARNING',
|
||||
'MBEDTLS_ENTROPY_NV_SEED',
|
||||
'MBEDTLS_FS_IO',
|
||||
'MBEDTLS_HAVEGE_C',
|
||||
'MBEDTLS_HAVE_TIME',
|
||||
'MBEDTLS_HAVE_TIME_DATE',
|
||||
'MBEDTLS_NET_C',
|
||||
'MBEDTLS_PLATFORM_FPRINTF_ALT',
|
||||
'MBEDTLS_PLATFORM_TIME_ALT',
|
||||
'MBEDTLS_PSA_CRYPTO_SE_C',
|
||||
'MBEDTLS_PSA_CRYPTO_STORAGE_C',
|
||||
'MBEDTLS_PSA_ITS_FILE_C',
|
||||
'MBEDTLS_THREADING_C',
|
||||
'MBEDTLS_THREADING_PTHREAD',
|
||||
'MBEDTLS_TIMING_C',
|
||||
]:
|
||||
if name in EXCLUDE_FROM_BAREMETAL:
|
||||
return False
|
||||
return True
|
||||
|
||||
|
@ -233,6 +264,7 @@ def baremetal_adapter(name, active, section):
|
|||
if not is_full_section(section):
|
||||
return active
|
||||
if name == 'MBEDTLS_NO_PLATFORM_ENTROPY':
|
||||
# No OS-provided entropy source
|
||||
return True
|
||||
return include_in_full(name) and keep_in_baremetal(name)
|
||||
|
||||
|
@ -243,10 +275,10 @@ def include_in_crypto(name):
|
|||
name.startswith('MBEDTLS_KEY_EXCHANGE_'):
|
||||
return False
|
||||
if name in [
|
||||
'MBEDTLS_CERTS_C',
|
||||
'MBEDTLS_DEBUG_C',
|
||||
'MBEDTLS_NET_C',
|
||||
'MBEDTLS_PKCS11_C',
|
||||
'MBEDTLS_CERTS_C', # part of libmbedx509
|
||||
'MBEDTLS_DEBUG_C', # part of libmbedtls
|
||||
'MBEDTLS_NET_C', # part of libmbedtls
|
||||
'MBEDTLS_PKCS11_C', # part of libmbedx509
|
||||
]:
|
||||
return False
|
||||
return True
|
||||
|
@ -265,6 +297,28 @@ def crypto_adapter(adapter):
|
|||
return adapter(name, active, section)
|
||||
return continuation
|
||||
|
||||
DEPRECATED = frozenset([
|
||||
'MBEDTLS_SSL_PROTO_SSL3',
|
||||
'MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO',
|
||||
])
|
||||
|
||||
def no_deprecated_adapter(adapter):
|
||||
"""Modify an adapter to disable deprecated symbols.
|
||||
|
||||
``no_deprecated_adapter(adapter)(name, active, section)`` is like
|
||||
``adapter(name, active, section)``, but unsets all deprecated symbols
|
||||
and sets ``MBEDTLS_DEPRECATED_REMOVED``.
|
||||
"""
|
||||
def continuation(name, active, section):
|
||||
if name == 'MBEDTLS_DEPRECATED_REMOVED':
|
||||
return True
|
||||
if name in DEPRECATED:
|
||||
return False
|
||||
if adapter is None:
|
||||
return active
|
||||
return adapter(name, active, section)
|
||||
return continuation
|
||||
|
||||
class ConfigFile(Config):
|
||||
"""Representation of the Mbed TLS configuration read for a file.
|
||||
|
||||
|
@ -430,6 +484,10 @@ if __name__ == '__main__':
|
|||
Exclude alternative implementations and platform support
|
||||
options, as well as some options that are awkward to test.
|
||||
""")
|
||||
add_adapter('full_no_deprecated', no_deprecated_adapter(full_adapter),
|
||||
"""Uncomment most non-deprecated features.
|
||||
Like "full", but without deprecated features.
|
||||
""")
|
||||
add_adapter('realfull', realfull_adapter,
|
||||
"""Uncomment all boolean #defines.
|
||||
Suitable for generating documentation, but not for building.""")
|
||||
|
|
|
@ -927,26 +927,58 @@ component_test_full_cmake_clang () {
|
|||
if_build_succeeded env OPENSSL_CMD="$OPENSSL_NEXT" tests/compat.sh -e '^$' -f 'ARIA\|CHACHA'
|
||||
}
|
||||
|
||||
component_build_deprecated () {
|
||||
msg "build: make, full config + DEPRECATED_WARNING, gcc -O" # ~ 30s
|
||||
component_test_default_no_deprecated () {
|
||||
# Test that removing the deprecated features from the default
|
||||
# configuration leaves something consistent.
|
||||
msg "build: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 30s
|
||||
scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
||||
|
||||
msg "test: make, default + MBEDTLS_DEPRECATED_REMOVED" # ~ 5s
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_full_no_deprecated () {
|
||||
msg "build: make, full_no_deprecated config" # ~ 30s
|
||||
scripts/config.py full_no_deprecated
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
||||
|
||||
msg "test: make, full_no_deprecated config" # ~ 5s
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_full_no_deprecated_deprecated_warning () {
|
||||
# Test that there is nothing deprecated in "full_no_deprecated".
|
||||
# A deprecated feature would trigger a warning (made fatal) from
|
||||
# MBEDTLS_DEPRECATED_WARNING.
|
||||
msg "build: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 30s
|
||||
scripts/config.py full_no_deprecated
|
||||
scripts/config.py unset MBEDTLS_DEPRECATED_REMOVED
|
||||
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra'
|
||||
|
||||
msg "test: make, full_no_deprecated config, MBEDTLS_DEPRECATED_WARNING" # ~ 5s
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_full_deprecated_warning () {
|
||||
# Test that when MBEDTLS_DEPRECATED_WARNING is enabled, the build passes
|
||||
# with only certain whitelisted types of warnings.
|
||||
msg "build: make, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_DEPRECATED_WARNING
|
||||
# Build with -O -Wextra to catch a maximum of issues.
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra' lib programs
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
# Expect warnings from '#warning' directives in check_config.h.
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=cpp' lib programs
|
||||
|
||||
msg "test: make, full config + DEPRECATED_WARNING, expect warnings" # ~ 30s
|
||||
make -C tests clean
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -DMBEDTLS_TEST_DEPRECATED' tests
|
||||
msg "build: make tests, full config + MBEDTLS_DEPRECATED_WARNING, expect warnings" # ~ 30s
|
||||
# Set MBEDTLS_TEST_DEPRECATED to enable tests for deprecated features.
|
||||
# By default those are disabled when MBEDTLS_DEPRECATED_WARNING is set.
|
||||
# Expect warnings from '#warning' directives in check_config.h and
|
||||
# from the use of deprecated functions in test suites.
|
||||
make CC=gcc CFLAGS='-O -Werror -Wall -Wextra -Wno-error=deprecated-declarations -Wno-error=cpp -DMBEDTLS_TEST_DEPRECATED' tests
|
||||
|
||||
msg "build: make, full config + DEPRECATED_REMOVED, clang -O" # ~ 30s
|
||||
# No cleanup, just tweak the configuration and rebuild
|
||||
make clean
|
||||
scripts/config.py unset MBEDTLS_DEPRECATED_WARNING
|
||||
scripts/config.py set MBEDTLS_DEPRECATED_REMOVED
|
||||
# Build with -O -Wextra to catch a maximum of issues.
|
||||
make CC=clang CFLAGS='-O -Werror -Wall -Wextra' lib programs
|
||||
make CC=clang CFLAGS='-O -Werror -Wall -Wextra -Wno-unused-function' tests
|
||||
msg "test: full config + MBEDTLS_TEST_DEPRECATED" # ~ 30s
|
||||
make test
|
||||
}
|
||||
|
||||
# Check that the specified libraries exist and are empty.
|
||||
|
@ -1015,6 +1047,7 @@ component_test_no_use_psa_crypto_full_cmake_asan() {
|
|||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_C
|
||||
scripts/config.py unset MBEDTLS_USE_PSA_CRYPTO
|
||||
scripts/config.py unset MBEDTLS_PSA_ITS_FILE_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_STORAGE_C
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan .
|
||||
make
|
||||
|
@ -1053,6 +1086,7 @@ component_test_check_params_without_platform () {
|
|||
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_FPRINTF_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_MEMORY
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_PRINTF_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
|
@ -1082,6 +1116,7 @@ component_test_no_platform () {
|
|||
scripts/config.py unset MBEDTLS_PLATFORM_SNPRINTF_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_TIME_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_EXIT_ALT
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.py unset MBEDTLS_FS_IO
|
||||
scripts/config.py unset MBEDTLS_PSA_CRYPTO_SE_C
|
||||
|
@ -1099,6 +1134,7 @@ component_build_no_std_function () {
|
|||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PLATFORM_NO_STD_FUNCTIONS
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
make CC=gcc CFLAGS='-Werror -Wall -Wextra -Os'
|
||||
}
|
||||
|
||||
|
@ -1288,6 +1324,7 @@ component_test_null_entropy () {
|
|||
scripts/config.py set MBEDTLS_NO_DEFAULT_ENTROPY_SOURCES
|
||||
scripts/config.py set MBEDTLS_ENTROPY_C
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_NV_SEED
|
||||
scripts/config.py unset MBEDTLS_PLATFORM_NV_SEED_ALT
|
||||
scripts/config.py unset MBEDTLS_ENTROPY_HARDWARE_ALT
|
||||
scripts/config.py unset MBEDTLS_HAVEGE_C
|
||||
CC=gcc cmake -D CMAKE_BUILD_TYPE:String=Asan -D UNSAFE_BUILD=ON .
|
||||
|
@ -1405,16 +1442,6 @@ component_test_se_default () {
|
|||
make test
|
||||
}
|
||||
|
||||
component_test_se_full () {
|
||||
msg "build: full config + MBEDTLS_PSA_CRYPTO_SE_C"
|
||||
scripts/config.py full
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
|
||||
make CC=gcc CFLAGS="$ASAN_CFLAGS -O2" LDFLAGS="$ASAN_CFLAGS"
|
||||
|
||||
msg "test: full config + MBEDTLS_PSA_CRYPTO_SE_C"
|
||||
make test
|
||||
}
|
||||
|
||||
component_test_make_shared () {
|
||||
msg "build/test: make shared" # ~ 40s
|
||||
make SHARED=1 all check
|
||||
|
@ -1433,7 +1460,7 @@ test_build_opt () {
|
|||
info=$1 cc=$2; shift 2
|
||||
for opt in "$@"; do
|
||||
msg "build/test: $cc $opt, $info" # ~ 30s
|
||||
make CC="$cc" CFLAGS="$opt -Wall -Wextra -Werror"
|
||||
make CC="$cc" CFLAGS="$opt -std=c99 -pedantic -Wall -Wextra -Werror"
|
||||
# We're confident enough in compilers to not run _all_ the tests,
|
||||
# but at least run the unit tests. In particular, runs with
|
||||
# optimizations use inline assembly whereas runs with -O0
|
||||
|
|
|
@ -68,10 +68,6 @@ export LDFLAGS=' --coverage'
|
|||
make clean
|
||||
cp "$CONFIG_H" "$CONFIG_BAK"
|
||||
scripts/config.py full
|
||||
# Enable some deprecated or experimental features that are not in the
|
||||
# full config, but are compatible with it and have tests.
|
||||
scripts/config.py set MBEDTLS_SSL_PROTO_SSL3
|
||||
scripts/config.py set MBEDTLS_PSA_CRYPTO_SE_C
|
||||
make -j
|
||||
|
||||
|
||||
|
|
|
@ -19,6 +19,12 @@
|
|||
* This file is part of Mbed TLS (https://tls.mbed.org)
|
||||
*/
|
||||
|
||||
#if defined(__unix__) || (defined(__APPLE__) && defined(__MACH__))
|
||||
#if !defined(_POSIX_C_SOURCE)
|
||||
#define _POSIX_C_SOURCE 1 // for fileno() from <stdio.h>
|
||||
#endif
|
||||
#endif
|
||||
|
||||
#if !defined(MBEDTLS_CONFIG_FILE)
|
||||
#include <mbedtls/config.h>
|
||||
#else
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
/* BEGIN_HEADER */
|
||||
#include "mbedtls/entropy.h"
|
||||
#include "mbedtls/entropy_poll.h"
|
||||
#include "mbedtls/md.h"
|
||||
#include "string.h"
|
||||
|
||||
typedef enum
|
||||
|
|
|
@ -176,7 +176,7 @@ x509_cert_info:"data_files/bitstring-in-dn.pem":"cert. version \: 3\nserial
|
|||
|
||||
X509 certificate v1 with extension
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_RSA_C:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_SHA1_C
|
||||
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n"
|
||||
x509_cert_info:"data_files/cert_v1_with_ext.crt":"cert. version \: 1\nserial number \: BD\:ED\:44\:C7\:D2\:3E\:C2\:A4\nissuer name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nsubject name \: C=XX, ST=XX, L=XX, O=XX, OU=XX, emailAddress=admin@identity-check.org, CN=identity-check.org\nissued on \: 2013-07-04 16\:17\:02\nexpires on \: 2014-07-04 16\:17\:02\nsigned using \: RSA with SHA1\nRSA key size \: 2048 bits\nsubject alt name \:\n dNSName \: identity-check.org\n dNSName \: www.identity-check.org\n <unsupported>\n"
|
||||
|
||||
X509 SAN parsing otherName
|
||||
depends_on:MBEDTLS_PEM_PARSE_C:MBEDTLS_ECDSA_C:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C
|
||||
|
@ -1563,7 +1563,7 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
|||
x509parse_crt:"308198308182a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRT ASN1 (TBS, valid IssuerID, inv SubjectID, inv tag)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa1000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBSCertificate v3, ext SubjectAlternativeName malformed)
|
||||
|
@ -1583,13 +1583,21 @@ depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
|||
x509parse_crt:"30819a308184a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_OUT_OF_DATA
|
||||
|
||||
X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBS, IssuerID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
|
||||
depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBS, SubjectID unsupported in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
|
||||
depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819a308184a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa200a201300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
||||
X509 CRT ASN1 (TBS, inv v3Ext, inv tag)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"30819c308186a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a2000500300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG
|
||||
|
@ -1838,12 +1846,24 @@ X509 CRT ASN1 (TBS, inv v3Ext, SubjectAltName repeated outside Extensions)
|
|||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081dc3081c6a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa100a200a321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
|
||||
X509 CRT (TBS, valid v3Ext in v1 CRT, ALLOW_EXTENSIONS_NON_V3)
|
||||
depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 1\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
|
||||
|
||||
X509 CRT (TBS, valid v3Ext in v2 CRT, ALLOW_EXTENSIONS_NON_V3)
|
||||
depends_on:MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 2\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
|
||||
|
||||
X509 CRT (TBS, valid v3Ext in v3 CRT)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081b93081a3a0030201028204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"cert. version \: 3\nserial number \: DE\:AD\:BE\:EF\nissuer name \: ??=Test\nsubject name \: ??=Test\nissued on \: 2009-01-01 00\:00\:00\nexpires on \: 2009-12-31 23\:59\:59\nsigned using \: RSA with SHA-256\nRSA key size \: 128 bits\nsubject alt name \:\n dNSName \: foo.test\n dNSName \: bar.test\n":0
|
||||
|
||||
X509 CRT ASN1 (TBS, valid v3Ext in v1 CRT)
|
||||
depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081b93081a3a0030201008204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBS, valid v3Ext in v2 CRT)
|
||||
depends_on:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
depends_on:!MBEDTLS_X509_ALLOW_EXTENSIONS_NON_V3:MBEDTLS_RSA_C:MBEDTLS_SHA256_C
|
||||
x509parse_crt:"3081b93081a3a0030201018204deadbeef300d06092a864886f70d01010b0500300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffffa321301f301d0603551d11041630148208666f6f2e7465737482086261722e74657374300d06092a864886f70d01010b0500030200ff":"":MBEDTLS_ERR_X509_INVALID_FORMAT + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH
|
||||
|
||||
X509 CRT ASN1 (TBS, valid SubjectID, valid IssuerID, inv v3Ext, SubjectAltName repeated outside Extensions, inv SubjectAltNames tag)
|
||||
|
|
Загрузка…
Ссылка в новой задаче